Eиcrypted 0 Denunciar post Postado Janeiro 24, 2010 Olá pessoal, eu estava visitando um site de notícias hoje, e pediu para usar o flash, dei autorização, então o avast começou a acusar Malware, tentei mandar para a chest mais não resolveu, então imediatamente desliguei a internet para evitar que ele baixe algum outro possível malware, parou, agora liguei a internet e o avast não está mais avisando nada, mais estou na dúvida e peço que por favor façam esta análise. uma coisa que senti diferente no meu computador foi o gerenciador de tarefas, eu abro ele, ele imediatamente fecha. Segue o log do hijackthis: Logfile of Trend Micro HijackThis v2.0.2Scan saved at 19:10:26, on 24/1/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\RTHDCPL.EXE C:\Arquivos de programas\iTunes\iTunesHelper.exe C:\WINDOWS\vsnpstd2.exe C:\Arquivos de programas\Arquivos comuns\Nokia\MPlatform\NokiaMServer.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe C:\Arquivos de programas\Orbitdownloader\orbitdm.exe C:\Arquivos de programas\Orbitdownloader\orbitnet.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\xampp\apache\bin\httpd.exe C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2.exe C:\Arquivos de programas\Hotspot Shield\bin\openvpnas.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Hotspot Shield\HssWPR\hsssrv.exe C:\Arquivos de programas\Hotspot Shield\bin\hsswd.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\xampp\mysql\bin\mysqld.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\xampp\apache\bin\httpd.exe C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe C:\Arquivos de programas\iPod\bin\iPodService.exe C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Arquivos de programas\Hotspot Shield\bin\openvpntray.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Administrador\Desktop\Nova pasta\Game_Vip.exe C:\Arquivos de programas\Radix Priston Tale\Game_Vip.exe C:\Arquivos de programas\Radix Priston Tale\Game_Player.exe C:\Documents and Settings\Administrador\Meus documentos\OllyDBG\OLLYDBG.EXE C:\Arquivos de programas\Radix Priston Tale\Game_Player.exe C:\WINDOWS\system32\taskmgr.exe C:\Documents and Settings\Administrador\Desktop\LEVELEDITOR.exe C:\Documents and Settings\Administrador\Desktop\LEVELEDITOR.exe C:\Documents and Settings\Administrador\Desktop\LEVELEDITOR.exe C:\Documents and Settings\Administrador\Desktop\LEVELEDITOR.exe C:\Documents and Settings\Administrador\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.baixaki.com.br/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R3 - URLSearchHook: SHOUTcast Toolbar Search Class - {14f0d511-36a2-41ca-ae01-ba4f87282c97} - C:\Arquivos de programas\SHOUTcast Radio Toolbar\shoutcasttb.dll O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Arquivos de programas\Megaupload\Mega Manager\MegaIEMn.dll O2 - BHO: SHOUTcast Loader - {ccec60fc-2608-4e58-9659-3ffc159e8ea9} - C:\Arquivos de programas\SHOUTcast Radio Toolbar\shoutcasttb.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Arquivos de programas\Hotspot Shield\hssie\HssIE.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll O3 - Toolbar: SHOUTcast Radio Toolbar - {0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} - C:\Arquivos de programas\SHOUTcast Radio Toolbar\shoutcasttb.dll O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sNPSTD2] C:\WINDOWS\vsnpstd2.exe O4 - HKLM\..\Run: [NokiaMServer] C:\Arquivos de programas\Arquivos comuns\Nokia\MPlatform\NokiaMServer /watchfiles startup O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Arquivos de programas\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:faststart O4 - HKLM\..\Run: [Downsys] C:\Documents and Settings\All Users\Dados de aplicativos\oindwnx.exe O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Startup: SQLBACKUPZIP.lnk = C:\TEKLIFS\SQLBACKUPZIP.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: &SHOUTcast Search - C:\Documents and Settings\All Users\Dados de aplicativos\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: Baixar Link Utiizando Gerenciador Mega... - C:\Arquivos de programas\Megaupload\Mega Manager\mm_file.htm O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{55B9FC3D-8E0D-4E23-9BB8-72A77C722F2B}: NameServer = 200.165.132.155,200.165.132.148 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\httpd.exe O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2.exe O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Arquivos de programas\Hotspot Shield\bin\openvpnas.exe O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Arquivos de programas\Hotspot Shield\HssWPR\hsssrv.exe O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Arquivos de programas\Hotspot Shield\bin\HssTrayService.EXE O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Arquivos de programas\Hotspot Shield\bin\hsswd.exe O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe -- End of file - 13350 bytes Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Janeiro 24, 2010 Opa Eиcrypted, Baixe o ComboFix em: ComboFix 1) Desabilite o seu anti-vírus temporariamente; 2) Dê um duplo-clique no combofix.exe e aguarde (o processo total demora cerca de 10 minutos); 3) A janela de “NEGAÇÃO DE GARANTIA DO SOFTWARE” abrir-se-á. Leia atentamente o texto contido nesta janela e clique sobre “SIM” para continuar. PS.: Caso não concorde com os termos clique sobre “NÃO” para sair do software, cabendo lembrar que o processo de desinfecção não será possível sem a continuidade do ComboFix. 4) Outra janela irá abrir, caso a sua máquina não possua o CONSOLE DE RECUPERAÇÃO DO WINDOWS. É recomendável executar a instalação do console ante de dar continuidade ao processo, pois tal ação proporcionará a garantia de que o sistema poderá ser recuperado em caso de problemas durante a varredura. Clique sobre “SIM” e aguarde, pois o processo de instalação do console dar-se-á automaticamente através do próprio ComboFix. Ele poderá demorar alguns minutos (dependerá da velocidade de sua conexão), portanto seja paciente. Quando a janela “INSTALANDO O CONSOLE DE RECUPERAÇÃO” aparecer clique em “OK”, depois clique sobre “SIM” para aceitar a licença EULA. Ao término da instalação do console de recuperação abrir-se-á uma janela avisando que “O CONSOLE DE RECUPERAÇÃO FOI INSTALADA COM SUCESSO”. Clique sobre “SIM” para continuar a varredura. 5) O ComboFix iniciará o AUTOSCAN (aguarde). ATENÇÃO: Não clique na janela do ComboFix, nem termine o processo abruptamente enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco). Ao término do processo a máquina será reiniciada para a emissão do relatório. 6) Ao reiniciar a máquina o ComboFix irá executar o FIND3M para a criação do relatório final da varredura. O log ficará alocado em C:\ComboFix.txt. 7) Reabilite o seu anti-vírus; 8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta. OBS.1: Caso apareça uma mensagem avisando que ESTE NÃO É UM APLICATIVO WIN 32 VÁLIDO baixe o ComboFix novamente, mas salve-o em seu Desktop como KomboFix. Em último caso, tente utilizar o ComboFix em MODO SEGURO. OBS.2: Caso haja um clique sobre a janela do ComboFix em execução, ela irá MAXIMIZAR, sobrepondo-se sobre as demais. Para minimizá-la novamente basta utilizar a combinação ALT + TAB. Abraços. Compartilhar este post Link para o post Compartilhar em outros sites
Eиcrypted 0 Denunciar post Postado Janeiro 24, 2010 O link do ComboFix está offline. Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Janeiro 24, 2010 O link do ComboFix está offline. Tente novamente mais tarde, pois a ferramenta deve estar passando por atualizações e/ou correções. ;) Compartilhar este post Link para o post Compartilhar em outros sites
