[Arquivado] Suspeita de contaminação | Analisem meu log |

Estou com uma suspeita de contaminação, por exemplo se eu estivesse conversando no msn e a janela ficasse mto tempo sem nenhuma atividade, tipo que saía da janela ;/ e eu tinha que clicar dentro dela novamente para poder digitar, causava o mesmo efeito que se eu estivesse aqui e clicasse ali em baixo numa área vazia da barra de tarefas, isso me incomodava pq sempre tinha que clicar novamente dentro da janela, mas por via das dúvidas gostaria de postar aqui o log do combofix para vocês darem uma olhada, por enquanto eu acho que o problema desapareceu.

Log:

ComboFix 10-01-27.06 - Alan 28/01/2010 19:27:32.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.55.1046.18.767.391 [GMT -2:00]

Executando de: c:\documents and settings\Alan\Meus documentos\Downloads\ComboFix.exe

AV: Kaspersky Internet Security On-access scanning disabled (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Internet Security disabled {2C4D4BC6-0793-4956-A9F9-E252435469C0}

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Alan\Dados de aplicativos\.#

c:\documents and settings\Alan\Dados de aplicativos\inst.exe

c:\windows\system32\crt.dat

c:\windows\system32\Thumbs.db

c:\windows\system32\vbzlib1.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_DUMETERSVC

-------\Service_DUMeterSvc

(((((((((((((((( Arquivos/Ficheiros criados de 2009-12-28 to 2010-01-28 ))))))))))))))))))))))))))))

.

2010-01-28 20:33 . 2010-01-28 20:35 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\GetRightToGo

2010-01-27 21:04 . 2008-02-07 19:10 -------- d-----w- C:\ckis

2010-01-27 20:54 . 2010-01-27 22:46 95259 ----a-w- c:\windows\system32\drivers\klick.dat

2010-01-27 20:54 . 2010-01-27 22:46 108059 ----a-w- c:\windows\system32\drivers\klin.dat

2010-01-27 20:51 . 2010-01-28 21:43 39456 --sha-w- c:\windows\system32\drivers\fidbox.dat

2010-01-27 20:51 . 2010-01-28 21:41 36384 --sha-w- c:\windows\system32\drivers\fidbox2.dat

2010-01-27 20:51 . 2010-01-27 20:51 -------- d-----w- c:\arquivos de programas\Kaspersky Lab

2010-01-27 20:48 . 2010-01-27 20:48 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files

2010-01-26 18:02 . 2010-01-26 18:02 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\McAfee

2010-01-25 16:51 . 2008-10-10 18:01 26624 ----a-r- c:\windows\system32\LGDispDrv.dll

2010-01-25 16:51 . 2008-10-10 18:01 147456 ----a-r- c:\windows\system32\LgExport.dll

2010-01-25 16:50 . 2010-01-25 16:50 -------- d-----w- c:\arquivos de programas\LG Soft India

2010-01-25 16:41 . 2010-01-25 16:41 -------- d-----w- c:\arquivos de programas\NVIDIA Corporation

2010-01-25 14:48 . 2009-09-09 10:43 210352 ----a-w- c:\windows\system32\idmmbc.dll

2010-01-24 13:19 . 2010-01-12 17:19 30536 ----a-w- c:\windows\system32\TURegOpt.exe

2010-01-24 13:19 . 2010-01-12 17:13 30024 ----a-w- c:\windows\system32\uxtuneup.dll

2010-01-24 13:18 . 2010-01-24 13:22 -------- d-----w- c:\arquivos de programas\TuneUp Utilities 2010

2010-01-23 19:47 . 2010-01-23 19:47 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\GrabPro

2010-01-23 19:46 . 2010-01-23 21:00 -------- d-----w- c:\arquivos de programas\Orbitdownloader

2010-01-23 19:46 . 2010-01-23 20:45 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\Orbit

2010-01-22 03:49 . 2010-01-26 11:54 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\IDM

2010-01-22 03:49 . 2010-01-28 20:36 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\DMCache

2010-01-22 03:48 . 2010-01-28 18:53 -------- d-----w- c:\arquivos de programas\Internet Download Manager

2010-01-22 03:20 . 2010-01-23 17:48 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\FileZilla

2010-01-22 03:18 . 2010-01-22 03:24 -------- d-----w- c:\arquivos de programas\FileZilla FTP Client

2010-01-21 22:09 . 2010-01-21 22:09 -------- d-----w- c:\windows\system32\%PersonalRootCertificateFolder%

2010-01-21 22:04 . 2010-01-21 22:04 -------- d-----w- c:\arquivos de programas\What's my computer doing

2010-01-21 22:01 . 2010-01-21 22:01 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\Hagel Technologies

2010-01-21 22:01 . 2010-01-25 20:56 -------- d-----w- c:\arquivos de programas\TweakMASTER

2010-01-21 20:22 . 2010-01-22 05:57 -------- d-----w- c:\arquivos de programas\JDownloader

2010-01-19 17:47 . 2010-01-19 17:47 19072 ----a-w- c:\windows\system32\drivers\PS2.sys

