+ Responder ao Tópico
Página 190 de 939 PrimeiroPrimeiro ... 90140180188189190191192200240290690 ... ÚltimoÚltimo
Resultados 1.891 a 1.900 de 9387
  • Compartilhar Post
  • Ferramentas de Tópicos
  1. #1891
    Data de Ingresso
    Dec 2003
    Localização
    São Paulo-SP
    Posts
    5.970
    Mr., seguem os Logs do Avenger, Malwarebytes e do Hijack, como você solicitou:

    AVENGER:

    Logfile of The Avenger Version 2.0, (c) by Swandog46
    http://swandog46.geekstogo.com

    Platform: Windows XP

    *******************

    Script file opened successfully.
    Script file read successfully.

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    Rootkit scan active.
    No rootkits found!


    Error: file "C:\WINDOWS\system32\iifcARHb" not found!
    Deletion of file "C:\WINDOWS\system32\iifcARHb" failed!
    Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
    --> the object does not exist


    Error: file "C:\WINDOWS\system32\efcaxXno.dll" not found!
    Deletion of file "C:\WINDOWS\system32\efcaxXno.dll" failed!
    Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
    --> the object does not exist


    Error: file "C:\WINDOWS\system32\ttxqfm.dll" not found!
    Deletion of file "C:\WINDOWS\system32\ttxqfm.dll" failed!
    Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
    --> the object does not exist


    Error: registry key "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ex plorer\ShellExecuteHooks\{FBFD382A-AC6E-4EB7-8944-F97D358B378D}" not found!
    Deletion of registry key "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ex plorer\ShellExecuteHooks\{FBFD382A-AC6E-4EB7-8944-F97D358B378D}" failed!
    Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
    --> the object does not exist


    Error: registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e2285 8 1-1e99-3b78-e664-d5ca3325cd43}" not found!
    Deletion of registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e2285 8 1-1e99-3b78-e664-d5ca3325cd43}" failed!
    Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
    --> the object does not exist


    Error: registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8ADED2 3 F-E4D2-4823-ABAD-BB8EF3B3D732}" not found!
    Deletion of registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8ADED2 3 F-E4D2-4823-ABAD-BB8EF3B3D732}" failed!
    Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
    --> the object does not exist


    Error: registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FBFD38 2 A-AC6E-4EB7-8944-F97D358B378D}" not found!
    Deletion of registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FBFD38 2 A-AC6E-4EB7-8944-F97D358B378D}" failed!
    Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
    --> the object does not exist


    Completed script processing.

    *******************

    Finished! Terminate.

    MALWAREBYTES:

    Malwarebytes' Anti-Malware 1.30
    Versão do banco de dados: 1331
    Windows 5.1.2600 Service Pack 2

    2008-10-28 10:08:09
    mbam-log-2008-10-28 (10-08-09).txt

    Tipo de Verificação: Completa (C:\|)
    Objetos verificados: 70682
    Tempo decorrido: 26 minute(s), 42 second(s)

    Processos da Memória infectados: 0
    Módulos de Memória Infectados: 3
    Chaves do Registro infectadas: 15
    Valores do Registro infectados: 1
    Ítens do Registro infectados: 2
    Pastas infectadas: 0
    Arquivos infectados: 13

    Processos da Memória infectados:
    (Nenhum ítem malicioso foi detectado)

    Módulos de Memória Infectados:
    C:\WINDOWS\system32\iifcARHb.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\vkhkljti.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\jizahj.dll (Trojan.Vundo.H) -> Delete on reboot.

    Chaves do Registro infectadas:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{49342430-89a0-4718-95ba-48c8121a0329} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{49342430-89a0-4718-95ba-48c8121a0329} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{7f9ea87c-48f8-4b46-8ff6-aab289717d90} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{7f9ea87c-48f8-4b46-8ff6-aab289717d90} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{fbfd382a-ac6e-4eb7-8944-f97d358b378d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\efcaxxno (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{fbfd382a-ac6e-4eb7-8944-f97d358b378d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{49342430-89a0-4718-95ba-48c8121a0329} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{7f9ea87c-48f8-4b46-8ff6-aab289717d90} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

    Valores do Registro infectados:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\9c60037b (Trojan.Vundo.H) -> Quarantined and deleted successfully.

    Ítens do Registro infectados:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\iifcarhb -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\iifcarhb -> Delete on reboot.

    Pastas infectadas:
    (Nenhum ítem malicioso foi detectado)

    Arquivos infectados:
    C:\WINDOWS\system32\iifcARHb.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\bHRAcfii.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\bHRAcfii.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\jizahj.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\efcaxXno.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\vkhkljti.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\itjlkhkv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E9A945BE-5712-4CB8-9F23-BEA6B904E0F1}\RP8\A0005565.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mhfbbhbk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\umocnfhh.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\huvxxqso.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\fpjxltok.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\lxgrrkuc.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

    HIJACKTHIS:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:19, on 2008-10-28
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.20900)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\ARQUIV~1\GbPlugin\GbpSv.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmon.exe
    C:\Arquivos de programas\Norton Ghost\Agent\VProTray.exe
    C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe
    C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
    C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe
    C:\Arquivos de programas\Norton Ghost\Agent\VProSvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Arquivos de programas\Norton Ghost\Shared\Drivers\SymSnapService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Arquivos de programas\Mozilla Firefox 3.0.1\firefox.exe
    C:\Documents and Settings\Administrador\Desktop\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1.60\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Arquivos de programas\FlashGet 1.9.9.1073\getflash.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Norton Ghost 14.0] "C:\Arquivos de programas\Norton Ghost\Agent\VProTray.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe" /hide /waitservice
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
    O8 - Extra context menu item: &Download All with FlashGet - C:\Arquivos de programas\FlashGet 1.9.9.1073\jc_all.htm
    O8 - Extra context menu item: &Download with FlashGet - C:\Arquivos de programas\FlashGet 1.9.9.1073\jc_link.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet 1.9.9.1073\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet 1.9.9.1073\FlashGet.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1.60\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1.60\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1D61BF7B-1AFB-45CB-8D4B-718D5DDF365D}: NameServer = 10.1.1.1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{1D61BF7B-1AFB-45CB-8D4B-718D5DDF365D}: NameServer = 10.1.1.1
    O17 - HKLM\System\CS2\Services\Tcpip\..\{1D61BF7B-1AFB-45CB-8D4B-718D5DDF365D}: NameServer = 10.1.1.1
    O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Arquivos de programas\Norton Ghost\Agent\VProSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SymSnapService - Symantec - C:\Arquivos de programas\Norton Ghost\Shared\Drivers\SymSnapService.exe

    --
    End of file - 7454 bytes
    Asus M5A88-M | Athlon II X3 460 3.4GHz BOX | 6GB DDR3 1333 Kingston | Sapphire HD 7750 OC 1GB GDDR5 850/4800 | Samsung HD322HJ 320Gb SATA II | Seventeam ST-350BKV 2.0 | Windows 7 Home Premium X64 SP1 | LED 22" Samsung S22A300B | Virtua 30Mbps
    Notebook Intelbras I331



  2. Ai vai, log do combofix
    Código:
    ComboFix 08-10-27.03 - Matheus 2008-10-28  5:55:59.6 - NTFSx86
    Microsoft® Windows Vista" Ultimate   6.0.6001.1.1252.1.1046.18.1117 [GMT -3:00]
    Executando de: C:\Users\Matheus\Desktop\ComboFix.exe
    Comandos utilizados :: C:\Users\Matheus\Desktop\CFScript.txt
     * Criado um novo ponto de restauro
    
    FILE ::
    C:\Program Files\desktop.ini
    C:\sqmdata11.sqm
    C:\sqmdata12.sqm
    C:\sqmdata13.sqm
    C:\sqmdata14.sqm
    C:\sqmdata15.sqm
    C:\sqmdata16.sqm
    C:\sqmdata17.sqm
    C:\sqmdata18.sqm
    C:\sqmnoopt11.sqm
    C:\sqmnoopt12.sqm
    C:\sqmnoopt13.sqm
    C:\sqmnoopt14.sqm
    C:\sqmnoopt15.sqm
    C:\sqmnoopt16.sqm
    C:\sqmnoopt17.sqm
    C:\sqmnoopt18.sqm
    C:\Windows\impborl.dll
    C:\Windows\iun506.exe
    C:\Windows\iun6002.exe
    C:\Windows\msne.scr
    C:\Windows\WLXPGSS.SCR
    .
    
