[Arquivado] Adult Friend Finder

[Masteris 0]

Pessoal alguns dias e essa parada começou aparecer! Adult Friend Finder em uma nova janela de navegador!

Se puderem me ajudar a tirar ficarei grato! vlw

 

Logfile of HijackThis v1.99.1

Scan saved at 6:01:46 PM, on 6/3/2008

Platform: Unknown Windows (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16643)

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe

C:\Program Files\ADPHONE3\ADPHONE.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\ProgramData\Spontania4IM\spontania4IM.exe

c:\program files\common files\installshield\updateservice\isuspm.exe

C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\ProgramData\Skype\Plugins\Plugins\4B0CD40E64684EFBB9596337DF1BFCD9\CMCExtra.exe

C:\Users\Master\Desktop\HijackThis.exe

C:\Windows\system32\notepad.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [iSUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash

O4 - HKCU\..\Run: [JustVoip] "C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe" -nosplash -minimized

O4 - HKCU\..\Run: [ADPHONE] C:\Program Files\ADPHONE3\ADPHONE.EXE /STARTUP

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - Global Startup: Spontania Monitor.lnk = C:\ProgramData\Spontania4IM\spontania4IM.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Transferir com FDM - file://C:\Program Files\Free Download Manager\dllink.htm

O8 - Extra context menu item: Transferir todos com FDM - file://C:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Transferir vídeo com FDM - file://C:\Program Files\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: Transferência seleccionada pelo FDM - file://C:\Program Files\Free Download Manager\dlselected.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{62051CDB-13B9-4179-9799-C27FA9CEDB1A}: NameServer = 201.10.120.3 201.10.1.2

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll

O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

[Silas Martins 0]

Baixe o ComboFix e salve na área de trabalho.

 

Feche todos os programas.

Clique duas vezes sobre combofix.exe e tecle (1) logo após aperte Enter para continuar.

O ComboFix irá reiniciar seu computador automaticamente, isto faz parte do processo de remoção.

 

Ao se encerrar, será gerado um log, que vai estar em C:\ComboFix.txt.

 

Atenção:

Não clique em nada enquanto o Combofix estiver rodando, Do contrário seu desktop ficará em branco.

 

Para parar o processo ou sair do ComboFix, tecle "2" e Enter.

 

Aguardo um novo log do HijackThis juntamente com o ComboFix.txt

[Masteris 0]

passei os 2 abaixa os logs Parece que deu certo Pq reiniciei o Sistema e não abriu a janela jata apos abrir o navegador abaixo os logs!

 

Era só isso pra fazer? ou ainda não está limpo?

 

Logfile of HijackThis v1.99.1

Scan saved at 10:09:41 PM, on 6/3/2008

Platform: Unknown Windows (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16643)

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe

C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe

C:\Program Files\ADPHONE3\ADPHONE.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\ProgramData\Spontania4IM\spontania4IM.exe

C:\Program Files\Eset\nod32kui.exe

C:\Windows\system32\wuauclt.exe

C:\Users\Master\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll

O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup

O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash

O4 - HKCU\..\Run: [JustVoip] "C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe" -nosplash -minimized

O4 - HKCU\..\Run: [ADPHONE] C:\Program Files\ADPHONE3\ADPHONE.EXE /STARTUP

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - Global Startup: Spontania Monitor.lnk = C:\ProgramData\Spontania4IM\spontania4IM.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Transferir com FDM - file://C:\Program Files\Free Download Manager\dllink.htm

O8 - Extra context menu item: Transferir todos com FDM - file://C:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Transferir vídeo com FDM - file://C:\Program Files\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: Transferência seleccionada pelo FDM - file://C:\Program Files\Free Download Manager\dlselected.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{62051CDB-13B9-4179-9799-C27FA9CEDB1A}: NameServer = 201.10.120.3 201.10.1.2

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll

O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

 

 

ComboFix 08-06-03.1 - Master 2008-06-03 21:55:28.1 - NTFSx86

Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1046.18.363 [GMT -3:00]

Executando de: C:\Users\Master\Documents\ComboFix.exe

* Criado um novo ponto de restauro

* Resident AV is active

 

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Program Files\ShoppingReport

C:\Windows\system32\msssc.dll

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-05-04 to 2008-06-04 ))))))))))))))))))))))))))))))))

.