2010-01-19 02:55 . 2010-01-19 03:06 -------- d-----w- c:\arquivos de programas\PcMedik

2010-01-18 10:05 . 2010-01-21 11:08 -------- d-----w- c:\arquivos de programas\JAM2

2010-01-17 15:20 . 2010-01-17 15:22 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\Mp3tag

2010-01-17 15:20 . 2010-01-17 15:20 -------- d-----w- c:\arquivos de programas\Mp3tag

2010-01-16 04:07 . 2005-01-19 02:15 28672 ----a-w- c:\windows\system32\regclass.dll

2010-01-15 03:09 . 2010-01-15 02:53 42496 ----a-w- c:\windows\system32\XPize Logo.scr

2010-01-15 03:09 . 2010-01-15 02:53 1634304 ----a-w- c:\windows\system32\Windows XP 3D Flag.scr

2010-01-15 03:05 . 2010-01-15 03:05 -------- d-----w- c:\arquivos de programas\Anolis

2010-01-14 16:35 . 2010-01-16 06:58 -------- d-----w- c:\arquivos de programas\VirtualDJ

2010-01-14 14:45 . 2010-01-14 14:45 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java

2010-01-14 13:41 . 2010-01-14 13:43 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\{755AC846-7372-4AC8-8550-C52491DAA8BD}

2010-01-14 13:41 . 2010-01-21 11:05 -------- d-----w- c:\arquivos de programas\iTunes

2010-01-14 13:40 . 2010-01-14 13:40 -------- d-----w- c:\arquivos de programas\Bonjour

2010-01-14 05:38 . 2010-01-27 05:51 -------- d-----w- C:\LinhaDefensiva

2010-01-14 03:11 . 2010-01-14 03:11 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\NetMedia Providers

2010-01-14 03:11 . 2010-01-14 03:11 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\Publish Providers

2010-01-14 02:08 . 2010-01-14 02:08 -------- d-----w- c:\arquivos de programas\Sony Setup

2010-01-13 05:33 . 2010-01-13 05:33 -------- d-----w- c:\arquivos de programas\Alcohol Soft

2010-01-13 05:28 . 2010-01-13 05:28 717296 ----a-w- c:\windows\system32\drivers\sptd.sys

2010-01-12 05:58 . 2010-01-12 05:58 -------- d-----w- c:\arquivos de programas\SopCast

2010-01-12 05:57 . 2010-01-12 05:57 -------- d-----w- c:\arquivos de programas\Orban

2010-01-12 05:56 . 2010-01-12 05:58 -------- d-----w- c:\arquivos de programas\Megacubo

2010-01-12 00:17 . 2010-01-12 00:17 278120 ----a-w- c:\windows\system32\nvmccs.dll

2010-01-12 00:17 . 2010-01-12 00:17 154216 ----a-w- c:\windows\system32\nvsvc32.exe

2010-01-12 00:17 . 2010-01-12 00:17 145000 ----a-w- c:\windows\system32\nvcolor.exe

2010-01-12 00:17 . 2010-01-12 00:17 13666408 ----a-w- c:\windows\system32\nvcpl.dll

2010-01-12 00:17 . 2010-01-12 00:17 110696 ----a-w- c:\windows\system32\nvmctray.dll

2010-01-12 00:17 . 2010-01-12 00:17 81920 ----a-w- c:\windows\system32\nvwddi.dll

2010-01-10 14:22 . 2010-01-10 14:34 -------- d-----w- c:\arquivos de programas\eMule

2010-01-10 13:10 . 2010-01-10 13:10 8704 ----a-w- c:\windows\system32\SpOrder.dll

2010-01-10 13:09 . 2010-01-15 04:11 -------- d-----w- c:\arquivos de programas\IP Hider

2010-01-10 11:37 . 2010-01-10 11:42 -------- d-----w- c:\windows\uninstall\Hanf Baron XS

2010-01-10 11:37 . 2010-01-10 11:37 -------- d-----w- c:\windows\uninstall

2010-01-10 11:31 . 2002-10-05 03:04 921600 ----a-w- c:\windows\system32\vorbisenc.dll

2010-01-10 11:31 . 2002-10-05 03:04 188416 ----a-w- c:\windows\system32\vorbis.dll

2010-01-10 11:31 . 2002-10-05 03:04 45056 ----a-w- c:\windows\system32\ogg.dll

2010-01-10 11:31 . 2002-10-06 22:42 237568 ----a-w- c:\windows\system32\OggDS.dll

2010-01-10 11:31 . 2010-01-10 11:41 -------- d-----w- c:\arquivos de programas\rondomedia

2010-01-09 22:31 . 2010-01-09 22:31 -------- d-----w- c:\arquivos de programas\Image Mender

2010-01-09 07:33 . 2010-01-09 12:21 -------- d-----w- c:\arquivos de programas\Loaris Trojan Remover

2010-01-08 11:53 . 2010-01-08 11:54 -------- d-----w- c:\arquivos de programas\MP3Gain