Eиcrypted 0 Denunciar post Postado Janeiro 26, 2010 Segue o log do ComboFix ComboFix 10-01-25.06 - Administrador 26/01/2010 10:10:24.1.2 - x86Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.2047.1416 [GMT -3:00] Executando de: c:\downloads\ComboFix.exe . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Dados de aplicativos\UpApp32.dll C:\install.exe c:\windows\Fonts\MyriadPro-Regular.otf c:\windows\system32\AutoRun.inf c:\windows\Temp\0238081264507318mcinst.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Serviços ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_OREANS32 -------\Service_oreans32 (((((((((((((((( Arquivos/Ficheiros criados de 2009-12-26 to 2010-01-26 )))))))))))))))))))))))))))) . 2010-01-26 12:00 . 2010-01-26 12:00 -------- d-----w- c:\windows\LastGood.Tmp 2010-01-26 00:10 . 2010-01-26 00:10 -------- d-----w- c:\arquivos de programas\PhotoZoom Pro 3 2010-01-25 02:14 . 2010-01-26 11:56 -------- d-----w- c:\documents and settings\LocalService\Dados de aplicativos\SACore 2010-01-25 02:13 . 2010-01-25 02:13 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2010-01-25 02:00 . 2010-01-25 02:00 -------- d-----w- c:\windows\system32\KB905474 2010-01-25 02:00 . 2009-03-11 01:26 1434496 ----a-w- c:\windows\system32\KB905474\wganotifypackageinner.exe 2010-01-25 02:00 . 2009-03-11 01:18 454536 ----a-w- c:\windows\system32\KB905474\wgasetup.exe 2010-01-25 01:46 . 2010-01-25 01:46 -------- d-----w- c:\windows\ServicePackFiles 2010-01-25 01:45 . 2010-01-25 02:04 -------- d-----w- c:\windows\ie8updates 2010-01-25 01:44 . 2010-01-25 01:44 -------- d-----w- c:\arquivos de programas\MSXML 4.0 2010-01-25 01:38 . 2010-01-25 01:38 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SiteAdvisor 2010-01-25 01:38 . 2010-01-25 01:38 -------- d-----w- c:\arquivos de programas\SiteAdvisor 2010-01-25 01:35 . 2009-11-04 19:54 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2010-01-25 01:35 . 2009-11-04 19:54 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys 2010-01-25 01:35 . 2009-11-04 19:54 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2010-01-25 01:35 . 2009-07-16 15:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys 2010-01-25 01:34 . 2010-01-25 01:35 -------- d-----w- c:\arquivos de programas\Arquivos comuns\McAfee 2010-01-25 01:34 . 2010-01-25 01:34 -------- d-----w- c:\arquivos de programas\McAfee.com 2010-01-25 01:34 . 2010-01-26 12:00 -------- d-----w- c:\arquivos de programas\McAfee 2010-01-25 01:32 . 2009-11-04 19:53 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys 2010-01-25 00:45 . 2010-01-25 11:16 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\McAfee 2010-01-24 23:12 . 2010-01-24 23:18 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\GetRightToGo 2010-01-24 23:07 . 2010-01-26 12:06 -------- d-----w- c:\windows\system32\CatRoot_bak 2010-01-24 22:59 . 2009-12-21 19:07 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll 2010-01-24 22:59 . 2009-12-21 19:07 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll 2010-01-24 22:59 . 2009-12-21 19:07 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll 2010-01-24 22:59 . 2009-12-21 19:07 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll 2010-01-24 22:59 . 2009-12-21 19:08 12800 ------w- c:\windows\system32\dllcache\xpshims.dll 2010-01-24 22:59 . 2009-12-21 19:07 11070464 ------w- c:\windows\system32\dllcache\ieframe.dll 2010-01-24 22:55 . 2008-12-11 11:57 333184 ------w- c:\windows\system32\dllcache\srv.sys 2010-01-24 22:53 . 2008-06-14 17:59 272384 ------w- c:\windows\system32\drivers\bthport.sys 2010-01-24 22:53 . 2008-06-14 17:59 272384 ------w- c:\windows\system32\dllcache\bthport.sys 2010-01-24 22:46 . 2009-10-15 17:21 82432 ------w- c:\windows\system32\dllcache\fontsub.dll 2010-01-24 22:44 . 2009-06-21 22:06 153088 ------w- c:\windows\system32\dllcache\triedit.dll 2010-01-24 22:43 . 2009-03-06 14:46 285696 ------w- c:\windows\system32\dllcache\pdh.dll 2010-01-24 22:43 . 2009-02-06 16:39 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe 2010-01-24 22:43 . 2005-07-26 04:40 60416 ------w- c:\windows\system32\dllcache\colbact.dll 2010-01-24 22:43 . 2009-02-09 10:19 683008 ------w- c:\windows\system32\dllcache\advapi32.dll 2010-01-24 22:43 . 2009-02-09 10:19 473088 ------w- c:\windows\system32\dllcache\fastprox.dll 2010-01-24 22:43 . 2009-02-09 10:19 399360 ------w- c:\windows\system32\dllcache\rpcss.dll 2010-01-24 22:43 . 2009-02-09 10:19 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll 2010-01-24 22:43 . 2009-02-09 10:08 111104 ------w- c:\windows\system32\dllcache\services.exe 2010-01-24 22:43 . 2009-02-06 16:54 35328 ------w- c:\windows\system32\dllcache\sc.exe 2010-01-24 22:43 . 2009-02-09 10:19 730624 ------w- c:\windows\system32\dllcache\ntdll.dll 2010-01-24 22:37 . 2009-11-21 16:42 470528 ------w- c:\windows\system32\dllcache\aclayers.dll 2010-01-24 22:25 . 2008-05-08 12:28 202752 ------w- c:\windows\system32\dllcache\rmcast.sys 2010-01-24 22:24 . 2008-10-24 11:10 453632 ------w- c:\windows\system32\dllcache\mrxsmb.sys 2010-01-24 22:24 . 2008-05-01 14:32 331776 ------w- c:\windows\system32\dllcache\msadce.dll 2010-01-24 22:24 . 2009-07-10 13:41 1315328 ------w- c:\windows\system32\dllcache\msoe.dll 2010-01-24 22:22 . 2008-04-11 18:51 683520 ------w- c:\windows\system32\dllcache\inetcomm.dll 2010-01-24 22:21 . 2009-08-04 17:05 2061952 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe 2010-01-24 22:21 . 2009-08-04 17:05 2184576 ------w- c:\windows\system32\dllcache\ntoskrnl.exe 2010-01-24 22:21 . 2009-08-04 17:05 2140160 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe 2010-01-24 22:21 . 2009-08-04 17:05 2019840 ------w- c:\windows\system32\dllcache\ntkrpamp.exe 2010-01-24 22:20 . 2009-06-05 07:48 655872 ------w- c:\windows\system32\dllcache\mstscax.dll 2010-01-24 22:18 . 2008-10-15 16:59 332800 ------w- c:\windows\system32\dllcache\netapi32.dll 2010-01-24 22:18 . 2009-07-31 04:59 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll 2010-01-22 01:06 . 2010-01-22 01:06 -------- d-----w- C:\Hotspot Shield 2010-01-22 01:05 . 2010-01-22 01:06 -------- d-----w- c:\arquivos de programas\Hotspot Shield 2010-01-21 15:51 . 2010-01-21 15:51 -------- d-----w- c:\arquivos de programas\Caseiro 2010-01-21 15:50 . 2010-01-21 15:50 249856 ------w- c:\windows\Setup1.exe 2010-01-21 15:50 . 2010-01-21 15:50 73216 ----a-w- c:\windows\ST6UNST.EXE 2010-01-20 16:15 . 2010-01-20 16:16 -------- d-----w- c:\arquivos de programas\rita 2010-01-13 16:43 . 2010-01-13 16:43 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2010-01-08 23:42 . 2010-01-08 23:42 37376 ----a-w- c:\windows\system32\drivers\HssDrv.sys 2010-01-08 23:42 . 2010-01-08 23:42 32768 ----a-w- c:\windows\system32\drivers\taphss.sys 2010-01-08 19:52 . 2010-01-26 00:45 -------- d-----w- C:\Server_ 2010-01-08 18:34 . 2010-01-08 18:35 -------- d-----w- c:\arquivos de programas\Paint.NET 2010-01-08 18:32 . 2010-01-08 18:32 -------- d-----w- c:\documents and settings\Administrador\.thumbnails 2010-01-08 18:30 . 2010-01-08 18:33 -------- d-----w- c:\documents and settings\Administrador\.gimp-2.6 2010-01-07 22:50 . 2010-01-07 22:52 -------- d-----w- c:\windows\system32\Adobe 2010-01-07 17:25 . 2010-01-07 17:25 -------- d-sh--w- c:\documents and settings\Administrador\PrivacIE 2010-01-07 17:20 . 2010-01-07 17:20 -------- d-sh--w- c:\documents and settings\Administrador\IETldCache 2010-01-07 16:45 . 2010-01-07 16:46 -------- dc-h--w- c:\windows\ie8 2010-01-07 16:45 . 2010-01-07 16:46 -------- d-----w- c:\windows\system32\pt-BR 2010-01-07 16:36 . 2010-01-25 17:15 -------- d--h--w- c:\windows\$hf_mig$ 2010-01-07 16:36 . 2008-02-26 12:00 294912 ------w- c:\windows\system32\dllcache\msctf.dll 2010-01-07 04:43 . 2010-01-07 04:47 -------- d-----w- c:\arquivos de programas\SQL Server Backup 8 2010-01-07 04:01 . 2010-01-07 04:01 -------- d--h--w- c:\windows\PIF 2010-01-06 05:12 . 2010-01-06 05:12 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SqlBackupAndFtp 2010-01-06 04:50 . 2010-01-20 11:54 -------- d-----w- C:\Backups 2010-01-06 04:34 . 2010-01-14 21:43 -------- d-----w- c:\arquivos de programas\Cobian Backup 9 2010-01-05 23:04 . 2010-01-05 23:04 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-01-03 01:57 . 2010-01-03 02:00 -------- d-----w- c:\arquivos de programas\Reiluke Tools 2010-01-01 00:43 . 2010-01-01 00:43 -------- d-----w- c:\arquivos de programas\ZaraSoft 2009-12-30 02:33 . 2009-12-30 02:33 -------- d-----w- c:\arquivos de programas\SpacialAudio 2009-12-30 02:33 . 2007-10-16 13:07 442368 ----a-w- c:\windows\system32\GDS32.DLL 2009-12-30 02:33 . 2005-09-23 03:05 626688 ----a-w- c:\windows\system32\msvcr80.dll 2009-12-30 02:33 . 2005-09-23 03:05 548864 ----a-w- c:\windows\system32\msvcp80.dll 2009-12-30 02:33 . 2009-12-30 02:33 -------- d-----w- c:\arquivos de programas\Firebird 2009-12-30 02:17 . 2009-12-30 02:17 -------- d-----w- c:\arquivos de programas\SHOUTcast Radio Toolbar 2009-12-30 02:17 . 2009-12-30 02:17 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SHOUTcast Radio Toolbar 2009-12-30 02:16 . 2009-12-30 02:16 -------- d-----w- c:\arquivos de programas\Winamp Detect 2009-12-29 18:18 . 2009-12-29 19:10 -------- d-----w- C:\compile 2009-12-29 18:17 . 2009-12-29 19:10 -------- d-----w- C:\My Music 2009-12-29 18:15 . 2009-12-29 19:13 5 ----a-w- c:\windows\system32\SySMP3CutJoin.dat 2009-12-29 18:15 . 2003-08-07 17:01 237568 ----a-w- c:\windows\system32\lame_enc.dll 2009-12-29 18:15 . 2002-01-05 17:37 344064 ----a-w- c:\windows\system32\msvcr70.dll 2009-12-29 18:15 . 2009-12-29 18:15 -------- d-----w- c:\arquivos de programas\AudioToolsFactory 2009-12-29 18:11 . 2009-12-29 18:11 -------- d-----w- c:\arquivos de programas\MP3JOINER 2009-12-29 17:09 . 2009-12-29 17:09 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\HP 2009-12-28 05:19 . 2009-12-28 05:20 -------- d-----w- c:\arquivos de programas\Ask.com 2009-12-28 05:19 . 