Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Olá pessoal, eu estava visitando um site de notícias hoje, e pediu para usar o flash, dei autorização, então o avast começou a acusar Malware, tentei mandar para a chest mais não resolveu, então imediatamente desliguei a internet para evitar que ele baixe algum outro possível malware, parou, agora liguei a internet e o avast não está mais avisando nada, mais estou na dúvida e peço que por favor façam esta análise.
uma coisa que senti diferente no meu computador foi o gerenciador de tarefas, eu abro ele, ele imediatamente fecha.
Segue o log do hijackthis:
Logfile of Trend Micro HijackThis v2.0.2Scan saved at 19:10:26, on 24/1/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\iTunes\iTunesHelper.exe
C:\WINDOWS\vsnpstd2.exe
C:\Arquivos de programas\Arquivos comuns\Nokia\MPlatform\NokiaMServer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Arquivos de programas\Orbitdownloader\orbitdm.exe
C:\Arquivos de programas\Orbitdownloader\orbitnet.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\xampp\apache\bin\httpd.exe
C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe
C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2.exe
C:\Arquivos de programas\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Hotspot Shield\HssWPR\hsssrv.exe
C:\Arquivos de programas\Hotspot Shield\bin\hsswd.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\xampp\mysql\bin\mysqld.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\xampp\apache\bin\httpd.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\Arquivos de programas\iPod\bin\iPodService.exe
C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Arquivos de programas\Hotspot Shield\bin\openvpntray.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrador\Desktop\Nova pasta\Game_Vip.exe
C:\Arquivos de programas\Radix Priston Tale\Game_Vip.exe
C:\Arquivos de programas\Radix Priston Tale\Game_Player.exe
C:\Documents and Settings\Administrador\Meus documentos\OllyDBG\OLLYDBG.EXE
C:\Arquivos de programas\Radix Priston Tale\Game_Player.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Administrador\Desktop\LEVELEDITOR.exe
C:\Documents and Settings\Administrador\Desktop\LEVELEDITOR.exe
C:\Documents and Settings\Administrador\Desktop\LEVELEDITOR.exe
C:\Documents and Settings\Administrador\Desktop\LEVELEDITOR.exe
C:\Documents and Settings\Administrador\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.baixaki.com.br/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: SHOUTcast Toolbar Search Class - {14f0d511-36a2-41ca-ae01-ba4f87282c97} - C:\Arquivos de programas\SHOUTcast Radio Toolbar\shoutcasttb.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Arquivos de programas\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: SHOUTcast Loader - {ccec60fc-2608-4e58-9659-3ffc159e8ea9} - C:\Arquivos de programas\SHOUTcast Radio Toolbar\shoutcasttb.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Arquivos de programas\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: SHOUTcast Radio Toolbar - {0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} - C:\Arquivos de programas\SHOUTcast Radio Toolbar\shoutcasttb.dll
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [sNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Arquivos de programas\Arquivos comuns\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Arquivos de programas\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:faststart
O4 - HKLM\..\Run: [Downsys] C:\Documents and Settings\All Users\Dados de aplicativos\oindwnx.exe
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: SQLBACKUPZIP.lnk = C:\TEKLIFS\SQLBACKUPZIP.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &SHOUTcast Search - C:\Documents and Settings\All Users\Dados de aplicativos\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Baixar Link Utiizando Gerenciador Mega... - C:\Arquivos de programas\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{55B9FC3D-8E0D-4E23-9BB8-72A77C722F2B}: NameServer = 200.165.132.155,200.165.132.148
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\httpd.exe
O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Arquivos de programas\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Arquivos de programas\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Arquivos de programas\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Arquivos de programas\Hotspot Shield\bin\hsswd.exe
O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 13350 bytes
O link do ComboFix está offline.
>
O link do ComboFix está offline.
Tente novamente mais tarde, pois a ferramenta deve estar passando por atualizações e/ou correções. ;)
Segue o log do ComboFix
ComboFix 10-01-25.06 - Administrador 26/01/2010 10:10:24.1.2 - x86Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.2047.1416 [GMT -3:00]
Executando de: c:\downloads\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Dados de aplicativos\UpApp32.dll
C:\install.exe
c:\windows\Fonts\MyriadPro-Regular.otf
c:\windows\system32\AutoRun.inf
c:\windows\Temp\0238081264507318mcinst.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_OREANS32
-------\Service_oreans32
(((((((((((((((( Arquivos/Ficheiros criados de 2009-12-26 to 2010-01-26 ))))))))))))))))))))))))))))
.
2010-01-26 12:00 . 2010-01-26 12:00 -------- d-----w- c:\windows\LastGood.Tmp
2010-01-26 00:10 . 2010-01-26 00:10 -------- d-----w- c:\arquivos de programas\PhotoZoom Pro 3
2010-01-25 02:14 . 2010-01-26 11:56 -------- d-----w- c:\documents and settings\LocalService\Dados de aplicativos\SACore
2010-01-25 02:13 . 2010-01-25 02:13 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-01-25 02:00 . 2010-01-25 02:00 -------- d-----w- c:\windows\system32\KB905474
2010-01-25 02:00 . 2009-03-11 01:26 1434496 ----a-w- c:\windows\system32\KB905474\wganotifypackageinner.exe
2010-01-25 02:00 . 2009-03-11 01:18 454536 ----a-w- c:\windows\system32\KB905474\wgasetup.exe
2010-01-25 01:46 . 2010-01-25 01:46 -------- d-----w- c:\windows\ServicePackFiles
2010-01-25 01:45 . 2010-01-25 02:04 -------- d-----w- c:\windows\ie8updates
2010-01-25 01:44 . 2010-01-25 01:44 -------- d-----w- c:\arquivos de programas\MSXML 4.0
2010-01-25 01:38 . 2010-01-25 01:38 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SiteAdvisor
2010-01-25 01:38 . 2010-01-25 01:38 -------- d-----w- c:\arquivos de programas\SiteAdvisor
2010-01-25 01:35 . 2009-11-04 19:54 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-01-25 01:35 . 2009-11-04 19:54 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2010-01-25 01:35 . 2009-11-04 19:54 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-01-25 01:35 . 2009-07-16 15:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-01-25 01:34 . 2010-01-25 01:35 -------- d-----w- c:\arquivos de programas\Arquivos comuns\McAfee
2010-01-25 01:34 . 2010-01-25 01:34 -------- d-----w- c:\arquivos de programas\McAfee.com
2010-01-25 01:34 . 2010-01-26 12:00 -------- d-----w- c:\arquivos de programas\McAfee
2010-01-25 01:32 . 2009-11-04 19:53 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2010-01-25 00:45 . 2010-01-25 11:16 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\McAfee
2010-01-24 23:12 . 2010-01-24 23:18 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\GetRightToGo
2010-01-24 23:07 . 2010-01-26 12:06 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-01-24 22:59 . 2009-12-21 19:07 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-01-24 22:59 . 2009-12-21 19:07 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-01-24 22:59 . 2009-12-21 19:07 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-24 22:59 . 2009-12-21 19:07 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-01-24 22:59 . 2009-12-21 19:08 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-01-24 22:59 . 2009-12-21 19:07 11070464 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-01-24 22:55 . 2008-12-11 11:57 333184 ------w- c:\windows\system32\dllcache\srv.sys