2010-01-08 07:09 . 2010-01-08 07:09 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\URSoft

2010-01-08 07:09 . 2010-01-08 07:09 -------- d-----w- c:\arquivos de programas\Your Uninstaller 2010

2010-01-07 00:10 . 2010-01-21 10:42 -------- d-----w- c:\arquivos de programas\CoolSMS

2010-01-06 22:20 . 2010-01-06 22:20 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe AIR

2010-01-06 08:44 . 2009-12-14 14:44 39352 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys

2010-01-06 08:44 . 2009-12-14 14:44 88632 ----a-w- c:\windows\system32\drivers\CSCrySec.sys

2010-01-06 08:43 . 2010-01-28 21:43 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab

2010-01-01 20:17 . 2009-09-02 23:58 626688 ----a-w- c:\windows\system32\vp7vfw.dll

2010-01-01 20:17 . 2009-09-02 23:57 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll

2009-12-31 18:56 . 2009-12-31 18:56 -------- d-----w- c:\arquivos de programas\Arquivos comuns\CyberLink

2009-12-31 18:55 . 2010-01-06 04:07 -------- d-----w- c:\arquivos de programas\CyberLink

2009-12-31 18:55 . 2009-12-31 18:54 29480 ----a-w- c:\windows\system32\msxml3a.dll

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-28 21:46 . 2010-01-27 20:51 32 --sha-w- c:\windows\system32\drivers\fidbox.idx

2010-01-28 21:43 . 2009-10-30 21:03 -------- d-----w- c:\arquivos de programas\cFosSpeed

2010-01-28 21:41 . 2010-01-27 20:51 5456 --sha-w- c:\windows\system32\drivers\fidbox2.idx

2010-01-28 21:19 . 2009-10-28 22:19 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\Lightcomm

2010-01-28 21:11 . 2009-12-18 16:34 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\SUPERAntiSpyware.com

2010-01-28 21:11 . 2009-11-21 13:06 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard

2010-01-28 20:38 . 2009-09-12 00:07 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\iolo

2010-01-28 20:26 . 2010-01-28 20:08 12456196 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\IDM\DwnlData\Alan\a2FreeSetup_45\a2FreeSetup.exe

2010-01-28 18:53 . 2009-12-13 05:10 -------- d-----w- c:\arquivos de programas\Mozilla Thunderbird

2010-01-28 14:14 . 2009-12-18 16:34 -------- d-----w- c:\arquivos de programas\SUPERAntiSpyware

2010-01-28 04:23 . 2009-09-12 00:07 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\iolo

2010-01-27 23:32 . 2009-12-02 09:21 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2010-01-27 22:51 . 2007-10-31 15:41 112144 ----a-w- c:\windows\system32\drivers\kl1.sys

2010-01-27 22:46 . 2010-01-27 22:46 25104 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\ushata.dll

2010-01-27 22:46 . 2010-01-27 22:46 112144 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\X86\kl1.sys

2010-01-27 22:46 . 2010-01-27 22:46 772624 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\updater.dll

2010-01-27 22:45 . 2010-01-27 22:45 150032 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\diffs.dll

2010-01-27 22:45 . 2010-01-27 22:45 354832 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\ckahum.dll

2010-01-27 18:07 . 2009-10-31 02:33 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2010-01-27 00:42 . 2004-08-04 12:00 83670 ----a-w- c:\windows\system32\perfc016.dat

2010-01-27 00:42 . 2004-08-04 12:00 479350 ----a-w- c:\windows\system32\perfh016.dat

2010-01-26 11:53 . 2010-01-22 03:51 198064 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\IDM\idmmzcc3\components\idmmzcc.dll

2010-01-26 01:53 . 2009-09-12 00:03 -------- d-----w- c:\arquivos de programas\Opera 10 Beta

2010-01-25 16:50 . 2009-09-12 06:16 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2010-01-25 15:32 . 2010-01-23 01:03 28672 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\IDM\NP_IDM5.dll

2010-01-25 15:32 . 2010-01-23 01:03 28672 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\IDM\NP_IDM4.dll

2010-01-25 15:32 . 2010-01-23 01:03 28672 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\IDM\NP_IDM3.dll

2010-01-25 15:32 . 2010-01-23 01:03 28672 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\IDM\NP_IDM2.dll

2010-01-25 15:32 . 2010-01-23 01:03 28672 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\IDM\NP_IDM1.dll

2010-01-24 21:40 . 2009-10-10 03:05 -------- d-----w- c:\arquivos de programas\DU Meter

2010-01-24 17:10 . 2009-11-08 16:10 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\Vso

2010-01-21 21:51 . 2009-10-10 03:05 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Hagel Technologies

2010-01-21 11:07 . 2009-12-16 01:17 -------- d-----w- c:\arquivos de programas\SeaMonkey

2010-01-21 11:05 . 2009-09-13 04:13 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Apple

2010-01-21 10:51 . 2009-10-11 14:26 -------- d-----w- c:\arquivos de programas\Driver Sweeper

