[Resolvido!] Analise de log

Fernando Nicacio · Julho 20, 2009

pederiam analizar esse do HijackThis log...

No final tem otro log do Malwarebytes.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:38:34, on 20/7/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\AppServ\Apache2\bin\Apache.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\AppServ\Apache2\bin\Apache.exe

C:\ARQUIV~1\MICROS~2\MSSQL\binn\sqlservr.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\DAP\DAP.EXE

C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe

C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornecido por Fernando

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O1 - Hosts: 189.31.111.170 muah.sytes.net

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7A0618CF-C1D2-4EA2-ADC9-DBF1EF35B466} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [HDAudDeck] C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\RunServices: [Fan App] sfdhost.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Arquivos de programas\DAP\DAP.EXE" /STARTUP

O4 - HKCU\..\Run: [VisualTaskTips] C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Service Manager.lnk = C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~4\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1226621911298

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{BCCB8EF5-AE92-4B83-AF7C-019125A93010}: NameServer = 201.10.128.3,201.10.1.3

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apache2 - Apache Software Foundation - C:\AppServ\Apache2\bin\Apache.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate1ca069cc2ac537e) (gupdate1ca069cc2ac537e) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Fernando/CONFIG~1/Temp/msohtml1/01/clip_image002.jpg

--

End of file - 8167 bytes

===============================================================

LOG DO Malwarebytes.

===============================================================

Malwarebytes' Anti-Malware 1.39

Versão do banco de dados: 2468

Windows 5.1.2600 Service Pack 3

20/7/2009 21:56:29

mbam-log-2009-07-20 (21-56-29).txt

Tipo de Verificação: Completa (C:\|)

Objetos verificados: 303399

Tempo decorrido: 50 minute(s), 32 second(s)

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 1

Pastas infectadas: 0

Arquivos infectados: 1

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

Ítens do Registro infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

Arquivos infectados:

C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.

PedroN · Julho 21, 2009

Faça o download do ComboFix de um destes locais:

Link 1.

Link 2.

Link 3.

Importante!

Você não deve usar Combofix a menos que você tenha sido instruído a fazê-lo por um análista de segurança.

Destina-se pelo seu criador para ser utilizado sob orientação e supervisão de um especialista, e não para uso privado.

Utilizando esta ferramenta incorreto poderia levar a desastrosa problemas com o seu sistema operacional.

Certifique-se de que você salvou ComboFix.exe para o seu desktop.

• Desabilite o seu Antivírus e AntiSpyware , geralmente através de um clique direito sobre o ícone da bandeja do sistema. Eles podem interferir na execução da ferramenta.

• Dê um duplo clique no ComboFix.exe & siga as instruções.

• Como parte de seu processo, ComboFix irá verificar se o Microsoft Windows Recovery Console está instalado. Como as infecções de malware são hoje, é fortemente recomendado que esteja pré-instalado em sua máquina antes de fazer qualquer remoção de malware. Ela permitirá que você arrancar em especial uma recuperação / reparação modo a permitir-nos-á mais fácil ajudá-lo a seu computador deve ter um problema após uma tentativa de remoção de malware.

• Siga as instruções para permitir ComboFix para baixar e instalar o Microsoft Windows Recovery Console e, quando for solicitado, concordar com o End-User License Agreement para instalar o Microsoft Windows Recovery Console.

-- Atenção: Se a consola de recuperação do Microsoft Windows já estiver instalado, ComboFix irá continuar a sua remoção malware procedimentos.

Uma vez que o Microsoft Windows Recovery Console é instalado usando o ComboFix, você deverá ver a seguinte mensagem:

Clique em Sim, para continuar a varredura de malware.

Quando terminar, ela deve produzir um log para você. Poste o relatorio do combofix que estar em C: \ ComboFix.txt junto com um log do hijackthis.

Fernando Nicacio · Julho 23, 2009

Pesso 1000 desculpas pela demora...

aew esta o log do ComboFix e do hijackthis!!!