 

2008-06-03 17:36 . 2008-06-03 17:36 <DIR> d-------- C:\!KillBox

2008-05-29 14:03 . 2008-05-29 14:03 <DIR> d-------- C:\Program Files\Foxit Software

2008-05-28 14:11 . 2008-05-28 14:14 <DIR> d-------- C:\Program Files\Free Video Converter

2008-05-28 14:10 . 2008-05-28 14:10 <DIR> d-------- C:\Program Files\YouTube Downloader

2008-05-19 01:06 . 2008-05-19 01:06 <DIR> d-------- C:\Program Files\TechSmith

2008-05-19 01:06 . 2008-05-19 01:06 <DIR> d-------- C:\Program Files\Common Files\TechSmith Shared

2008-05-19 01:06 . 2002-12-23 01:01 110,592 --a------ C:\Windows\System32\tsccvid.dll

2008-05-17 03:34 . 2008-05-17 03:34 <DIR> d-------- C:\Windows\System32\Lang

2008-05-17 03:34 . 2008-05-17 03:39 <DIR> d-------- C:\Intel

2008-05-17 03:34 . 2007-01-19 10:14 389,120 --a------ C:\Windows\System32\igxpun.exe

2008-05-17 03:34 . 2006-11-10 08:25 319,456 --a------ C:\Windows\System32\difxapi.dll

2008-05-17 03:34 . 2006-01-23 10:29 121,232 --a------ C:\Windows\System32\IScrNBR.bmp

2008-05-17 03:34 . 2006-01-23 10:29 121,232 --a------ C:\Windows\System32\IScrNB.bmp

2008-05-16 21:15 . 2008-05-16 21:15 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_motmodem_01005.Wdf

2008-05-16 21:09 . 2008-05-17 03:35 <DIR> d----c--- C:\Windows\System32\DRVSTORE

2008-05-16 20:57 . 2008-05-16 20:57 <DIR> d-------- C:\MotoBlade

2008-05-16 20:39 . 2008-05-16 20:39 <DIR> d-------- C:\Program Files\Avanquest update

2008-05-16 20:29 . 2008-05-16 21:21 <DIR> d-------- C:\Users\All Users\BVRP Software

2008-05-16 20:29 . 2008-05-16 21:21 <DIR> d-------- C:\ProgramData\BVRP Software

2008-05-16 20:29 . 2008-05-16 20:37 <DIR> d-------- C:\Program Files\Motorola Phone Tools

2008-05-16 20:28 . 2008-05-16 20:28 <DIR> d-------- C:\Users\Master\AppData\Roaming\InstallShield

2008-05-16 17:47 . 2008-05-16 17:47 92,064 --a------ C:\Users\Master\mqdmmdm.sys

2008-05-16 17:47 . 2008-05-16 17:47 79,328 --a------ C:\Users\Master\mqdmserd.sys

2008-05-16 17:47 . 2008-05-16 17:47 66,656 --a------ C:\Users\Master\mqdmbus.sys

2008-05-16 17:47 . 2008-05-16 17:47 25,600 --a------ C:\Users\Master\usbsermptxp.sys

2008-05-16 17:47 . 2008-05-16 17:47 22,768 --a------ C:\Users\Master\usbsermpt.sys

2008-05-16 17:47 . 2008-05-16 17:47 9,232 --a------ C:\Users\Master\mqdmmdfl.sys

2008-05-16 17:47 . 2008-05-16 17:47 6,208 --a------ C:\Users\Master\mqdmcmnt.sys

2008-05-16 17:47 . 2008-05-16 17:47 5,936 --a------ C:\Users\Master\mqdmwhnt.sys

2008-05-16 17:47 . 2008-05-16 17:47 4,048 --a------ C:\Users\Master\mqdmcr.sys

2008-05-09 22:03 . 2008-05-09 22:03 <DIR> d-------- C:\Program Files\GALA-NET

2008-05-04 12:06 . 2008-05-23 12:05 <DIR> d-------- C:\Users\Master\AppData\Roaming\ADPHONE

