Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Clico em desligar, mais não acontece nada, segue o log do hijackthis:
Logfile of Trend Micro HijackThis v2.0.2Scan saved at 22:40:44, on 31/1/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\All Users\Dados de aplicativos\kill.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Arquivos de programas\Orbitdownloader\orbitdm.exe
C:\Arquivos de programas\Orbitdownloader\orbitnet.exe
C:\WINDOWS\System32\svchost.exe
C:\xampp\apache\bin\httpd.exe
C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe
C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe
C:\xampp\apache\bin\httpd.exe
C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe
c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe
c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe
C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe
C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe
C:\Arquivos de programas\McAfee\MSK\MskSrver.exe
C:\xampp\mysql\bin\mysqld.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\iPod\bin\iPodService.exe
C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\ARQUIV~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\CCleaner\CCleaner.exe
C:\Documents and Settings\Administrador\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.baixaki.com.br/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: SHOUTcast Toolbar Search Class - {14f0d511-36a2-41ca-ae01-ba4f87282c97} - C:\Arquivos de programas\SHOUTcast Radio Toolbar\shoutcasttb.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\ARQUIV~1\mcafee\msk\mskapbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Arquivos de programas\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Arquivos de programas\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: SHOUTcast Loader - {ccec60fc-2608-4e58-9659-3ffc159e8ea9} - C:\Arquivos de programas\SHOUTcast Radio Toolbar\shoutcasttb.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: SHOUTcast Radio Toolbar - {0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} - C:\Arquivos de programas\SHOUTcast Radio Toolbar\shoutcasttb.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [sNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Arquivos de programas\Arquivos comuns\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Arquivos de programas\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:faststart
O4 - HKLM\..\Run: [mcagent_exe] "C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\ARQUIV~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [Help] C:\WINDOWS\system32\Help.exe
O4 - HKLM\..\Run: [kill.exe] C:\Documents and Settings\All Users\Dados de aplicativos\kill.exe
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: SQLBACKUPZIP.lnk = C:\TEKLIFS\SQLBACKUPZIP.exe
O4 - Global Startup: Help.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &SHOUTcast Search - C:\Documents and Settings\All Users\Dados de aplicativos\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Baixar Link Utiizando Gerenciador Mega... - C:\Arquivos de programas\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{55B9FC3D-8E0D-4E23-9BB8-72A77C722F2B}: NameServer = 200.165.132.155,200.165.132.148
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0238081264507318) (0238081264507318mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\023808~1.EXE (file missing)
O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\httpd.exe
O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Arquivos de programas\McAfee\MSK\MskSrver.exe
O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 13315 bytes
Pronto amigo, segue os logs
Malwarebytes Anti-Maware
Malwarebytes' Anti-Malware 1.44Versão do banco de dados: 3671
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
1/2/2010 08:54:47
mbam-log-2010-02-01 (08-54-47).txt
Tipo de Verificação: Rápida
Objetos verificados: 112470
Tempo decorrido: 9 minute(s), 50 second(s)
Processos da Memória infectados: 1
Módulos de Memória Infectados: 0
Chaves do Registro infectadas: 0
Valores do Registro infectados: 0
Ítens do Registro infectados: 0
Pastas infectadas: 0
Arquivos infectados: 2
Processos da Memória infectados:
C:\WINDOWS\system32\help.exe (Backdoor.Bot) -> Unloaded process successfully.
Módulos de Memória Infectados:
(Nenhum ítem malicioso foi detectado)
Chaves do Registro infectadas:
(Nenhum ítem malicioso foi detectado)
Valores do Registro infectados:
(Nenhum ítem malicioso foi detectado)
Ítens do Registro infectados:
(Nenhum ítem malicioso foi detectado)
Pastas infectadas:
(Nenhum ítem malicioso foi detectado)
Arquivos infectados:
C:\WINDOWS\system32\help.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ProE.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
BankerFix
BankerFix 3.1 VALKYRIE - Removedor de BankersLinha Defensiva | http://www.linhadefensiva.org
http://www.linhadefensiva.org/bankerfix/
-------------------------------------------------------
Data: 2010-02-01 - 08:41
-------------------------------------------------------
Lista de Definição: 2010-01-14-1 | CORE: 2010-01-14-1
=======================================================
Arquivo infectado detectado: C:\WINDOWS\system32\aviso.bak
Arquivo infectado removido com sucesso!