ComboFix 09-07-22.05 - Fernando 23/07/2009 11:26.1.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1791.1222 [GMT -3:00]

Executando de: c:\documents and settings\Fernando\Desktop\ComboFix.exe

AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\8dtyjjf.exe

C:\autorun.inf

c:\documents and settings\Fernando\Meus documentos\Fernando\Jogos\Cs\12\PACK_xiters_\click-xiters\CCA1.4\CCA1.4\_desktop.ini

c:\documents and settings\Fernando\Meus documentos\Fernando\Jogos\Cs\12\PACK_xiters_\click-xiters\CCA1.4\CCA1.4\CCARoute\_desktop.ini

c:\documents and settings\Fernando\Meus documentos\Fernando\Jogos\Cs\12\PACK_xiters_\click-xiters\CCA1.4\CCA1.4\Config\_desktop.ini

c:\documents and settings\Fernando\Meus documentos\Fernando\Jogos\Cs\12\PACK_xiters_\click-xiters\CCA1.4\CCA1.4\Config\Ping\_desktop.ini

c:\recycled\Recycled

C:\w9hw8.exe

c:\windows\Installer\2cd2f9.msi

c:\windows\Installer\371f5.msi

c:\windows\system32\drivers\npf.sys

c:\windows\system32\FLSDEVCP.EXE

c:\windows\system32\Packet.dll

c:\windows\system32\wpcap.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_OREANS32

-------\Service_AVPsys

-------\Service_NPF

-------\Service_oreans32

(((((((((((((((( Arquivos/Ficheiros criados de 2009-06-23 to 2009-07-23 ))))))))))))))))))))))))))))

.

2009-07-23 06:29 . 2009-07-23 06:29 -------- d-----w- C:\CloneDVDTemp

2009-07-22 19:44 . 2009-07-22 19:45 -------- d-----w- C:\PROJETOS

2009-07-22 19:43 . 2009-07-22 19:43 -------- d-----w- C:\Mu Chakal - Todos

2009-07-22 02:36 . 2009-07-22 03:52 -------- d-----w- C:\wamp

2009-07-21 18:53 . 2009-07-21 18:53 -------- d-----w- c:\windows\system32\Adobe

2009-07-21 01:36 . 2009-07-22 19:42 -------- d-----w- C:\HiJackThis

2009-07-20 23:52 . 2009-07-20 23:52 -------- d-----w- c:\documents and settings\Fernando\Dados de aplicativos\Malwarebytes

2009-07-20 23:52 . 2009-07-13 16:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-07-20 23:52 . 2009-07-20 23:52 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-07-20 23:52 . 2009-07-20 23:52 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-07-20 23:52 . 2009-07-13 16:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-07-20 05:47 . 2009-07-20 13:16 -------- d-----w- c:\arquivos de programas\USDownloader

2009-07-19 21:17 . 2009-07-19 21:17 2560 ------w- c:\windows\system32\drivers\cdralw2k.sys

2009-07-19 21:17 . 2009-07-19 21:17 2432 ------w- c:\windows\system32\drivers\cdr4_xp.sys

2009-07-19 21:17 . 2009-07-19 21:16 158456 ------w- c:\windows\system32\pxwma.dll

2009-07-18 06:41 . 2009-07-18 06:41 -------- d-----w- c:\arquivos de programas\Arquivos comuns\xing shared

2009-07-18 06:19 . 2009-07-18 06:19 390664 ----a-w- c:\documents and settings\Fernando\Dados de aplicativos\Real\RealPlayer\setup\AU_setup.exe

2009-07-17 02:26 . 2009-07-17 02:22 1096961 ----a-w- C:\Juca_Fotos.zip

2009-07-16 00:12 . 2009-07-14 01:28 2301208 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avguiadv.dll

2009-07-16 00:12 . 2009-07-14 01:28 3403032 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgui.exe

2009-07-16 00:12 . 2009-07-14 01:28 1107224 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgssie.dll

2009-07-16 00:12 . 2009-07-14 01:28 353048 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgxch32.dll

2009-07-15 06:29 . 2009-07-15 06:29 -------- d-----w- c:\arquivos de programas\Bonjour

2009-07-15 06:22 . 2009-07-15 06:22 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Macrovision Shared

2009-07-15 04:41 . 2009-07-15 04:41 -------- d-----w- c:\arquivos de programas\Lavalys

2009-07-15 04:32 . 2009-07-15 04:32 -------- d-----w- c:\arquivos de programas\Intelore

2009-07-15 04:19 . 2009-07-15 04:22 -------- d-----w- c:\arquivos de programas\VirtualDJ

2009-07-15 02:33 . 2009-07-15 02:33 -------- d-----w- c:\arquivos de programas\Passware

2009-07-15 02:21 . 2009-07-15 02:25 -------- d-----w- c:\arquivos de programas\Thegrideon Software