2009-12-28 05:19 -------- d-----w- c:\arquivos de programas\uTorrent 2009-12-28 05:17 . 2010-01-22 02:40 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\uTorrent . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-26 13:16 . 2009-12-03 04:39 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Orbit 2010-01-26 13:15 . 2009-12-20 04:35 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Akamai 2010-01-26 13:15 . 2010-01-26 13:15 -------- d-----w- c:\arquivos de programas\microsoft frontpage 2010-01-26 12:52 . 2009-12-03 11:19 -------- d-----w- c:\arquivos de programas\Radix Priston Tale 2010-01-25 02:03 . 2001-10-28 14:07 98700 ----a-w- c:\windows\system32\perfc016.dat 2010-01-25 02:03 . 2001-10-28 14:07 520636 ----a-w- c:\windows\system32\perfh016.dat 2010-01-24 19:51 . 2009-12-10 01:11 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\FileZilla 2010-01-20 22:44 . 2009-12-03 04:39 -------- d-----w- c:\arquivos de programas\Orbitdownloader 2010-01-16 21:29 . 2009-12-03 18:17 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus! 2010-01-16 20:55 . 2009-12-03 13:01 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live 2010-01-09 02:32 . 2009-12-22 14:59 -------- d-----w- c:\arquivos de programas\Nokia 2010-01-09 02:32 . 2009-12-22 15:01 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Nokia 2010-01-08 18:01 . 2009-12-09 17:22 -------- d-----w- c:\arquivos de programas\Google 2010-01-08 17:56 . 2009-12-19 05:29 -------- d-----w- c:\arquivos de programas\ss 2010-01-07 20:41 . 2010-01-07 20:41 1329717 ----a-w- c:\arquivos de programas\richeia.PNG 2010-01-06 18:02 . 2009-12-05 19:36 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\FLEXnet 2010-01-03 05:24 . 2009-12-21 17:48 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Skype 2010-01-03 03:30 . 2009-12-21 17:49 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\skypePM 2010-01-01 19:06 . 2010-01-01 19:05 1407955 ----atw- c:\arquivos de programas\DSC01087.JPG 2010-01-01 18:39 . 2010-01-01 18:35 1497477 ----atw- c:\arquivos de programas\DSC01067.JPG 2010-01-01 18:39 . 2010-01-01 18:35 1368014 ----atw- c:\arquivos de programas\DSC01069.JPG 2010-01-01 18:39 . 2010-01-01 18:35 1413153 ----atw- c:\arquivos de programas\DSC01068.JPG 2010-01-01 18:38 . 2010-01-01 18:35 959701 ----atw- c:\arquivos de programas\DSC01069 cópia.jpg 2009-12-24 16:02 . 2009-12-24 15:27 -------- d-----w- c:\arquivos de programas\Your Freedom 2009-12-24 15:58 . 2009-12-24 15:58 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\ProxyCap 2009-12-24 15:31 . 2009-12-24 15:31 -------- d-----w- c:\arquivos de programas\Proxy Labs 2009-12-24 15:14 . 2009-12-24 14:50 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NexonUS 2009-12-24 15:14 . 2009-12-24 15:14 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Nexon 2009-12-24 14:50 . 2009-12-24 14:50 90112 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\npNxGameUS.dll 2009-12-24 14:50 . 2009-12-24 14:50 561152 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\NGMDll.dll 2009-12-24 14:50 . 2009-12-24 14:50 393216 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\NGMResource.dll 2009-12-24 14:50 . 2009-12-24 14:50 258352 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\unicows.dll 2009-12-24 14:50 . 2009-12-24 14:50 118784 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\nxgameus.dll 2009-12-24 14:50 . 2009-12-24 14:50 167936 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\NGM.exe 2009-12-23 23:39 . 2009-12-23 23:39 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Nseries 2009-12-23 23:30 . 2009-12-22 15:05 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Nokia 2009-12-23 23:18 . 2009-12-22 15:12 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\PC Suite 2009-12-23 23:17 . 2009-12-23 23:17 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf 2009-12-23 22:56 . 2009-12-23 22:56 -------- d-----w- c:\arquivos de programas\PC Connectivity Solution 2009-12-23 22:55 . 2009-12-23 22:55 95232 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe 2009-12-23 22:55 . 2009-12-23 22:55 8192 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe 2009-12-23 22:55 . 2009-12-23 22:55 61440 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe 2009-12-23 22:55 . 2009-12-23 22:55 10240 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe 2009-12-23 22:54 . 2009-12-23 22:54 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Installations 2009-12-23 22:45 . 2009-12-23 22:45 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Nokia 2009-12-23 18:02 . 2009-12-23 18:02 -------- d-----w- c:\arquivos de programas\LogMeIn Hamachi 2009-12-23 14:21 . 2009-12-23 14:21 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf 2009-12-23 14:21 . 2009-12-23 14:21 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf 2009-12-22 20:56 . 2009-12-12 23:13 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Apple Computer 2009-12-22 15:35 . 2009-12-22 14:59 -------- d-----w- c:\arquivos de programas\DIFX 2009-12-22 15:20 . 2009-12-22 15:19 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\PC Suite 2009-12-22 15:19 . 2009-12-22 15:19 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf 2009-12-22 15:19 . 2009-12-22 15:19 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2009-12-22 15:03 . 2009-12-22 15:03 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NokiaMusic 2009-12-22 15:03 . 2009-12-22 15:02 -------- d-----w- c:\arquivos de programas\Arquivos comuns\muvee Technologies 2009-12-22 14:53 . 2009-12-22 14:53 -------- d-----w- c:\arquivos de programas\MSBuild 2009-12-22 14:53 . 2009-12-22 14:53 -------- d-----w- c:\arquivos de programas\Reference Assemblies 2009-12-22 14:50 . 2009-12-22 14:50 -------- d-----w- c:\arquivos de programas\MSXML 6.0 2009-12-21 19:08 . 2004-08-04 02:45 916480 ----a-w- c:\windows\system32\wininet.dll 2009-12-21 17:49 . 2009-12-21 17:49 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2009-12-21 17:48 . 2009-12-21 17:47 -------- d-----r- c:\arquivos de programas\Skype 2009-12-21 17:47 . 2009-12-21 17:47 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Skype 2009-12-21 17:47 . 2009-12-21 17:47 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Skype 2009-12-20 12:20 . 2009-12-05 10:05 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe 2009-12-19 18:36 . 2009-12-19 18:36 33824 ----a-w- c:\windows\system32\drivers\oreans32.sys 2009-12-19 18:23 . 2009-12-19 18:23 -------- d-----w- c:\arquivos de programas\MU Season 4 2009-12-19 05:10 . 2009-12-18 03:06 -------- d-----w- c:\arquivos de programas\KYE 2009-12-19 05:10 . 2009-12-19 05:10 -------- d-----w- c:\arquivos de programas\Arquivos comuns\snpstd2 2009-12-19 05:09 . 2009-12-03 03:19 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information 2009-12-17 03:09 . 2009-12-17 03:08 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack 2009-12-17 02:56 . 2009-12-17 02:56 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Media Player Classic 2009-12-17 01:55 . 2009-12-17 01:55 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Megaupload 2009-12-17 01:51 . 2009-12-17 01:51 -------- d-----w- c:\arquivos de programas\Megaupload 2009-12-17 01:51 . 2009-12-17 01:51 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\InstallShield 2009-12-13 21:57 . 2009-12-13 21:57 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help 2009-12-13 21:54 . 2009-12-09 14:52 -------- d-----w- c:\arquivos de programas\Microsoft.NET 2009-12-13 21:54 . 2009-12-13 21:52 -------- d-----w- c:\arquivos de programas\Microsoft SQL Server 2009-12-13 05:38 . 2009-12-12 23:10 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple 2009-12-12 23:13 . 2009-12-12 23:12 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-12-12 23:13 . 2009-12-12 23:12 -------- d-----w- c:\arquivos de programas\iTunes 2009-12-12 23:12 . 2009-12-12 23:12 -------- d-----w- c:\arquivos de programas\iPod 2009-12-12 23:12 . 2009-12-12 23:10 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Apple 2009-12-12 23:12 . 2009-12-12 23:11 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer 2009-12-12 23:12 . 2009-12-12 23:12 -------- d-----w- c:\arquivos de programas\Bonjour 2009-12-12 23:11 . 2009-12-12 23:11 -------- d-----w- c:\arquivos de programas\QuickTime 2009-12-12 23:11 . 2009-12-12 23:11 -------- d-----w- c:\arquivos de programas\Apple Software Update 2009-12-12 04:40 . 2009-12-12 04:40 -------- d-----w- c:\arquivos de programas\WoW-2.3.0.7561-enUS 2009-12-12 04:39 . 2009-12-12 04:39 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Blizzard Entertainment 2009-12-12 04:20 . 2009-12-12 04:20 -------- d-----w- c:\arquivos de programas\BreakPoint Software 2009-12-11 18:00 . 2009-12-17 03:08 85504 ----a-w- c:\windows\system32\ff_vfw.dll 2009-12-11 17:55 . 