Arquivo infectado detectado: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\help.exe
Arquivo infectado removido com sucesso!
----- Fim -------------------------
HijackThis
Logfile of Trend Micro HijackThis v2.0.2Scan saved at 09:04:45, on 1/2/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\iTunes\iTunesHelper.exe
C:\WINDOWS\vsnpstd2.exe
C:\Arquivos de programas\Arquivos comuns\Nokia\MPlatform\NokiaMServer.exe
C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe
C:\Documents and Settings\All Users\Dados de aplicativos\kill.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Arquivos de programas\Orbitdownloader\orbitdm.exe
C:\Arquivos de programas\Orbitdownloader\orbitnet.exe
C:\WINDOWS\System32\svchost.exe
C:\xampp\apache\bin\httpd.exe
C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe
C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe
C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe
C:\xampp\apache\bin\httpd.exe
c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe
c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe
C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe
C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe
C:\Arquivos de programas\McAfee\MSK\MskSrver.exe
C:\xampp\mysql\bin\mysqld.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe
C:\Arquivos de programas\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrador\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.baixaki.com.br/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: SHOUTcast Toolbar Search Class - {14f0d511-36a2-41ca-ae01-ba4f87282c97} - C:\Arquivos de programas\SHOUTcast Radio Toolbar\shoutcasttb.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\ARQUIV~1\mcafee\msk\mskapbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Arquivos de programas\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Arquivos de programas\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: SHOUTcast Loader - {ccec60fc-2608-4e58-9659-3ffc159e8ea9} - C:\Arquivos de programas\SHOUTcast Radio Toolbar\shoutcasttb.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: SHOUTcast Radio Toolbar - {0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} - C:\Arquivos de programas\SHOUTcast Radio Toolbar\shoutcasttb.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [sNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Arquivos de programas\Arquivos comuns\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Arquivos de programas\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:faststart
O4 - HKLM\..\Run: [mcagent_exe] "C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\ARQUIV~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [kill.exe] C:\Documents and Settings\All Users\Dados de aplicativos\kill.exe
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: SQLBACKUPZIP.lnk = C:\TEKLIFS\SQLBACKUPZIP.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &SHOUTcast Search - C:\Documents and Settings\All Users\Dados de aplicativos\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Baixar Link Utiizando Gerenciador Mega... - C:\Arquivos de programas\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{55B9FC3D-8E0D-4E23-9BB8-72A77C722F2B}: NameServer = 200.165.132.155,200.165.132.148
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0238081264507318) (0238081264507318mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\023808~1.EXE (file missing)
O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\httpd.exe
O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Arquivos de programas\McAfee\MSK\MskSrver.exe
O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 13582 bytes
Ok, baixe: ComboFix > salve na área de trabalho
-
ATENÇÂO: Se o ComboFix detectar algum tipo de emulador de cd (Daemon Tools, Alcohol, etc), aparecerá um aviso de que o ComboFix precisa desabilitá-lo temporariamente. Dê o OK e o PC irá reiniciar.
/applications/core/interface/imageproxy/imageproxy.php?img=http://img81.imageshack.us/img81/4681/cdemulcf.jpg&key=f7fa7fdfba79376fd3e0460432ecbac749fbb7f8e6f0effa9a40b193b263f904" alt="cdemulcf.jpg" />
-
IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Para parar ou sair do ComboFix, tecle "N".
O ComboFix é uma ferramenta que pode danificar o sistema se for usada incorretamente. Use-o apenas sob supervisão de um analista de malwares.
Segue o log do ComboFix:
ComboFix 10-02-01.02 - Administrador 01/02/2010 22:20:18.3.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2047.1401 [GMT -3:00]
Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe
AV: McAfee VirusScan On-access scanning disabled (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall enabled {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
(((((((((((((((( Arquivos/Ficheiros criados de 2010-01-02 to 2010-02-02 ))))))))))))))))))))))))))))
.