2010-01-24 22:53 . 2008-06-14 17:59 272384 ------w- c:\windows\system32\drivers\bthport.sys
2010-01-24 22:53 . 2008-06-14 17:59 272384 ------w- c:\windows\system32\dllcache\bthport.sys
2010-01-24 22:46 . 2009-10-15 17:21 82432 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-01-24 22:44 . 2009-06-21 22:06 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2010-01-24 22:43 . 2009-03-06 14:46 285696 ------w- c:\windows\system32\dllcache\pdh.dll
2010-01-24 22:43 . 2009-02-06 16:39 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2010-01-24 22:43 . 2005-07-26 04:40 60416 ------w- c:\windows\system32\dllcache\colbact.dll
2010-01-24 22:43 . 2009-02-09 10:19 683008 ------w- c:\windows\system32\dllcache\advapi32.dll
2010-01-24 22:43 . 2009-02-09 10:19 473088 ------w- c:\windows\system32\dllcache\fastprox.dll
2010-01-24 22:43 . 2009-02-09 10:19 399360 ------w- c:\windows\system32\dllcache\rpcss.dll
2010-01-24 22:43 . 2009-02-09 10:19 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-01-24 22:43 . 2009-02-09 10:08 111104 ------w- c:\windows\system32\dllcache\services.exe
2010-01-24 22:43 . 2009-02-06 16:54 35328 ------w- c:\windows\system32\dllcache\sc.exe
2010-01-24 22:43 . 2009-02-09 10:19 730624 ------w- c:\windows\system32\dllcache\ntdll.dll
2010-01-24 22:37 . 2009-11-21 16:42 470528 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-24 22:25 . 2008-05-08 12:28 202752 ------w- c:\windows\system32\dllcache\rmcast.sys
2010-01-24 22:24 . 2008-10-24 11:10 453632 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-01-24 22:24 . 2008-05-01 14:32 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2010-01-24 22:24 . 2009-07-10 13:41 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2010-01-24 22:22 . 2008-04-11 18:51 683520 ------w- c:\windows\system32\dllcache\inetcomm.dll
2010-01-24 22:21 . 2009-08-04 17:05 2061952 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-01-24 22:21 . 2009-08-04 17:05 2184576 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-01-24 22:21 . 2009-08-04 17:05 2140160 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-01-24 22:21 . 2009-08-04 17:05 2019840 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-01-24 22:20 . 2009-06-05 07:48 655872 ------w- c:\windows\system32\dllcache\mstscax.dll
2010-01-24 22:18 . 2008-10-15 16:59 332800 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-01-24 22:18 . 2009-07-31 04:59 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2010-01-22 01:06 . 2010-01-22 01:06 -------- d-----w- C:\Hotspot Shield
2010-01-22 01:05 . 2010-01-22 01:06 -------- d-----w- c:\arquivos de programas\Hotspot Shield
2010-01-21 15:51 . 2010-01-21 15:51 -------- d-----w- c:\arquivos de programas\Caseiro
2010-01-21 15:50 . 2010-01-21 15:50 249856 ------w- c:\windows\Setup1.exe
2010-01-21 15:50 . 2010-01-21 15:50 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-01-20 16:15 . 2010-01-20 16:16 -------- d-----w- c:\arquivos de programas\rita
2010-01-13 16:43 . 2010-01-13 16:43 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-01-08 23:42 . 2010-01-08 23:42 37376 ----a-w- c:\windows\system32\drivers\HssDrv.sys
2010-01-08 23:42 . 2010-01-08 23:42 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2010-01-08 19:52 . 2010-01-26 00:45 -------- d-----w- C:\Server_
2010-01-08 18:34 . 2010-01-08 18:35 -------- d-----w- c:\arquivos de programas\Paint.NET
2010-01-08 18:32 . 2010-01-08 18:32 -------- d-----w- c:\documents and settings\Administrador\.thumbnails
2010-01-08 18:30 . 2010-01-08 18:33 -------- d-----w- c:\documents and settings\Administrador\.gimp-2.6
2010-01-07 22:50 . 2010-01-07 22:52 -------- d-----w- c:\windows\system32\Adobe
2010-01-07 17:25 . 2010-01-07 17:25 -------- d-sh--w- c:\documents and settings\Administrador\PrivacIE
2010-01-07 17:20 . 2010-01-07 17:20 -------- d-sh--w- c:\documents and settings\Administrador\IETldCache
2010-01-07 16:45 . 2010-01-07 16:46 -------- dc-h--w- c:\windows\ie8
2010-01-07 16:45 . 2010-01-07 16:46 -------- d-----w- c:\windows\system32\pt-BR
2010-01-07 16:36 . 2010-01-25 17:15 -------- d--h--w- c:\windows\$hf_mig$
2010-01-07 16:36 . 2008-02-26 12:00 294912 ------w- c:\windows\system32\dllcache\msctf.dll
2010-01-07 04:43 . 2010-01-07 04:47 -------- d-----w- c:\arquivos de programas\SQL Server Backup 8
2010-01-07 04:01 . 2010-01-07 04:01 -------- d--h--w- c:\windows\PIF
2010-01-06 05:12 . 2010-01-06 05:12 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SqlBackupAndFtp
2010-01-06 04:50 . 2010-01-20 11:54 -------- d-----w- C:\Backups
2010-01-06 04:34 . 2010-01-14 21:43 -------- d-----w- c:\arquivos de programas\Cobian Backup 9
2010-01-05 23:04 . 2010-01-05 23:04 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-03 01:57 . 2010-01-03 02:00 -------- d-----w- c:\arquivos de programas\Reiluke Tools
2010-01-01 00:43 . 2010-01-01 00:43 -------- d-----w- c:\arquivos de programas\ZaraSoft
2009-12-30 02:33 . 2009-12-30 02:33 -------- d-----w- c:\arquivos de programas\SpacialAudio
2009-12-30 02:33 . 2007-10-16 13:07 442368 ----a-w- c:\windows\system32\GDS32.DLL
2009-12-30 02:33 . 2005-09-23 03:05 626688 ----a-w- c:\windows\system32\msvcr80.dll
2009-12-30 02:33 . 2005-09-23 03:05 548864 ----a-w- c:\windows\system32\msvcp80.dll
2009-12-30 02:33 . 2009-12-30 02:33 -------- d-----w- c:\arquivos de programas\Firebird
2009-12-30 02:17 . 2009-12-30 02:17 -------- d-----w- c:\arquivos de programas\SHOUTcast Radio Toolbar
2009-12-30 02:17 . 2009-12-30 02:17 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SHOUTcast Radio Toolbar
2009-12-30 02:16 . 2009-12-30 02:16 -------- d-----w- c:\arquivos de programas\Winamp Detect
2009-12-29 18:18 . 2009-12-29 19:10 -------- d-----w- C:\compile
2009-12-29 18:17 . 2009-12-29 19:10 -------- d-----w- C:\My Music
2009-12-29 18:15 . 2009-12-29 19:13 5 ----a-w- c:\windows\system32\SySMP3CutJoin.dat
2009-12-29 18:15 . 2003-08-07 17:01 237568 ----a-w- c:\windows\system32\lame_enc.dll
2009-12-29 18:15 . 2002-01-05 17:37 344064 ----a-w- c:\windows\system32\msvcr70.dll
2009-12-29 18:15 . 2009-12-29 18:15 -------- d-----w- c:\arquivos de programas\AudioToolsFactory
2009-12-29 18:11 . 2009-12-29 18:11 -------- d-----w- c:\arquivos de programas\MP3JOINER
2009-12-29 17:09 . 2009-12-29 17:09 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\HP
2009-12-28 05:19 . 2009-12-28 05:20 -------- d-----w- c:\arquivos de programas\Ask.com
2009-12-28 05:19 . 2009-12-28 05:19 -------- d-----w- c:\arquivos de programas\uTorrent
2009-12-28 05:17 . 2010-01-22 02:40 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\uTorrent
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-26 13:16 . 2009-12-03 04:39 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Orbit
2010-01-26 13:15 . 2009-12-20 04:35 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Akamai
2010-01-26 13:15 . 2010-01-26 13:15 -------- d-----w- c:\arquivos de programas\microsoft frontpage
2010-01-26 12:52 . 2009-12-03 11:19 -------- d-----w- c:\arquivos de programas\Radix Priston Tale
2010-01-25 02:03 . 2001-10-28 14:07 98700 ----a-w- c:\windows\system32\perfc016.dat
2010-01-25 02:03 . 2001-10-28 14:07 520636 ----a-w- c:\windows\system32\perfh016.dat
2010-01-24 19:51 . 2009-12-10 01:11 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\FileZilla
2010-01-20 22:44 . 2009-12-03 04:39 -------- d-----w- c:\arquivos de programas\Orbitdownloader
2010-01-16 21:29 . 2009-12-03 18:17 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!