2009-07-14 04:04 . 2009-07-06 04:24 2838444 -c--a-w- c:\documents and settings\All Users\Dados de aplicativos\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}\speedupmypc2009.exe

2009-07-14 04:04 . 2009-04-29 09:45 845128 -c--a-w- c:\documents and settings\All Users\Dados de aplicativos\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}\SpeedUpMyPC2009\58D97068\B74607BA\System.Data.SQLite.dll

2009-07-14 04:04 . 2009-04-29 09:45 771368 -c--a-w- c:\documents and settings\All Users\Dados de aplicativos\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}\SpeedUpMyPC2009\9966075F\B74607BA\UBSysMan.dll

2009-07-14 04:04 . 2009-04-29 09:45 614696 -c--a-w- c:\documents and settings\All Users\Dados de aplicativos\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}\SpeedUpMyPC2009\7AEFAE8C\B74607BA\Launcher.exe

2009-07-14 04:04 . 2009-04-29 09:45 54608 -c--a-w- c:\documents and settings\All Users\Dados de aplicativos\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}\SpeedUpMyPC2009\D720648F\B74607BA\Interop.IWshRuntimeLibrary.dll

2009-07-14 04:04 . 2009-04-29 09:45 519168 -c--a-w- c:\documents and settings\All Users\Dados de aplicativos\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}\SpeedUpMyPC2009\78B94F67\B74607BA\IsLicense40.dll

2009-07-14 04:04 . 2009-04-29 09:45 474408 -c--a-w- c:\documents and settings\All Users\Dados de aplicativos\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}\SpeedUpMyPC2009\62A3297F\B74607BA\AvalonCommon.dll

2009-07-14 04:04 . 2009-04-29 09:45 395048 -c--a-w- c:\documents and settings\All Users\Dados de aplicativos\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}\SpeedUpMyPC2009\C77843B\B74607BA\SUMPBackend.dll

2009-07-14 04:04 . 2009-04-29 09:45 345008 -c--a-w- c:\documents and settings\All Users\Dados de aplicativos\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}\SpeedUpMyPC2009\4BF757A\B74607BA\IsLicense30.dll

2009-07-14 04:04 . 2009-04-29 09:45 236840 -c--a-w- c:\documents and settings\All Users\Dados de aplicativos\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}\SpeedUpMyPC2009\683B013A\B74607BA\PowerSuiteBackendUtils.dll

2009-07-14 04:04 . 2009-04-29 09:45 197968 -c--a-w- c:\documents and settings\All Users\Dados de aplicativos\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}\SpeedUpMyPC2009\6A0591D6\B74607BA\ICSharpCode.SharpZipLib.dll

2009-07-14 04:04 . 2009-04-29 09:45 1250600 -c--a-w- c:\documents and settings\All Users\Dados de aplicativos\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}\SpeedUpMyPC2009\B430549D\B74607BA\SUMP.exe

2009-07-14 04:03 . 2009-07-14 04:04 -------- dc-h--w- c:\documents and settings\All Users\Dados de aplicativos\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}

2009-07-14 03:16 . 2009-07-14 03:16 196608 ----a-w- c:\windows\system32\sm56co6a.dll

2009-07-10 14:11 . 2009-07-10 14:11 -------- d-----w- c:\arquivos de programas\Gamemaxx

2009-07-10 06:18 . 2009-07-14 03:17 -------- d-----w- c:\arquivos de programas\Driver Checker

2009-07-10 02:54 . 2000-08-06 04:50 36939 ----a-w- c:\windows\system32\insrepim.exe

2009-07-10 02:53 . 2009-07-10 02:53 -------- d-----w- c:\arquivos de programas\Microsoft SQL Server

2009-07-10 02:42 . 2009-07-10 02:43 -------- d-----w- C:\SQLEVAL

2009-07-09 07:43 . 2009-07-09 07:43 -------- d-----w- c:\windows\Desktop

2009-07-09 06:29 . 2006-12-01 22:26 57856 -c--a-w- c:\documents and settings\All Users\Dados de aplicativos\{D5ABFFAD-D592-4F98-B02B-587125B4801F}\Windows\winsxs\7z1v718o.6n8\mfcm80u.dll

2009-07-09 00:36 . 2008-04-13 19:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys

2009-07-09 00:36 . 2008-04-13 19:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2009-07-09 00:35 . 2008-03-21 13:16 104960 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys

2009-07-09 00:35 . 2008-03-21 13:16 104960 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys

2009-07-09 00:35 . 2008-03-21 13:16 104960 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys

2009-07-09 00:35 . 2009-07-09 00:35 -------- d-----w- c:\windows\system32\SupportAppXL

2009-07-09 00:35 . 2009-07-10 14:54 -------- d-----w- c:\arquivos de programas\BrT 3G Modem

2009-07-07 04:39 . 2009-07-07 04:42 -------- d-----w- c:\windows\NV31363140.TMP

2009-07-07 04:39 . 2008-07-29 15:33 446464 ----a-w- c:\windows\system32\nvunrm.exe

2009-07-07 02:55 . 2009-07-07 03:01 -------- d-----w- c:\arquivos de programas\Doom 3

2009-07-07 01:15 . 2009-07-22 19:42 -------- d-----w- C:\Driver Download

2009-07-06 00:00 . 2004-06-14 17:56 427864 ----a-w- c:\windows\system32\XceedZip.dll

2009-07-05 23:56 . 2009-07-05 23:56 76600 ----a-w- c:\windows\system32\dk2cp32.dll

2009-07-05 23:56 . 2009-07-05 23:56 49720 ----a-w- c:\windows\system32\drivers\dk2drv.sys

2009-07-05 23:56 . 2009-07-05 23:56 32208 ----a-w- c:\windows\system32\dk2win16.dll

2009-07-05 23:56 . 2009-07-05 23:56 30520 ----a-w- c:\windows\system32\DK2UInst.exe

2009-07-05 23:56 . 2009-07-05 23:56 24488 ----a-w- c:\windows\system32\dk2vdd.dll

2009-07-05 23:56 . 2009-07-05 23:56 18360 ----a-w- c:\windows\system32\drivers\DK2USB.sys

2009-07-05 06:53 . 2009-03-24 17:43 43008 ----a-w- c:\documents and settings\Fernando\Dados de aplicativos\Mozilla\Firefox\Profiles\nnez3yu4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metricsloader.dll

2009-07-05 06:53 . 2009-03-24 17:43 43008 ----a-w- c:\documents and settings\Fernando\Dados de aplicativos\Mozilla\Firefox\Profiles\nnez3yu4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll

2009-07-05 06:53 . 2009-03-24 17:43 235520 ----a-w- c:\documents and settings\Fernando\Dados de aplicativos\Mozilla\Firefox\Profiles\nnez3yu4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff2.dll

2009-07-05 06:53 . 2009-03-24 17:43 338432 ----a-w- c:\documents and settings\Fernando\Dados de aplicativos\Mozilla\Firefox\Profiles\nnez3yu4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll

2009-07-05 06:53 . 2009-03-24 17:42 235008 ----a-w- c:\documents and settings\Fernando\Dados de aplicativos\Mozilla\Firefox\Profiles\nnez3yu4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff3.dll

2009-07-05 06:53 . 2009-03-24 17:42 345088 ----a-w- c:\documents and settings\Fernando\Dados de aplicativos\Mozilla\Firefox\Profiles\nnez3yu4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll

2009-07-05 05:58 . 2009-07-05 05:58 -------- d-----w- c:\arquivos de programas\VisualTaskTips

2009-06-30 15:57 . 2009-07-04 06:31 3491 ----a-w- c:\windows\system\setupsyssheel.exe

2009-06-30 15:57 . 2009-07-02 00:57 536576 ----a-w- c:\windows\system\msado15.dll

2009-06-30 15:57 . 2009-07-02 00:57 401468 ----a-w- c:\windows\system\libmySQL.dll

2009-06-30 15:57 . 2009-07-04 06:31 3491 ----a-w- c:\windows\system\olesound.exe

2009-06-27 21:16 . 2009-06-27 21:16 -------- d-----w- c:\arquivos de programas\Recuva

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-23 16:04 . 2001-10-28 12:07 91232 ----a-w- c:\windows\system32\perfc016.dat

2009-07-23 16:04 . 2001-10-28 12:07 497534 ----a-w- c:\windows\system32\perfh016.dat

2009-07-23 16:03 . 2008-11-06 22:59 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-07-23 06:41 . 2008-11-07 20:18 -------- d-----w- c:\documents and settings\Fernando\Dados de aplicativos\LimeWire

2009-07-23 04:32 . 2009-05-16 00:33 95744 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\SpeedBit\DAP\Updates\Condition.dll