2010-01-21 10:48 . 2009-12-02 13:04 -------- d-----w- c:\arquivos de programas\Driver Magician

2010-01-20 23:05 . 2009-09-24 18:02 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2010-01-20 22:14 . 2009-09-12 04:17 -------- d-----w- c:\arquivos de programas\Microsoft Silverlight

2010-01-16 03:22 . 2009-09-12 01:07 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2010-01-16 02:51 . 2009-09-12 00:54 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2010-01-15 03:12 . 2009-12-13 19:46 -------- d-----w- c:\arquivos de programas\7-Zip

2010-01-15 03:12 . 2009-09-20 12:40 -------- d-----w- c:\arquivos de programas\Windows Desktop Search

2010-01-15 03:10 . 2004-08-04 12:00 2789888 ----a-w- c:\windows\system32\logonui.exe

2010-01-15 03:10 . 2004-08-04 12:00 101376 ----a-w- c:\windows\system32\tcpmonui.dll

2010-01-15 03:10 . 2004-08-04 12:00 541184 ----a-w- c:\windows\system32\sti_ci.dll

2010-01-15 03:10 . 2004-08-04 12:00 829952 ----a-w- c:\windows\system32\rasdlg.dll

2010-01-15 03:10 . 2004-08-04 12:00 201728 ----a-w- c:\windows\system32\mdminst.dll

2010-01-15 03:10 . 2004-08-04 12:00 399360 ----a-w- c:\windows\system32\fsquirt.exe

2010-01-15 03:10 . 2004-08-04 12:00 222208 ----a-w- c:\windows\system32\fldrclnr.dll

2010-01-15 03:10 . 2004-08-04 12:00 808960 ----a-w- c:\windows\system32\dmdlgs.dll

2010-01-15 03:09 . 2004-08-04 12:00 219648 ----a-w- c:\windows\system32\uxtheme.dll

2010-01-15 03:09 . 2004-08-04 12:00 708608 ----a-w- c:\windows\system32\sstext3d.scr

2010-01-15 03:09 . 2004-08-04 12:00 634880 ----a-w- c:\windows\system32\sspipes.scr

2010-01-15 03:09 . 2004-08-04 12:00 733184 ----a-w- c:\windows\system32\ss3dfo.scr

2010-01-15 03:09 . 2004-08-04 12:00 417792 ----a-w- c:\windows\system32\ssflwbox.scr

2010-01-15 03:09 . 2004-08-04 12:00 33792 ----a-w- c:\windows\system32\scrnsave.scr

2010-01-15 03:07 . 2004-08-04 12:00 386560 ----a-w- c:\windows\system32\msieftp.dll

2010-01-15 03:06 . 2009-09-11 23:36 88576 ----a-w- c:\windows\system32\remotepg.dll

2010-01-14 14:45 . 2010-01-14 14:45 503808 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-6992b684-n\msvcp71.dll

2010-01-14 14:45 . 2010-01-14 14:45 348160 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-6992b684-n\msvcr71.dll

2010-01-14 14:45 . 2010-01-14 14:45 499712 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-6992b684-n\jmc.dll

2010-01-14 14:45 . 2010-01-14 14:45 61440 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-6992b684-n\decora-sse.dll

2010-01-14 14:45 . 2010-01-14 14:45 12800 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-6992b684-n\decora-d3d.dll

2010-01-14 14:44 . 2010-01-14 14:44 114688 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-36e2bf13-n\jogl_cg.dll

2010-01-14 14:44 . 2010-01-14 14:44 315392 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-36e2bf13-n\jogl.dll

2010-01-14 14:44 . 2010-01-14 14:44 20480 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-36e2bf13-n\jogl_awt.dll

2010-01-14 14:44 . 2010-01-14 14:44 20480 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\45\4f710eed-3361dd68-n\gluegen-rt.dll

2010-01-14 14:43 . 2009-09-12 01:10 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-01-14 13:54 . 2009-09-13 04:20 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\Apple Computer

2010-01-14 13:41 . 2009-11-24 17:04 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer

2010-01-14 13:12 . 2009-10-01 02:14 181120 ------w- c:\windows\system32\MpSigStub.exe

2010-01-14 02:16 . 2009-09-14 17:59 -------- d-----w- c:\arquivos de programas\Sony

2010-01-13 12:10 . 2009-09-12 01:22 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2010-01-12 04:03 . 2010-01-25 16:39 61440 ----a-w- c:\windows\system32\OpenCL.dll

2010-01-12 04:03 . 2010-01-25 16:39 10276768 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2010-01-12 04:03 . 2010-01-25 16:39 2259560 ----a-w- c:\windows\system32\nvcuvid.dll

2010-01-12 04:03 . 2010-01-25 16:39 14458880 ----a-w- c:\windows\system32\nvoglnt.dll

2010-01-12 04:03 . 2010-01-25 16:39 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll

2010-01-12 04:03 . 2010-01-25 16:39 4104192 ----a-w- c:\windows\system32\nvcuda.dll

2010-01-12 04:03 . 2010-01-25 16:39 182888 ----a-w- c:\windows\system32\nvcodins.dll