2009-12-11 17:55 -------- d-----w- c:\arquivos de programas\CCleaner 2009-12-10 01:11 . 2009-12-10 01:11 -------- d-----w- c:\arquivos de programas\FileZilla FTP Client 2009-12-07 04:23 . 2009-12-07 04:23 177024 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\x0ye2gvo.default\FlashGot.exe 2009-12-06 22:08 . 2009-12-06 21:57 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\TeamViewer 2009-12-06 21:57 . 2009-12-06 21:57 -------- d-----w- c:\arquivos de programas\TeamViewer 2009-12-05 13:48 . 2009-12-05 13:48 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\{29DE7D8A-76E9-40C8-AD3B-3D95E76E1227} 2009-12-05 13:48 . 2009-12-05 13:48 -------- d-----w- c:\arquivos de programas\LiveZilla 2009-12-05 13:16 . 2009-12-05 13:16 -------- d-----w- c:\arquivos de programas\Adobe Media Player 2009-12-05 13:11 . 2009-12-05 13:11 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe AIR 2009-12-05 10:07 . 2009-12-05 10:07 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Macrovision Shared . ------- Sigcheck ------- [-] 2008-04-14 . 3DBE0D011E911AADFB6ED17EDC525066 . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\wscntfy.exe [-] 2008-04-14 . 698F9583D1EB213B09F12DD5826A46E2 . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\sfcfiles.dll [-] 2007-03-11 . B23D1FC94C037AE5F0E05A78B52596A4 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll c:\windows\System32\wscntfy.exe ... está faltando !! . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{14f0d511-36a2-41ca-ae01-ba4f87282c97}"= "c:\arquivos de programas\SHOUTcast Radio Toolbar\shoutcasttb.dll" [2008-09-17 1275176] [HKEY_CLASSES_ROOT\clsid\{14f0d511-36a2-41ca-ae01-ba4f87282c97}] [HKEY_CLASSES_ROOT\SHOUTcastTb.AOLTBSearch.1] [HKEY_CLASSES_ROOT\TypeLib\{8613efdf-b530-4b1d-b970-b09f99977813}] [HKEY_CLASSES_ROOT\SHOUTcastTb.AOLTBSearch] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2009-09-02 17:56 1175944 ----a-w- c:\arquivos de programas\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}] 2010-01-22 01:05 220208 ----a-w- c:\arquivos de programas\Hotspot Shield\hssie\HssIE.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\arquivos de programas\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\arquivos de programas\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NokiaMServer"="c:\arquivos de programas\Arquivos comuns\Nokia\MPlatform\NokiaMServer" [X] "HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-20 110184] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-20 12669544] "RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464] "AdobeCS4ServiceManager"="c:\arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "QuickTime Task"="c:\arquivos de programas\QuickTime\QTTask.exe" [2009-09-05 417792] "iTunesHelper"="c:\arquivos de programas\iTunes\iTunesHelper.exe" [2009-10-28 141600] "Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-06-10 286720] "NokiaMusic FastStart"="c:\arquivos de programas\Nokia\Ovi Player\NokiaOviPlayer.exe" [2009-11-06 2090272] "mcagent_exe"="c:\arquivos de programas\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008] "McENUI"="c:\arquiv~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "WIAWizardMenu"="c:\windows\system32\sti_ci.dll" [2004-08-04 137216] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2009-03-08 128512] c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\ HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520] Orbit.lnk - c:\arquivos de programas\Orbitdownloader\orbitdm.exe [2009-12-3 1785104] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) "NoResolveTrack"= 1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"= "c:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"= "c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\xampp\\apache\\bin\\httpd.exe"= "c:\\Arquivos de programas\\Arquivos comuns\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Arquivos de programas\\TeamViewer\\Version5\\TeamViewer.exe"= "c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"= "c:\\Arquivos de programas\\iTunes\\iTunes.exe"= "c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\xampp\\mysql\\bin\\mysqld.exe"= "c:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"= "c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe "c:\\Nexon\\Combat Arms\\NMService.exe"= "c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"= "c:\\Server\\servidorpt.exe"= "c:\\Server\\Serverteste.exe"= "c:\\Nexon\\Combat Arms\\Engine.exe"= "c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"= "c:\\Arquivos de programas\\SpacialAudio\\SAMBC\\SAMBC.exe"= "c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"= "c:\\Server\\Server Radix PT.exe"= "c:\\Server\\Itens sem replace.exe"= "c:\\Arquivos de programas\\LiveZilla\\LiveZilla Server Admin.exe"= "c:\\Arquivos de programas\\Arquivos comuns\\McAfee\\MNA\\McNASvc.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [3/8/2004 23:45 14336] R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [9/12/2008 20:10 24636] R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe -s DefaultInstance --> c:\arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe -s DefaultInstance [?] R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\arquivos de programas\LogMeIn Hamachi\hamachi-2.exe [29/10/2009 12:27 1074568] R2 HssWd;Hotspot Shield Monitoring Service;c:\arquivos de programas\Hotspot Shield\bin\hsswd.exe [8/1/2010 20:42 285744] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\arquivos de programas\McAfee\SiteAdvisor\McSACore.exe [24/1/2010 22:37 93320] R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance --> c:\arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance [?] S2 0238081264507318mcinstcleanup;McAfee Application Installer Cleanup (0238081264507318);c:\windows\TEMP\023808~1.EXE c:\arquiv~1\ARQUIV~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\023808~1.EXE c:\arquiv~1\ARQUIV~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?] --- =Outros Serviços/Drivers Na Memória --- *NewlyCreated* - 0238081264507318MCINSTCLEANUP [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc Akamai REG_MULTI_SZ Akamai . Conteúdo da pasta 'Tarefas Agendadas' 2010-01-22 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34] 2010-01-25 c:\windows\Tasks\McDefragTask.job - c:\arquiv~1\mcafee\mqc\QcConsol.exe [2010-01-25 15:22] 2010-01-25 c:\windows\Tasks\McQcTask.job - c:\arquiv~1\mcafee\mqc\QcConsol.exe [2010-01-25 15:22] 2010-01-26 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\arquivos de programas\Ask.com\UpdateTask.exe [2009-09-02 17:56] 2010-01-26 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2010-01-25 01:18] . . ------- Scan Suplementar ------- . uStart Page = about:blank uInternet Connection Wizard,ShellNext = hxxp://www.baixaki.com.br/ uInternet Settings,ProxyOverride = local IE: &Download by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204 IE: &SHOUTcast Search - c:\documents and settings\All Users\Dados de aplicativos\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html IE: Baixar Link Utiizando Gerenciador Mega... - c:\arquivos de programas\Megaupload\Mega Manager\mm_file.htm IE: Do&wnload selected by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202 IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: {55B9FC3D-8E0D-4E23-9BB8-72A77C722F2B} = 200.165.132.155,200.165.132.148 FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\x0ye2gvo.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-chromesbox-en-us&query= FF - prefs.js: browser.search.selectedEngine - Winamp Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-ab-en-us&query= FF - component: c:\arquivos de programas\McAfee\SiteAdvisor\components\McFFPlg.dll FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - component: c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\x0ye2gvo.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npwachk.dll FF - plugin: c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\npNxGameUS.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . - - - - ORFÃOS REMOVIDOS - - - - HKLM-Run-nwiz - nwiz.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-26 10:18 Windows 5.1.2600 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai] "ServiceDll"="C:/Arquivos de programas/Arquivos comuns/Akamai/rswin_3629.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai] "ServiceDll"="C:/Arquivos de programas/Arquivos comuns/Akamai/rswin_3629.dll" . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- [HKEY_USERS\S-1-5-21-861567501-776561741-682003330-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4b,4e,74,43,7c,77,25,41,8f,66,e6,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4b,4e,74,43,7c,77,25,41,8f,66,e6,\ [HKEY_USERS\S-1-5-21-861567501-776561741-682003330-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2924D6B4-1F3F-1324-2880-8F6794EA3A87}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "iacmccbefaciogbjnj"=hex:6b,61,67,70,68,70,6f,67,64,6f,61,69,6f,6d,6c,70,6f,70, 6f,6d,6f,6c,00,00 "hammikphmnajjplm"=hex:69,61,67,70,69,6f,61,6b,70,61,6d,6a,6d,64,70,6b,68,69, 00,00 "iagnckoljnhplbnlae"=hex:63,61,65,70,70,66,00,7c . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'explorer.exe'(4728) c:\windows\system32\WININET.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Outros Processos em Execução ------------------------ . c:\windows\system32\nvsvc32.exe c:\windows\RTHDCPL.EXE c:\arquivos de programas\Arquivos comuns\Nokia\MPlatform\NokiaMServer.exe c:\arquivos de programas\Orbitdownloader\orbitnet.exe c:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\arquivos de programas\Bonjour\mDNSResponder.exe c:\arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe c:\arquivos de programas\Hotspot Shield\bin\openvpnas.exe c:\arquivos de programas\Hotspot Shield\HssWPR\hsssrv.exe c:\arquivos de programas\Java\jre6\bin\jqs.exe c:\arquiv~1\McAfee\MSC\mcmscsvc.exe c:\arquiv~1\ARQUIV~1\mcafee\mna\mcnasvc.exe c:\arquiv~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe c:\arquiv~1\McAfee\VIRUSS~1\mcshield.exe c:\arquivos de programas\McAfee\MPF\MPFSrv.exe c:\arquivos de programas\McAfee\MSK\MskSrver.exe c:\arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe c:\xampp\mysql\bin\mysqld.exe c:\arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe c:\arquivos de programas\iPod\bin\iPodService.exe c:\windows\system32\wbem\wmiapsrv.exe c:\arquivos de programas\Hotspot Shield\bin\openvpntray.exe c:\arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe . ************************************************************************** . Tempo para conclusão: 2010-01-26 10:23:51 - Máquina reiniciou ComboFix-quarantined-files.txt 2010-01-26 13:23 Pré-execução: 20 pasta(s) 96.433.152.000 bytes disponíveis Pós execução: 22 pasta(s) 96.353.206.272 bytes disponíveis WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 43DD657334D5B7D383CCBFD095B56055 Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Fevereiro 1, 2010 Opa Eиcrypted, Siga as instruções: 1. Abra o Bloco de Notas -> Copie (Control + C) e Cole (Control + V) todo o texto incluído no "Quote": File::c:\windows\system32\ezsidmv.dat Folder:: c:\arquivos de programas\Ask.com Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] [-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"=- [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 1 (0x1) RegLock:: [HKEY_USERS\S-1-5-21-861567501-776561741-682003330-500\Software\Microsoft\Internet Explorer\User Preferences] RegNull:: [HKEY_USERS\S-1-5-21-861567501-776561741-682003330-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2924D6B4-1F3F-1324-2880-8F6794EA3A87}*] ATENÇÃO: O script acima foi elaborado especificamente para a infecção contida neste computador. Utilizá-lo em outra máquina poderá originar graves problemas ao usuário. 2. Salve o arquivo como CFScript.txt; 3. Tal como exemplificado na foto abaixo, arraste o arquivo CFScript.txt para o ComboFix.exe. 4. Ao término do processo a ferramenta irá gerar um log. Poste-o (C:\ComboFix.txt) em sua próxima resposta, juntamente com um novo log do HijackThis. Abraços. Compartilhar este post Link para o post Compartilhar em outros sites
Eиcrypted 0 Denunciar post Postado Fevereiro 1, 2010 ComboFix ComboFix 10-01-25.06 - Administrador 01/02/2010 20:41:06.2.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2047.1380 [GMT -3:00] Executando de: c:\downloads\ComboFix.exe Comandos utilizados :: c:\documents and settings\Administrador\Desktop\CFScript.txt AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} FILE :: "c:\windows\system32\ezsidmv.dat" . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\arquivos de programas\Ask.com c:\arquivos de programas\Ask.com\cobrand.ico c:\arquivos de programas\Ask.com\config.xml c:\arquivos de programas\Ask.com\favicon.ico c:\arquivos de programas\Ask.com\GenericAskToolbar.dll c:\arquivos de programas\Ask.com\mupcfg.xml c:\arquivos de programas\Ask.com\SaUpdate.exe c:\arquivos de programas\Ask.com\UpdateTask.exe c:\windows\system32\avg.bat c:\windows\system32\ezsidmv.dat . (((((((((((((((( Arquivos/Ficheiros criados de 2010-01-01 to 2010-02-01 )))))))))))))))))))))))))))) . 2010-02-01 22:09 . 2010-02-01 22:09 -------- d-----w- c:\arquivos de programas\MP3SPLITTER 2010-02-01 20:03 . 2010-02-01 20:03 -------- d-----w- c:\windows\LastGood 2010-02-01 20:03 . 2010-02-01 20:03 -------- d-----w- c:\arquivos de programas\Arquivos comuns\PCSuite 2010-02-01 19:56 . 2009-12-10 10:09 24424120 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\NokiaSoftwareUpdaterSetup_pt_br.exe 2010-02-01 19:56 . 2010-02-01 19:56 36864 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\Sleep.exe 2010-02-01 19:56 . 2010-02-01 19:56 3351812 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\msxml6Exec.exe 2010-02-01 19:56 . 2010-02-01 19:56 3203453 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\vcredistExec.exe 2010-02-01 11:40 . 2010-02-01 11:41 -------- d-----w- C:\LinhaDefensiva 2010-02-01 11:28 . 2010-02-01 11:28 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Malwarebytes 2010-02-01 11:28 . 2010-01-07 19:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-02-01 11:28 . 2010-02-01 11:28 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware 2010-02-01 11:28 . 2010-02-01 11:28 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes 2010-02-01 11:28 . 2010-01-07 19:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-31 18:02 . 2010-01-31 18:02 2558976 --sh--w- c:\windows\system32\kill.exe 2010-01-31 18:01 . 2010-01-31 18:01 -------- d-----w- c:\windows\system32\log 2010-01-31 18:01 . 2010-01-31 18:01 1127936 ----a-w- c:\windows\system32\auto_msn.exe 2010-01-30 14:32 . 2010-01-30 14:32 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\RoboForm 2010-01-30 14:32 . 2010-01-30 14:32 -------- d-----w- c:\arquivos de programas\Siber Systems 2010-01-29 00:48 . 2010-01-29 00:48 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Canneverbe_Limited 2010-01-29 00:48 . 2010-01-29 00:48 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Canneverbe Limited 2010-01-29 00:48 . 2009-11-12 16:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys 2010-01-29 00:48 . 2010-01-29 00:48 -------- d-----w- c:\arquivos de programas\CDBurnerXP 2010-01-28 08:58 . 2008-05-09 10:55 180224 ------w- c:\windows\system32\dllcache\scrobj.dll 2010-01-28 08:58 . 2008-05-09 10:55 90112 ------w- c:\windows\system32\dllcache\wshext.dll 2010-01-28 08:58 . 2008-05-09 10:55 172032 ------w- c:\windows\system32\dllcache\scrrun.dll 2010-01-28 08:58 . 2008-05-09 08:45 135168 ------w- c:\windows\system32\dllcache\cscript.exe 2010-01-28 08:58 . 2008-05-08 11:24 155648 ------w- c:\windows\system32\dllcache\wscript.exe 2010-01-27 10:19 . 2010-01-27 10:19 -------- d-----w- c:\windows\l2schemas 2010-01-27 10:19 . 2010-01-27 10:19 -------- d-----w- c:\windows\system32\bits 2010-01-27 10:12 . 2010-01-27 10:20 -------- d-----w- c:\windows\EHome 2010-01-26 23:45 . 2010-01-27 00:25 -------- d-----w- c:\arquivos de programas\Journal Macro 2010-01-26 15:14 . 2010-01-28 13:56 -------- d-----w- c:\arquivos de programas\Steam 2010-01-26 00:10 . 2010-01-26 00:10 -------- d-----w- c:\arquivos de programas\PhotoZoom Pro 3 2010-01-25 02:54 . 2004-08-04 01:29 25471 ------w- c:\windows\system32\drivers\watv10nt.sys 2010-01-25 02:54 . 2004-08-04 01:29 22271 ------w- c:\windows\system32\drivers\watv06nt.sys 2010-01-25 02:54 . 2004-08-04 01:29 11935 ------w- c:\windows\system32\drivers\wadv11nt.sys 2010-01-25 02:54 . 2004-08-04 01:29 11871 ------w- c:\windows\system32\drivers\wadv09nt.sys 2010-01-25 02:54 . 2004-08-04 01:29 11807 ------w- c:\windows\system32\drivers\wadv07nt.sys 2010-01-25 02:54 . 2004-08-04 01:29 11295 ------w- c:\windows\system32\drivers\wadv08nt.sys 2010-01-25 02:54 . 2004-08-04 01:29 166912 ------w- c:\windows\system32\drivers\s3gnbm.sys 2010-01-25 02:54 . 2004-08-04 01:29 452736 ------w- c:\windows\system32\drivers\mtxparhm.sys 2010-01-25 02:14 . 2010-01-26 11:56 -------- d-----w- c:\documents and settings\LocalService\Dados de aplicativos\SACore 2010-01-25 02:13 . 2010-01-25 02:13 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2010-01-25 02:00 . 2010-01-25 02:00 -------- d-----w- c:\windows\system32\KB905474 2010-01-25 02:00 . 2009-03-11 01:26 1434496 ----a-w- c:\windows\system32\KB905474\wganotifypackageinner.exe 2010-01-25 02:00 . 2009-03-11 01:18 454536 ----a-w- c:\windows\system32\KB905474\wgasetup.exe 2010-01-25 01:46 . 2010-01-27 10:16 -------- d-----w- c:\windows\ServicePackFiles 2010-01-25 01:45 . 2010-01-25 02:04 -------- d-----w- c:\windows\ie8updates 2010-01-25 01:44 . 