    ((((((((((((((((   Arquivos/Ficheiros criados de 2008-09-28 to 2008-10-28  ))))))))))))))))))))))))))))
    .
    
    2008-10-28 03:58 . 2008-10-28 03:58	<DIR>	d--------	C:\Users\Matheus\AppData\Roaming\Malwarebytes
    2008-10-28 03:58 . 2008-10-28 03:58	<DIR>	d--------	C:\Users\All Users\Malwarebytes
    2008-10-28 03:58 . 2008-10-28 03:58	<DIR>	d--------	C:\ProgramData\Malwarebytes
    2008-10-28 03:58 . 2008-10-28 03:58	<DIR>	d--------	C:\Program Files\Malwarebytes' Anti-Malware
    2008-10-28 03:58 . 2008-10-22 16:10	38,496	--a------	C:\Windows\System32\drivers\mbamswissarmy.sys
    2008-10-28 03:58 . 2008-10-22 16:10	15,504	--a------	C:\Windows\System32\drivers\mbam.sys
    2008-10-23 16:21 . 2008-10-23 16:21	<DIR>	d--------	C:\Program Files\Gamingaccess
    2008-10-17 21:57 . 2008-10-28 04:54	<DIR>	d--------	C:\Users\Matheus\AppData\Roaming\Xfire
    2008-10-17 21:57 . 2008-10-17 21:58	<DIR>	d--------	C:\Users\All Users\Xfire
    2008-10-17 21:57 . 2008-10-17 21:58	<DIR>	d--------	C:\ProgramData\Xfire
    2008-10-17 21:57 . 2008-10-17 21:57	<DIR>	d--------	C:\Program Files\Xfire
    2008-10-16 20:13 . 2008-10-23 22:37	<DIR>	d--------	C:\Users\Matheus\AppData\Roaming\Winamp
    2008-10-16 06:56 . 2008-10-16 06:56	<DIR>	d--------	C:\Users\All Users\KONAMI
    2008-10-16 06:56 . 2008-10-16 06:56	<DIR>	d--------	C:\ProgramData\KONAMI
    2008-10-12 22:27 . 2008-10-13 10:07	<DIR>	d--------	C:\Temp
    2008-10-12 11:21 . 2008-10-12 11:21	<DIR>	d--------	C:\Program Files\BurnAware Professional
    2008-10-12 11:21 . 2004-05-04 11:53	1,645,320	--a------	C:\Windows\System32\gdiplus.dll
    2008-10-11 16:00 . 2008-10-11 16:00	<DIR>	d--------	C:\Windows\WEManager MOD - Addon
    2008-10-08 21:48 . 2008-10-08 21:48	42,320	--a------	C:\Windows\System32\xfcodec.dll
    2008-10-07 00:33 . 2006-09-01 10:50	1,062,704	--a------	C:\Windows\system\MSCOMCTL.ocx
    2008-10-07 00:33 . 2006-09-01 10:50	152,848	--a------	C:\Windows\system\COMDLG32.ocx
    2008-10-07 00:33 . 2005-12-01 23:05	53,760	--a------	C:\Windows\System32\ZlibTool.ocx
    2008-10-07 00:33 . 2005-12-01 23:05	53,760	--a------	C:\Windows\system\ZlibTool.ocx
    2008-10-02 20:21 . 2008-10-28 01:58	<DIR>	d--------	C:\Users\Matheus\AppData\Roaming\FileZilla
    2008-10-02 20:20 . 2008-10-02 20:20	<DIR>	d--------	C:\Program Files\FileZilla FTP Client
    2008-10-01 22:44 . 2008-10-02 03:48	428,176	--a------	C:\bin0.bin
    2008-10-01 22:44 . 2008-10-02 03:48	201,792	--a------	C:\subafsfile0.bin
    2008-09-30 00:18 . 2008-10-08 21:09	<DIR>	d--------	C:\Users\All Users\NexonUS
    2008-09-30 00:18 . 2008-10-08 21:09	<DIR>	d--------	C:\ProgramData\NexonUS
    2008-09-30 00:18 . 2008-09-30 00:18	<DIR>	d--------	C:\Nexon
    2008-09-28 22:54 . 2008-09-28 22:54	<DIR>	d--------	C:\Users\Matheus\AppData\Roaming\teamspeak2
    2008-09-28 22:54 . 2008-09-28 22:54	<DIR>	d--------	C:\Program Files\Teamspeak2_RC2
    2008-09-28 22:54 . 2008-09-28 22:54	34,064	--a------	C:\Windows\System32\lhacm.acm
    2008-09-28 00:25 . 2008-10-27 21:03	<DIR>	d--------	C:\Program Files\DkZ Studio
    2008-09-28 00:20 . 2008-09-28 00:20	<DIR>	d--------	C:\Program Files\Mp3 File Editor
    