2010-01-16 20:55 . 2009-12-03 13:01 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live
2010-01-09 02:32 . 2009-12-22 14:59 -------- d-----w- c:\arquivos de programas\Nokia
2010-01-09 02:32 . 2009-12-22 15:01 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Nokia
2010-01-08 18:01 . 2009-12-09 17:22 -------- d-----w- c:\arquivos de programas\Google
2010-01-08 17:56 . 2009-12-19 05:29 -------- d-----w- c:\arquivos de programas\ss
2010-01-07 20:41 . 2010-01-07 20:41 1329717 ----a-w- c:\arquivos de programas\richeia.PNG
2010-01-06 18:02 . 2009-12-05 19:36 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\FLEXnet
2010-01-03 05:24 . 2009-12-21 17:48 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Skype
2010-01-03 03:30 . 2009-12-21 17:49 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\skypePM
2010-01-01 19:06 . 2010-01-01 19:05 1407955 ----atw- c:\arquivos de programas\DSC01087.JPG
2010-01-01 18:39 . 2010-01-01 18:35 1497477 ----atw- c:\arquivos de programas\DSC01067.JPG
2010-01-01 18:39 . 2010-01-01 18:35 1368014 ----atw- c:\arquivos de programas\DSC01069.JPG
2010-01-01 18:39 . 2010-01-01 18:35 1413153 ----atw- c:\arquivos de programas\DSC01068.JPG
2010-01-01 18:38 . 2010-01-01 18:35 959701 ----atw- c:\arquivos de programas\DSC01069 cópia.jpg
2009-12-24 16:02 . 2009-12-24 15:27 -------- d-----w- c:\arquivos de programas\Your Freedom
2009-12-24 15:58 . 2009-12-24 15:58 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\ProxyCap
2009-12-24 15:31 . 2009-12-24 15:31 -------- d-----w- c:\arquivos de programas\Proxy Labs
2009-12-24 15:14 . 2009-12-24 14:50 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NexonUS
2009-12-24 15:14 . 2009-12-24 15:14 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Nexon
2009-12-24 14:50 . 2009-12-24 14:50 90112 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\npNxGameUS.dll
2009-12-24 14:50 . 2009-12-24 14:50 561152 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\NGMDll.dll
2009-12-24 14:50 . 2009-12-24 14:50 393216 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\NGMResource.dll
2009-12-24 14:50 . 2009-12-24 14:50 258352 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\unicows.dll
2009-12-24 14:50 . 2009-12-24 14:50 118784 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\nxgameus.dll
2009-12-24 14:50 . 2009-12-24 14:50 167936 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\NGM.exe
2009-12-23 23:39 . 2009-12-23 23:39 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Nseries
2009-12-23 23:30 . 2009-12-22 15:05 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Nokia
2009-12-23 23:18 . 2009-12-22 15:12 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\PC Suite
2009-12-23 23:17 . 2009-12-23 23:17 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-12-23 22:56 . 2009-12-23 22:56 -------- d-----w- c:\arquivos de programas\PC Connectivity Solution
2009-12-23 22:55 . 2009-12-23 22:55 95232 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe
2009-12-23 22:55 . 2009-12-23 22:55 8192 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe
2009-12-23 22:55 . 2009-12-23 22:55 61440 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-12-23 22:55 . 2009-12-23 22:55 10240 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe
2009-12-23 22:54 . 2009-12-23 22:54 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Installations
2009-12-23 22:45 . 2009-12-23 22:45 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Nokia
2009-12-23 18:02 . 2009-12-23 18:02 -------- d-----w- c:\arquivos de programas\LogMeIn Hamachi
2009-12-23 14:21 . 2009-12-23 14:21 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-12-23 14:21 . 2009-12-23 14:21 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-12-22 20:56 . 2009-12-12 23:13 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Apple Computer
2009-12-22 15:35 . 2009-12-22 14:59 -------- d-----w- c:\arquivos de programas\DIFX
2009-12-22 15:20 . 2009-12-22 15:19 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\PC Suite
2009-12-22 15:19 . 2009-12-22 15:19 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-12-22 15:19 . 2009-12-22 15:19 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-12-22 15:03 . 2009-12-22 15:03 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NokiaMusic
2009-12-22 15:03 . 2009-12-22 15:02 -------- d-----w- c:\arquivos de programas\Arquivos comuns\muvee Technologies
2009-12-22 14:53 . 2009-12-22 14:53 -------- d-----w- c:\arquivos de programas\MSBuild
2009-12-22 14:53 . 2009-12-22 14:53 -------- d-----w- c:\arquivos de programas\Reference Assemblies
2009-12-22 14:50 . 2009-12-22 14:50 -------- d-----w- c:\arquivos de programas\MSXML 6.0
2009-12-21 19:08 . 2004-08-04 02:45 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-21 17:49 . 2009-12-21 17:49 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-21 17:48 . 2009-12-21 17:47 -------- d-----r- c:\arquivos de programas\Skype
2009-12-21 17:47 . 2009-12-21 17:47 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Skype
2009-12-21 17:47 . 2009-12-21 17:47 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Skype
2009-12-20 12:20 . 2009-12-05 10:05 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe
2009-12-19 18:36 . 2009-12-19 18:36 33824 ----a-w- c:\windows\system32\drivers\oreans32.sys
2009-12-19 18:23 . 2009-12-19 18:23 -------- d-----w- c:\arquivos de programas\MU Season 4
2009-12-19 05:10 . 2009-12-18 03:06 -------- d-----w- c:\arquivos de programas\KYE
2009-12-19 05:10 . 2009-12-19 05:10 -------- d-----w- c:\arquivos de programas\Arquivos comuns\snpstd2
2009-12-19 05:09 . 2009-12-03 03:19 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information
2009-12-17 03:09 . 2009-12-17 03:08 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack
2009-12-17 02:56 . 2009-12-17 02:56 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Media Player Classic
2009-12-17 01:55 . 2009-12-17 01:55 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Megaupload
2009-12-17 01:51 . 2009-12-17 01:51 -------- d-----w- c:\arquivos de programas\Megaupload
2009-12-17 01:51 . 2009-12-17 01:51 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\InstallShield
2009-12-13 21:57 . 2009-12-13 21:57 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help
2009-12-13 21:54 . 2009-12-09 14:52 -------- d-----w- c:\arquivos de programas\Microsoft.NET
2009-12-13 21:54 . 2009-12-13 21:52 -------- d-----w- c:\arquivos de programas\Microsoft SQL Server
2009-12-13 05:38 . 2009-12-12 23:10 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple
2009-12-12 23:13 . 2009-12-12 23:12 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-12 23:13 . 2009-12-12 23:12 -------- d-----w- c:\arquivos de programas\iTunes
2009-12-12 23:12 . 2009-12-12 23:12 -------- d-----w- c:\arquivos de programas\iPod
2009-12-12 23:12 . 2009-12-12 23:10 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Apple
2009-12-12 23:12 . 2009-12-12 23:11 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer
2009-12-12 23:12 . 2009-12-12 23:12 -------- d-----w- c:\arquivos de programas\Bonjour
2009-12-12 23:11 . 2009-12-12 23:11 -------- d-----w- c:\arquivos de programas\QuickTime
2009-12-12 23:11 . 2009-12-12 23:11 -------- d-----w- c:\arquivos de programas\Apple Software Update
2009-12-12 04:40 . 2009-12-12 04:40 -------- d-----w- c:\arquivos de programas\WoW-2.3.0.7561-enUS
2009-12-12 04:39 . 2009-12-12 04:39 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Blizzard Entertainment
2009-12-12 04:20 . 2009-12-12 04:20 -------- d-----w- c:\arquivos de programas\BreakPoint Software
2009-12-11 18:00 . 2009-12-17 03:08 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-12-11 17:55 . 2009-12-11 17:55 -------- d-----w- c:\arquivos de programas\CCleaner
2009-12-10 01:11 . 2009-12-10 01:11 -------- d-----w- c:\arquivos de programas\FileZilla FTP Client
2009-12-07 04:23 . 2009-12-07 04:23 177024 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\x0ye2gvo.default\FlashGot.exe
2009-12-06 22:08 . 2009-12-06 21:57 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\TeamViewer
2009-12-06 21:57 . 2009-12-06 21:57 -------- d-----w- c:\arquivos de programas\TeamViewer
2009-12-05 13:48 . 2009-12-05 13:48 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\{29DE7D8A-76E9-40C8-AD3B-3D95E76E1227}
2009-12-05 13:48 . 2009-12-05 13:48 -------- d-----w- c:\arquivos de programas\LiveZilla
2009-12-05 13:16 . 2009-12-05 13:16 -------- d-----w- c:\arquivos de programas\Adobe Media Player
2009-12-05 13:11 . 2009-12-05 13:11 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe AIR
2009-12-05 10:07 . 2009-12-05 10:07 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Macrovision Shared
.