2010-01-25 01:44 -------- d-----w- c:\arquivos de programas\MSXML 4.0 2010-01-25 01:38 . 2010-01-25 01:38 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SiteAdvisor 2010-01-25 01:38 . 2010-01-25 01:38 -------- d-----w- c:\arquivos de programas\SiteAdvisor 2010-01-25 01:35 . 2009-11-04 19:54 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2010-01-25 01:35 . 2009-11-04 19:54 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys 2010-01-25 01:35 . 2009-11-04 19:54 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2010-01-25 01:35 . 2009-07-16 15:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys 2010-01-25 01:34 . 2010-01-25 01:35 -------- d-----w- c:\arquivos de programas\Arquivos comuns\McAfee 2010-01-25 01:34 . 2010-01-25 01:34 -------- d-----w- c:\arquivos de programas\McAfee.com 2010-01-25 01:34 . 2010-01-26 12:00 -------- d-----w- c:\arquivos de programas\McAfee 2010-01-25 01:32 . 2009-11-04 19:53 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys 2010-01-25 00:45 . 2010-01-25 11:16 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\McAfee 2010-01-24 23:12 . 2010-01-24 23:18 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\GetRightToGo 2010-01-24 22:59 . 2009-12-21 19:07 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll 2010-01-24 22:59 . 2009-12-21 19:07 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll 2010-01-24 22:59 . 2009-12-21 19:07 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll 2010-01-24 22:59 . 2009-12-21 19:07 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll 2010-01-24 22:59 . 2009-12-21 19:08 12800 ------w- c:\windows\system32\dllcache\xpshims.dll 2010-01-24 22:59 . 2009-12-21 19:07 11070464 ------w- c:\windows\system32\dllcache\ieframe.dll 2010-01-24 22:55 . 2008-12-11 10:57 333952 ------w- c:\windows\system32\dllcache\srv.sys 2010-01-24 22:53 . 2008-06-14 17:34 272384 ------w- c:\windows\system32\dllcache\bthport.sys 2010-01-24 22:53 . 2008-06-14 17:34 272384 ------w- c:\windows\system32\drivers\bthport.sys 2010-01-24 22:46 . 2009-10-15 16:32 81920 ------w- c:\windows\system32\dllcache\fontsub.dll 2010-01-24 22:46 . 2009-10-15 16:32 119808 ------w- c:\windows\system32\dllcache\t2embed.dll 2010-01-24 22:44 . 2009-06-21 21:48 153088 ------w- c:\windows\system32\dllcache\triedit.dll 2010-01-24 22:37 . 2009-11-21 15:58 471552 ------w- c:\windows\system32\dllcache\aclayers.dll 2010-01-24 22:25 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys 2010-01-24 22:24 . 2008-10-24 11:21 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys 2010-01-24 22:24 . 2008-05-01 14:36 331776 ------w- c:\windows\system32\dllcache\msadce.dll 2010-01-24 22:24 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll 2010-01-24 22:22 . 2008-04-11 19:05 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll 2010-01-24 22:20 . 2009-06-10 12:21 2066432 ------w- c:\windows\system32\dllcache\mstscax.dll 2010-01-24 22:18 . 2008-10-15 16:36 337408 ------w- c:\windows\system32\dllcache\netapi32.dll 2010-01-24 22:18 . 2009-07-31 04:33 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll 2010-01-22 01:06 . 2010-01-30 18:21 -------- d-----w- C:\Hotspot Shield 2010-01-21 15:51 . 2010-01-21 15:51 -------- d-----w- c:\arquivos de programas\Caseiro 2010-01-21 15:50 . 2010-01-21 15:50 249856 ------w- c:\windows\Setup1.exe 2010-01-21 15:50 . 2010-01-21 15:50 73216 ----a-w- c:\windows\ST6UNST.EXE 2010-01-20 16:15 . 2010-01-20 16:16 -------- d-----w- c:\arquivos de programas\rita 2010-01-13 16:43 . 2010-01-13 16:43 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2010-01-08 23:42 . 2010-01-08 23:42 32768 ----a-w- c:\windows\system32\drivers\taphss.sys 2010-01-08 19:52 . 2010-01-26 00:45 -------- d-----w- C:\Server_ 2010-01-08 18:34 . 2010-01-08 18:35 -------- d-----w- c:\arquivos de programas\Paint.NET 2010-01-08 18:32 . 2010-01-08 18:32 -------- d-----w- c:\documents and settings\Administrador\.thumbnails 2010-01-08 18:30 . 2010-01-08 18:33 -------- d-----w- c:\documents and settings\Administrador\.gimp-2.6 2010-01-07 22:50 . 2010-01-07 22:52 -------- d-----w- c:\windows\system32\Adobe 2010-01-07 17:25 . 2010-01-07 17:25 -------- d-sh--w- c:\documents and settings\Administrador\PrivacIE 2010-01-07 17:20 . 2010-01-07 17:20 -------- d-sh--w- c:\documents and settings\Administrador\IETldCache 2010-01-07 16:45 . 2010-01-27 10:19 -------- d-----w- c:\windows\system32\pt-BR 2010-01-07 16:45 . 2010-01-07 16:46 -------- dc-h--w- c:\windows\ie8 2010-01-07 16:36 . 2010-01-28 10:51 -------- d--h--w- c:\windows\$hf_mig$ 2010-01-07 04:43 . 2010-01-07 04:47 -------- d-----w- c:\arquivos de programas\SQL Server Backup 8 2010-01-07 04:01 . 2010-02-01 11:57 -------- d--h--w- c:\windows\PIF 2010-01-06 05:12 . 2010-01-06 05:12 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SqlBackupAndFtp 2010-01-06 04:50 . 2010-01-20 11:54 -------- d-----w- C:\Backups 2010-01-06 04:34 . 2010-01-14 21:43 -------- d-----w- c:\arquivos de programas\Cobian Backup 9 2010-01-05 23:04 . 2010-01-05 23:04 664 ----a-w- c:\windows\system32\d3d9caps.dat . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-01 23:28 . 2009-12-20 04:35 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Akamai 2010-02-01 22:09 . 2009-12-03 04:39 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Orbit 2010-02-01 20:05 . 2009-12-22 15:05 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Nokia 2010-02-01 20:03 . 2009-12-22 15:01 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Nokia 2010-02-01 20:03 . 2009-12-22 14:59 -------- d-----w- c:\arquivos de programas\Nokia 2010-02-01 19:55 . 2009-12-23 22:54 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Installations 2010-02-01 00:24 . 2009-12-03 11:19 -------- d-----w- c:\arquivos de programas\Radix Priston Tale 2010-01-28 02:19 . 2009-12-12 23:13 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Apple Computer 2010-01-26 13:15 . 2010-01-26 13:15 -------- d-----w- c:\arquivos de programas\microsoft frontpage 2010-01-25 02:03 . 2001-10-28 14:07 98700 ----a-w- c:\windows\system32\perfc016.dat 2010-01-25 02:03 . 2001-10-28 14:07 520636 ----a-w- c:\windows\system32\perfh016.dat 2010-01-24 19:51 . 2009-12-10 01:11 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\FileZilla 2010-01-22 02:40 . 2009-12-28 05:17 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\uTorrent 2010-01-20 22:44 . 2009-12-03 04:39 -------- d-----w- c:\arquivos de programas\Orbitdownloader 2010-01-16 21:29 . 2009-12-03 18:17 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus! 2010-01-16 20:55 . 2009-12-03 13:01 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live 2010-01-08 18:01 . 2009-12-09 17:22 -------- d-----w- c:\arquivos de programas\Google 2010-01-08 17:56 . 2009-12-19 05:29 -------- d-----w- c:\arquivos de programas\ss 2010-01-07 20:41 . 2010-01-07 20:41 1329717 ----a-w- c:\arquivos de programas\richeia.PNG 2010-01-06 18:02 . 2009-12-05 19:36 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\FLEXnet 2010-01-03 05:24 . 2009-12-21 17:48 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Skype 2010-01-03 03:30 . 2009-12-21 17:49 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\skypePM 2010-01-01 19:06 . 2010-01-01 19:05 1407955 ----atw- c:\arquivos de programas\DSC01087.JPG 2010-01-01 18:39 . 2010-01-01 18:35 1497477 ----atw- c:\arquivos de programas\DSC01067.JPG 2010-01-01 18:39 . 2010-01-01 18:35 1368014 ----atw- c:\arquivos de programas\DSC01069.JPG 2010-01-01 18:39 . 2010-01-01 18:35 1413153 ----atw- c:\arquivos de programas\DSC01068.JPG 2010-01-01 18:38 . 2010-01-01 18:35 959701 ----atw- c:\arquivos de programas\DSC01069 cópia.jpg 2010-01-01 00:43 . 2010-01-01 00:43 -------- d-----w- c:\arquivos de programas\ZaraSoft 2009-12-30 02:33 . 2009-12-30 02:33 -------- d-----w- c:\arquivos de programas\SpacialAudio 2009-12-30 02:33 . 2009-12-30 02:33 -------- d-----w- c:\arquivos de programas\Firebird 2009-12-30 02:17 . 2009-12-30 02:17 -------- d-----w- c:\arquivos de programas\SHOUTcast Radio Toolbar 2009-12-30 02:17 . 2009-12-30 02:17 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SHOUTcast Radio Toolbar 2009-12-30 02:16 . 2009-12-30 02:16 -------- d-----w- c:\arquivos de programas\Winamp Detect 2009-12-29 19:13 . 2009-12-29 18:15 5 ----a-w- c:\windows\system32\SySMP3CutJoin.dat 2009-12-29 18:15 . 2009-12-29 18:15 -------- d-----w- c:\arquivos de programas\AudioToolsFactory 2009-12-29 18:11 . 2009-12-29 18:11 -------- d-----w- c:\arquivos de programas\MP3JOINER 2009-12-29 17:09 . 2009-12-29 17:09 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\HP 2009-12-28 05:19 . 2009-12-28 05:19 -------- d-----w- c:\arquivos de programas\uTorrent 2009-12-24 16:02 . 2009-12-24 15:27 -------- d-----w- c:\arquivos de programas\Your Freedom 2009-12-24 15:58 . 2009-12-24 15:58 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\ProxyCap 2009-12-24 15:31 . 