    .
    (((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-28 07:54	---------	d---a-w	C:\ProgramData\TEMP
    2008-10-28 07:54	---------	d-----w	C:\Users\Matheus\AppData\Roaming\uTorrent
    2008-10-28 07:54	---------	d-----w	C:\Users\Matheus\AppData\Roaming\Skype
    2008-10-28 07:54	---------	d-----w	C:\Users\Matheus\AppData\Roaming\Orbit
    2008-10-28 07:53	---------	d-----w	C:\Users\Matheus\AppData\Roaming\Hamachi
    2008-10-28 07:08	---------	d-----w	C:\Users\Matheus\AppData\Roaming\skypePM
    2008-10-28 01:13	---------	d-----w	C:\Program Files\Orbitdownloader
    2008-10-27 20:46	---------	d-----w	C:\Users\Suelen\AppData\Roaming\Orbit
    2008-10-23 20:00	---------	d--h--w	C:\Program Files\InstallShield Installation Information
    2008-10-21 20:29	---------	d-----w	C:\Program Files\KONAMI
    2008-10-19 18:31	---------	d-----w	C:\Users\Matheus\AppData\Roaming\mIRC
    2008-10-19 16:56	---------	d-----w	C:\Program Files\PEScript
    2008-10-16 23:14	---------	d-----w	C:\Program Files\Winamp
    2008-10-01 18:09	---------	d-----w	C:\Users\Matheus\AppData\Roaming\LimeWire
    2008-09-27 23:36	---------	d-----w	C:\Program Files\Crystal Software
    2008-09-23 21:27	---------	d-----w	C:\Program Files\Windows Live Safety Center
    2008-09-23 05:28	---------	d-----w	C:\Program Files\Windows Live
    2008-09-23 05:28	---------	d-----w	C:\Program Files\Microsoft Office Outlook Connector
    2008-09-23 05:26	---------	d-----w	C:\Program Files\Microsoft SQL Server Compact Edition
    2008-09-23 05:23	---------	d-----w	C:\Program Files\Microsoft
    2008-09-23 04:53	---------	d-----w	C:\Program Files\Common Files\Windows Live
    2008-09-22 19:04	---------	d-----w	C:\Program Files\Free Easy Burner
    2008-09-22 15:45	---------	d-----w	C:\Program Files\DAEMON Tools Toolbar
    2008-09-22 15:44	---------	d-----w	C:\Program Files\BitComet
    2008-09-19 02:41	---------	d-----w	C:\Users\Suelen\AppData\Roaming\Skype
    2008-09-19 02:39	---------	d-----w	C:\Users\Suelen\AppData\Roaming\skypePM
    2008-09-18 21:16	---------	d-----w	C:\Program Files\Hamachi
    2008-09-18 21:15	25,280	----a-w	C:\Windows\system32\drivers\hamachi.sys
    2008-09-15 04:34	---------	d-----w	C:\Users\Matheus\AppData\Roaming\SPORE
    2008-09-15 04:20	---------	d-----w	C:\Program Files\Electronic Arts
    2008-09-13 03:48	---------	d-----w	C:\ProgramData\Microsoft Help
    2008-09-12 21:03	---------	d-----w	C:\Program Files\BSC Tools
    2008-09-09 03:03	51,712	----a-w	C:\Windows\System32\sirenacm.dll
    2008-09-07 21:51	---------	d-----w	C:\Program Files\uTorrent
    2008-09-06 02:00	---------	d-----w	C:\ProgramData\Aspyr
    2008-09-06 01:36	---------	d-----w	C:\Program Files\Aspyr
    2008-09-06 01:29	---------	d-----w	C:\Program Files\DAEMON Tools Lite
    2008-09-06 01:19	717,296	----a-w	C:\Windows\system32\drivers\sptd.sys
    2008-09-05 01:02	56,344	----a-w	C:\Windows\system32\drivers\fssfltr.sys
    2008-09-04 20:26	---------	d-----w	C:\Program Files\Trend Micro
    2008-09-04 20:24	---------	d-----w	C:\Program Files\Counter-Strike 1.6
    2008-09-04 20:15	---------	d-----w	C:\Program Files\Yahoo!
    2008-09-04 20:06	---------	d-----w	C:\Program Files\CCleaner
    2008-09-02 19:13	---------	d-----w	C:\Program Files\Sega
    2008-09-01 21:30	---------	d-----w	C:\Program Files\SystemRequirementsLab
    2008-08-29 00:08	---------	d-----w	C:\Program Files\Common Files\Symantec Shared
    2008-08-29 00:06	---------	d-----w	C:\ProgramData\Symantec
    2008-08-28 22:41	806	----a-w	C:\Windows\system32\drivers\SYMEVENT.INF
    2008-08-28 22:41	10,652	----a-w	C:\Windows\system32\drivers\SYMEVENT.CAT
    2008-08-28 21:39	---------	d-----w	C:\Program Files\NitroPC
    2008-08-28 21:34	---------	d-----w	C:\Users\Matheus\AppData\Roaming\Hide IP NG
    2008-08-28 01:40	1,053,184	----a-w	C:\Windows\System32\mfc71u.dll
    2008-08-28 01:09	344,064	----a-w	C:\Windows\System32\msvcr70.dll
    2008-08-28 00:45	487,424	----a-w	C:\Windows\System32\msvcp70.dll
    2008-08-28 00:17	89,088	----a-w	C:\Windows\System32\atl71.dll
    2008-08-28 00:17	84,992	----a-w	C:\Windows\System32\atl70.dll
    2008-08-27 22:46	54,784	----a-w	C:\Windows\System32\msvci70.dll
    2008-08-27 22:45	964,608	----a-w	C:\Windows\System32\mfc70u.dll
    2008-08-27 21:27	974,848	----a-w	C:\Windows\System32\mfc70.dll
    2008-08-17 01:17	688,128	----a-w	C:\Windows\System32\libeay32.dll
    2008-08-17 01:17	155,648	----a-w	C:\Windows\System32\ssleay32.dll
    2008-08-02 03:26	36,864	----a-w	C:\Windows\System32\cdd.dll
    2008-07-31 03:32	460,288	----a-w	C:\Windows\AppPatch\AcSpecfc.dll
    2008-07-31 03:32	28,160	----a-w	C:\Windows\System32\Apphlpdm.dll
    2008-07-31 03:32	2,154,496	----a-w	C:\Windows\AppPatch\AcGenral.dll
    2008-07-31 03:32	173,056	----a-w	C:\Windows\AppPatch\AcXtrnal.dll
    2008-07-31 01:13	4,240,384	----a-w	C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-06-17 19:18	16,384	--sha-w	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    2008-06-17 19:18	32,768	--sha-w	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    2008-06-17 19:18	16,384	--sha-w	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    .
    
    ((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* entradas vazias e legítimas por defeito não são mostradas.
    REGEDIT4
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{21FA44EF-376D-4D53-9B0F-8A89D3229068}"= "C:\Program Files\Windows Live\Toolbar\wltcore.dll" [2008-09-02 953360]
    
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{21FA44EF-376D-4D53-9B0F-8A89D3229068}"= "C:\Program Files\Windows Live\Toolbar\wltcore.dll" [2008-09-02 953360]
    
    [HKEY_CLASSES_ROOT\clsid\{21fa44ef-376d-4d53-9b0f-8a89d3229068}]
    [HKEY_CLASSES_ROOT\TypeLib\{182E05A4-F4FF-4F73-8C84-D36B87D915AF}]
    
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2008-09-09 3513344]
    "Fraps"="C:\PROGRAM FILES\FRAPS\FRAPS.EXE" [2007-07-12 2928296]
    "RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 495616]
    "nHancer"="C:\Program Files\nHancer\nHancer.exe" [2008-05-07 1302528]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-08-11 21741864]
    "NitroPC"="C:\Program Files\NitroPC\NitroPC.exe" [2008-08-21 3477504]
    "uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-10-11 270128]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
    "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-16 13535776]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-16 92704]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-08-03 36352]
    "RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 C:\Windows\RtHDVCpl.exe]
    
    C:\Users\Matheus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [2008-09-18 625952]
    Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-10-08 3098448]
    
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Orbit.lnk - C:\Program Files\Orbitdownloader\orbitdm.exe [2008-02-27 1707208]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.XFR1"= xfcodec.dll
    
    [HKLM\~\startupfolder\C:^Users^Matheus^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
    backup=C:\Windows\pss\Adobe Gamma.lnk.Startup
    backupExtension=.Startup
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]
    --a------ 2003-01-21 14:19 40960 C:\Windows\VM_STI.EXE
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
    --a------ 2008-10-11 23:10 270128 C:\Program Files\uTorrent\uTorrent.exe
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    --a------ 2008-01-18 23:33 202240 C:\Program Files\Windows Media Player\wmpnscfg.exe
    
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001
    
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2959794039-2348944801-2471297040-1000]
    "EnableNotificationsRef"=dword:00000001
    
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2959794039-2348944801-2471297040-1002]
    "EnableNotifications"=dword:00000001
    "EnableNotificationsRef"=dword:00000001
    