2010-02-01 22:09 . 2010-02-01 22:09 -------- d-----w- c:\arquivos de programas\MP3SPLITTER
2010-01-30 14:32 . 2010-01-30 14:32 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\RoboForm
2010-01-30 14:32 . 2010-01-30 14:32 -------- d-----w- c:\arquivos de programas\Siber Systems
2010-01-29 00:48 . 2010-01-29 00:48 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Canneverbe_Limited
2010-01-29 00:48 . 2010-01-29 00:48 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Canneverbe Limited
2010-01-29 00:48 . 2009-11-12 16:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2010-01-29 00:48 . 2010-01-29 00:48 -------- d-----w- c:\arquivos de programas\CDBurnerXP
2010-01-28 08:58 . 2008-05-09 10:55 180224 ------w- c:\windows\system32\dllcache\scrobj.dll
2010-01-28 08:58 . 2008-05-09 10:55 90112 ------w- c:\windows\system32\dllcache\wshext.dll
2010-01-28 08:58 . 2008-05-09 10:55 172032 ------w- c:\windows\system32\dllcache\scrrun.dll
2010-01-28 08:58 . 2008-05-09 08:45 135168 ------w- c:\windows\system32\dllcache\cscript.exe
2010-01-28 08:58 . 2008-05-08 11:24 155648 ------w- c:\windows\system32\dllcache\wscript.exe
2010-01-27 10:19 . 2010-01-27 10:19 -------- d-----w- c:\windows\l2schemas
2010-01-27 10:19 . 2010-01-27 10:19 -------- d-----w- c:\windows\system32\bits
2010-01-27 10:12 . 2010-01-27 10:20 -------- d-----w- c:\windows\EHome
2010-01-26 23:45 . 2010-01-27 00:25 -------- d-----w- c:\arquivos de programas\Journal Macro
2010-01-26 15:14 . 2010-01-28 13:56 -------- d-----w- c:\arquivos de programas\Steam
2010-01-26 00:10 . 2010-01-26 00:10 -------- d-----w- c:\arquivos de programas\PhotoZoom Pro 3
2010-01-25 02:54 . 2004-08-04 01:29 25471 ------w- c:\windows\system32\drivers\watv10nt.sys
2010-01-25 02:54 . 2004-08-04 01:29 22271 ------w- c:\windows\system32\drivers\watv06nt.sys
2010-01-25 02:54 . 2004-08-04 01:29 11935 ------w- c:\windows\system32\drivers\wadv11nt.sys
2010-01-25 02:54 . 2004-08-04 01:29 11871 ------w- c:\windows\system32\drivers\wadv09nt.sys
2010-01-25 02:54 . 2004-08-04 01:29 11807 ------w- c:\windows\system32\drivers\wadv07nt.sys
2010-01-25 02:54 . 2004-08-04 01:29 11295 ------w- c:\windows\system32\drivers\wadv08nt.sys
2010-01-25 02:54 . 2004-08-04 01:29 166912 ------w- c:\windows\system32\drivers\s3gnbm.sys
2010-01-25 02:54 . 2004-08-04 01:29 452736 ------w- c:\windows\system32\drivers\mtxparhm.sys
2010-01-25 02:14 . 2010-01-26 11:56 -------- d-----w- c:\documents and settings\LocalService\Dados de aplicativos\SACore
2010-01-25 02:13 . 2010-01-25 02:13 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-01-25 02:00 . 2010-01-25 02:00 -------- d-----w- c:\windows\system32\KB905474
2010-01-25 02:00 . 2009-03-11 01:26 1434496 ----a-w- c:\windows\system32\KB905474\wganotifypackageinner.exe
2010-01-25 02:00 . 2009-03-11 01:18 454536 ----a-w- c:\windows\system32\KB905474\wgasetup.exe
2010-01-25 01:46 . 2010-01-27 10:16 -------- d-----w- c:\windows\ServicePackFiles
2010-01-25 01:45 . 2010-01-25 02:04 -------- d-----w- c:\windows\ie8updates
2010-01-25 01:44 . 2010-01-25 01:44 -------- d-----w- c:\arquivos de programas\MSXML 4.0
2010-01-25 01:38 . 2010-01-25 01:38 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SiteAdvisor
2010-01-25 01:38 . 2010-01-25 01:38 -------- d-----w- c:\arquivos de programas\SiteAdvisor
2010-01-25 01:35 . 2009-11-04 19:54 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-01-25 01:35 . 2009-11-04 19:54 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2010-01-25 01:35 . 2009-11-04 19:54 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-01-25 01:35 . 2009-07-16 15:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-01-25 01:34 . 2010-01-25 01:35 -------- d-----w- c:\arquivos de programas\Arquivos comuns\McAfee
2010-01-25 01:34 . 2010-01-25 01:34 -------- d-----w- c:\arquivos de programas\McAfee.com
2010-01-25 01:34 . 2010-01-26 12:00 -------- d-----w- c:\arquivos de programas\McAfee
2010-01-25 01:32 . 2009-11-04 19:53 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2010-01-25 00:45 . 2010-01-25 11:16 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\McAfee
2010-01-24 23:12 . 2010-01-24 23:18 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\GetRightToGo