2009-07-22 00:15 . 2009-04-12 14:12 -------- d-----w- c:\arquivos de programas\sXe Injected

2009-07-21 21:51 . 2009-04-12 15:30 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2009-07-21 13:57 . 2008-11-21 02:07 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\FLEXnet

2009-07-21 13:53 . 2008-11-09 19:14 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2009-07-18 06:41 . 2008-11-19 02:05 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Real

2009-07-18 06:10 . 2008-11-19 21:24 44944 ------w- c:\windows\system32\drivers\PxHelp20.sys

2009-07-17 12:48 . 2008-11-06 16:19 -------- d-----w- c:\arquivos de programas\Google

2009-07-16 01:00 . 2008-11-19 20:36 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2009-07-14 04:05 . 2009-04-12 15:20 -------- d-----w- c:\documents and settings\Fernando\Dados de aplicativos\Uniblue

2009-07-14 04:04 . 2009-04-12 15:17 -------- d-----w- c:\arquivos de programas\Uniblue

2009-07-14 03:30 . 2009-02-06 18:13 83456 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\SpeedBit\DAP\SDCondition.dll

2009-07-14 03:16 . 2009-01-29 20:09 -------- d-----w- c:\arquivos de programas\Motorola

2009-07-14 03:16 . 2008-11-06 15:40 983936 ----a-w- c:\windows\system32\drivers\smserial.sys

2009-07-14 03:00 . 2008-11-06 23:17 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg8

2009-07-14 01:28 . 2008-11-06 23:17 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-07-14 01:28 . 2008-11-06 23:17 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-07-14 01:28 . 2008-11-06 23:17 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-07-14 01:28 . 2008-11-06 23:17 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-07-09 06:36 . 2009-07-09 06:32 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DriverScanner

2009-07-09 06:32 . 2009-07-09 06:30 -------- dc-h--w- c:\documents and settings\All Users\Dados de aplicativos\{D5ABFFAD-D592-4F98-B02B-587125B4801F}

2009-07-09 00:35 . 2008-11-06 16:25 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-07-07 02:50 . 2008-11-07 21:53 -------- d-----w- c:\arquivos de programas\Macromedia

2009-07-07 02:50 . 2008-11-07 21:53 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Macromedia

2009-07-07 02:08 . 2008-11-06 16:28 -------- d-----w- c:\arquivos de programas\VIA

2009-07-05 23:47 . 2008-11-09 00:33 -------- d-----w- c:\arquivos de programas\Elaborate Bytes

2009-07-04 06:11 . 2008-11-12 14:47 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DVD Shrink

2009-07-02 14:02 . 2008-11-08 13:50 -------- d-----w- c:\arquivos de programas\MuFighter

2009-06-27 21:41 . 2009-06-15 03:50 -------- d-----w- c:\arquivos de programas\Nokia

2009-06-26 05:16 . 2008-11-23 02:47 -------- d-----w- c:\arquivos de programas\Smart Install Maker

2009-06-20 11:43 . 2009-06-20 11:43 4096 ----a-w- c:\windows\system32\01.tmp

2009-06-20 06:10 . 2009-06-20 06:10 10454 ----a-w- c:\windows\system32\drivers\parldr2k.sys

2009-06-20 06:07 . 2009-06-20 06:07 69760 ----a-w- c:\windows\system32\drivers\FD1USB.SYS

2009-06-20 06:07 . 2009-06-20 06:07 22928 ----a-w- c:\windows\system32\drivers\FPGA8501U.rd4

2009-06-11 18:32 . 2008-11-06 23:34 -------- d-----w- c:\arquivos de programas\EA GAMES

2009-06-10 21:33 . 2009-06-10 21:33 671744 ----a-w- c:\windows\system32\nvcuvid.dll

2009-06-10 21:33 . 2009-06-10 21:33 1580550 ----a-w- c:\windows\system32\nvdata.bin

2009-06-10 21:33 . 2009-06-10 21:33 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll

2009-06-10 21:33 . 2008-11-06 16:32 457248 -c--a-w- c:\windows\system32\nvudisp.exe

2009-06-10 21:33 . 2008-09-18 01:55 1720320 ----a-w- c:\windows\system32\nvcuda.dll

2009-06-10 21:33 . 2007-10-04 09:14 9998336 ----a-w- c:\windows\system32\nvoglnt.dll