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{E2EBF426-A788-4FE7-8C1B-3A0EA843BC8C}"= Profile=Private|C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{34D8CCCB-BC58-440C-A66B-B48D248323C1}C:\\program files\\the 7 deadly sins\\mirc.exe"= UDP:C:\program files\the 7 deadly sins\mirc.exe:mIRC
    "UDP Query User{E3B8DF11-D06A-47CC-B1D2-ECA38050AFCC}C:\\program files\\the 7 deadly sins\\mirc.exe"= TCP:C:\program files\the 7 deadly sins\mirc.exe:mIRC
    "{E90133E1-29BD-412E-A4E9-F595E55675C8}"= Disabled:TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "TCP Query User{ABD4DEC7-8A3C-4373-9678-8EDE8B4B42F1}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Barra Lateral do Windows
    "UDP Query User{1E1E1680-5698-4C31-A473-2D84CC3500A3}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Barra Lateral do Windows
    "TCP Query User{B0B1D061-424F-4427-A383-7555896BC80F}C:\\program files\\orbitdownloader\\orbitnet.exe"= UDP:C:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
    "UDP Query User{FD3829B6-9AA0-482C-A511-13A8E2872D24}C:\\program files\\orbitdownloader\\orbitnet.exe"= TCP:C:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
    "{1ADBD789-9D6D-4E48-A231-C1E0FBCC15BD}"= Disabled:UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
    "{D89D08FA-B385-4803-80B4-35ED6AD5D796}"= Disabled:TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
    "{EF863009-CE3B-4CC2-93FF-5AEDE2D4FEA6}"= Disabled:UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{3568A31E-AB4D-4FF4-82A9-1C9320D2E109}"= Disabled:TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "TCP Query User{48E95BFF-ED9E-48C7-A879-22FFD4D4230A}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
    "UDP Query User{5D672465-1A81-46F9-9DEC-5E5983027E41}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
    "TCP Query User{013C8407-5151-4597-9C3B-F91443FAAAF9}C:\\program files\\pescript\\mirc-pescript.exe"= UDP:C:\program files\pescript\mirc-pescript.exe:mIRC
    "UDP Query User{108EA8A5-E2AF-4DF8-9AA9-1744CA8BB10A}C:\\program files\\pescript\\mirc-pescript.exe"= TCP:C:\program files\pescript\mirc-pescript.exe:mIRC
    "TCP Query User{3602A2B9-E491-4A5F-91C0-14F1488D16F9}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "UDP Query User{035D8B9A-2398-418F-AC3D-A3DA275FF92B}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "{A89BF8DA-619E-4B3F-8F16-EDFBDEFD2D6C}"= UDP:C:\Program Files\Hamachi\hamachi.exe:Hamachi
    "{F108723F-7760-4791-B179-05574061510D}"= TCP:C:\Program Files\Hamachi\hamachi.exe:Hamachi
    "{353D0333-9179-4A04-A690-45A87E9B1360}"= Disabled:UDP:8080:seila
    "{B98532D9-9A88-4D79-B837-65E011B0BA99}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
    "{A2AA4203-8035-4DB0-81CE-7D0C525C4A4A}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
    "{D4A4BD58-FCD4-4E2F-A3FC-A697D670D9BE}"= UDP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\Brapatch.exe:Pro Evolution Soccer 2008
    "{587E34BC-BB4A-4235-9C25-B14AA400B53C}"= TCP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\Brapatch.exe:Pro Evolution Soccer 2008
    "{00333A42-7D21-478C-8332-0B371F4141B8}"= UDP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\WEM2008.exe:Pro Evolution Soccer 2008
    "{44CEC3F8-D0B8-4E2D-9FDD-ED017D303F7A}"= TCP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\WEM2008.exe:Pro Evolution Soccer 2008
    "{F55490EF-1F75-4184-8C65-118E4AE3C93F}"= UDP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
    "{1DB05651-7EDD-4FE0-BAD5-3FCE01504512}"= TCP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
    "{6AAA10B4-B47A-4A7B-B137-F5D70A883691}"= Disabled:UDP:6667:sa
    "TCP Query User{5B708E25-10D7-438B-8A43-0EF7C43868C0}C:\\program files\\pescript\\mirc.exe"= UDP:C:\program files\pescript\mirc.exe:mIRC
    "UDP Query User{4B033C57-10BF-4E8C-A401-1C9CCFD7CBDF}C:\\program files\\pescript\\mirc.exe"= TCP:C:\program files\pescript\mirc.exe:mIRC
    "{2BCDADD1-D227-4EE7-A0D7-49E3FD43D24D}"= Profile=Private|C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{F1F1E312-D774-4E0A-9E3E-D0F4DCF4BA8B}C:\\program files\\orbitdownloader\\orbitnet.exe"= UDP:C:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
    "UDP Query User{29B796DD-63C5-4CEE-8A37-306FD2F7AA96}C:\\program files\\orbitdownloader\\orbitnet.exe"= TCP:C:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
    "TCP Query User{45DC692A-854A-4820-9FCC-3D9906154BAF}C:\\program files\\pescript\\mirc.exe"= UDP:C:\program files\pescript\mirc.exe:mIRC
    "UDP Query User{CE3E908B-963A-4C5E-8837-5EE64B567E40}C:\\program files\\pescript\\mirc.exe"= TCP:C:\program files\pescript\mirc.exe:mIRC
    "TCP Query User{6C8CC31D-8D1B-4D03-9CA2-368F2FEE60C8}C:\\program files\\counter-strike 1.6\\hl.exe"= UDP:C:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher
    "UDP Query User{B9215F87-6335-4C03-8263-D3931F92E1CE}C:\\program files\\counter-strike 1.6\\hl.exe"= TCP:C:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher
    "TCP Query User{D48D7036-755C-485F-BEFE-45DF0E7F9206}C:\\program files\\counter-strike 1.6\\hlds.exe"= UDP:C:\program files\counter-strike 1.6\hlds.exe:HLDS Launcher
    "UDP Query User{A2137908-724D-4F64-BEA0-A78017D69254}C:\\program files\\counter-strike 1.6\\hlds.exe"= TCP:C:\program files\counter-strike 1.6\hlds.exe:HLDS Launcher
    "{8A996D41-5A6B-49A1-A934-9FE9749030CF}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
    "{DB92C5D1-B762-4961-BD8B-6743A35FEC86}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
    "TCP Query User{53273B7B-2A31-46EC-8144-91985C72B84E}C:\\program files\\counter-strike 1.6\\hl.exe"= UDP:C:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher
    "UDP Query User{A712893A-4CAE-4D3E-8FEE-A89C2678CA83}C:\\program files\\counter-strike 1.6\\hl.exe"= TCP:C:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher
    "TCP Query User{543FE948-A66A-4BD2-B35E-64AEC6D73CB8}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
    "UDP Query User{BFF1F99B-1C9B-4839-A3C5-953C691DA7A8}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
    "TCP Query User{99F3989D-3042-4D15-984D-12F925CC6191}D:\\scripts\\t7ds\\mirc.exe"= UDP:D:\scripts\t7ds\mirc.exe:mIRC
    "UDP Query User{C60B7795-1C9B-4490-9CD8-9A25CFA28FDE}D:\\scripts\\t7ds\\mirc.exe"= TCP:D:\scripts\t7ds\mirc.exe:mIRC
    "TCP Query User{BCA759B6-9995-4227-BE39-382600656D35}D:\\scripts\\mtvscript\\mirc.exe"= UDP:D:\scripts\mtvscript\mirc.exe:mIRC
    "UDP Query User{FBE663E8-60F0-4BFE-92AD-202B44C2F60E}D:\\scripts\\mtvscript\\mirc.exe"= TCP:D:\scripts\mtvscript\mirc.exe:mIRC
    "{730B9B7E-5CCC-4CDE-B961-470CC93FCDD6}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
    "{E5DA078F-7C74-48BF-AAB7-93F535B830D1}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
    "{B479E4ED-DBC1-48BA-AC4B-79EBD41074F7}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
    "{6AC6E04B-7EA7-48CB-B5F2-E8A5B300BD3E}"= Disabled:UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
    "{0B16EF6D-DFFA-41DD-AC87-B6A42D58C4E9}"= Disabled:TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
    "{11A59D3C-1EDD-4BCD-AD72-C31E86BE7F71}"= Disabled:UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
    "{5A7592B9-F989-4C07-BD5C-538EE27C8E92}"= Disabled:TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
    "{9C3E26C5-010E-44B5-9A61-502E894F9AB0}"= Disabled:UDP:C:\Program Files\Megacubo\megacubo.exe:MegaCubo
    "{AF764AAE-0B39-42AF-9C80-CF3924FC89B5}"= Disabled:TCP:C:\Program Files\Megacubo\megacubo.exe:MegaCubo
    "{0B6603AA-DCD9-4460-81F3-C4CE05853B42}"= Disabled:UDP:C:\Program Files\Megacubo\bin\minifly.exe:MiniFly
    "{16BBAA30-75FA-4DBC-8045-BDECF37EC1FC}"= Disabled:TCP:C:\Program Files\Megacubo\bin\minifly.exe:MiniFly
    "{FF557D90-76F5-4673-8175-2A815E236E54}"= Disabled:UDP:C:\Program Files\Megacubo\megasrv.exe:MiniFly
    "{64512150-58F5-4D38-8C43-F7FD41883953}"= Disabled:TCP:C:\Program Files\Megacubo\megasrv.exe:MiniFly
    "TCP Query User{09DCD280-AE3A-4401-AF7A-04BEE361E190}C:\\program files\\motogp2\\motogp2.exe"= Disabled:UDP:C:\program files\motogp2\motogp2.exe:motogp2
    "UDP Query User{6E52745D-C66A-4FA3-8EFA-176D95412ED0}C:\\program files\\motogp2\\motogp2.exe"= Disabled:TCP:C:\program files\motogp2\motogp2.exe:motogp2
    "TCP Query User{F604FF36-B598-49DB-8D5F-4B1625D36BDB}C:\\program files\\konami\\pro evolution soccer 2008\\pesmagazine2008 online.exe"= Disabled:UDP:C:\program files\konami\pro evolution soccer 2008\pesmagazine2008 online.exe:Pesmagazine2008 Online
    "UDP Query User{DAF83E59-3DF6-4140-AC21-BFBEA03B73D4}C:\\program files\\konami\\pro evolution soccer 2008\\pesmagazine2008 online.exe"= Disabled:TCP:C:\program files\konami\pro evolution soccer 2008\pesmagazine2008 online.exe:Pesmagazine2008 Online