2008-05-04 12:06 . 2008-05-23 12:05 <DIR> d-------- C:\Program Files\ADPHONE3

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-04 00:55 --------- d-----w C:\Program Files\Eset

2008-06-04 00:52 --------- d-----w C:\Users\Master\AppData\Roaming\Free Download Manager

2008-06-04 00:51 --------- d-----w C:\Users\Master\AppData\Roaming\Skype

2008-06-03 22:05 --------- d-----w C:\Users\Master\AppData\Roaming\skypePM

2008-06-03 03:02 --------- d-----w C:\Program Files\LogMeIn

2008-05-30 00:00 22,528 ----a-w C:\Windows\system32\drivers\nhcDriver.sys

2008-05-29 23:59 --------- d-----w C:\Users\Master\AppData\Roaming\uTorrent

2008-05-23 17:52 --------- d-----w C:\Program Files\Microsoft Silverlight

2008-05-16 23:39 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-05-14 21:48 --------- d-----w C:\ProgramData\Microsoft Help

2008-05-03 13:18 --------- d-----w C:\Program Files\Convenos Meeting Center

2008-05-02 16:16 --------- d-----w C:\ProgramData\Messenger Plus!

2008-04-28 05:14 --------- d-----w C:\Program Files\Photo-Brush

2008-04-27 21:18 --------- d-----w C:\Users\Master\AppData\Roaming\Winamp

2008-04-27 21:17 --------- d-----w C:\Program Files\Winamp

2008-04-26 12:15 --------- d-----w C:\ProgramData\eMule

2008-04-26 12:15 --------- d-----w C:\Program Files\eMule

2008-04-21 07:42 --------- d-----w C:\Users\Master\AppData\Roaming\ooVoo Details

2008-04-21 07:34 --------- d-----w C:\Program Files\ooVoo

2008-04-20 15:37 --------- d-----w C:\ProgramData\vidcap

2008-04-19 17:12 --------- d-----w C:\ProgramData\Spontania4IM

2008-04-17 03:12 --------- d-----w C:\Program Files\Skat

2008-04-15 20:29 --------- d-----w C:\Program Files\PIXELA

2008-04-15 02:52 --------- d-----w C:\Users\Master\AppData\Roaming\RadLight Company