2010-01-24 22:59 . 2009-12-21 19:07 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-01-24 22:59 . 2009-12-21 19:07 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-01-24 22:59 . 2009-12-21 19:07 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-24 22:59 . 2009-12-21 19:07 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-01-24 22:59 . 2009-12-21 19:08 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-01-24 22:59 . 2009-12-21 19:07 11070464 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-01-24 22:55 . 2008-12-11 10:57 333952 ------w- c:\windows\system32\dllcache\srv.sys
2010-01-24 22:53 . 2008-06-14 17:34 272384 ------w- c:\windows\system32\dllcache\bthport.sys
2010-01-24 22:53 . 2008-06-14 17:34 272384 ------w- c:\windows\system32\drivers\bthport.sys
2010-01-24 22:46 . 2009-10-15 16:32 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-01-24 22:46 . 2009-10-15 16:32 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-01-24 22:44 . 2009-06-21 21:48 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2010-01-24 22:37 . 2009-11-21 15:58 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-24 22:25 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2010-01-24 22:24 . 2008-10-24 11:21 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-01-24 22:24 . 2008-05-01 14:36 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2010-01-24 22:24 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2010-01-24 22:22 . 2008-04-11 19:05 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll
2010-01-24 22:20 . 2009-06-10 12:21 2066432 ------w- c:\windows\system32\dllcache\mstscax.dll
2010-01-24 22:18 . 2008-10-15 16:36 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-01-24 22:18 . 2009-07-31 04:33 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2010-01-22 01:06 . 2010-01-30 18:21 -------- d-----w- C:\Hotspot Shield
2010-01-21 15:51 . 2010-01-21 15:51 -------- d-----w- c:\arquivos de programas\Caseiro
2010-01-21 15:50 . 2010-01-21 15:50 249856 ------w- c:\windows\Setup1.exe
2010-01-21 15:50 . 2010-01-21 15:50 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-01-20 16:15 . 2010-01-20 16:16 -------- d-----w- c:\arquivos de programas\rita
2010-01-13 16:43 . 2010-01-13 16:43 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-01-08 23:42 . 2010-01-08 23:42 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2010-01-08 19:52 . 2010-01-26 00:45 -------- d-----w- C:\Server_
2010-01-08 18:34 . 2010-01-08 18:35 -------- d-----w- c:\arquivos de programas\Paint.NET
2010-01-08 18:32 . 2010-01-08 18:32 -------- d-----w- c:\documents and settings\Administrador\.thumbnails
2010-01-08 18:30 . 2010-01-08 18:33 -------- d-----w- c:\documents and settings\Administrador\.gimp-2.6
2010-01-07 22:50 . 2010-01-07 22:52 -------- d-----w- c:\windows\system32\Adobe
2010-01-07 17:25 . 2010-01-07 17:25 -------- d-sh--w- c:\documents and settings\Administrador\PrivacIE
2010-01-07 17:20 . 2010-01-07 17:20 -------- d-sh--w- c:\documents and settings\Administrador\IETldCache
2010-01-07 16:45 . 2010-01-27 10:19 -------- d-----w- c:\windows\system32\pt-BR
2010-01-07 16:45 . 2010-01-07 16:46 -------- dc-h--w- c:\windows\ie8
2010-01-07 16:36 . 2010-01-28 10:51 -------- d--h--w- c:\windows\$hf_mig$
2010-01-07 04:43 . 2010-01-07 04:47 -------- d-----w- c:\arquivos de programas\SQL Server Backup 8
2010-01-07 04:01 . 2010-02-01 11:57 -------- d--h--w- c:\windows\PIF
2010-01-06 05:12 . 2010-01-06 05:12 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SqlBackupAndFtp
2010-01-06 04:50 . 2010-01-20 11:54 -------- d-----w- C:\Backups
2010-01-06 04:34 . 2010-01-14 21:43 -------- d-----w- c:\arquivos de programas\Cobian Backup 9
2010-01-05 23:04 . 2010-01-05 23:04 664 ----a-w- c:\windows\system32\d3d9caps.dat
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-02 01:16 . 2009-12-03 04:39 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Orbit
2010-02-02 00:58 . 2009-12-20 04:35 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Akamai
2010-02-01 20:05 . 2009-12-22 15:05 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Nokia
2010-02-01 20:03 . 2010-02-01 20:03 -------- d-----w- c:\arquivos de programas\Arquivos comuns\PCSuite