------- Sigcheck -------
[-] 2008-04-14 . 3DBE0D011E911AADFB6ED17EDC525066 . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\wscntfy.exe
[-] 2008-04-14 . 698F9583D1EB213B09F12DD5826A46E2 . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\sfcfiles.dll
[-] 2007-03-11 . B23D1FC94C037AE5F0E05A78B52596A4 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
c:\windows\System32\wscntfy.exe ... está faltando !!
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
Nota entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{14f0d511-36a2-41ca-ae01-ba4f87282c97}"= "c:\arquivos de programas\SHOUTcast Radio Toolbar\shoutcasttb.dll" [2008-09-17 1275176]
[HKEY_CLASSES_ROOT\clsid\{14f0d511-36a2-41ca-ae01-ba4f87282c97}]
[HKEY_CLASSES_ROOT\SHOUTcastTb.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{8613efdf-b530-4b1d-b970-b09f99977813}]
[HKEY_CLASSES_ROOT\SHOUTcastTb.AOLTBSearch]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-09-02 17:56 1175944 ----a-w- c:\arquivos de programas\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2010-01-22 01:05 220208 ----a-w- c:\arquivos de programas\Hotspot Shield\hssie\HssIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\arquivos de programas\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\arquivos de programas\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\arquivos de programas\Arquivos comuns\Nokia\MPlatform\NokiaMServer" [X]
"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-20 110184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-20 12669544]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]
"AdobeCS4ServiceManager"="c:\arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"QuickTime Task"="c:\arquivos de programas\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\arquivos de programas\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-06-10 286720]
"NokiaMusic FastStart"="c:\arquivos de programas\Nokia\Ovi Player\NokiaOviPlayer.exe" [2009-11-06 2090272]
"mcagent_exe"="c:\arquivos de programas\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"McENUI"="c:\arquiv~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="c:\windows\system32\sti_ci.dll" [2004-08-04 137216]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]
c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Orbit.lnk - c:\arquivos de programas\Orbitdownloader\orbitdm.exe [2009-12-3 1785104]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=
"c:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=
"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\xampp\\apache\\bin\\httpd.exe"=
"c:\\Arquivos de programas\\Arquivos comuns\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Arquivos de programas\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=
"c:\\Arquivos de programas\\iTunes\\iTunes.exe"=
"c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"=
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\\Nexon\\Combat Arms\\NMService.exe"=
"c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Server\\servidorpt.exe"=
"c:\\Server\\Serverteste.exe"=
"c:\\Nexon\\Combat Arms\\Engine.exe"=
"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=
"c:\\Arquivos de programas\\SpacialAudio\\SAMBC\\SAMBC.exe"=
"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
"c:\\Server\\Server Radix PT.exe"=
"c:\\Server\\Itens sem replace.exe"=
"c:\\Arquivos de programas\\LiveZilla\\LiveZilla Server Admin.exe"=
"c:\\Arquivos de programas\\Arquivos comuns\\McAfee\\MNA\\McNASvc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [3/8/2004 23:45 14336]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [9/12/2008 20:10 24636]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe -s DefaultInstance --> c:\arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe -s DefaultInstance [?]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\arquivos de programas\LogMeIn Hamachi\hamachi-2.exe [29/10/2009 12:27 1074568]
R2 HssWd;Hotspot Shield Monitoring Service;c:\arquivos de programas\Hotspot Shield\bin\hsswd.exe [8/1/2010 20:42 285744]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\arquivos de programas\McAfee\SiteAdvisor\McSACore.exe [24/1/2010 22:37 93320]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance --> c:\arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance [?]
S2 0238081264507318mcinstcleanup;McAfee Application Installer Cleanup (0238081264507318);c:\windows\TEMP\023808~1.EXE c:\arquiv~1\ARQUIV~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\023808~1.EXE c:\arquiv~1\ARQUIV~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
--- =Outros Serviços/Drivers Na Memória ---
NewlyCreated - 0238081264507318MCINSTCLEANUP
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
Conteúdo da pasta 'Tarefas Agendadas'
2010-01-22 c:\windows\Tasks\AppleSoftwareUpdate.job
2010-01-25 c:\windows\Tasks\McDefragTask.job
2010-01-25 c:\windows\Tasks\McQcTask.job
2010-01-26 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
2010-01-26 c:\windows\Tasks\WGASetup.job
.
.
------- Scan Suplementar -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.baixaki.com.br/
uInternet Settings,ProxyOverride = local
IE: &Download by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204
IE: &SHOUTcast Search - c:\documents and settings\All Users\Dados de aplicativos\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Baixar Link Utiizando Gerenciador Mega... - c:\arquivos de programas\Megaupload\Mega Manager\mm_file.htm
IE: Do&wnload selected by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {55B9FC3D-8E0D-4E23-9BB8-72A77C722F2B} = 200.165.132.155,200.165.132.148
FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\x0ye2gvo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-chromesbox-en-us&query=
FF - prefs.js: browser.search.selectedEngine - Winamp Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-ab-en-us&query=
FF - component: c:\arquivos de programas\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\x0ye2gvo.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\npNxGameUS.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "[http://www.firefox.com"](http://www.firefox.com));
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.HKLM-Run-nwiz - nwiz.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-26 10:18
Windows 5.1.2600 Service Pack 2 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Arquivos de programas/Arquivos comuns/Akamai/rswin_3629.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Arquivos de programas/Arquivos comuns/Akamai/rswin_3629.dll"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
[HKEY_USERS\S-1-5-21-861567501-776561741-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4b,4e,74,43,7c,77,25,41,8f,66,e6,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4b,4e,74,43,7c,77,25,41,8f,66,e6,\
[HKEY_USERS\S-1-5-21-861567501-776561741-682003330-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2924D6B4-1F3F-1324-2880-8F6794EA3A87}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iacmccbefaciogbjnj"=hex:6b,61,67,70,68,70,6f,67,64,6f,61,69,6f,6d,6c,70,6f,70,
6f,6d,6f,6c,00,00
"hammikphmnajjplm"=hex:69,61,67,70,69,6f,61,6b,70,61,6d,6a,6d,64,70,6b,68,69,
00,00
"iagnckoljnhplbnlae"=hex:63,61,65,70,70,66,00,7c
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\RTHDCPL.EXE
c:\arquivos de programas\Arquivos comuns\Nokia\MPlatform\NokiaMServer.exe
c:\arquivos de programas\Orbitdownloader\orbitnet.exe
c:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\arquivos de programas\Bonjour\mDNSResponder.exe
c:\arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe
c:\arquivos de programas\Hotspot Shield\bin\openvpnas.exe
c:\arquivos de programas\Hotspot Shield\HssWPR\hsssrv.exe
c:\arquivos de programas\Java\jre6\bin\jqs.exe
c:\arquiv~1\McAfee\MSC\mcmscsvc.exe
c:\arquiv~1\ARQUIV~1\mcafee\mna\mcnasvc.exe
c:\arquiv~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe
c:\arquiv~1\McAfee\VIRUSS~1\mcshield.exe
c:\arquivos de programas\McAfee\MPF\MPFSrv.exe
c:\arquivos de programas\McAfee\MSK\MskSrver.exe
c:\arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\xampp\mysql\bin\mysqld.exe
c:\arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe
c:\arquivos de programas\iPod\bin\iPodService.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\arquivos de programas\Hotspot Shield\bin\openvpntray.exe
c:\arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Tempo para conclusão: 2010-01-26 10:23:51 - Máquina reiniciou
ComboFix-quarantined-files.txt 2010-01-26 13:23
Pré-execução: 20 pasta(s) 96.433.152.000 bytes disponíveis
Pós execução: 22 pasta(s) 96.353.206.272 bytes disponíveis
WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
Opa Eиcrypted,
Siga as instruções:
1. Abra o Bloco de Notas -> Copie (Control + C) e Cole (Control + V) todo o texto incluído no "Quote":
File::c:\windows\system32\ezsidmv.dat
Folder::
c:\arquivos de programas\Ask.com
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 1 (0x1)
RegLock::
[HKEY_USERS\S-1-5-21-861567501-776561741-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
RegNull::
[HKEY_USERS\S-1-5-21-861567501-776561741-682003330-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2924D6B4-1F3F-1324-2880-8F6794EA3A87}*]
ATENÇÃO: O script acima foi elaborado especificamente para a infecção contida neste computador. Utilizá-lo em outra máquina poderá originar graves problemas ao usuário.