2008-04-15 02:52 --------- d-----w C:\Program Files\RadLight Company

2008-04-09 16:10 --------- d-----w C:\ProgramData\FreeDownloadManager.ORG

2008-04-09 16:10 --------- d-----w C:\Program Files\Free Download Manager

2008-04-08 20:55 --------- d-----w C:\Program Files\Windows Defender

2008-04-04 13:41 --------- d-----w C:\Program Files\TOSHIBA

2008-04-04 12:32 --------- d-----w C:\Program Files\SopCast

2008-04-03 09:38 147,456 ----a-w C:\Windows\System32\svrex.dll

2008-03-14 06:07 613,888 ----a-w C:\Windows\System32\wpd_ci.dll

2008-03-13 18:02 174 --sha-w C:\Program Files\desktop.ini

2008-03-13 17:25 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr

2008-03-13 17:25 67,584 ----a-w C:\Windows\System32\wlanhlp.dll

2008-03-13 17:25 542,720 ----a-w C:\Windows\System32\sysmain.dll

2008-03-13 17:25 502,784 ----a-w C:\Windows\System32\wlansvc.dll

2008-03-13 17:25 47,104 ----a-w C:\Windows\System32\wlanapi.dll

2008-03-13 17:25 297,984 ----a-w C:\Windows\System32\wlansec.dll

2008-03-13 17:25 290,816 ----a-w C:\Windows\System32\wlanmsm.dll

2008-03-13 17:25 24,064 ----a-w C:\Windows\System32\wtsapi32.dll

2008-03-13 17:25 2,923,520 ----a-w C:\Windows\explorer.exe

2008-03-13 17:19 25,600 ----a-w C:\Windows\System32\LangCleanupSysprepAction.dll

2008-03-13 17:19 23,552 ----a-w C:\Windows\System32\lpremove.exe

2008-03-13 17:19 229,888 ----a-w C:\Windows\System32\msshsq.dll

2008-03-13 17:19 166,912 ----a-w C:\Windows\System32\lpksetup.exe

2008-03-13 17:19 10,240 ----a-w C:\Windows\System32\MUILanguageCleanup.dll

2008-03-13 17:17 105,984 ----a-w C:\Windows\System32\CscMig.dll

2008-03-13 17:15 1,244,672 ----a-w C:\Windows\System32\mcmde.dll

2008-03-13 06:56 87,040 ----a-w C:\Windows\System32\msoert2.dll

2008-03-13 06:56 39,424 ----a-w C:\Windows\System32\ACCTRES.dll

2008-03-13 06:56 205,824 ----a-w C:\Windows\System32\msoeacct.dll

2008-03-13 06:54 194,560 ----a-w C:\Windows\System32\WebClnt.dll

2008-03-13 06:52 49,664 ----a-w C:\Windows\System32\csrsrv.dll

2008-03-13 06:52 376,320 ----a-w C:\Windows\System32\winsrv.dll

2008-03-13 06:51 268,288 ----a-w C:\Windows\System32\mcbuilder.exe

2008-03-13 06:51 233,888 ----a-w C:\Windows\System32\DreamScene.dll

2008-03-13 06:51 1,152,000 ----a-w C:\Windows\System32\themecpl.dll

2008-03-13 06:50 414,208 ----a-w C:\Windows\System32\msscp.dll

2008-03-13 06:50 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll

2008-03-13 06:49 86,016 ----a-w C:\Windows\System32\icfupgd.dll

2008-03-13 06:49 61,952 ----a-w C:\Windows\System32\cmifw.dll

2008-03-13 06:49 396,800 ----a-w C:\Windows\System32\MPSSVC.dll

2008-03-13 06:49 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll

2008-03-13 06:49 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll

2008-03-13 06:49 16,896 ----a-w C:\Windows\System32\wfapigp.dll

2008-03-13 06:48 2,048 ----a-w C:\Windows\System32\msxml3r.dll

2008-03-13 06:48 104,448 ----a-w C:\Windows\System32\DWWIN.EXE

2008-03-13 06:48 1,191,936 ----a-w C:\Windows\System32\msxml3.dll

2008-03-13 06:47 24,064 ----a-w C:\Windows\System32\netcfg.exe

2008-03-13 06:47 22,016 ----a-w C:\Windows\System32\netiougc.exe

2008-03-13 06:47 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll

2008-03-13 06:47 1,327,104 ----a-w C:\Windows\System32\quartz.dll

2008-03-13 06:46 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL

2008-03-13 06:46 84,480 ----a-w C:\Windows\System32\INETRES.dll

2008-03-13 06:46 737,792 ----a-w C:\Windows\System32\inetcomm.dll

2008-03-13 06:46 223,232 ----a-w C:\Windows\System32\WMASF.DLL

2008-03-13 06:46 2,048 ----a-w C:\Windows\System32\msxml6r.dll

2008-03-13 06:46 2,048 ----a-w C:\Windows\System32\asferror.dll

2008-03-13 06:46 1,335,296 ----a-w C:\Windows\System32\msxml6.dll

2008-03-13 06:44 11,776 ----a-w C:\Windows\System32\sbunattend.exe

2008-03-13 06:36 788,992 ----a-w C:\Windows\System32\rpcrt4.dll

2008-03-13 06:35 5,120 ----a-w C:\Windows\System32\wmi.dll

2008-03-13 06:35 152,576 ----a-w C:\Windows\System32\imagehlp.dll

2008-03-13 06:32 2,048 ----a-w C:\Windows\System32\tzres.dll

2008-03-13 06:31 633,856 ----a-w C:\Windows\System32\user32.dll

2008-03-13 06:29 750,080 ----a-w C:\Windows\System32\qmgr.dll

2008-03-13 03:47 53,080 ----a-w C:\Windows\System32\wuauclt.exe

2008-03-13 03:47 43,352 ----a-w C:\Windows\System32\wups2.dll

2008-03-13 03:47 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll

2008-03-13 03:47 1,524,224 ----a-w C:\Windows\System32\wucltux.dll

2008-03-13 03:46 80,896 ----a-w C:\Windows\System32\wudriver.dll