2010-02-01 20:03 . 2009-12-22 15:01 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Nokia
2010-02-01 20:03 . 2009-12-22 14:59 -------- d-----w- c:\arquivos de programas\Nokia
2010-02-01 19:56 . 2010-02-01 19:56 36864 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\Sleep.exe
2010-02-01 19:56 . 2010-02-01 19:56 3351812 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\msxml6Exec.exe
2010-02-01 19:56 . 2010-02-01 19:56 3203453 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\vcredistExec.exe
2010-02-01 19:55 . 2009-12-23 22:54 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Installations
2010-02-01 11:28 . 2010-02-01 11:28 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Malwarebytes
2010-02-01 11:28 . 2010-02-01 11:28 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware
2010-02-01 11:28 . 2010-02-01 11:28 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes
2010-02-01 00:24 . 2009-12-03 11:19 -------- d-----w- c:\arquivos de programas\Radix Priston Tale
2010-01-31 18:02 . 2010-01-31 18:02 2558976 --sh--w- c:\windows\system32\kill.exe
2010-01-31 18:01 . 2010-01-31 18:01 1127936 ----a-w- c:\windows\system32\auto_msn.exe
2010-01-28 02:19 . 2009-12-12 23:13 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Apple Computer
2010-01-26 13:15 . 2010-01-26 13:15 -------- d-----w- c:\arquivos de programas\microsoft frontpage
2010-01-25 02:03 . 2001-10-28 14:07 98700 ----a-w- c:\windows\system32\perfc016.dat
2010-01-25 02:03 . 2001-10-28 14:07 520636 ----a-w- c:\windows\system32\perfh016.dat
2010-01-24 19:51 . 2009-12-10 01:11 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\FileZilla
2010-01-22 02:40 . 2009-12-28 05:17 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\uTorrent
2010-01-20 22:44 . 2009-12-03 04:39 -------- d-----w- c:\arquivos de programas\Orbitdownloader
2010-01-16 21:29 . 2009-12-03 18:17 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!
2010-01-16 20:55 . 2009-12-03 13:01 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live
2010-01-08 18:01 . 2009-12-09 17:22 -------- d-----w- c:\arquivos de programas\Google
2010-01-08 17:56 . 2009-12-19 05:29 -------- d-----w- c:\arquivos de programas\ss
2010-01-07 20:41 . 2010-01-07 20:41 1329717 ----a-w- c:\arquivos de programas\richeia.PNG
2010-01-07 19:07 . 2010-02-01 11:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 19:07 . 2010-02-01 11:28 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 18:02 . 2009-12-05 19:36 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\FLEXnet
2010-01-03 05:24 . 2009-12-21 17:48 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Skype
2010-01-03 03:30 . 2009-12-21 17:49 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\skypePM
2010-01-01 19:06 . 2010-01-01 19:05 1407955 ----atw- c:\arquivos de programas\DSC01087.JPG
2010-01-01 18:39 . 2010-01-01 18:35 1497477 ----atw- c:\arquivos de programas\DSC01067.JPG
2010-01-01 18:39 . 2010-01-01 18:35 1368014 ----atw- c:\arquivos de programas\DSC01069.JPG
2010-01-01 18:39 . 2010-01-01 18:35 1413153 ----atw- c:\arquivos de programas\DSC01068.JPG
2010-01-01 18:38 . 2010-01-01 18:35 959701 ----atw- c:\arquivos de programas\DSC01069 cópia.jpg
2010-01-01 00:43 . 2010-01-01 00:43 -------- d-----w- c:\arquivos de programas\ZaraSoft
2009-12-30 02:33 . 2009-12-30 02:33 -------- d-----w- c:\arquivos de programas\SpacialAudio
2009-12-30 02:33 . 2009-12-30 02:33 -------- d-----w- c:\arquivos de programas\Firebird
2009-12-30 02:17 . 2009-12-30 02:17 -------- d-----w- c:\arquivos de programas\SHOUTcast Radio Toolbar
2009-12-30 02:17 . 2009-12-30 02:17 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SHOUTcast Radio Toolbar
2009-12-30 02:16 . 2009-12-30 02:16 -------- d-----w- c:\arquivos de programas\Winamp Detect
2009-12-29 19:13 . 2009-12-29 18:15 5 ----a-w- c:\windows\system32\SySMP3CutJoin.dat
2009-12-29 18:15 . 2009-12-29 18:15 -------- d-----w- c:\arquivos de programas\AudioToolsFactory
2009-12-29 18:11 . 2009-12-29 18:11 -------- d-----w- c:\arquivos de programas\MP3JOINER
2009-12-29 17:09 . 2009-12-29 17:09 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\HP
2009-12-28 05:19 . 2009-12-28 05:19 -------- d-----w- c:\arquivos de programas\uTorrent