2009-06-10 21:33 . 2007-10-04 09:14 815104 ----a-w- c:\windows\system32\nvapi.dll

2009-06-10 21:33 . 2007-10-04 09:14 8087712 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2009-06-10 21:33 . 2007-10-04 09:14 5908608 ----a-w- c:\windows\system32\nv4_disp.dll

2009-06-10 21:33 . 2007-10-04 09:14 151552 ----a-w- c:\windows\system32\nvcodins.dll

2009-06-10 21:33 . 2007-10-04 09:14 151552 ----a-w- c:\windows\system32\nvcod.dll

2009-06-10 11:28 . 2009-06-10 11:28 3510272 ----a-w- c:\windows\system32\nvgames.dll

2009-06-10 11:28 . 2009-06-10 11:28 5890048 ----a-w- c:\windows\system32\nvdispsr.dll

2009-06-10 11:28 . 2009-06-10 11:28 4022272 ----a-w- c:\windows\system32\nvdisps.dll

2009-06-10 11:28 . 2009-06-10 11:28 86016 ----a-w- c:\windows\system32\nvmctray.dll

2009-06-10 11:28 . 2009-06-10 11:28 168004 ----a-w- c:\windows\system32\nvsvc32.exe

2009-06-10 11:28 . 2009-06-10 11:28 143360 ----a-w- c:\windows\system32\nvcolor.exe

2009-06-10 11:28 . 2009-06-10 11:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll

2009-06-10 11:28 . 2009-06-10 11:28 229376 ----a-w- c:\windows\system32\nvmccs.dll

2009-06-04 19:39 . 2008-11-07 21:47 457248 -c--a-w- c:\windows\system32\nvuninst.exe

2009-05-25 12:16 . 2009-05-25 12:16 134312 ----a-w- c:\windows\system32\ElbyVCD.dll

2009-05-25 12:01 . 2009-05-25 12:01 89256 ----a-w- c:\windows\system32\ElbyCDIO.dll

2009-05-23 02:38 . 2009-05-23 02:38 36864 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\Sleep.exe

2009-05-23 02:38 . 2009-05-23 02:38 3351812 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\msxml6Exec.exe

2009-05-23 02:38 . 2009-05-23 02:38 3181612 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\vcredistExec.exe

2009-05-23 02:38 . 2009-05-23 02:38 24390976 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\NokiaSoftwareUpdaterSetup_1.6.13PT_BR.exe

2009-05-22 23:08 . 2008-09-24 10:29 29696 ----a-w- c:\windows\system32\drivers\VClone.sys

2009-05-19 04:34 . 2009-05-19 04:34 22328 ----a-w- c:\documents and settings\Fernando\Dados de aplicativos\PnkBstrK.sys

2009-05-16 21:18 . 2009-05-16 21:18 8192 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstCCD.exe

2009-05-16 21:18 . 2009-05-16 21:18 61440 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCSFEMsi.exe

2009-05-16 21:18 . 2009-05-16 21:18 10240 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCS.exe

2009-05-16 21:18 . 2009-05-16 21:19 34511040 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Nokia_PC_Suite_7_1_26_0_por_br.exe

2009-07-18 03:11 . 2008-11-13 23:54 137208 ----a-w- c:\arquivos de programas\mozilla firefox\components\brwsrcmp.dll

2008-12-20 05:02 . 2008-12-20 05:02 24 -csh--w- c:\windows\SE25E95C2.tmp

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-07 68856]

"DownloadAccelerator"="c:\arquivos de programas\DAP\DAP.EXE" [2009-02-06 3134976]

"VisualTaskTips"="c:\arquivos de programas\VisualTaskTips\VisualTaskTips.exe" [2008-06-22 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2009-07-14 1948440]

"HDAudDeck"="c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-11-11 33521664]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-06-10 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Service Manager.lnk - c:\arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2009-7-9 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-07-14 01:28 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^eBoostr Control Panel.lnk]

backup=c:\windows\pss\eBoostr Control Panel.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Service Manager.lnk]

backup=c:\windows\pss\Service Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^TSS Instrument API Tray Utility.lnk]

backup=c:\windows\pss\TSS Instrument API Tray Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Fernando^Menu Iniciar^Programas^Inicializar^Adobe Gamma.lnk]

backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Fernando^Menu Iniciar^Programas^Inicializar^CCleaner.lnk]

backup=c:\windows\pss\CCleaner.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Fernando^Menu Iniciar^Programas^Inicializar^MultiDesktop Manager.lnk]

backup=c:\windows\pss\MultiDesktop Manager.lnkStartup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MicrosoftUpgrade

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"=

"c:\\Arquivos de programas\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\EA GAMES\\Battlefield 2\\BF2.exe"=

"c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"c:\\Arquivos de programas\\DAP\\DAP.exe"=

"c:\\CS1.6 pod-Bot\\hl.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\VIA\\VIAudioi\\HDADeck\\HDeck.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\CS1.6 pod-Bot\\hlds.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Nokia\\Tss\\Instrument API\\bin\\root.exe"=

"c:\\Arquivos de programas\\Nokia\\Phoenix\\phoenix.exe"=

"c:\\Arquivos de programas\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=

"c:\\Arquivos de programas\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=

"c:\\Pendulum\\ExDB\\ExDB.exe"=

"c:\\Pendulum\\Event\\Event.exe"=

"c:\\Pendulum\\Ranking\\Ranking.exe"=

"c:\\Pendulum\\Chat\\Chat.exe"=

"c:\\Pendulum\\GameServer\\GameServer.exe"=

"c:\\Arquivos de programas\\EA GAMES\\MOHAA\\MOHAA.exe"=

"c:\\Pendulum\\DataServer2\\DataServer2.exe"=

"c:\\Pendulum\\DataServer\\DataServer.exe"=

"c:\\Documents and Settings\\Fernando\\Meus documentos\\Programas\\Celular\\Motorola\\RSD Lite 4[1].3[www.motomodd.net]\\RSD Lite 4.3\\RSD Lite 4.3\\SDL.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"28176:TCP"= 28176:TCP:LimeWire

"44405:TCP"= 44405:TCP:44405

"55901:TCP"= 55901:TCP:55901

"55903:TCP"= 55903:TCP:55903

"55919:TCP"= 55919:TCP:55919

"55557:TCP"= 55557:TCP:55557

"44405:UDP"= 44405:UDP:44405

"55814:TCP"= 55814:TCP:55814

"55970:TCP"= 55970:TCP:55970

"8090:TCP"= 8090:TCP:8090

"8090:UDP"= 8090:UDP:8090

"55962:TCP"= 55962:TCP:55962

"55961:TCP"= 55961:TCP:55961

"55971:TCP"= 55971:TCP:55971

"8380:TCP"= 8380:TCP:msrpefxd

"27016:TCP"= 27016:TCP:27016

"27016:UDP"= 27016:UDP:27016

"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/11/2008 20:17 335752]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/11/2008 20:17 108552]

R1 dk2drv;DK2 WindowsNT Driver;c:\windows\system32\drivers\dk2drv.sys [5/7/2009 20:56 49720]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\arquiv~1\AVG\AVG8\avgemc.exe [13/7/2009 22:28 907032]

R2 avg8wd;AVG Free8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [6/11/2008 20:17 298776]

R2 FLE5WNNT;FLE-5 WindowsNT Driver;c:\windows\system32\drivers\fle5wnnt.sys [27/6/2009 18:40 33404]

R2 FLSIFACE;FLSIface;c:\windows\system32\drivers\flsiface.sys [27/6/2009 18:40 14272]

R2 FLSPAR;FLSPar;c:\windows\system32\drivers\flspar.sys [27/6/2009 18:40 16314]

R2 FLSSER;FLSSer;c:\windows\system32\drivers\flsser.sys [27/6/2009 18:40 8344]

R2 FLSVCOM;FLSVCom;c:\windows\system32\drivers\flsvcom.sys [27/6/2009 18:40 35226]

R2 PARLDR2K;ParLdr2k;c:\windows\system32\drivers\parldr2k.sys [20/6/2009 03:10 10454]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [15/11/2008 21:47 878976]

S2 gupdate1ca069cc2ac537e;Google Update Service (gupdate1ca069cc2ac537e);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [17/7/2009 02:09 133104]

S2 lxxlbyxlr;Universal Manager;c:\windows\system32\svchost.exe -k netsvcs [4/8/2004 00:45 14336]

S2 mgdaojyvr;Task Network;c:\windows\system32\svchost.exe -k netsvcs [4/8/2004 00:45 14336]

S2 nuhxj;Helper Center;c:\windows\system32\svchost.exe -k netsvcs [4/8/2004 00:45 14336]

S2 qgrxtmocn;Task Boot;c:\windows\system32\svchost.exe -k netsvcs [4/8/2004 00:45 14336]

S2 sayksp;Installer Support;c:\windows\system32\svchost.exe -k netsvcs [4/8/2004 00:45 14336]

S3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]

S3 ChangeMe;ChangeMe;\??\c:\docume~1\Fernando\CONFIG~1\Temp\ChangeMe.sys --> c:\docume~1\Fernando\CONFIG~1\Temp\ChangeMe.sys [?]