2008-03-13 03:46 549,720 ----a-w C:\Windows\System32\wuapi.dll

2008-03-13 03:46 33,624 ----a-w C:\Windows\System32\wups.dll

2008-03-13 03:45 31,232 ----a-w C:\Windows\System32\wuapp.exe

2008-03-13 03:45 163,000 ----a-w C:\Windows\System32\wuwebv.dll

2008-03-12 22:35 298,104 ----a-w C:\Windows\System32\imon.dll

2008-03-12 02:16 32 ----a-w C:\Users\All Users\ezsid.dat

2008-03-12 02:16 32 ----a-w C:\ProgramData\ezsid.dat

.

 

------- Sigcheck -------

 

2007-03-25 09:25 802816 8828315f2976c705d5a668de1aa58555 C:\Windows\System32\drivers\tcpip.sys

2006-11-02 05:58 802816 d944522b048a5feb7700b5170d3d9423 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16386_none_5f4ed3e0926e99e4\tcpip.sys

2007-03-25 09:25 802816 8828315f2976c705d5a668de1aa58555 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16627_none_5f90b964923d030a\tcpip.sys

2008-03-13 03:47 806400 52a8bd6294f7d1443c6184c67ae13af4 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20752_none_5ff4e4f9ab7777f4\tcpip.sys

 

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-13 03:44 1232896]

"ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 20:30 249856]

"Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 05:42 495616]

"JustVoip"="C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe" [2008-01-02 16:38 8770864]

"ADPHONE"="C:\Program Files\ADPHONE3\ADPHONE.exe" [2008-05-15 16:34 1519616]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 09:33 201728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NotebookHardwareControl"="C:\Program Files\Notebook Hardware Control\nhc.exe" [2007-05-03 21:33 2629632]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 08:25 144784]

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 20:30 81920]

"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-03-12 19:35 949376]

"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 17:48 1388544]

"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]

"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2005-08-10 11:23 356352]

"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 15:09 63048]

"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-01-13 09:47 131072]

"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-01-13 09:47 163840]

"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-01-13 09:46 135168]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Spontania Monitor.lnk - C:\ProgramData\Spontania4IM\spontania4IM.exe [2008-04-19 14:12:06 57344]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{8A218562-A57B-44B6-B0D5-C0E7C8228345}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"TCP Query User{22346415-6E9B-4BF5-AD9C-34647461EE98}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent

"UDP Query User{EC599172-AF38-49D1-9180-1F58221CC00B}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent

"{BAC374D6-2DB0-4992-BB86-AE05472943E1}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail

"{B8A98585-867D-4784-9C5E-9AD62C73652D}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail

"{AF7356D4-017C-4D4B-8795-3FB9A5658752}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail

"{9DBC39CA-B48B-4963-B93C-06D838EE1653}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail

"{418A3302-CAFF-4D52-9332-4F9CBD34F9C5}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail

"{D3F11E26-EBF9-4F24-BCB0-8F997C9497D6}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail

"{D6E3C799-F267-48F3-B312-325CDB8F0C8F}"= UDP:C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe:Age of Mythology - The Titans Expansion

"{C40E5AE8-EA3D-4871-AD94-BC9208B03B80}"= TCP:C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe:Age of Mythology - The Titans Expansion

"TCP Query User{F0C22E2F-48A7-48FB-88B1-4A9EC85C4535}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath

"UDP Query User{1CA33582-F108-46E6-AD26-13DC9E18FFAB}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath

"{3C9B12AF-A267-45DF-9A07-FCC8E11EF88B}"= UDP:C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe:JustVoip

"{889A53BC-328F-41E8-BE28-30558A75196D}"= TCP:C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe:JustVoip

"TCP Query User{FA5BC2B7-FA45-4027-AFD1-9D566BC256AD}C:\\program files\\justvoip.com\\justvoip\\justvoip.exe"= UDP:C:\program files\justvoip.com\justvoip\justvoip.exe:Client to make VoIP calls.

"UDP Query User{6D208DD9-C036-4163-8AB0-AE4017BCC414}C:\\program files\\justvoip.com\\justvoip\\justvoip.exe"= TCP:C:\program files\justvoip.com\justvoip\justvoip.exe:Client to make VoIP calls.