2009-12-24 16:02 . 2009-12-24 15:27 -------- d-----w- c:\arquivos de programas\Your Freedom
2009-12-24 15:58 . 2009-12-24 15:58 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\ProxyCap
2009-12-24 15:31 . 2009-12-24 15:31 -------- d-----w- c:\arquivos de programas\Proxy Labs
2009-12-24 15:14 . 2009-12-24 14:50 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NexonUS
2009-12-24 15:14 . 2009-12-24 15:14 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Nexon
2009-12-24 14:50 . 2009-12-24 14:50 90112 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\npNxGameUS.dll
2009-12-24 14:50 . 2009-12-24 14:50 561152 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\NGMDll.dll
2009-12-24 14:50 . 2009-12-24 14:50 393216 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\NGMResource.dll
2009-12-24 14:50 . 2009-12-24 14:50 258352 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\unicows.dll
2009-12-24 14:50 . 2009-12-24 14:50 118784 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\nxgameus.dll
2009-12-24 14:50 . 2009-12-24 14:50 167936 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\NGM.exe
2009-12-23 23:39 . 2009-12-23 23:39 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Nseries
2009-12-23 23:18 . 2009-12-22 15:12 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\PC Suite
2009-12-23 23:17 . 2009-12-23 23:17 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-12-23 22:56 . 2009-12-23 22:56 -------- d-----w- c:\arquivos de programas\PC Connectivity Solution
2009-12-23 22:55 . 2009-12-23 22:55 95232 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe
2009-12-23 22:55 . 2009-12-23 22:55 8192 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe
2009-12-23 22:55 . 2009-12-23 22:55 61440 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-12-23 22:55 . 2009-12-23 22:55 10240 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe
2009-12-23 22:45 . 2009-12-23 22:45 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Nokia
2009-12-23 18:02 . 2009-12-23 18:02 -------- d-----w- c:\arquivos de programas\LogMeIn Hamachi
2009-12-23 14:21 . 2009-12-23 14:21 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-12-23 14:21 . 2009-12-23 14:21 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-12-22 15:35 . 2009-12-22 14:59 -------- d-----w- c:\arquivos de programas\DIFX
2009-12-22 15:20 . 2009-12-22 15:19 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\PC Suite
2009-12-22 15:19 . 2009-12-22 15:19 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-12-22 15:19 . 2009-12-22 15:19 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-12-22 15:03 . 2009-12-22 15:03 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NokiaMusic
2009-12-22 15:03 . 2009-12-22 15:02 -------- d-----w- c:\arquivos de programas\Arquivos comuns\muvee Technologies
2009-12-22 14:53 . 2009-12-22 14:53 -------- d-----w- c:\arquivos de programas\MSBuild
2009-12-22 14:53 . 2009-12-22 14:53 -------- d-----w- c:\arquivos de programas\Reference Assemblies
2009-12-22 14:50 . 2009-12-22 14:50 -------- d-----w- c:\arquivos de programas\MSXML 6.0
2009-12-21 19:08 . 2004-08-04 02:45 916480 ------w- c:\windows\system32\wininet.dll
2009-12-21 17:48 . 2009-12-21 17:47 -------- d-----r- c:\arquivos de programas\Skype
2009-12-21 17:47 . 2009-12-21 17:47 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Skype
2009-12-21 17:47 . 2009-12-21 17:47 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Skype
2009-12-20 12:20 . 2009-12-05 10:05 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe
2009-12-19 18:36 . 2009-12-19 18:36 33824 ----a-w- c:\windows\system32\drivers\oreans32.sys
2009-12-19 18:23 . 2009-12-19 18:23 -------- d-----w- c:\arquivos de programas\MU Season 4
2009-12-19 05:10 . 2009-12-18 03:06 -------- d-----w- c:\arquivos de programas\KYE
2009-12-19 05:10 . 2009-12-19 05:10 -------- d-----w- c:\arquivos de programas\Arquivos comuns\snpstd2
2009-12-19 05:09 . 2009-12-03 03:19 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information
2009-12-17 03:09 . 2009-12-17 03:08 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack
2009-12-17 02:56 . 2009-12-17 02:56 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Media Player Classic