S3 ddsxeiservice;ddsxeiservice2;c:\arquivos de programas\sXe Injected\ddsxei.sys [4/6/2009 00:10 100224]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [19/11/2008 16:05 18176]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [19/11/2008 16:05 7680]

S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [19/11/2008 16:05 42112]

S3 XDva279;XDva279;\??\c:\windows\system32\XDva279.sys --> c:\windows\system32\XDva279.sys [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

sayksp

qgrxtmocn

lxxlbyxlr

mgdaojyvr

nuhxj

.

Conteúdo da pasta 'Tarefas Agendadas'

2009-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-07-17 05:09]

2009-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-07-17 05:09]

.

- - - - ORFÃOS REMOVIDOS - - - -

BHO-{7A0618CF-C1D2-4EA2-ADC9-DBF1EF35B466} - (no file)

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.orkut.com/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Clean Traces - c:\arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

IE: &Download with &DAP - c:\arquivos de programas\DAP\dapextie.htm

IE: Download &all with DAP - c:\arquivos de programas\DAP\dapextie2.htm

IE: E&xport to Microsoft Excel - c:\arquiv~1\MICROS~4\Office12\EXCEL.EXE/3000

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

Trusted Zone: musicmatch.com\online

TCP: {BCCB8EF5-AE92-4B83-AF7C-019125A93010} = 201.10.128.3,201.10.1.3

FF - ProfilePath - c:\documents and settings\Fernando\Dados de aplicativos\Mozilla\Firefox\Profiles\nnez3yu4.default\

FF - prefs.js: browser.startup.homepage - hxxp://127.0.0.1:8090/index.php

FF - component: c:\arquivos de programas\AVG\AVG8\Firefox\components\avgssff.dll

FF - component: c:\arquivos de programas\DAP\DAPFireFox\components\DAPFireFox.dll

FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\np-mswmp.dll

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-23 13:03

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

HDAudDeck = c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????????????

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lxxlbyxlr]

"ServiceDll"="c:\windows\system32\ssmyvc.dll"

--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mgdaojyvr]

"ServiceDll"="c:\windows\system32\ssmyvc.dll"

--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nuhxj]

"ServiceDll"="c:\windows\system32\ssmyvc.dll"

--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qgrxtmocn]

"ServiceDll"="c:\windows\system32\ssmyvc.dll"

--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sayksp]

"ServiceDll"="c:\windows\system32\ssmyvc.dll"

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~*]

"6140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'explorer.exe'(2404)

c:\arquivos de programas\VisualTaskTips\VttHooks.dll

c:\arquiv~1\ARQUIV~1\MICROS~1\WEBCOM~1\11\OWC11.DLL

c:\windows\system32\msi.dll

c:\arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\11\1046\OWCI11.DLL

c:\arquiv~1\ARQUIV~1\MICROS~1\WEBCOM~1\10\OWC10.DLL

c:\arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\10\1046\OWCI10.DLL

c:\arquiv~1\WINDOW~2\wmpband.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\system32\nvsvc32.exe

c:\appserv\Apache2\bin\Apache.exe

c:\arquivos de programas\Bonjour\mDNSResponder.exe

c:\appserv\Apache2\bin\Apache.exe

c:\arquivos de programas\AVG\AVG8\avgrsx.exe

c:\arquivos de programas\AVG\AVG8\avgcsrvx.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\rundll32.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-07-23 13:07 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-07-23 16:07

Pré-execução: 17 pasta(s) 134.741.839.872 bytes disponíveis

Pós execução: 16 pasta(s) 134.738.698.240 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

458 --- E O F --- 2009-03-28 04:27

======================================================

================ LOG HIJACKTHIS ======================

======================================================

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:13:01, on 23/7/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\AppServ\Apache2\bin\Apache.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\AppServ\Apache2\bin\Apache.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\system32\wscntfy.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\DAP\DAP.EXE

C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe

C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\WINDOWS\explorer.exe

C:\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896