    "TCP Query User{F7A38E30-5DE4-4A45-8AB0-F85C72EAC75F}C:\\program files\\konami\\pro evolution soccer 2008\\pesmagazineonline08\\autoplay\\docs\\pesmagazine2008 online.exe"= Disabled:UDP:C:\program files\konami\pro evolution soccer 2008\pesmagazineonline08\autoplay\docs\pesmagazine2008 online.exe:Pesmagazine2008 Online
    "UDP Query User{068055D2-2385-47A8-87E5-C8E6BC479D87}C:\\program files\\konami\\pro evolution soccer 2008\\pesmagazineonline08\\autoplay\\docs\\pesmagazine2008 online.exe"= Disabled:TCP:C:\program files\konami\pro evolution soccer 2008\pesmagazineonline08\autoplay\docs\pesmagazine2008 online.exe:Pesmagazine2008 Online
    "TCP Query User{DF12BF77-EE77-4B48-AF78-727806145606}C:\\program files\\konami\\pro evolution soccer 2008\\pesmagazineonline08.v6\\autoplay\\docs\\pesmagazine2008 online.exe"= Disabled:UDP:C:\program files\konami\pro evolution soccer 2008\pesmagazineonline08.v6\autoplay\docs\pesmagazine2008 online.exe:Pesmagazine2008 Online
    "UDP Query User{269970D8-3FAC-4FCE-9399-0EA261647730}C:\\program files\\konami\\pro evolution soccer 2008\\pesmagazineonline08.v6\\autoplay\\docs\\pesmagazine2008 online.exe"= Disabled:TCP:C:\program files\konami\pro evolution soccer 2008\pesmagazineonline08.v6\autoplay\docs\pesmagazine2008 online.exe:Pesmagazine2008 Online
    "{1202B89E-2D1B-4DA1-89F0-6431604EAC99}"= Disabled:UDP:C:\Users\Matheus\Desktop\WEM2008.exe:Pro Evolution Soccer 2008
    "{BE326E47-598A-47A2-816E-AB1B21EDD3A2}"= Disabled:TCP:C:\Users\Matheus\Desktop\WEM2008.exe:Pro Evolution Soccer 2008
    "{D8E643C3-E4A5-4B29-9C62-47F5F287E44C}"= Disabled:UDP:C:\Users\Matheus\Desktop\PES2008.exe:Pro Evolution Soccer 2008
    "{3A70E91F-FC7D-4B56-82A7-5EBAE436361C}"= Disabled:TCP:C:\Users\Matheus\Desktop\PES2008.exe:Pro Evolution Soccer 2008
    "{4B4D87AC-8DBD-4A9F-9A02-81E25D0A801D}"= Disabled:UDP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2009.exe:Pro Evolution Soccer 2008
    "{60529D04-3417-457A-83F4-1C3C1EC3C3EC}"= Disabled:TCP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2009.exe:Pro Evolution Soccer 2008
    "{94B43A62-8598-4A04-A23A-A92B01E5B717}"= Disabled:UDP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\Brapatch.exe:Pro Evolution Soccer 2008
    "{764082D2-A086-4E99-9ECD-726C59FBEA2F}"= Disabled:TCP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\Brapatch.exe:Pro Evolution Soccer 2008
    "{4EBE3AB6-5A72-4B55-AD5D-3D1E242F77E6}"= Disabled:UDP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\WEM20082.exe:Pro Evolution Soccer 2008
    "{D1F36192-5AFE-4345-9503-0FAB3E5A42CB}"= Disabled:TCP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\WEM20082.exe:Pro Evolution Soccer 2008
    "TCP Query User{6263A09B-DCEA-401D-A45F-F4201D2AA6AF}C:\\program files\\konami\\pro evolution soccer 2008\\lib\\server.exe"= Disabled:UDP:C:\program files\konami\pro evolution soccer 2008\lib\server.exe:server
    "UDP Query User{6286ED24-E3D6-4643-AE31-242DE418483C}C:\\program files\\konami\\pro evolution soccer 2008\\lib\\server.exe"= Disabled:TCP:C:\program files\konami\pro evolution soccer 2008\lib\server.exe:server
    "TCP Query User{B5B7B9D8-E4B5-4826-A1B6-FEE2789E709D}C:\\program files\\konami\\pro evolution soccer 2008\\pesmagazineonline08\\autoplay\\docs\\lib\\server.exe"= Disabled:UDP:C:\program files\konami\pro evolution soccer 2008\pesmagazineonline08\autoplay\docs\lib\server.exe:server
    "UDP Query User{E3A04D93-6EF6-40EC-A7DD-A1D651F37483}C:\\program files\\konami\\pro evolution soccer 2008\\pesmagazineonline08\\autoplay\\docs\\lib\\server.exe"= Disabled:TCP:C:\program files\konami\pro evolution soccer 2008\pesmagazineonline08\autoplay\docs\lib\server.exe:server
    "TCP Query User{1488C8E0-0AE9-4E32-86C9-DB01D327882F}C:\\program files\\konami\\pro evolution soccer 2008\\pesmagazineonline08.v6\\autoplay\\docs\\lib\\server.exe"= Disabled:UDP:C:\program files\konami\pro evolution soccer 2008\pesmagazineonline08.v6\autoplay\docs\lib\server.exe:server
    "UDP Query User{BEE25FC7-DE68-4237-B300-8092A92AA9E7}C:\\program files\\konami\\pro evolution soccer 2008\\pesmagazineonline08.v6\\autoplay\\docs\\lib\\server.exe"= Disabled:TCP:C:\program files\konami\pro evolution soccer 2008\pesmagazineonline08.v6\autoplay\docs\lib\server.exe:server
    "TCP Query User{3536AA4F-293B-403D-8953-682E6A5FA730}C:\\program files\\sopcast\\adv\\sopadver.exe"= Disabled:UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
    "UDP Query User{5B76F22B-A7B6-4AF7-A772-941925497127}C:\\program files\\sopcast\\adv\\sopadver.exe"= Disabled:TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
    "TCP Query User{8B53669C-A787-475D-A893-7B75D72E4E21}C:\\program files\\sopcast\\sopcast.exe"= Disabled:UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
    "UDP Query User{9C35D00A-62AD-477A-8B3A-5B8C67BE32A5}C:\\program files\\sopcast\\sopcast.exe"= Disabled:TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
    "TCP Query User{9A414477-E2D0-4AF1-A666-AA34F8A3C828}C:\\program files\\sopcast\\sopvod.exe"= Disabled:UDP:C:\program files\sopcast\sopvod.exe:sopvod
    "UDP Query User{2FA2B1D3-56BB-4B0E-BF57-D97F39678120}C:\\program files\\sopcast\\sopvod.exe"= Disabled:TCP:C:\program files\sopcast\sopvod.exe:sopvod
    "TCP Query User{89BD2748-3E61-4945-A006-E43DF0160FAC}C:\\users\\matheus\\appdata\\local\\temp\\wzse0.tmp\\symnrt.exe"= Disabled:UDP:C:\users\matheus\appdata\local\temp\wzse0.tmp\symnrt.exe:symnrt.exe
    "UDP Query User{9459B315-E545-40B3-B624-9E01F5E129F6}C:\\users\\matheus\\appdata\\local\\temp\\wzse0.tmp\\symnrt.exe"= Disabled:TCP:C:\users\matheus\appdata\local\temp\wzse0.tmp\symnrt.exe:symnrt.exe
    "{9BA43988-12D5-4D37-BC07-566F22910EEA}"= UDP:11428:BitComet 11428 TCP
    "{B139685F-B744-4D37-8BEC-0F8BC43AF17E}"= TCP:11428:BitComet 11428 UDP
    "{E40BD9B1-634F-4D3E-A4F7-50C831182DDB}"= UDP:C:\Program Files\BitComet\BitComet.exe:BitComet
    "{6B7C7C52-DB2A-4ACD-96E2-7F258443664B}"= TCP:C:\Program Files\BitComet\BitComet.exe:BitComet
    "{CA906707-0C8C-4095-845B-4B1856FE06D8}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
    "{6F1C8E7D-0008-4F28-8D3C-EE0FE8C630C6}"= UDP:C:\ProgramData\NexonUS\NGM\NGM.exe:Nexon Game Manager
    "{4E2A6FDC-499B-422F-A624-1B8BFEEC7519}"= TCP:C:\ProgramData\NexonUS\NGM\NGM.exe:Nexon Game Manager
    "{6D62D53A-DCA2-4CF7-A780-00E2702A4D46}"= UDP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
    "{51B8A079-B0F5-4A16-93BF-6AA7F6A52D47}"= TCP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
    "{EA2F6934-F209-4386-9EE6-6396748D41A2}"= UDP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\WEM2008.exe:Pro Evolution Soccer 2008
    "{C5EF842A-D35F-4E73-8709-7D805342E196}"= TCP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\WEM2008.exe:Pro Evolution Soccer 2008
    "{C430D5E9-2F09-4D0B-A7D3-DB034C45BDCD}"= UDP:C:\Nexon\Combat Arms\NMService.exe:Nexon Messenger Core
    "{474D814A-981E-4C25-AF2D-9831F841C74C}"= TCP:C:\Nexon\Combat Arms\NMService.exe:Nexon Messenger Core
    "{3C67FBF4-1B9E-4479-AA9E-955BDC4A396B}"= UDP:C:\Program Files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:Pro Evolution Soccer 2009
    "{88A7E2F4-80FA-4E76-B5BA-F43A229537C1}"= TCP:C:\Program Files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:Pro Evolution Soccer 2009
    "{FF4027C7-DF77-477C-BE7D-CC623E97B304}"= TCP:5739:porta pes2009
    "{A65394FC-AE1E-493A-A355-32603F6D6A1F}"= UDP:C:\Program Files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:pes2009.exe
    "{6A76435A-A5D1-4577-A789-D10525E79FFB}"= TCP:C:\Program Files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:pes2009.exe
    "TCP Query User{3CD143FA-A373-426A-9E03-D3146D6DA9F2}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire
    "UDP Query User{816ADF58-3644-434B-A9EA-BFE9A83CFA56}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire
    "TCP Query User{D93ECFFC-3B15-4AA5-9ECA-7BF4369D1728}C:\\users\\matheus\\desktop\\portchkpes2009eupc_103\\portchkpes2009eupc.exe"= UDP:C:\users\matheus\desktop\portchkpes2009eupc_103\portchkpes2009eupc.exe:portchkpes2009eupc.exe
    "UDP Query User{49E26D6B-AE88-4A26-8383-C2B0E602029B}C:\\users\\matheus\\desktop\\portchkpes2009eupc_103\\portchkpes2009eupc.exe"= TCP:C:\users\matheus\desktop\portchkpes2009eupc_103\portchkpes2009eupc.exe:portchkpes2009eupc.exe
    "{DDEFCA80-C280-45AB-8DD2-2440942BBB44}"= UDP:C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires 3
    "{D23B8242-6579-4AAA-9254-F45F6896B44B}"= TCP:C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires 3
    