2010-01-12 04:03 . 2010-01-25 16:39 182888 ----a-w- c:\windows\system32\nvcod.dll

2010-01-12 04:03 . 2010-01-25 16:39 11632640 ----a-w- c:\windows\system32\nvcompiler.dll

2010-01-12 04:03 . 2010-01-25 16:39 1081344 ----a-w- c:\windows\system32\nvapi.dll

2010-01-12 04:03 . 2010-01-25 16:39 6359168 ----a-w- c:\windows\system32\nv4_disp.dll

2010-01-12 04:03 . 2010-01-25 16:39 2283526 ----a-w- c:\windows\system32\nvdata.bin

2010-01-09 02:39 . 2009-09-12 04:12 -------- d-----w- c:\arquivos de programas\Microsoft SQL Server Compact Edition

2010-01-07 08:45 . 2009-12-23 02:53 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-01-07 08:45 . 2010-01-07 08:45 5061520 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2010-01-06 22:20 . 2010-01-06 22:21 38784 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2010-01-06 22:20 . 2010-01-06 22:21 38784 ----a-w- c:\documents and settings\Default User\Dados de aplicativos\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2010-01-06 08:37 . 2009-09-11 23:58 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\ESET

2010-01-06 04:24 . 2010-01-06 04:24 79488 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\Sun\Java\jre1.6.0_17\gtapi.dll

2010-01-06 04:04 . 2009-12-31 18:54 53319 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP\{8C20787A-7402-4FA7-BF25-6E5750930FDC}\PostBuild.exe

2010-01-03 00:35 . 2009-11-02 16:14 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\Audacity

2010-01-01 20:18 . 2009-11-08 16:10 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys

2010-01-01 20:18 . 2009-11-08 16:10 47360 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\pcouffin.sys

2010-01-01 20:18 . 2009-11-08 16:10 47360 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\pcouffin.sys

2010-01-01 20:17 . 2009-11-08 16:09 -------- d-----w- c:\arquivos de programas\VSO

2010-01-01 14:55 . 2010-01-01 14:55 10134 ----a-r- c:\documents and settings\Alan\Dados de aplicativos\Microsoft\Installer\{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}\ARPPRODUCTICON.exe

2010-01-01 08:18 . 2009-12-18 11:50 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\runic games

.

------- Sigcheck -------

[-] 2009-10-31 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\TCPIP.SYS

[-] 2009-10-31 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\TCPIP.SYS

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys

[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\TCPIP.SYS

[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys

[-] 2010-01-15 . 063CFCB5320A1FAD700680D60F9CEE3D . 1087488 . . [6.00.2900.5512] . . c:\windows\explorer.exe

[7] 2008-04-13 . 064EC7FF5F58B928C3E119402977FA6D . 1035776 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\explorer.exe

[7] 2008-04-13 . 064EC7FF5F58B928C3E119402977FA6D . 1035776 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe

[7] 2004-08-04 . FA61A19050AE14BEC1A26DE82390DD65 . 1034240 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe

[-] 2010-01-15 . E21CADF65FA546C213634EDE63ACE389 . 30208 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe

[7] 2008-04-13 . 4E486ADFE3A0B9ED0EB0639902E9F64F . 15360 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ctfmon.exe

[7] 2008-04-13 . 4E486ADFE3A0B9ED0EB0639902E9F64F . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe

[7] 2004-08-04 . F40BC97996B8E53799EEF1D63996674B . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

Nota entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"VX1000"="c:\windows\vVX1000.exe" [2009-06-26 757248]

"ooccctrl.exe"="c:\arquivos de programas\OO Software\CleverCache\ooccctrl.exe" [2007-01-28 1911568]

"hpqSRMon"="c:\arquivos de programas\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]

"USB Antivirus"="c:\arquivos de programas\USB Disk Security\USBGuard.exe" [2009-10-09 815104]

"TweakMASTER"="c:\arquivos de programas\TweakMASTER\TMTray.exe" [2010-01-21 322608]

"AudioDeck"="c:\arquivos de programas\VIA\VIAudioi\SBADeck\ADeck.exe" [2007-08-09 528384]

"LifeCam"="c:\arquivos de programas\Microsoft LifeCam\LifeExp.exe" [2009-07-24 118640]

"cFosSpeed"="c:\arquivos de programas\cFosSpeed\cFosSpeed.exe" [2009-10-30 977624]

"CloneCDTray"="c:\arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-12 13666408]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\arquiv~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\Alan\Menu Iniciar\Programas\Inicializar\

Ferramenta de Verifica‡Æo de M¡dia do PMB.lnk - c:\arquivos de programas\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-1-1 333088]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\arquivos de programas\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^Alan^Menu Iniciar^Programas^Inicializar^Stardock ObjectDock.lnk]

backup=c:\windows\pss\Stardock ObjectDock.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Alan^Menu Iniciar^Programas^Inicializar^Styler.lnk]

backup=c:\windows\pss\Styler.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^What's my computer doing.lnk]

backup=c:\windows\pss\What's my computer doing.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Windows Search.lnk]

backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2009-09-19 03:20	133104	----atw-	c:\documents and settings\Alan\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2004-04-17 15:41 196608 ----a-w- c:\arquiv~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