-
2. Salve o arquivo como CFScript.txt;
3. Tal como exemplificado na foto abaixo, arraste o arquivo CFScript.txt para o ComboFix.exe.
/applications/core/interface/imageproxy/imageproxy.php?img=http://virus-protect.org/artikel/bilder/cfscript.gif&key=9b762e2062a60b210b24ca6bb45677b226357ecae5fca060027ef09f35e03016" alt="cfscript.gif" />
4. Ao término do processo a ferramenta irá gerar um log. Poste-o (C:\ComboFix.txt) em sua próxima resposta, juntamente com um novo log do HijackThis.
Abraços.
ComboFix
ComboFix 10-01-25.06 - Administrador 01/02/2010 20:41:06.2.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2047.1380 [GMT -3:00]
Executando de: c:\downloads\ComboFix.exe
Comandos utilizados :: c:\documents and settings\Administrador\Desktop\CFScript.txt
AV: McAfee VirusScan On-access scanning disabled (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall enabled {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FILE ::
"c:\windows\system32\ezsidmv.dat"
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\arquivos de programas\Ask.com
c:\arquivos de programas\Ask.com\cobrand.ico
c:\arquivos de programas\Ask.com\config.xml
c:\arquivos de programas\Ask.com\favicon.ico
c:\arquivos de programas\Ask.com\GenericAskToolbar.dll
c:\arquivos de programas\Ask.com\mupcfg.xml
c:\arquivos de programas\Ask.com\SaUpdate.exe
c:\arquivos de programas\Ask.com\UpdateTask.exe
c:\windows\system32\avg.bat
c:\windows\system32\ezsidmv.dat
.
(((((((((((((((( Arquivos/Ficheiros criados de 2010-01-01 to 2010-02-01 ))))))))))))))))))))))))))))
.
2010-02-01 22:09 . 2010-02-01 22:09 -------- d-----w- c:\arquivos de programas\MP3SPLITTER
2010-02-01 20:03 . 2010-02-01 20:03 -------- d-----w- c:\windows\LastGood
2010-02-01 20:03 . 2010-02-01 20:03 -------- d-----w- c:\arquivos de programas\Arquivos comuns\PCSuite
2010-02-01 19:56 . 2009-12-10 10:09 24424120 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\NokiaSoftwareUpdaterSetup_pt_br.exe
2010-02-01 19:56 . 2010-02-01 19:56 36864 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\Sleep.exe
2010-02-01 19:56 . 2010-02-01 19:56 3351812 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\msxml6Exec.exe
2010-02-01 19:56 . 2010-02-01 19:56 3203453 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\vcredistExec.exe
2010-02-01 11:40 . 2010-02-01 11:41 -------- d-----w- C:\LinhaDefensiva
2010-02-01 11:28 . 2010-02-01 11:28 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Malwarebytes
2010-02-01 11:28 . 2010-01-07 19:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-01 11:28 . 2010-02-01 11:28 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware
2010-02-01 11:28 . 2010-02-01 11:28 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes
2010-02-01 11:28 . 2010-01-07 19:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-31 18:02 . 2010-01-31 18:02 2558976 --sh--w- c:\windows\system32\kill.exe
2010-01-31 18:01 . 2010-01-31 18:01 -------- d-----w- c:\windows\system32\log
2010-01-31 18:01 . 2010-01-31 18:01 1127936 ----a-w- c:\windows\system32\auto_msn.exe
2010-01-30 14:32 . 2010-01-30 14:32 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\RoboForm
2010-01-30 14:32 . 2010-01-30 14:32 -------- d-----w- c:\arquivos de programas\Siber Systems
2010-01-29 00:48 . 2010-01-29 00:48 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Canneverbe_Limited
2010-01-29 00:48 . 2010-01-29 00:48 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Canneverbe Limited
2010-01-29 00:48 . 2009-11-12 16:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2010-01-29 00:48 . 2010-01-29 00:48 -------- d-----w- c:\arquivos de programas\CDBurnerXP
2010-01-28 08:58 . 2008-05-09 10:55 180224 ------w- c:\windows\system32\dllcache\scrobj.dll
2010-01-28 08:58 . 2008-05-09 10:55 90112 ------w- c:\windows\system32\dllcache\wshext.dll
2010-01-28 08:58 . 2008-05-09 10:55 172032 ------w- c:\windows\system32\dllcache\scrrun.dll
2010-01-28 08:58 . 2008-05-09 08:45 135168 ------w- c:\windows\system32\dllcache\cscript.exe
2010-01-28 08:58 . 2008-05-08 11:24 155648 ------w- c:\windows\system32\dllcache\wscript.exe
2010-01-27 10:19 . 2010-01-27 10:19 -------- d-----w- c:\windows\l2schemas
2010-01-27 10:19 . 2010-01-27 10:19 -------- d-----w- c:\windows\system32\bits
2010-01-27 10:12 . 2010-01-27 10:20 -------- d-----w- c:\windows\EHome
2010-01-26 23:45 . 2010-01-27 00:25 -------- d-----w- c:\arquivos de programas\Journal Macro
2010-01-26 15:14 . 2010-01-28 13:56 -------- d-----w- c:\arquivos de programas\Steam
2010-01-26 00:10 . 2010-01-26 00:10 -------- d-----w- c:\arquivos de programas\PhotoZoom Pro 3
2010-01-25 02:54 . 2004-08-04 01:29 25471 ------w- c:\windows\system32\drivers\watv10nt.sys
2010-01-25 02:54 . 2004-08-04 01:29 22271 ------w- c:\windows\system32\drivers\watv06nt.sys
2010-01-25 02:54 . 2004-08-04 01:29 11935 ------w- c:\windows\system32\drivers\wadv11nt.sys
2010-01-25 02:54 . 2004-08-04 01:29 11871 ------w- c:\windows\system32\drivers\wadv09nt.sys
2010-01-25 02:54 . 2004-08-04 01:29 11807 ------w- c:\windows\system32\drivers\wadv07nt.sys
2010-01-25 02:54 . 2004-08-04 01:29 11295 ------w- c:\windows\system32\drivers\wadv08nt.sys
2010-01-25 02:54 . 2004-08-04 01:29 166912 ------w- c:\windows\system32\drivers\s3gnbm.sys
2010-01-25 02:54 . 2004-08-04 01:29 452736 ------w- c:\windows\system32\drivers\mtxparhm.sys
2010-01-25 02:14 . 2010-01-26 11:56 -------- d-----w- c:\documents and settings\LocalService\Dados de aplicativos\SACore
2010-01-25 02:13 . 2010-01-25 02:13 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-01-25 02:00 . 2010-01-25 02:00 -------- d-----w- c:\windows\system32\KB905474
2010-01-25 02:00 . 2009-03-11 01:26 1434496 ----a-w- c:\windows\system32\KB905474\wganotifypackageinner.exe
2010-01-25 02:00 . 2009-03-11 01:18 454536 ----a-w- c:\windows\system32\KB905474\wgasetup.exe
2010-01-25 01:46 . 2010-01-27 10:16 -------- d-----w- c:\windows\ServicePackFiles
2010-01-25 01:45 . 2010-01-25 02:04 -------- d-----w- c:\windows\ie8updates
2010-01-25 01:44 . 2010-01-25 01:44 -------- d-----w- c:\arquivos de programas\MSXML 4.0
2010-01-25 01:38 . 2010-01-25 01:38 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SiteAdvisor
2010-01-25 01:38 . 2010-01-25 01:38 -------- d-----w- c:\arquivos de programas\SiteAdvisor
2010-01-25 01:35 . 2009-11-04 19:54 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-01-25 01:35 . 2009-11-04 19:54 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2010-01-25 01:35 . 2009-11-04 19:54 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-01-25 01:35 . 2009-07-16 15:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-01-25 01:34 . 2010-01-25 01:35 -------- d-----w- c:\arquivos de programas\Arquivos comuns\McAfee
2010-01-25 01:34 . 2010-01-25 01:34 -------- d-----w- c:\arquivos de programas\McAfee.com
2010-01-25 01:34 . 2010-01-26 12:00 -------- d-----w- c:\arquivos de programas\McAfee
2010-01-25 01:32 . 2009-11-04 19:53 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2010-01-25 00:45 . 2010-01-25 11:16 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\McAfee
2010-01-24 23:12 . 2010-01-24 23:18 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\GetRightToGo
2010-01-24 22:59 . 2009-12-21 19:07 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-01-24 22:59 . 2009-12-21 19:07 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-01-24 22:59 . 2009-12-21 19:07 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-24 22:59 . 2009-12-21 19:07 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-01-24 22:59 . 2009-12-21 19:08 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-01-24 22:59 . 2009-12-21 19:07 11070464 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-01-24 22:55 . 2008-12-11 10:57 333952 ------w- c:\windows\system32\dllcache\srv.sys
2010-01-24 22:53 . 2008-06-14 17:34 272384 ------w- c:\windows\system32\dllcache\bthport.sys
2010-01-24 22:53 . 2008-06-14 17:34 272384 ------w- c:\windows\system32\drivers\bthport.sys