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "DoNotAllowExceptions"= 0 (0x0)
    
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "C:\\Program Files\\Orbitdownloader\\orbitdm.exe"= C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit
    "C:\\Program Files\\Orbitdownloader\\orbitnet.exe"= C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit
    "C:\\Nexon\\Combat Arms\\CombatArms.exe"= C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
    "C:\\Nexon\\Combat Arms\\Engine.exe"= C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
    
    R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
    R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
    R2 HamachiService;Hamachi Service;C:\Program Files\Hamachi\hamachi.exe [2008-09-18 625952]
    R2 NMSAccessU;NMSAccessU;C:\Program Files\BurnAware Professional\nmsaccessu.exe [2007-05-04 71360]
    R3 MRV6X32P;Vista 32-bits Native WiFi Driver;C:\Windows\system32\DRIVERS\MRVW13B.sys [2006-11-02 253952]
    S0 OemBiosDevice;Royalty OEM Bios Extension;C:\Windows\system32\drivers\royal.sys [2008-02-21 240128]
    S3 fssfltr;FssFltr;C:\Windows\system32\DRIVERS\fssfltr.sys [2008-09-04 56344]
    S3 fsssvc;Windows Live Proteção para a Família;C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2008-09-04 512536]
    S3 mcdevice;mcdevice;C:\Windows\system32\DRIVERS\mcdevice.sys [2008-07-03 323584]
    S3 USBCamera;3.0M SD DSC WDM Bulk Driver;C:\Windows\system32\Drivers\Bulk533.sys [2002-12-04 11144]
    S3 ZSMC302;V-Gear TalkCam 1.1;C:\Windows\system32\Drivers\usbvm302.sys [2004-03-19 90968]
    
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{30ee676b-7bb2-11dd-9f0a-ffbb7d843ffe}]
    \shell\AutoRun\command - F:\autorun.exe
    
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65f08c3b-662c-11dd-b01f-91892e713fa0}]
    \shell\AutoRun\command - I:\CDCheck.exe
    
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd347a4c-4965-11dd-b107-b1c16fc769a3}]
    \shell\AutoRun\command - G:\CDCheck.exe
    
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d12cb0b9-f4ee-11dc-af4d-001d7d84af19}]
    \shell\Auto\command - G:\MicrosoftPowerPoint.exe
    \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\MicrosoftPowerPoint.exe
    
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
    %SystemRoot%\system32\soundschemes.exe /AddRegistration
    .
    
    **************************************************************************
    
    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-28 05:58:28
    Windows 6.0.6001 Service Pack 1 NTFS
    
    Procurando processos ocultos ...
    
    Procurando entradas auto inicializáveis ocultas ...
    
    Procurando ficheiros/arquivos ocultos ...
    