2004-04-13 09:07 69632 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-01-11 17:21 246504 ----a-w- c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Opera 10 Beta\\opera.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Arquivos de programas\\Microsoft LifeCam\\LifeExp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqpse.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=

"c:\\Documents and Settings\\Alan\\Configurações locais\\Dados de aplicativos\\Google\\Google Talk Plugin\\googletalkplugin.dll"=

"c:\\Documents and Settings\\Alan\\Configurações locais\\Dados de aplicativos\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Microsoft LifeCam\\LifeCam.exe"=

"c:\\Arquivos de programas\\Microsoft LifeCam\\LifeEnC2.exe"=

"c:\\Arquivos de programas\\Microsoft LifeCam\\LifeTray.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Arquivos de programas\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\Arquivos de programas\\Opera\\opera.exe"=

"c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"c:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Documents and Settings\\All Users\\Dados de aplicativos\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\Brazilian\\setup.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"56740:TCP"= 56740:TCP:Pando Media Booster

"56740:UDP"= 56740:UDP:Pando Media Booster

R0 63780202;63780202 Boot Guard Driver;c:\windows\system32\drivers\63780202.sys [1/12/2009 13:34 37392]

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13/1/2010 03:28 717296]

R1 63780201;63780201;c:\windows\system32\drivers\63780201.sys [1/12/2009 13:34 128016]

R1 setup_9.0.0.722_26.11.2009_09-03drv;setup_9.0.0.722_26.11.2009_09-03drv;c:\windows\system32\drivers\6378020.sys [1/12/2009 13:34 315408]

R2 ioloFileInfoList;iolo FileInfoList Service;c:\arquivos de programas\iolo\Common\Lib\ioloServiceManager.exe [4/12/2009 07:04 650160]

R2 ioloSystemService;iolo System Service;c:\arquivos de programas\iolo\Common\Lib\ioloServiceManager.exe [4/12/2009 07:04 650160]

R2 Prvflder;Prvflder;c:\windows\system32\drivers\prvflder.sys [21/4/2006 08:22 70912]

R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\arquivos de programas\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [12/1/2010 15:16 1043784]

R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [8/12/2009 12:40 17984]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13/12/2007 13:28 24592]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [10/6/2002 00:09 31232]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\arquivos de programas\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14/10/2009 07:24 10064]

S2 gupdate1ca59d74f36cc74;Google Update Service (gupdate1ca59d74f36cc74);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [31/10/2009 01:07 133104]

S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [25/10/2009 01:43 6016]

S3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys --> c:\windows\system32\DRIVERS\GenericMount.sys [?]

S3 LGDDCDevice;LGDDCDevice;c:\arquivos de programas\LG Soft India\forteManager\bin\I2CDriver.sys [25/1/2010 14:50 14336]

S3 LGII2CDevice;LGII2CDevice;c:\arquivos de programas\LG Soft India\forteManager\bin\PII2CDriver.sys [25/1/2010 14:50 18432]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [25/10/2009 01:43 19712]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [25/10/2009 01:43 8320]

S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [25/10/2009 01:43 42752]

S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [25/10/2009 01:43 23296]

S3 viafilter;VIA USB Filter;c:\windows\system32\drivers\viausb1.sys [2/12/2009 11:22 9728]

S3 VIASens;Vinyl Sensaura WDM 3D Audio Driver;c:\windows\system32\drivers\viasens.sys [7/11/2003 08:07 391680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Conteúdo da pasta 'Tarefas Agendadas'

2010-01-26 c:\windows\Tasks\AppleSoftwareUpdate.job

• c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34]

2010-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

• c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-10-31 03:07]

2010-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

• c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-10-31 03:07]

2010-01-28 c:\windows\Tasks\Verificação de problemas automática.job

• c:\arquivos de programas\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2010-01-12 17:22]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.microsoft.com

mStart Page = hxxp://www.microsoft.com

mWindow Title = Microsoft Internet Explorer

uInternet Settings,ProxyOverride = *.local

IE: Adicionar ao Anti-Banner - c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm

IE: Baixar com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dllink.htm

IE: Baixar tudo com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlall.htm

IE: Baixar vídeo com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlfvideo.htm

IE: Download all links with IDM - c:\arquivos de programas\Internet Download Manager\IEGetAll.htm

IE: Download FLV video content with IDM - c:\arquivos de programas\Internet Download Manager\IEGetVL.htm

IE: Download selecionado pelo Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlselected.htm

IE: Download with IDM - c:\arquivos de programas\Internet Download Manager\IEExt.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: {3E28D559-2A59-4DDF-AE73-A93DC34A5161} = 208.67.222.222,208.67.220.220

DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab

FF - ProfilePath - c:\documents and settings\Alan\Dados de aplicativos\Mozilla\Firefox\Profiles\huqc20qd.default\