"TCP Query User{7DFDBA60-06F2-4E6D-9691-064BEC41D1C7}C:\\program files\\teamspeak2_rc2\\server_windows.exe"= UDP:C:\program files\teamspeak2_rc2\server_windows.exe:Server

"UDP Query User{47B96CD7-9FAD-4F25-884D-B571B3A9458C}C:\\program files\\teamspeak2_rc2\\server_windows.exe"= TCP:C:\program files\teamspeak2_rc2\server_windows.exe:Server

"{70847A46-A0C2-4CA2-B06A-E211799571E1}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail

"{DF6B6A72-6583-4FF7-99CC-0829AC8E48B8}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail

"{E861EC05-0B01-424B-B102-5387ADFC8FF6}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail

"{65759EFA-4601-4D82-B17E-B5D11AEFDCEF}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail

"TCP Query User{83B199B0-5E14-4049-B296-B37EAF7D3A0D}C:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver

"UDP Query User{6483020F-E012-455A-B9F3-B9ADBB07185D}C:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver

"{D1CEDA74-B0B3-4972-96F1-F03BA4AF790E}"= TCP:2300:Titans

"{8545ACD1-A329-440F-A479-E56E65BAECCA}"= UDP:80:mythology

"TCP Query User{EFD8CBA1-73C2-497B-8FA1-7BBF06907DC9}C:\\program files\\microsoft games\\age of mythology\\aomx.exe"= UDP:C:\program files\microsoft games\age of mythology\aomx.exe:Age of Mythology - The Titans Expansion

"UDP Query User{0A8845BF-EE51-4F40-A052-7466A9DBF692}C:\\program files\\microsoft games\\age of mythology\\aomx.exe"= TCP:C:\program files\microsoft games\age of mythology\aomx.exe:Age of Mythology - The Titans Expansion

"TCP Query User{0A486120-226A-4FEB-9F77-4F84D1F993F8}C:\\program files\\radlight company\\radlight 4.0\\rlkernel.exe"= UDP:C:\program files\radlight company\radlight 4.0\rlkernel.exe:Kernel Executable

"UDP Query User{58331F1E-AE8D-4E24-A9CB-5A55B06C01EF}C:\\program files\\radlight company\\radlight 4.0\\rlkernel.exe"= TCP:C:\program files\radlight company\radlight 4.0\rlkernel.exe:Kernel Executable

"TCP Query User{DCEC78ED-8FA1-46C1-AE91-D6236534CBEA}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{4A2C4C50-89CF-4401-8B3E-9226AD8D7756}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

"TCP Query User{85B22541-E292-480F-B9DF-B929A48FE735}C:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver

"UDP Query User{B2B685C0-1AD7-48DD-B4DE-C2824A9D3D7F}C:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver

"TCP Query User{03E01400-32EC-4B22-8C7B-257976A45C00}C:\\program files\\radlight company\\radlight 4.0\\rlkernel.exe"= UDP:C:\program files\radlight company\radlight 4.0\rlkernel.exe:Kernel Executable

"UDP Query User{2BB992C4-CD84-44B6-8294-7C51EAEBCCF8}C:\\program files\\radlight company\\radlight 4.0\\rlkernel.exe"= TCP:C:\program files\radlight company\radlight 4.0\rlkernel.exe:Kernel Executable

"TCP Query User{F765CD08-A7DD-4FF3-A575-2A338403CA45}C:\\programdata\\spontania4im\\spontaniavideo.exe"= UDP:C:\programdata\spontania4im\spontaniavideo.exe:Dialcom Spontania video4IM

"UDP Query User{B120281E-9AF6-41B0-BA4F-8F5017AD6B65}C:\\programdata\\spontania4im\\spontaniavideo.exe"= TCP:C:\programdata\spontania4im\spontaniavideo.exe:Dialcom Spontania video4IM

"TCP Query User{C6F29129-86E8-42A0-B118-F863460E0ED9}C:\\program files\\oovoo\\oovoo.exe"= UDP:C:\program files\oovoo\oovoo.exe:ooVoo