    Varredura completada com sucesso
    arquivos/ficheiros ocultos: 0
    
    **************************************************************************
    .
    --------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
    
    PROCESSOS: C:\Windows\Explorer.exe
    -> C:\Program Files\RocketDock\RocketDock.dll
    .
    Tempo para conclusão: 2008-10-28  6:01:14
    ComboFix-quarantined-files.txt  2008-10-28 09:01:01
    
    Pré-execução: 20,514,660,352 bytes disponíveis
    Pós execução: 20,250,406,912 bytes disponíveis
    
    376	--- E O F ---	2008-10-10 21:35:16


    log do hijackthis
    Código:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:07:23, on 28/10/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal
    
    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\RocketDock\RocketDock.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Orbitdownloader\orbitnet.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\conime.exe
    C:\Windows\Explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
    O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Fraps] C:\PROGRAM FILES\FRAPS\FRAPS.EXE
    O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
    O4 - HKCU\..\Run: [nHancer] "C:\Program Files\nHancer\nHancer.exe" /tray
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [NitroPC] "C:\Program Files\NitroPC\NitroPC.exe" -minimized
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')
    O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
    O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
    O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
    O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
    O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
    O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
    O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
    O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix: 
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{52848CA3-2A6C-46D2-BB7C-2BA5F4252D9D}: NameServer = 201.10.1.2 201.10.120.3
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Hamachi Service (HamachiService) - LogMeIn Inc. - C:\Program Files\Hamachi\hamachi.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: nHancer Support (nHancer) - KSE - Korndörfer Software Engineering - C:\Program Files\nHancer\nHancerService.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\BurnAware Professional\nmsaccessu.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    
    --
    End of file - 7539 bytes

  3. #1893
    Parabens pelo Topico Mr.Wolf.
    De cada 3 maquinas que arumo Hoje 2 tem spyware .
    Estou tendo grave problemas em Lan House onde tenho contrato .
    Atualmente qual Anti-spyware e anti -virus,melhor e que nao segure maquina na rede .
    To Usando na maquinas Nod 32 3.0.672.0 Pt( Smart Security).
    Mas muitos jogos em rede ele ta segurando ( tipo Cs, Age of Myt) .
    O que voce Aconselha Mr.Wolf.
    Em antivirus e Anti Spywarer.

  4. #1894
    Ola
    tou usando windows Vista Service Pack 01
    tava tudo normal ate de derepente ficou aparecendo umas msn quando abria uns programas skype cryptload e outro tou vendo ainda.


    Este aplicativo não pode ser iniciado porque não foi encontrado wbemcomn.dll. A reinstalação do aplicativo pode corrigir o problema.

    aparece essa msn!

    tou com medo q podi ser algum virus, sei la, tentei um bocado de coisa e não consegui.

    agradeço deste ja.

    ^^


    Logfile of HijackThis v1.99.1
    Scan saved at 09:59:57, on 28/10/2008
    Platform: Unknown Windows (WinNT 6.00.1905 SP1)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\svchost.exe
    C:\PROGRA~1\GbPlugin\GbpSv.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Fraps\fraps.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\SOUNDMAN.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Arquivos de Programas\NVIDIA Corporation\nTune\nTuneService.exe
    C:\Windows\system32\PnkBstrA.exe
    C:\Windows\system32\PnkBstrB.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\Solid PdfService.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\system32\conime.exe
    C:\Users\Diego\Documents\CryptLoad_1.1.5\CryptLoad .exe
    C:\Windows\explorer.exe
    C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    D:\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\Explo reExtPDF.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll
    O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\Explo reExtPDF.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.11\RivaTunerWrapper.exe" /S
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Arquivos de Programas\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
    O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O13 - Gopher Prefix:
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DL L
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Arquivos de Programas\NVIDIA Corporation\nTune\nTuneService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
    O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\Solid PdfService.exe
    O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)


  5. #1895

    Reiniciando sozinho

    BOM DIA MR.WOLF NOVAMENTE VENHO SOLICITAR SUA AJUDA. MINHA MAQUINHA ACERCA DE 4 DIAS ATRAS VEM REINICIANDO SOZINHO E NAO INICIALIZA O WINDOWS, NOTEI QUE QUANDO ENTRO EM UMA PAGINA ESPECIFICA "PORNO" SALVA NOS MEUS FAVORITOS ELE REINICIA A MAQUINA APENAS QUANDO ENTRO NESSA PAGINA,ONDXE ANTES NUNCA TINHA ACONTECIDO NADA OK....PESSO SUA AJUDA MR.WOLF....BOM DIA A TDOS

  6. #1896
    Data de Ingresso
    Oct 2004
    Localização
    Blumenau/SC
    Posts
    5.391
    Olá Mr. Wolf, tudo bem? Grande trabalho.

    Bom, com certeza minha dúvida já deve ter sido respondida por alguma dessas inúmeras páginas que já tem o tópico, mas, como não achei, vou fazer.

    Como sabemos, atualmente está complicado carregar pendrives em PCs que não sejam seus, de confiança, enfim, existe algum antivírus gratuito que possa ser, digamos, instalado no pendrive de forma que se for conectá-lo em uma máquina infectada para que o mesmo possa barrar a infecção no pendrive???

    Grato professor.
    Vendas realizadas: -Intel Corei7 920 para chantal2007
    - KIT G.Skill 2x1Gb DDR2 800MHz. VENDIDA para (Top)_Gui
    - MSI GTX 260 OC 896mb - VENDIDA para Fins
    - AuzenTech AZT-XPCINE 7.1 Channels PCI Interface X-Plosion 7.1 Cinema - VENDIDA para Terror_Inc.

    - HD5870 Vendida para chantal.

  7. #1897
    Data de Ingresso
    Sep 2008
    Posts
    2.954
    DiegoFarias, já tentou reinstalar esta .dll wbemcomn.dll? Baixe-a no link abaixo e salve na pasta C:\Windows\System32\wbem. Veja se o problema ainda ocorrerá.
    http://www.dlldump.com/download-dll-files.php/dllfiles/W/wbemcomn.dll/download.html

    Em seguida DiegoFarias, acesse este site abaixo:
    http://www.virustotal.com/pt/

    Clique em Arquivo e selecione o arquivo em azul a seguir em seu computador > C:\Windows\system32\wininit.exe. Depois clique em Enviar Arquivo e aguarde. Após isto, copie o link à frente de Permalink e cole-o aqui por gentileza, DiegoFarias.



    _______________________________________________



    NascarBR, delete o Avenger, sua pasta e seu arquivo. Em seguida prossiga como abaixo dentro do spoiler.

    Faça o download do ComboFix e salve-o no desktop;
    OBS: Para que a ferramenta seja executada é necessário que esteja no desktop (área de trabalho)

    " Desative, temporariamente, o antivírus;
    " Feche todas as janelas abertas;
    " Dê um duplo clique no arquivo ComboFix;
    " Na próxima janela clique em Executar e aguarde até que o relatório seja gerado. Se aparecer alguma mensagem, clique em Sim;
    " Caso ocorra algum erro, reinicie o computador em Modo Seguro e repita o procedimento;
    " O ComboFix "poderá" reiniciar o PC automaticamente para completar o processo de remoção.
    " Quando terminar, será gerado um log, que estará em C:\ComboFix.txt.
    " Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, não mova o mouse e não use o teclado, pois senão irá parar e seu desktop ficará em branco.
    " Para parar ou sair do ComboFix, tecle "N".

    Em sua próxima resposta cole o log do ComboFix NascarBR.



    ________________________________________________


    MottaMatheus

    Delete a pasta C:\Qoobox e o arquivo C:\ComboFix.txt. Vá em Iniciar > Executar, digite combofix /u e tecle Enter. Aguarde a remoção do ComboFix.

    - Baixe o RegASSASSIN e salve-o em seu desktop;

    - Dê dois cliques no programa para executá-lo. Selecione e copie o texto abaixo dentro do CODE. Na caixa em branco cole o texto copiado.

    Código:
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2

    Depois clique no botão Delete e feche o programa.

    No mais seu log está limpo MottaMatheus. Há algum problema na máquina ainda?

  8. #1898
    Data de Ingresso
    Sep 2008
    Posts
    2.954
    Citação Postado originalmente por GVSPFC Ver Post
    Olá Mr. Wolf, tudo bem? Grande trabalho.

    Bom, com certeza minha dúvida já deve ter sido respondida por alguma dessas inúmeras páginas que já tem o tópico, mas, como não achei, vou fazer.

    Como sabemos, atualmente está complicado carregar pendrives em PCs que não sejam seus, de confiança, enfim, existe algum antivírus gratuito que possa ser, digamos, instalado no pendrive de forma que se for conectá-lo em uma máquina infectada para que o mesmo possa barrar a infecção no pendrive???

    Grato professor.
    Opa amigo GVSPFC boa tarde, tudo bem. Primeiramente, obrigada pelo professor amigo, que isso - quem me dera!