2010-01-24 22:46 . 2009-10-15 16:32 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-01-24 22:46 . 2009-10-15 16:32 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-01-24 22:44 . 2009-06-21 21:48 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2010-01-24 22:37 . 2009-11-21 15:58 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-24 22:25 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2010-01-24 22:24 . 2008-10-24 11:21 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-01-24 22:24 . 2008-05-01 14:36 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2010-01-24 22:24 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2010-01-24 22:22 . 2008-04-11 19:05 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll
2010-01-24 22:20 . 2009-06-10 12:21 2066432 ------w- c:\windows\system32\dllcache\mstscax.dll
2010-01-24 22:18 . 2008-10-15 16:36 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-01-24 22:18 . 2009-07-31 04:33 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2010-01-22 01:06 . 2010-01-30 18:21 -------- d-----w- C:\Hotspot Shield
2010-01-21 15:51 . 2010-01-21 15:51 -------- d-----w- c:\arquivos de programas\Caseiro
2010-01-21 15:50 . 2010-01-21 15:50 249856 ------w- c:\windows\Setup1.exe
2010-01-21 15:50 . 2010-01-21 15:50 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-01-20 16:15 . 2010-01-20 16:16 -------- d-----w- c:\arquivos de programas\rita
2010-01-13 16:43 . 2010-01-13 16:43 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-01-08 23:42 . 2010-01-08 23:42 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2010-01-08 19:52 . 2010-01-26 00:45 -------- d-----w- C:\Server_
2010-01-08 18:34 . 2010-01-08 18:35 -------- d-----w- c:\arquivos de programas\Paint.NET
2010-01-08 18:32 . 2010-01-08 18:32 -------- d-----w- c:\documents and settings\Administrador\.thumbnails
2010-01-08 18:30 . 2010-01-08 18:33 -------- d-----w- c:\documents and settings\Administrador\.gimp-2.6
2010-01-07 22:50 . 2010-01-07 22:52 -------- d-----w- c:\windows\system32\Adobe
2010-01-07 17:25 . 2010-01-07 17:25 -------- d-sh--w- c:\documents and settings\Administrador\PrivacIE
2010-01-07 17:20 . 2010-01-07 17:20 -------- d-sh--w- c:\documents and settings\Administrador\IETldCache
2010-01-07 16:45 . 2010-01-27 10:19 -------- d-----w- c:\windows\system32\pt-BR
2010-01-07 16:45 . 2010-01-07 16:46 -------- dc-h--w- c:\windows\ie8
2010-01-07 16:36 . 2010-01-28 10:51 -------- d--h--w- c:\windows\$hf_mig$
2010-01-07 04:43 . 2010-01-07 04:47 -------- d-----w- c:\arquivos de programas\SQL Server Backup 8
2010-01-07 04:01 . 2010-02-01 11:57 -------- d--h--w- c:\windows\PIF
2010-01-06 05:12 . 2010-01-06 05:12 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SqlBackupAndFtp
2010-01-06 04:50 . 2010-01-20 11:54 -------- d-----w- C:\Backups
2010-01-06 04:34 . 2010-01-14 21:43 -------- d-----w- c:\arquivos de programas\Cobian Backup 9
2010-01-05 23:04 . 2010-01-05 23:04 664 ----a-w- c:\windows\system32\d3d9caps.dat
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-01 23:28 . 2009-12-20 04:35 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Akamai
2010-02-01 22:09 . 2009-12-03 04:39 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Orbit
2010-02-01 20:05 . 2009-12-22 15:05 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Nokia
2010-02-01 20:03 . 2009-12-22 15:01 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Nokia
2010-02-01 20:03 . 2009-12-22 14:59 -------- d-----w- c:\arquivos de programas\Nokia
2010-02-01 19:55 . 2009-12-23 22:54 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Installations
2010-02-01 00:24 . 2009-12-03 11:19 -------- d-----w- c:\arquivos de programas\Radix Priston Tale
2010-01-28 02:19 . 2009-12-12 23:13 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Apple Computer
2010-01-26 13:15 . 2010-01-26 13:15 -------- d-----w- c:\arquivos de programas\microsoft frontpage
2010-01-25 02:03 . 2001-10-28 14:07 98700 ----a-w- c:\windows\system32\perfc016.dat
2010-01-25 02:03 . 2001-10-28 14:07 520636 ----a-w- c:\windows\system32\perfh016.dat
2010-01-24 19:51 . 2009-12-10 01:11 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\FileZilla
2010-01-22 02:40 . 2009-12-28 05:17 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\uTorrent
2010-01-20 22:44 . 2009-12-03 04:39 -------- d-----w- c:\arquivos de programas\Orbitdownloader
2010-01-16 21:29 . 2009-12-03 18:17 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!
2010-01-16 20:55 . 2009-12-03 13:01 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live
2010-01-08 18:01 . 2009-12-09 17:22 -------- d-----w- c:\arquivos de programas\Google
2010-01-08 17:56 . 2009-12-19 05:29 -------- d-----w- c:\arquivos de programas\ss
2010-01-07 20:41 . 2010-01-07 20:41 1329717 ----a-w- c:\arquivos de programas\richeia.PNG
2010-01-06 18:02 . 2009-12-05 19:36 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\FLEXnet
2010-01-03 05:24 . 2009-12-21 17:48 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Skype
2010-01-03 03:30 . 2009-12-21 17:49 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\skypePM
2010-01-01 19:06 . 2010-01-01 19:05 1407955 ----atw- c:\arquivos de programas\DSC01087.JPG
2010-01-01 18:39 . 2010-01-01 18:35 1497477 ----atw- c:\arquivos de programas\DSC01067.JPG
2010-01-01 18:39 . 2010-01-01 18:35 1368014 ----atw- c:\arquivos de programas\DSC01069.JPG
2010-01-01 18:39 . 2010-01-01 18:35 1413153 ----atw- c:\arquivos de programas\DSC01068.JPG
2010-01-01 18:38 . 2010-01-01 18:35 959701 ----atw- c:\arquivos de programas\DSC01069 cópia.jpg
2010-01-01 00:43 . 2010-01-01 00:43 -------- d-----w- c:\arquivos de programas\ZaraSoft
2009-12-30 02:33 . 2009-12-30 02:33 -------- d-----w- c:\arquivos de programas\SpacialAudio
2009-12-30 02:33 . 2009-12-30 02:33 -------- d-----w- c:\arquivos de programas\Firebird
2009-12-30 02:17 . 2009-12-30 02:17 -------- d-----w- c:\arquivos de programas\SHOUTcast Radio Toolbar
2009-12-30 02:17 . 2009-12-30 02:17 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SHOUTcast Radio Toolbar
2009-12-30 02:16 . 2009-12-30 02:16 -------- d-----w- c:\arquivos de programas\Winamp Detect
2009-12-29 19:13 . 2009-12-29 18:15 5 ----a-w- c:\windows\system32\SySMP3CutJoin.dat
2009-12-29 18:15 . 2009-12-29 18:15 -------- d-----w- c:\arquivos de programas\AudioToolsFactory
2009-12-29 18:11 . 2009-12-29 18:11 -------- d-----w- c:\arquivos de programas\MP3JOINER
2009-12-29 17:09 . 2009-12-29 17:09 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\HP
2009-12-28 05:19 . 2009-12-28 05:19 -------- d-----w- c:\arquivos de programas\uTorrent
2009-12-24 16:02 . 2009-12-24 15:27 -------- d-----w- c:\arquivos de programas\Your Freedom
2009-12-24 15:58 . 2009-12-24 15:58 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\ProxyCap
2009-12-24 15:31 . 2009-12-24 15:31 -------- d-----w- c:\arquivos de programas\Proxy Labs
2009-12-24 15:14 . 2009-12-24 14:50 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NexonUS
2009-12-24 15:14 . 2009-12-24 15:14 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Nexon
2009-12-24 14:50 . 2009-12-24 14:50 90112 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\npNxGameUS.dll
2009-12-24 14:50 . 2009-12-24 14:50 561152 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\NGMDll.dll
2009-12-24 14:50 . 2009-12-24 14:50 393216 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\NGMResource.dll
2009-12-24 14:50 . 2009-12-24 14:50 258352 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\unicows.dll
2009-12-24 14:50 . 2009-12-24 14:50 118784 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\nxgameus.dll
2009-12-24 14:50 . 2009-12-24 14:50 167936 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\NGM.exe
2009-12-23 23:39 . 2009-12-23 23:39 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Nseries
2009-12-23 23:18 . 2009-12-22 15:12 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\PC Suite
2009-12-23 23:17 . 2009-12-23 23:17 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-12-23 22:56 . 2009-12-23 22:56 -------- d-----w- c:\arquivos de programas\PC Connectivity Solution
2009-12-23 22:55 . 2009-12-23 22:55 95232 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe
2009-12-23 22:55 . 2009-12-23 22:55 8192 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe
2009-12-23 22:55 . 2009-12-23 22:55 61440 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-12-23 22:55 . 2009-12-23 22:55 10240 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe
2009-12-23 22:45 . 2009-12-23 22:45 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Nokia