2009-12-17 01:55 . 2009-12-17 01:55 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Megaupload
2009-12-17 01:51 . 2009-12-17 01:51 -------- d-----w- c:\arquivos de programas\Megaupload
2009-12-17 01:51 . 2009-12-17 01:51 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\InstallShield
2009-12-13 21:57 . 2009-12-13 21:57 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help
2009-12-13 21:54 . 2009-12-09 14:52 -------- d-----w- c:\arquivos de programas\Microsoft.NET
2009-12-13 21:54 . 2009-12-13 21:52 -------- d-----w- c:\arquivos de programas\Microsoft SQL Server
2009-12-13 05:38 . 2009-12-12 23:10 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple
.
((((((((((((((((((((((((((((( SnapShot@2010-02-01_23.46.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-03 04:38 . 2010-02-02 00:21 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2010-02-02 00:18 . 2010-02-02 00:18 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-01-25 02:13 . 2010-02-02 00:18 16384 c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat
+ 2009-10-28 03:40 . 2009-10-28 03:40 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-10-28 03:40 . 2009-10-28 03:40 3885984 c:\windows\system32\Macromed\Flash\NPSWF32.dll
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
Nota entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{14f0d511-36a2-41ca-ae01-ba4f87282c97}"= "c:\arquivos de programas\SHOUTcast Radio Toolbar\shoutcasttb.dll" [2008-09-17 1275176]
[HKEY_CLASSES_ROOT\clsid\{14f0d511-36a2-41ca-ae01-ba4f87282c97}]
[HKEY_CLASSES_ROOT\SHOUTcastTb.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{8613efdf-b530-4b1d-b970-b09f99977813}]
[HKEY_CLASSES_ROOT\SHOUTcastTb.AOLTBSearch]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" [2008-04-14 1695232]
"PC Suite Tray"="c:\arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\arquivos de programas\Arquivos comuns\Nokia\MPlatform\NokiaMServer" [X]
"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-20 110184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-20 12669544]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]
"AdobeCS4ServiceManager"="c:\arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"QuickTime Task"="c:\arquivos de programas\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\arquivos de programas\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-06-10 286720]
"NokiaMusic FastStart"="c:\arquivos de programas\Nokia\Ovi Player\NokiaOviPlayer.exe" [2009-11-06 2090272]
"mcagent_exe"="c:\arquivos de programas\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"McENUI"="c:\arquiv~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="c:\windows\system32\sti_ci.dll" [2008-04-14 137216]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]
c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Orbit.lnk - c:\arquivos de programas\Orbitdownloader\orbitdm.exe [2009-12-3 1785104]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^SQLBACKUPZIP.lnk]
path=c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\SQLBACKUPZIP.lnk
backup=c:\windows\pss\SQLBACKUPZIP.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=
"c:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=
"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\xampp\\apache\\bin\\httpd.exe"=
"c:\\Arquivos de programas\\Arquivos comuns\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Arquivos de programas\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=
"c:\\Arquivos de programas\\iTunes\\iTunes.exe"=
"c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"=
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\\Nexon\\Combat Arms\\NMService.exe"=
"c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Server\\servidorpt.exe"=
"c:\\Server\\Serverteste.exe"=
"c:\\Nexon\\Combat Arms\\Engine.exe"=
"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=
"c:\\Arquivos de programas\\SpacialAudio\\SAMBC\\SAMBC.exe"=
"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
"c:\\Server\\Server Radix PT.exe"=
"c:\\Server\\Itens sem replace.exe"=
"c:\\Arquivos de programas\\LiveZilla\\LiveZilla Server Admin.exe"=