FF - component: c:\arquivos de programas\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll

FF - component: c:\documents and settings\Alan\Dados de aplicativos\IDM\idmmzcc3\components\idmmzcc.dll

FF - component: c:\documents and settings\Alan\Dados de aplicativos\Mozilla\Firefox\Profiles\huqc20qd.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\npAFOM.dll

FF - plugin: c:\arquivos de programas\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\arquivos de programas\Opera 10 Beta\program\plugins\np_gp.dll

FF - plugin: c:\arquivos de programas\Opera 10 Beta\program\plugins\np_gp.dll

FF - plugin: c:\arquivos de programas\Opera 10 Beta\program\plugins\npdsplay.dll

FF - plugin: c:\arquivos de programas\Opera 10 Beta\program\plugins\NPOFF12.DLL

FF - plugin: c:\arquivos de programas\Opera 10 Beta\program\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\Opera 10 Beta\program\plugins\npqtplugin.dll

FF - plugin: c:\arquivos de programas\Opera 10 Beta\program\plugins\npqtplugin2.dll

FF - plugin: c:\arquivos de programas\Opera 10 Beta\program\plugins\npqtplugin3.dll

FF - plugin: c:\arquivos de programas\Opera 10 Beta\program\plugins\npqtplugin4.dll

FF - plugin: c:\arquivos de programas\Opera 10 Beta\program\plugins\npqtplugin5.dll

FF - plugin: c:\arquivos de programas\Opera 10 Beta\program\plugins\npqtplugin6.dll

FF - plugin: c:\arquivos de programas\Opera 10 Beta\program\plugins\npqtplugin7.dll

FF - plugin: c:\arquivos de programas\Opera 10 Beta\program\plugins\nprpjplug.dll

FF - plugin: c:\arquivos de programas\Opera 10 Beta\program\plugins\NPSWF32.dll

FF - plugin: c:\arquivos de programas\Opera 10 Beta\program\plugins\npwmsdrm.dll

FF - plugin: c:\arquivos de programas\Virtools\3D Life Player\nppl3260.dll

FF - plugin: c:\arquivos de programas\Virtools\3D Life Player\nprpjplug.dll

FF - plugin: c:\arquivos de programas\Virtools\3D Life Player\npvirtools.dll

FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\documents and settings\Alan\Dados de aplicativos\Mozilla\Firefox\Profiles\huqc20qd.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll

FF - plugin: c:\documents and settings\Alan\Dados de aplicativos\Mozilla\plugins\npgoogletalk.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: network.http.max-connections-per-server - 6

FF - user.js: nglayout.initialpaint.delay - 750

FF - user.js: content.notify.interval - 750000

FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: network.http.max-persistent-connections-per-server - 3

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "[http://www.firefox.com"](http://www.firefox.com));

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

.

------- Associação de arquivos/ficheiros -------

.

JSEFile=NOTEPAD.EXE %1

.

• - - - ORFÃOS REMOVIDOS - - - -

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-01-28 19:44

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

AudioDeck = c:\arquivos de programas\VIA\VIAudioi\SBADeck\ADeck.exe 1????????????????????????????????????????????????????????

Procurando ficheiros/arquivos ocultos ...

c:\windows\system32\sys_drv.dat 7028 bytes

c:\windows\system32\sys_drv_2.dat 6024 bytes

c:\windows\system32\WinFLdrv.sys 17984 bytes executable

c:\documents and settings\Alan\Dados de aplicativos\systemfl.$dk 990 bytes

Varredura completada com sucesso

arquivos/ficheiros ocultos: 4

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys hal.dll ACPI.sys atapi.sys spfc.sys >>UNKNOWN [0x82F8F938]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xf7572f28

\Driver\ACPI -> ACPI.sys @ 0xf73cdcb8

\Driver\atapi -> atapi.sys @ 0xf7388b40

IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9

ParseProcedure -> ntoskrnl.exe @ 0x8056ea15

\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9

ParseProcedure -> ntoskrnl.exe @ 0x8056ea15

NDIS: VIA Rhine II Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf727ebb0

PacketIndicateHandler -> NDIS.sys @ 0xf728ba21

SendHandler -> NDIS.sys @ 0xf726987b

user & kernel MBR OK

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_USERS\S-1-5-21-854245398-1214440339-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{25E0F91C-A38A-BA01-33E1-8D62C355C79F}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"abfkkhfkdlkllngpkidccjinfdgnnpejgf"=hex:69,61,6b,6c,6b,69,68,70,66,61,6e,68,

69,66,66,63,63,67,00,00

"maikhgnofpdcjjfmjlhpkdfihh"=hex:6f,61,62,6a,6f,66,64,6f,6e,6d,66,61,64,66,6e,

6b,66,70,6e,6b,6f,6a,6d,66,6c,67,65,6c,70,66,00,00

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]