2009-12-24 15:31 -------- d-----w- c:\arquivos de programas\Proxy Labs 2009-12-24 15:14 . 2009-12-24 14:50 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NexonUS 2009-12-24 15:14 . 2009-12-24 15:14 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Nexon 2009-12-24 14:50 . 2009-12-24 14:50 90112 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\npNxGameUS.dll 2009-12-24 14:50 . 2009-12-24 14:50 561152 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\NGMDll.dll 2009-12-24 14:50 . 2009-12-24 14:50 393216 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\NGMResource.dll 2009-12-24 14:50 . 2009-12-24 14:50 258352 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\unicows.dll 2009-12-24 14:50 . 2009-12-24 14:50 118784 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\nxgameus.dll 2009-12-24 14:50 . 2009-12-24 14:50 167936 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\NGM.exe 2009-12-23 23:39 . 2009-12-23 23:39 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Nseries 2009-12-23 23:18 . 2009-12-22 15:12 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\PC Suite 2009-12-23 23:17 . 2009-12-23 23:17 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf 2009-12-23 22:56 . 2009-12-23 22:56 -------- d-----w- c:\arquivos de programas\PC Connectivity Solution 2009-12-23 22:55 . 2009-12-23 22:55 95232 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe 2009-12-23 22:55 . 2009-12-23 22:55 8192 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe 2009-12-23 22:55 . 2009-12-23 22:55 61440 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe 2009-12-23 22:55 . 2009-12-23 22:55 10240 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe 2009-12-23 22:45 . 2009-12-23 22:45 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Nokia 2009-12-23 18:02 . 2009-12-23 18:02 -------- d-----w- c:\arquivos de programas\LogMeIn Hamachi 2009-12-23 14:21 . 2009-12-23 14:21 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf 2009-12-23 14:21 . 2009-12-23 14:21 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf 2009-12-22 15:35 . 2009-12-22 14:59 -------- d-----w- c:\arquivos de programas\DIFX 2009-12-22 15:20 . 2009-12-22 15:19 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\PC Suite 2009-12-22 15:19 . 2009-12-22 15:19 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf 2009-12-22 15:19 . 2009-12-22 15:19 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2009-12-22 15:03 . 2009-12-22 15:03 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NokiaMusic 2009-12-22 15:03 . 2009-12-22 15:02 -------- d-----w- c:\arquivos de programas\Arquivos comuns\muvee Technologies 2009-12-22 14:53 . 2009-12-22 14:53 -------- d-----w- c:\arquivos de programas\MSBuild 2009-12-22 14:53 . 2009-12-22 14:53 -------- d-----w- c:\arquivos de programas\Reference Assemblies 2009-12-22 14:50 . 2009-12-22 14:50 -------- d-----w- c:\arquivos de programas\MSXML 6.0 2009-12-21 19:08 . 2004-08-04 02:45 916480 ------w- c:\windows\system32\wininet.dll 2009-12-21 17:48 . 2009-12-21 17:47 -------- d-----r- c:\arquivos de programas\Skype 2009-12-21 17:47 . 2009-12-21 17:47 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Skype 2009-12-21 17:47 . 2009-12-21 17:47 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Skype 2009-12-20 12:20 . 2009-12-05 10:05 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe 2009-12-19 18:36 . 2009-12-19 18:36 33824 ----a-w- c:\windows\system32\drivers\oreans32.sys 2009-12-19 18:23 . 2009-12-19 18:23 -------- d-----w- c:\arquivos de programas\MU Season 4 2009-12-19 05:10 . 2009-12-18 03:06 -------- d-----w- c:\arquivos de programas\KYE 2009-12-19 05:10 . 2009-12-19 05:10 -------- d-----w- c:\arquivos de programas\Arquivos comuns\snpstd2 2009-12-19 05:09 . 2009-12-03 03:19 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information 2009-12-17 03:09 . 2009-12-17 03:08 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack 2009-12-17 02:56 . 2009-12-17 02:56 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Media Player Classic 2009-12-17 01:55 . 2009-12-17 01:55 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Megaupload 2009-12-17 01:51 . 2009-12-17 01:51 -------- d-----w- c:\arquivos de programas\Megaupload 2009-12-17 01:51 . 2009-12-17 01:51 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\InstallShield 2009-12-13 21:57 . 2009-12-13 21:57 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help 2009-12-13 21:54 . 2009-12-09 14:52 -------- d-----w- c:\arquivos de programas\Microsoft.NET 2009-12-13 21:54 . 2009-12-13 21:52 -------- d-----w- c:\arquivos de programas\Microsoft SQL Server 2009-12-13 05:38 . 2009-12-12 23:10 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple 2009-12-12 23:13 . 2009-12-12 23:12 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-12-12 23:13 . 2009-12-12 23:12 -------- d-----w- c:\arquivos de programas\iTunes 2009-12-12 23:12 . 2009-12-12 23:12 -------- d-----w- c:\arquivos de programas\iPod 2009-12-12 23:12 . 2009-12-12 23:10 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Apple 2009-12-12 23:12 . 2009-12-12 23:11 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer 2009-12-12 23:12 . 2009-12-12 23:12 -------- d-----w- c:\arquivos de programas\Bonjour 2009-12-12 23:11 . 2009-12-12 23:11 -------- d-----w- c:\arquivos de programas\QuickTime 2009-12-12 23:11 . 2009-12-12 23:11 -------- d-----w- c:\arquivos de programas\Apple Software Update 2009-12-12 04:40 . 2009-12-12 04:40 -------- d-----w- c:\arquivos de programas\WoW-2.3.0.7561-enUS 2009-12-12 04:39 . 2009-12-12 04:39 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Blizzard Entertainment 2009-12-12 04:20 . 2009-12-12 04:20 -------- d-----w- c:\arquivos de programas\BreakPoint Software . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{14f0d511-36a2-41ca-ae01-ba4f87282c97}"= "c:\arquivos de programas\SHOUTcast Radio Toolbar\shoutcasttb.dll" [2008-09-17 1275176] [HKEY_CLASSES_ROOT\clsid\{14f0d511-36a2-41ca-ae01-ba4f87282c97}] [HKEY_CLASSES_ROOT\SHOUTcastTb.AOLTBSearch.1] [HKEY_CLASSES_ROOT\TypeLib\{8613efdf-b530-4b1d-b970-b09f99977813}] [HKEY_CLASSES_ROOT\SHOUTcastTb.AOLTBSearch] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" [2008-04-14 1695232] "PC Suite Tray"="c:\arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NokiaMServer"="c:\arquivos de programas\Arquivos comuns\Nokia\MPlatform\NokiaMServer" [X] "HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-20 110184] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-20 12669544] "RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464] "AdobeCS4ServiceManager"="c:\arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "QuickTime Task"="c:\arquivos de programas\QuickTime\QTTask.exe" [2009-09-05 417792] "iTunesHelper"="c:\arquivos de programas\iTunes\iTunesHelper.exe" [2009-10-28 141600] "Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-06-10 286720] "NokiaMusic FastStart"="c:\arquivos de programas\Nokia\Ovi Player\NokiaOviPlayer.exe" [2009-11-06 2090272] "mcagent_exe"="c:\arquivos de programas\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008] "McENUI"="c:\arquiv~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "WIAWizardMenu"="c:\windows\system32\sti_ci.dll" [2008-04-14 137216] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2009-03-08 128512] c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\ HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520] Orbit.lnk - c:\arquivos de programas\Orbitdownloader\orbitdm.exe [2009-12-3 1785104] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) "NoResolveTrack"= 1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^SQLBACKUPZIP.lnk] path=c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\SQLBACKUPZIP.lnk backup=c:\windows\pss\SQLBACKUPZIP.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"= "c:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"= "c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\xampp\\apache\\bin\\httpd.exe"= "c:\\Arquivos de programas\\Arquivos comuns\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Arquivos de programas\\TeamViewer\\Version5\\TeamViewer.exe"= "c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"= "c:\\Arquivos de programas\\iTunes\\iTunes.exe"= "c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\xampp\\mysql\\bin\\mysqld.exe"= "c:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"= "c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe "c:\\Nexon\\Combat Arms\\NMService.exe"= "c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"= "c:\\Server\\servidorpt.exe"= "c:\\Server\\Serverteste.exe"= "c:\\Nexon\\Combat Arms\\Engine.exe"= "c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"= "c:\\Arquivos de programas\\SpacialAudio\\SAMBC\\SAMBC.exe"= "c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"= "c:\\Server\\Server Radix PT.exe"= "c:\\Server\\Itens sem replace.exe"= "c:\\Arquivos de programas\\LiveZilla\\LiveZilla Server Admin.exe"= "c:\\Arquivos de programas\\Arquivos comuns\\McAfee\\MNA\\McNASvc.exe"= "c:\\Arquivos de programas\\Steam\\Steam.