"UDP Query User{87378D07-1CAF-4B58-8233-2FC18C8F3B2D}C:\\program files\\oovoo\\oovoo.exe"= TCP:C:\program files\oovoo\oovoo.exe:ooVoo

"{F81D9008-B937-4A1A-8B33-861BAF88D213}"= UDP:443:ooVoo TCP port 443

"{AB1890BB-A020-4BE5-AEBE-C43AC2D30E80}"= TCP:443:ooVoo UDP port 443

"{B1877F5D-0970-46CD-9463-52428D9E0E89}"= UDP:37674:ooVoo TCP port 37674

"{E8233125-3ACA-4085-81F9-8EC2A2B93659}"= TCP:37674:ooVoo UDP port 37674

"{EBBE3B62-35C3-4722-89D8-5E7F65606BCB}"= TCP:37675:ooVoo UDP port 37675

"TCP Query User{59853F35-B646-416C-AF04-9E0ABE3A7256}C:\\program files\\teamspeak2_rc2\\server_windows.exe"= UDP:C:\program files\teamspeak2_rc2\server_windows.exe:Server

"UDP Query User{5A984C5B-1D50-43AD-AC16-3242D9E2ADDD}C:\\program files\\teamspeak2_rc2\\server_windows.exe"= TCP:C:\program files\teamspeak2_rc2\server_windows.exe:Server

"TCP Query User{C02F0B4D-B64A-4F18-8ED6-8D349D435BEE}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{2531C5A6-63D0-44EA-B223-7E0A74CDC8BD}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox

"TCP Query User{DAC15756-2827-4416-ACDC-98BFADA7D903}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule

"UDP Query User{1B8D001E-660D-42DC-8CDF-6877EF5F8769}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule

"TCP Query User{57BE14F0-3FBB-4B57-B7FE-2039850C19D3}C:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath

"UDP Query User{C0B15806-75C5-4653-B754-4E35D7AFBD48}C:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath

"TCP Query User{DE9A795B-C975-4570-8C49-45F0C8EE56CC}C:\\program files\\adphone3\\adphone.exe"= UDP:C:\program files\adphone3\adphone.exe:ADPHONE

"UDP Query User{26915888-72D6-481B-BE0A-C31D10FCE31B}C:\\program files\\adphone3\\adphone.exe"= TCP:C:\program files\adphone3\adphone.exe:ADPHONE

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

 

R0 sonyhcb;Sony Digital Imaging Base;C:\Windows\system32\DRIVERS\sonyhcb.sys [2001-11-05 09:23]

R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-08-03 15:09]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\system32\drivers\LMIRfsDriver.sys [2007-08-03 15:09]

R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-03-09 11:20]

R3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 04:30]

R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 04:30]

S0 OemBiosDevice;Royalty OEM Bios Extension;C:\Windows\system32\drivers\royal.sys [2008-03-12 04:03]

S3 sonyhcs;Sony Digital Imaging Video;C:\Windows\system32\DRIVERS\sonyhcs.sys [2001-11-05 09:23]

 

*Newly Created Service* - CATCHME

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-03 22:01:16

Windows 6.0.6000 NTFS

 

Procurando processos ocultos ...

 

? [34540]

? [26540]

? [33348]

? [34468]

? [34600]

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-06-03 22:02:30

ComboFix-quarantined-files.txt 2008-06-04 01:02:22

 

Pre-Run: 9,607,712,768 bytes disponíveis

Post-Run: 10,657,697,792 bytes disponíveis

 

272 --- E O F --- 2008-05-30 18:27:42

[Silas Martins 0]

Siga as Instruções:

Baixe o MSNfix.

Salve na área de trabalho, e descompacte ele, após isto, clique duas vezes em MSNFix.bat

Vai se abrir a tela MSN_Fix-menu nela aperte a opçãp R, será dado inicio ao scaneamento.

Caso o scan detecte algo irá aparecer a seguinte informação: Infection Presente, aperte enter, e prossiga.

Caso queira interromper o processo aperte a tecla Q

Na finalização vai se abrir o bloco de notas com um log, selecione todo ele e copie, que se encontra na pasta msnfix.txt.

Poste juntamente um novo log do Hijackthis

 

Aguardo o retorno.

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.