"c:\\Arquivos de programas\\Arquivos comuns\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Arquivos de programas\\Steam\\Steam.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [3/8/2004 23:45 14336]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [9/12/2008 20:10 24636]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\arquivos de programas\LogMeIn Hamachi\hamachi-2.exe [29/10/2009 12:27 1074568]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\arquivos de programas\McAfee\SiteAdvisor\McSACore.exe [24/1/2010 22:37 93320]
S2 0238081264507318mcinstcleanup;McAfee Application Installer Cleanup (0238081264507318);c:\windows\TEMP\023808~1.EXE c:\arquiv~1\ARQUIV~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\023808~1.EXE c:\arquiv~1\ARQUIV~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe -s DefaultInstance --> c:\arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe -s DefaultInstance [?]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance --> c:\arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [23/12/2009 19:56 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [23/12/2009 19:56 8320]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
Conteúdo da pasta 'Tarefas Agendadas'
2010-01-22 c:\windows\Tasks\AppleSoftwareUpdate.job
2010-01-25 c:\windows\Tasks\McDefragTask.job
2010-01-25 c:\windows\Tasks\McQcTask.job
2010-02-01 c:\windows\Tasks\WGASetup.job
.
.
------- Scan Suplementar -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.baixaki.com.br/
uInternet Settings,ProxyOverride = local
IE: &Download by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204
IE: &SHOUTcast Search - c:\documents and settings\All Users\Dados de aplicativos\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Baixar Link Utiizando Gerenciador Mega... - c:\arquivos de programas\Megaupload\Mega Manager\mm_file.htm
IE: Do&wnload selected by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {55B9FC3D-8E0D-4E23-9BB8-72A77C722F2B} = 200.165.132.155,200.165.132.148
FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\x0ye2gvo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-chromesbox-en-us&query=
FF - prefs.js: browser.search.selectedEngine - Winamp Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-ab-en-us&query=
FF - component: c:\arquivos de programas\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\x0ye2gvo.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\npNxGameUS.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "[http://www.firefox.com"](http://www.firefox.com));
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-01 22:25
Windows 5.1.2600 Service Pack 3 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Tempo para conclusão: 2010-02-01 22:30:36
ComboFix-quarantined-files.txt 2010-02-02 01:30
ComboFix2.txt 2010-02-01 23:48
ComboFix3.txt 2010-01-26 13:23
Pré-execução: 22 pasta(s) 93.008.572.416 bytes disponíveis
Pós execução: 23 pasta(s) 93.000.261.632 bytes disponíveis
Sabe o que é isso?
2010-01-01 19:06 . 2010-01-01 19:05 1407955 ----atw- c:\arquivos de programas\DSC01087.JPG
2010-01-01 18:39 . 2010-01-01 18:35 1497477 ----atw- c:\arquivos de programas\DSC01067.JPG
Tópico Arquivado
Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.
Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.
Olá Eиcrypted! Baixe > '>http://www.linhadefensiva.org/dl/bankerfix"]BankerFix. Baixe também o Malwarebytes' Anti-Malware (MBAM) '>http://www.besttechie.net/tools/mbam-setup.exe"]neste link ou '>http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html"]neste aqui.
Desative o seu anti vírus temporariamente, para não haver conflitos.
Clique em OK na primeira e na segunda vez que aparecerem caixas de mensagem. Se você estiver executando o BankerFix pela segunda vez, ele irá pedir para verificar por uma atualização. Diga que Sim e depois clique em OK.
Quando ele executar, aparecerá uma tela preta pedindo para que aperte qualquer tecla. Tecle Enter e espere ele terminar. Pode levar algum tempo.
Ao terminar, leia a mensagem na tela e aperte Enter novamente.
Atenção: não rode o BankerFix mais de uma vez, pois isso sobrescreverá o resultado e não se saberá se a remoção foi bem-sucedida.
Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.
*NOTA: Se o **MBAM** encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.*