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [3/8/2004 23:45 14336] R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [9/12/2008 20:10 24636] R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\arquivos de programas\LogMeIn Hamachi\hamachi-2.exe [29/10/2009 12:27 1074568] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\arquivos de programas\McAfee\SiteAdvisor\McSACore.exe [24/1/2010 22:37 93320] S2 0238081264507318mcinstcleanup;McAfee Application Installer Cleanup (0238081264507318);c:\windows\TEMP\023808~1.EXE c:\arquiv~1\ARQUIV~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\023808~1.EXE c:\arquiv~1\ARQUIV~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?] S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe -s DefaultInstance --> c:\arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe -s DefaultInstance [?] S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance --> c:\arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance [?] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [23/12/2009 19:56 136704] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [23/12/2009 19:56 8320] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc Akamai REG_MULTI_SZ Akamai . Conteúdo da pasta 'Tarefas Agendadas' 2010-01-22 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34] 2010-01-25 c:\windows\Tasks\McDefragTask.job - c:\arquiv~1\mcafee\mqc\QcConsol.exe [2010-01-25 15:22] 2010-01-25 c:\windows\Tasks\McQcTask.job - c:\arquiv~1\mcafee\mqc\QcConsol.exe [2010-01-25 15:22] 2010-02-01 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2010-01-25 01:18] . . ------- Scan Suplementar ------- . uStart Page = about:blank uInternet Connection Wizard,ShellNext = hxxp://www.baixaki.com.br/ uInternet Settings,ProxyOverride = local IE: &Download by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204 IE: &SHOUTcast Search - c:\documents and settings\All Users\Dados de aplicativos\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html IE: Baixar Link Utiizando Gerenciador Mega... - c:\arquivos de programas\Megaupload\Mega Manager\mm_file.htm IE: Do&wnload selected by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202 IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: {55B9FC3D-8E0D-4E23-9BB8-72A77C722F2B} = 200.165.132.155,200.165.132.148 FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\x0ye2gvo.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-chromesbox-en-us&query= FF - prefs.js: browser.search.selectedEngine - Winamp Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-ab-en-us&query= FF - component: c:\arquivos de programas\McAfee\SiteAdvisor\components\McFFPlg.dll FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - component: c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\x0ye2gvo.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npwachk.dll FF - plugin: c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\npNxGameUS.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . - - - - ORFÃOS REMOVIDOS - - - - MSConfigStartUp-kill - c:\documents and settings\All Users\Dados de aplicativos\kill.exe ************************************************************************** Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: ************************************************************************** . Tempo para conclusão: 2010-02-01 20:48:28 ComboFix-quarantined-files.txt 2010-02-01 23:48 ComboFix2.txt 2010-01-26 13:23 Pré-execução: 22 pasta(s) 93.004.349.440 bytes disponíveis Pós execução: 23 pasta(s) 92.994.871.296 bytes disponíveis - - End Of File - - E3154D20D267BFF6327D0821A2C311FB HijackThis Logfile of Trend Micro HijackThis v2.0.2Scan saved at 20:51:14, on 1/2/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\RTHDCPL.EXE C:\Arquivos de programas\iTunes\iTunesHelper.exe C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe C:\Arquivos de programas\Orbitdownloader\orbitdm.exe C:\Arquivos de programas\Orbitdownloader\orbitnet.exe C:\WINDOWS\System32\svchost.exe C:\xampp\apache\bin\httpd.exe C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe C:\xampp\apache\bin\httpd.exe c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe C:\Arquivos de programas\McAfee\MSK\MskSrver.exe C:\xampp\mysql\bin\mysqld.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\ARQUIV~1\McAfee\MSC\mcregist.exe C:\Arquivos de programas\iPod\bin\iPodService.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PcSync2.exe C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe C:\Arquivos de programas\Arquivos comuns\Nokia\MPAPI\MPAPI3s.exe C:\Arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\ComboFix\CF30194.cfxxe C:\ComboFix\mbr.cfxxe C:\WINDOWS\explorer.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Documents and Settings\Administrador\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.baixaki.com.br/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R3 - URLSearchHook: SHOUTcast Toolbar Search Class - {14f0d511-36a2-41ca-ae01-ba4f87282c97} - C:\Arquivos de programas\SHOUTcast Radio Toolbar\shoutcasttb.dll O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\ARQUIV~1\mcafee\msk\mskapbho.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Arquivos de programas\McAfee\VirusScan\scriptsn.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Arquivos de programas\Megaupload\Mega Manager\MegaIEMn.dll O2 - BHO: SHOUTcast Loader - {ccec60fc-2608-4e58-9659-3ffc159e8ea9} - C:\Arquivos de programas\SHOUTcast Radio Toolbar\shoutcasttb.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: SHOUTcast Radio Toolbar - {0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} - C:\Arquivos de programas\SHOUTcast Radio Toolbar\shoutcasttb.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sNPSTD2] C:\WINDOWS\vsnpstd2.exe O4 - HKLM\..\Run: [NokiaMServer] C:\Arquivos de programas\Arquivos comuns\Nokia\MPlatform\NokiaMServer /watchfiles startup O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Arquivos de programas\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:faststart O4 - HKLM\..\Run: [mcagent_exe] "C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [McENUI] C:\ARQUIV~1\McAfee\MHN\McENUI.exe /hide O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [PC Suite Tray] "C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: &SHOUTcast Search - C:\Documents and Settings\All Users\Dados de aplicativos\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: Baixar Link Utiizando Gerenciador Mega... - C:\Arquivos de programas\Megaupload\Mega Manager\mm_file.htm O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{55B9FC3D-8E0D-4E23-9BB8-72A77C722F2B}: NameServer = 200.165.132.155,200.165.132.148 O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O23 - Service: McAfee Application Installer Cleanup (0238081264507318) (0238081264507318mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\023808~1.EXE (file missing) O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\httpd.exe O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing) O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2.exe O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Arquivos de programas\McAfee\MSK\MskSrver.exe O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld.exe O23 - Service: NMSAccessU - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe -- End of file - 13187 bytes Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Março 2, 2010 Outro analista pode assumir o caso? Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Março 9, 2010 Outro analista pode assumir o caso? :) Olá Encrypted! :seta: Siga, por gentileza, as dicas destes tutoriais: '>http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-malwarebytes-anti-malware.html"]Tutorial do Malwarebytes Anti-Malware '>http://dicasetutoriaisparapc.blogspot.com/2008/09/tutorial-do-antivirus-nod32-online.html"]Tutorial do antivirus Nod32 Online ______________________________ Na sua próxima resposta poste o log do Nod32 Online que estará em C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt juntamente com um novo log do Hijackthis e o log do Malwarebytes e nos diga, por gentileza, como está o seu PC após seguir estes procedimentos. Ficamos no aguardo de sua resposta. Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Abril 9, 2010 Tópico Arquivado Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado. Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura. Compartilhar este post Link para o post Compartilhar em outros sites