"OOCC06.00.00.01WSSV"="1FC2F17C14E5349210309F5AE35379B22B1A43AA3AAF3B0D5A05F32E2AB184F054E58843813010731047281E248D09AC037AB909BBB01788BDD6973DB08FC023CC129A50F74F1F39EB9E719FADE3D9A78D1FCBDB0757FBF3ADE8CCA487098F717597DBA4938F126CB22E35504A9EB3EA9648D729AF06E67752633A152FB74204F4275644E365B155234F01A734A8F2819A1C8F774040E90186D355CA1F5941C9245766BBEAE65802B54236A09B12FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452BA7FD869164D67949DB7CE019D40AA5C280A4868A4C334F638AD57DF90DB71C754C9840625DF9574F49338E66BBBBA2161ACB74DBAC3455F1F4A16E45075409E32F37AF432338BA12C57B39AEFA0558E10A01B9DA288E881816D4C56CED14A40C149A89B0288246D06BC2947D571805694E905C931B0D94EB2BEA94AE404F5956D30F759110511D7A18B5E38E081DBB3DED13A238E6246579BA68EBAC1A12029B0D30874B34FFD84AD51CF99282BFE02F66432E0384853D3B5D4110A674597AC9B232B14101407BE715C2DFE19C9F4C57674999DFD0F959D11BAF9F9AA10A171D2D1E6C4A0023EF14542595B713F39A38A17D0D605E919B5518E47B1352175F10E56767734CD272F175AEB8946EEBFE47824ECEFC60CDCBD2CCA2BBC06A240C81B6BC800EEAD3B2CE64131C5FE43ED78933A36AD0FB0D4FCEEAC090BED3B21B4D7910096C5DE67C0CBD6A733D6A69EEF473AA8BCFE16665E77B77CEF929D2C1C3A0CF25884A08DE9EDC083D55F8A9E811248752A8C7D6EF0B9B0D2236EF9E9064ADF2C46C9B502498AE3AC96F9E43086854D81687E2BBAE63DA28DBE4F87D51E23DAE8C287E68E24F1EEBDC460AD89FC49F7654D72690E179CDAE0C2D502DFB3770B1D97867E6E610C5206901DDF55071639EB94D9869FFC07EC379378A5EB3B09C16F715FCDD58F50400A0F11FEB06ABA45175CF7D49BB8BF2E2FF68137D2CDB11939DE02A6E5DF4DB201BAEE0DAE111A961B26E7289F0A1FB8981A8E7C60255DEA89573162BAA522655670BE94D4092A686159145B3F5B8FEA790A114154228B56A3AF03DBDFDB06D72AF05C211C0574BD84BF3ECA023411660C3D4FD2E248523EFCA76373561DC0CD4FE2784373D8195B5609FB5A62C636123D09E1833441D7CAC0DD108B132CB1D1CCCF16913D80C749DB45356DCEE3A518AE28372B6456D9E5CCD51C0C006DC7ACDE230D214F18C8D4CCEBA5EE2C031CE535BB12A482F928BFB4F96E62FA698971752F8892F263F59095D8DFCCCE3EE72DDB47074D93BDA74A3F16427B52CC90F1B32B880467463C51564849F784D5EC65DE317F880F5BCE3E64D9254DCC6889C870ADE19ADDCC20AE"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

• - - - - - - > 'winlogon.exe'(1520)

c:\windows\system32\SETUPAPI.dll

c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll

c:\windows\system32\klogon.dll

c:\windows\system32\cscui.dll

• - - - - - - > 'lsass.exe'(1576)

c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll

c:\windows\system32\SETUPAPI.dll

c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll

c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll

• - - - - - - > 'explorer.exe'(3568)

c:\windows\system32\SHDOCVW.dll

c:\windows\system32\WININET.dll

c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll

c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll

c:\windows\System32\cscui.dll

c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll

c:\arquivos de programas\Microsoft Private Folder 1.0\ShellExt.dll

c:\windows\system32\PFLib.dll

c:\windows\system32\SETUPAPI.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\NETSHELL.dll

c:\windows\system32\msi.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\system32\nvsvc32.exe

c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

c:\arquivos de programas\cFosSpeed\spd.exe

c:\arquivos de programas\Microsoft LifeCam\MSCamS32.exe

c:\arquivos de programas\OO Software\CleverCache\ooccag.exe

c:\arquivos de programas\Raxco\PerfectDisk10\PDAgent.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\PnkBstrB.exe

c:\arquivos de programas\Microsoft Private Folder 1.0\PrfldSvc.exe

c:\arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

c:\arquivos de programas\Raxco\PerfectDisk10\PDEngine.exe

c:\windows\system32\wscntfy.exe

c:\arquivos de programas\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe

.

**************************************************************************

.

Tempo para conclusão: 2010-01-28 19:52:58 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-01-28 21:52

ComboFix2.txt 2009-11-08 14:22

Pré-execução: 17 pasta(s) 11.392.405.504 bytes disponíveis

Pós execução: 20 pasta(s) 11.324.977.152 bytes disponíveis

WindowsXP-KB310994-SP2-Home-BootDisk-PTB.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /NOGUIBOOT /BOOTLOGO

• - End Of File - - 11652021759A47B91FDE8F893F7490B7