2009-12-23 18:02 . 2009-12-23 18:02 -------- d-----w- c:\arquivos de programas\LogMeIn Hamachi
2009-12-23 14:21 . 2009-12-23 14:21 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-12-23 14:21 . 2009-12-23 14:21 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-12-22 15:35 . 2009-12-22 14:59 -------- d-----w- c:\arquivos de programas\DIFX
2009-12-22 15:20 . 2009-12-22 15:19 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\PC Suite
2009-12-22 15:19 . 2009-12-22 15:19 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-12-22 15:19 . 2009-12-22 15:19 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-12-22 15:03 . 2009-12-22 15:03 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NokiaMusic
2009-12-22 15:03 . 2009-12-22 15:02 -------- d-----w- c:\arquivos de programas\Arquivos comuns\muvee Technologies
2009-12-22 14:53 . 2009-12-22 14:53 -------- d-----w- c:\arquivos de programas\MSBuild
2009-12-22 14:53 . 2009-12-22 14:53 -------- d-----w- c:\arquivos de programas\Reference Assemblies
2009-12-22 14:50 . 2009-12-22 14:50 -------- d-----w- c:\arquivos de programas\MSXML 6.0
2009-12-21 19:08 . 2004-08-04 02:45 916480 ------w- c:\windows\system32\wininet.dll
2009-12-21 17:48 . 2009-12-21 17:47 -------- d-----r- c:\arquivos de programas\Skype
2009-12-21 17:47 . 2009-12-21 17:47 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Skype
2009-12-21 17:47 . 2009-12-21 17:47 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Skype
2009-12-20 12:20 . 2009-12-05 10:05 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe
2009-12-19 18:36 . 2009-12-19 18:36 33824 ----a-w- c:\windows\system32\drivers\oreans32.sys
2009-12-19 18:23 . 2009-12-19 18:23 -------- d-----w- c:\arquivos de programas\MU Season 4
2009-12-19 05:10 . 2009-12-18 03:06 -------- d-----w- c:\arquivos de programas\KYE
2009-12-19 05:10 . 2009-12-19 05:10 -------- d-----w- c:\arquivos de programas\Arquivos comuns\snpstd2
2009-12-19 05:09 . 2009-12-03 03:19 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information
2009-12-17 03:09 . 2009-12-17 03:08 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack
2009-12-17 02:56 . 2009-12-17 02:56 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Media Player Classic
2009-12-17 01:55 . 2009-12-17 01:55 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Megaupload
2009-12-17 01:51 . 2009-12-17 01:51 -------- d-----w- c:\arquivos de programas\Megaupload
2009-12-17 01:51 . 2009-12-17 01:51 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\InstallShield
2009-12-13 21:57 . 2009-12-13 21:57 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help
2009-12-13 21:54 . 2009-12-09 14:52 -------- d-----w- c:\arquivos de programas\Microsoft.NET
2009-12-13 21:54 . 2009-12-13 21:52 -------- d-----w- c:\arquivos de programas\Microsoft SQL Server
2009-12-13 05:38 . 2009-12-12 23:10 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple
2009-12-12 23:13 . 2009-12-12 23:12 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-12 23:13 . 2009-12-12 23:12 -------- d-----w- c:\arquivos de programas\iTunes
2009-12-12 23:12 . 2009-12-12 23:12 -------- d-----w- c:\arquivos de programas\iPod
2009-12-12 23:12 . 2009-12-12 23:10 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Apple
2009-12-12 23:12 . 2009-12-12 23:11 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer
2009-12-12 23:12 . 2009-12-12 23:12 -------- d-----w- c:\arquivos de programas\Bonjour
2009-12-12 23:11 . 2009-12-12 23:11 -------- d-----w- c:\arquivos de programas\QuickTime
2009-12-12 23:11 . 2009-12-12 23:11 -------- d-----w- c:\arquivos de programas\Apple Software Update
2009-12-12 04:40 . 2009-12-12 04:40 -------- d-----w- c:\arquivos de programas\WoW-2.3.0.7561-enUS
2009-12-12 04:39 . 2009-12-12 04:39 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Blizzard Entertainment
2009-12-12 04:20 . 2009-12-12 04:20 -------- d-----w- c:\arquivos de programas\BreakPoint Software
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
Nota entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{14f0d511-36a2-41ca-ae01-ba4f87282c97}"= "c:\arquivos de programas\SHOUTcast Radio Toolbar\shoutcasttb.dll" [2008-09-17 1275176]
[HKEY_CLASSES_ROOT\clsid\{14f0d511-36a2-41ca-ae01-ba4f87282c97}]
[HKEY_CLASSES_ROOT\SHOUTcastTb.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{8613efdf-b530-4b1d-b970-b09f99977813}]
[HKEY_CLASSES_ROOT\SHOUTcastTb.AOLTBSearch]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" [2008-04-14 1695232]
"PC Suite Tray"="c:\arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\arquivos de programas\Arquivos comuns\Nokia\MPlatform\NokiaMServer" [X]
"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-20 110184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-20 12669544]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]
"AdobeCS4ServiceManager"="c:\arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"QuickTime Task"="c:\arquivos de programas\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\arquivos de programas\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-06-10 286720]
"NokiaMusic FastStart"="c:\arquivos de programas\Nokia\Ovi Player\NokiaOviPlayer.exe" [2009-11-06 2090272]
"mcagent_exe"="c:\arquivos de programas\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"McENUI"="c:\arquiv~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="c:\windows\system32\sti_ci.dll" [2008-04-14 137216]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]
c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Orbit.lnk - c:\arquivos de programas\Orbitdownloader\orbitdm.exe [2009-12-3 1785104]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^SQLBACKUPZIP.lnk]
path=c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\SQLBACKUPZIP.lnk
backup=c:\windows\pss\SQLBACKUPZIP.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=
"c:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=
"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\xampp\\apache\\bin\\httpd.exe"=
"c:\\Arquivos de programas\\Arquivos comuns\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Arquivos de programas\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=
"c:\\Arquivos de programas\\iTunes\\iTunes.exe"=
"c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"=
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\\Nexon\\Combat Arms\\NMService.exe"=
"c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Server\\servidorpt.exe"=
"c:\\Server\\Serverteste.exe"=
"c:\\Nexon\\Combat Arms\\Engine.exe"=
"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=
"c:\\Arquivos de programas\\SpacialAudio\\SAMBC\\SAMBC.exe"=
"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
"c:\\Server\\Server Radix PT.exe"=
"c:\\Server\\Itens sem replace.exe"=
"c:\\Arquivos de programas\\LiveZilla\\LiveZilla Server Admin.exe"=
"c:\\Arquivos de programas\\Arquivos comuns\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Arquivos de programas\\Steam\\Steam.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [3/8/2004 23:45 14336]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [9/12/2008 20:10 24636]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\arquivos de programas\LogMeIn Hamachi\hamachi-2.exe [29/10/2009 12:27 1074568]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\arquivos de programas\McAfee\SiteAdvisor\McSACore.exe [24/1/2010 22:37 93320]
S2 0238081264507318mcinstcleanup;McAfee Application Installer Cleanup (0238081264507318);c:\windows\TEMP\023808~1.EXE c:\arquiv~1\ARQUIV~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\023808~1.EXE c:\arquiv~1\ARQUIV~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe -s DefaultInstance --> c:\arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe -s DefaultInstance [?]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance --> c:\arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [23/12/2009 19:56 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [23/12/2009 19:56 8320]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
Conteúdo da pasta 'Tarefas Agendadas'
2010-01-22 c:\windows\Tasks\AppleSoftwareUpdate.job
2010-01-25 c:\windows\Tasks\McDefragTask.job
2010-01-25 c:\windows\Tasks\McQcTask.job
2010-02-01 c:\windows\Tasks\WGASetup.job
.