    Amigo GVSPFC para que isso aconteça, ou seja, quando conectarmos um pen drive em uma máquina um antivirus já detectar, ele tem que estar rodando em tempo real. Mas para um antivirus portable, ou seja, de pen drive, rodar em tempo real, seu pen drive deverá estar rodando um sistema operacional também. Somente assim, o antivirus poderá barrar o vírus do pen drive antes dele se espalhar na máquina, ou vice e versa. Do contrário impossível, infelizmente!

    Existe sim antivirus portable (para pen drives) gratuitos sim meu amigo GVSPFC. Exemplo: Avast, McAfee, ClamWin. Todos estes três possuem portables e gratuitos de praxe. Sem contar que são excelentes antivirus portables, pelo menos.

    Então GVSPFC, sem ter um SO rodando, também no pen drive, será impossível ter um antivirus real-time para detectar a infecção antes mesmo dela passar para a máquina do usuário.
    Sendo assim, o único jeito de barrarmos a transferência do vírus do pen drive para o pc, é desabilitarmos a Reprodução Automática do Windows (AutoRun). Somente assim, o vírus não conseguirá se auto-transferir da mídia para seu computador. Porém, existe um worm que mesmo assim consegue a "façanha" de invadir o seu pc mesmo com o AutoRun desabilitado. Mas é somente um único worm, e complicado de pegá-lo.




    __________________________________________________ ___


    Postado originalmente por MALUNGOMANGUE
    BOM DIA MR.WOLF NOVAMENTE VENHO SOLICITAR SUA AJUDA. MINHA MAQUINHA ACERCA DE 4 DIAS ATRAS VEM REINICIANDO SOZINHO E NAO INICIALIZA O WINDOWS, NOTEI QUE QUANDO ENTRO EM UMA PAGINA ESPECIFICA "PORNO" SALVA NOS MEUS FAVORITOS ELE REINICIA A MAQUINA APENAS QUANDO ENTRO NESSA PAGINA,ONDXE ANTES NUNCA TINHA ACONTECIDO NADA OK....PESSO SUA AJUDA MR.WOLF....BOM DIA A TDOS
    MALUNGOMANGUE, sites pornográficos são "antros de vírus". De cada mil sites pornográficos, os mil possuem vírus.

    Então MALUNGOMANGUE peço que por gentileza, poste um log do HijackThis aqui.

  9. #1899
    Data de Ingresso
    Oct 2004
    Localização
    Blumenau/SC
    Posts
    5.391
    Citação Postado originalmente por Mr.Wolf Ver Post
    Opa amigo GVSPFC boa tarde, tudo bem. Primeiramente, obrigada pelo professor amigo, que isso - quem me dera!

    Amigo GVSPFC para que isso aconteça, ou seja, quando conectarmos um pen drive em uma máquina um antivirus já detectar, ele tem que estar rodando em tempo real. Mas para um antivirus portable, ou seja, de pen drive, rodar em tempo real, seu pen drive deverá estar rodando um sistema operacional também. Somente assim, o antivirus poderá barrar o vírus do pen drive antes dele se espalhar na máquina, ou vice e versa. Do contrário impossível, infelizmente!

    Existe sim antivirus portable (para pen drives) gratuitos sim meu amigo GVSPFC. Exemplo: Avast, McAfee, ClamWin. Todos estes três possuem portables e gratuitos de praxe. Sem contar que são excelentes antivirus portables, pelo menos.

    Então GVSPFC, sem ter um SO rodando, também no pen drive, será impossível ter um antivirus real-time para detectar a infecção antes mesmo dela passar para a máquina do usuário.
    Sendo assim, o único jeito de barrarmos a transferência do vírus do pen drive para o pc, é desabilitarmos a Reprodução Automática do Windows (AutoRun). Somente assim, o vírus não conseguirá se auto-transferir da mídia para seu computador. Porém, existe um worm que mesmo assim consegue a "façanha" de invadir o seu pc mesmo com o AutoRun desabilitado. Mas é somente um único worm, e complicado de pegá-lo.

    Muito obrigado pelos esclarecimentos, e sim, Professor, trabalho digno de professor mesmo.

    Uma dúvida noob, onde desativo a opção de autorun?
    Com ela desativada, digamos que poderia tranquilamente então transferir arquivos entre o pendrive o o HD sem correr riscos? Esses vírus somente são transferidos via autorun, exceto aquele um que você citou?
    Vendas realizadas: -Intel Corei7 920 para chantal2007
    - KIT G.Skill 2x1Gb DDR2 800MHz. VENDIDA para (Top)_Gui
    - MSI GTX 260 OC 896mb - VENDIDA para Fins
    - AuzenTech AZT-XPCINE 7.1 Channels PCI Interface X-Plosion 7.1 Cinema - VENDIDA para Terror_Inc.

    - HD5870 Vendida para chantal.

  10. #1900
    Data de Ingresso
    Dec 2003
    Localização
    São Paulo-SP
    Posts
    5.970

    Triste

    Citação Postado originalmente por Mr.Wolf Ver Post
    NascarBR, delete o Avenger, sua pasta e seu arquivo. Em seguida prossiga como abaixo dentro do spoiler.

    Faça o download do ComboFix e salve-o no desktop;
    OBS: Para que a ferramenta seja executada é necessário que esteja no desktop (área de trabalho)

    " Desative, temporariamente, o antivírus;
    " Feche todas as janelas abertas;
    " Dê um duplo clique no arquivo ComboFix;
    " Na próxima janela clique em Executar e aguarde até que o relatório seja gerado. Se aparecer alguma mensagem, clique em Sim;
    " Caso ocorra algum erro, reinicie o computador em Modo Seguro e repita o procedimento;
    " O ComboFix "poderá" reiniciar o PC automaticamente para completar o processo de remoção.
    " Quando terminar, será gerado um log, que estará em C:\ComboFix.txt.
    " Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, não mova o mouse e não use o teclado, pois senão irá parar e seu desktop ficará em branco.
    " Para parar ou sair do ComboFix, tecle "N".

    Em sua próxima resposta cole o log do ComboFix NascarBR.
    Mr., continuo com o problema de não conseguir passar o COMBOFIX. Seja normal ou em modo de segurança, após a mensagem do horário do relógio, reinicia. Será que o problema é o console de recuperação instalado?
    Ainda estou impossibilitado de usar MSN, Orkut e afins?
    Asus M5A88-M | Athlon II X3 460 3.4GHz BOX | 6GB DDR3 1333 Kingston | Sapphire HD 7750 OC 1GB GDDR5 850/4800 | Samsung HD322HJ 320Gb SATA II | Seventeam ST-350BKV 2.0 | Windows 7 Home Premium X64 SP1 | LED 22" Samsung S22A300B | Virtua 30Mbps
    Notebook Intelbras I331



Marcadores

Permissões de Postagem

  • Você não pode iniciar novos tópicos
  • Você não pode enviar respostas
  • Você não pode enviar anexos
  • Você não pode editar suas mensagens
  • BB Code está Ligado
  • Smilies estão Ligados
  • Código [IMG] está Ligado
  • Código HTML está Desligado



  
ANÁLISES Ver lista completa VIDEOS Ver lista completa NOTÍCIAS Ver lista completa COLUNAS
joaogan 
redacao 
luizf 
redacao 
redacao 
Ver lista completa

CANAIS: TECNOLOGIA | TELECOM | INTERNET | SEGURANÇA | GAMES |

SEÇÕES: NOTÍCIAS | REVIEWS | ENTREVISTAS | COLUNISTAS | COBERTURAS | DOWNLOADS | VÍDEOS | PODCAST | ENQUETES | BIBLIOTECA | PROMOÇÕES | FÓRUM | RSS

A EMPRESA | EQUIPE | PARCEIROS | PUBLICIDADE | FALE CONOSCO | CONDIÇÕES DE USO | POLÍTICA DE PRIVACIDADE

COPYRIGHT © 2001 - 2013 ADRENALINE.COM.BR. TODOS OS DIREITOS RESERVADOS. ADRENALINE É UMA MARCA REGISTRADA DA ADRENALINE FRANQUIAS.