.
------- Scan Suplementar -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.baixaki.com.br/
uInternet Settings,ProxyOverride = local
IE: &Download by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204
IE: &SHOUTcast Search - c:\documents and settings\All Users\Dados de aplicativos\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Baixar Link Utiizando Gerenciador Mega... - c:\arquivos de programas\Megaupload\Mega Manager\mm_file.htm
IE: Do&wnload selected by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {55B9FC3D-8E0D-4E23-9BB8-72A77C722F2B} = 200.165.132.155,200.165.132.148
FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\x0ye2gvo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-chromesbox-en-us&query=
FF - prefs.js: browser.search.selectedEngine - Winamp Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-ab-en-us&query=
FF - component: c:\arquivos de programas\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\x0ye2gvo.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\npNxGameUS.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "[http://www.firefox.com"](http://www.firefox.com));
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.MSConfigStartUp-kill - c:\documents and settings\All Users\Dados de aplicativos\kill.exe
**************************************************************************
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos:
**************************************************************************
.
Tempo para conclusão: 2010-02-01 20:48:28
ComboFix-quarantined-files.txt 2010-02-01 23:48
ComboFix2.txt 2010-01-26 13:23
Pré-execução: 22 pasta(s) 93.004.349.440 bytes disponíveis
Pós execução: 23 pasta(s) 92.994.871.296 bytes disponíveis
HijackThis
Logfile of Trend Micro HijackThis v2.0.2Scan saved at 20:51:14, on 1/2/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\iTunes\iTunesHelper.exe
C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Arquivos de programas\Orbitdownloader\orbitdm.exe
C:\Arquivos de programas\Orbitdownloader\orbitnet.exe
C:\WINDOWS\System32\svchost.exe
C:\xampp\apache\bin\httpd.exe
C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe
C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe
C:\xampp\apache\bin\httpd.exe
c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe
c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe
C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe
C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe
C:\Arquivos de programas\McAfee\MSK\MskSrver.exe
C:\xampp\mysql\bin\mysqld.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\ARQUIV~1\McAfee\MSC\mcregist.exe
C:\Arquivos de programas\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PcSync2.exe
C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
C:\Arquivos de programas\Arquivos comuns\Nokia\MPAPI\MPAPI3s.exe
C:\Arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\ComboFix\CF30194.cfxxe
C:\ComboFix\mbr.cfxxe
C:\WINDOWS\explorer.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\Administrador\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.baixaki.com.br/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: SHOUTcast Toolbar Search Class - {14f0d511-36a2-41ca-ae01-ba4f87282c97} - C:\Arquivos de programas\SHOUTcast Radio Toolbar\shoutcasttb.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\ARQUIV~1\mcafee\msk\mskapbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Arquivos de programas\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Arquivos de programas\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: SHOUTcast Loader - {ccec60fc-2608-4e58-9659-3ffc159e8ea9} - C:\Arquivos de programas\SHOUTcast Radio Toolbar\shoutcasttb.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SHOUTcast Radio Toolbar - {0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} - C:\Arquivos de programas\SHOUTcast Radio Toolbar\shoutcasttb.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [sNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Arquivos de programas\Arquivos comuns\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Arquivos de programas\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:faststart
O4 - HKLM\..\Run: [mcagent_exe] "C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\ARQUIV~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &SHOUTcast Search - C:\Documents and Settings\All Users\Dados de aplicativos\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Baixar Link Utiizando Gerenciador Mega... - C:\Arquivos de programas\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{55B9FC3D-8E0D-4E23-9BB8-72A77C722F2B}: NameServer = 200.165.132.155,200.165.132.148
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0238081264507318) (0238081264507318mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\023808~1.EXE (file missing)
O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\httpd.exe
O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Arquivos de programas\McAfee\MSK\MskSrver.exe
O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 13187 bytes
Outro analista pode assumir o caso?
Outro analista pode assumir o caso?
:) Olá Encrypted!
:seta: Siga, por gentileza, as dicas destes tutoriais:
'>http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-malwarebytes-anti-malware.html"]Tutorial do Malwarebytes Anti-Malware
'>http://dicasetutoriaisparapc.blogspot.com/2008/09/tutorial-do-antivirus-nod32-online.html"]Tutorial do antivirus Nod32 Online
______________________________
Na sua próxima resposta poste o log do Nod32 Online que estará em C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt juntamente com um novo log do Hijackthis e o log do Malwarebytes e nos diga, por gentileza, como está o seu PC após seguir estes procedimentos.
Ficamos no aguardo de sua resposta.
Tópico Arquivado
Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.
Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.
Opa Eиcrypted,
Baixe o ComboFix em:
ComboFix
3) A janela de “NEGAÇÃO DE GARANTIA DO SOFTWARE” abrir-se-á. Leia atentamente o texto contido nesta janela e clique sobre “SIM” para continuar.
PS.: Caso não concorde com os termos clique sobre “NÃO” para sair do software, cabendo lembrar que o processo de desinfecção não será possível sem a continuidade do ComboFix.
4) Outra janela irá abrir, caso a sua máquina não possua o CONSOLE DE RECUPERAÇÃO DO WINDOWS. É recomendável executar a instalação do console ante de dar continuidade ao processo, pois tal ação proporcionará a garantia de que o sistema poderá ser recuperado em caso de problemas durante a varredura.
Clique sobre “SIM” e aguarde, pois o processo de instalação do console dar-se-á automaticamente através do próprio ComboFix. Ele poderá demorar alguns minutos (dependerá da velocidade de sua conexão), portanto seja paciente.
Quando a janela “INSTALANDO O CONSOLE DE RECUPERAÇÃO” aparecer clique em “OK”, depois clique sobre “SIM” para aceitar a licença EULA.
Ao término da instalação do console de recuperação abrir-se-á uma janela avisando que “O CONSOLE DE RECUPERAÇÃO FOI INSTALADA COM SUCESSO”.
Clique sobre “SIM” para continuar a varredura.
5) O ComboFix iniciará o AUTOSCAN (aguarde).
ATENÇÃO: Não clique na janela do ComboFix, nem termine o processo abruptamente enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco).
Ao término do processo a máquina será reiniciada para a emissão do relatório.
6) Ao reiniciar a máquina o ComboFix irá executar o FIND3M para a criação do relatório final da varredura. O log ficará alocado em C:\ComboFix.txt.
7) Reabilite o seu anti-vírus;
8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta.
OBS.1: Caso apareça uma mensagem avisando que ESTE NÃO É UM APLICATIVO WIN 32 VÁLIDO baixe o ComboFix novamente, mas salve-o em seu Desktop como KomboFix. Em último caso, tente utilizar o ComboFix em MODO SEGURO.
OBS.2: Caso haja um clique sobre a janela do ComboFix em execução, ela irá MAXIMIZAR, sobrepondo-se sobre as demais. Para minimizá-la novamente basta utilizar a combinação ALT + TAB.
Abraços.