Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Armiroke

[Arquivado] Suspeita de contaminação | Analisem meu log |

Recommended Posts

Estou com uma suspeita de contaminação, por exemplo se eu estivesse conversando no msn e a janela ficasse mto tempo sem nenhuma atividade, tipo que saía da janela ;/ e eu tinha que clicar dentro dela novamente para poder digitar, causava o mesmo efeito que se eu estivesse aqui e clicasse ali em baixo numa área vazia da barra de tarefas, isso me incomodava pq sempre tinha que clicar novamente dentro da janela, mas por via das dúvidas gostaria de postar aqui o log do combofix para vocês darem uma olhada, por enquanto eu acho que o problema desapareceu.

 

 

Log:

 

 

ComboFix 10-01-27.06 - Alan 28/01/2010 19:27:32.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.55.1046.18.767.391 [GMT -2:00]

Executando de: c:\documents and settings\Alan\Meus documentos\Downloads\ComboFix.exe

AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\Alan\Dados de aplicativos\.#

c:\documents and settings\Alan\Dados de aplicativos\inst.exe

c:\windows\system32\crt.dat

c:\windows\system32\Thumbs.db

c:\windows\system32\vbzlib1.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_DUMETERSVC

-------\Service_DUMeterSvc

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-12-28 to 2010-01-28 ))))))))))))))))))))))))))))

.

 

2010-01-28 20:33 . 2010-01-28 20:35 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\GetRightToGo

2010-01-27 21:04 . 2008-02-07 19:10 -------- d-----w- C:\ckis

2010-01-27 20:54 . 2010-01-27 22:46 95259 ----a-w- c:\windows\system32\drivers\klick.dat

2010-01-27 20:54 . 2010-01-27 22:46 108059 ----a-w- c:\windows\system32\drivers\klin.dat

2010-01-27 20:51 . 2010-01-28 21:43 39456 --sha-w- c:\windows\system32\drivers\fidbox.dat

2010-01-27 20:51 . 2010-01-28 21:41 36384 --sha-w- c:\windows\system32\drivers\fidbox2.dat

2010-01-27 20:51 . 2010-01-27 20:51 -------- d-----w- c:\arquivos de programas\Kaspersky Lab

2010-01-27 20:48 . 2010-01-27 20:48 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files

2010-01-26 18:02 . 2010-01-26 18:02 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\McAfee

2010-01-25 16:51 . 2008-10-10 18:01 26624 ----a-r- c:\windows\system32\LGDispDrv.dll

2010-01-25 16:51 . 2008-10-10 18:01 147456 ----a-r- c:\windows\system32\LgExport.dll

2010-01-25 16:50 . 2010-01-25 16:50 -------- d-----w- c:\arquivos de programas\LG Soft India

2010-01-25 16:41 . 2010-01-25 16:41 -------- d-----w- c:\arquivos de programas\NVIDIA Corporation

2010-01-25 14:48 . 2009-09-09 10:43 210352 ----a-w- c:\windows\system32\idmmbc.dll

2010-01-24 13:19 . 2010-01-12 17:19 30536 ----a-w- c:\windows\system32\TURegOpt.exe

2010-01-24 13:19 . 2010-01-12 17:13 30024 ----a-w- c:\windows\system32\uxtuneup.dll

2010-01-24 13:18 . 2010-01-24 13:22 -------- d-----w- c:\arquivos de programas\TuneUp Utilities 2010

2010-01-23 19:47 . 2010-01-23 19:47 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\GrabPro

2010-01-23 19:46 . 2010-01-23 21:00 -------- d-----w- c:\arquivos de programas\Orbitdownloader

2010-01-23 19:46 . 2010-01-23 20:45 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\Orbit

2010-01-22 03:49 . 2010-01-26 11:54 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\IDM

2010-01-22 03:49 . 2010-01-28 20:36 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\DMCache

2010-01-22 03:48 . 2010-01-28 18:53 -------- d-----w- c:\arquivos de programas\Internet Download Manager

2010-01-22 03:20 . 2010-01-23 17:48 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\FileZilla

2010-01-22 03:18 . 2010-01-22 03:24 -------- d-----w- c:\arquivos de programas\FileZilla FTP Client

2010-01-21 22:09 . 2010-01-21 22:09 -------- d-----w- c:\windows\system32\%PersonalRootCertificateFolder%

2010-01-21 22:04 . 2010-01-21 22:04 -------- d-----w- c:\arquivos de programas\What's my computer doing

2010-01-21 22:01 . 2010-01-21 22:01 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\Hagel Technologies

2010-01-21 22:01 . 2010-01-25 20:56 -------- d-----w- c:\arquivos de programas\TweakMASTER

2010-01-21 20:22 . 2010-01-22 05:57 -------- d-----w- c:\arquivos de programas\JDownloader

2010-01-19 17:47 . 2010-01-19 17:47 19072 ----a-w- c:\windows\system32\drivers\PS2.sys

2010-01-19 02:55 . 2010-01-19 03:06 -------- d-----w- c:\arquivos de programas\PcMedik

2010-01-18 10:05 . 2010-01-21 11:08 -------- d-----w- c:\arquivos de programas\JAM2

2010-01-17 15:20 . 2010-01-17 15:22 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\Mp3tag

2010-01-17 15:20 . 2010-01-17 15:20 -------- d-----w- c:\arquivos de programas\Mp3tag

2010-01-16 04:07 . 2005-01-19 02:15 28672 ----a-w- c:\windows\system32\regclass.dll

2010-01-15 03:09 . 2010-01-15 02:53 42496 ----a-w- c:\windows\system32\XPize Logo.scr

2010-01-15 03:09 . 2010-01-15 02:53 1634304 ----a-w- c:\windows\system32\Windows XP 3D Flag.scr

2010-01-15 03:05 . 2010-01-15 03:05 -------- d-----w- c:\arquivos de programas\Anolis

2010-01-14 16:35 . 2010-01-16 06:58 -------- d-----w- c:\arquivos de programas\VirtualDJ

2010-01-14 14:45 . 2010-01-14 14:45 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java

2010-01-14 13:41 . 2010-01-14 13:43 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\{755AC846-7372-4AC8-8550-C52491DAA8BD}

2010-01-14 13:41 . 2010-01-21 11:05 -------- d-----w- c:\arquivos de programas\iTunes

2010-01-14 13:40 . 2010-01-14 13:40 -------- d-----w- c:\arquivos de programas\Bonjour

2010-01-14 05:38 . 2010-01-27 05:51 -------- d-----w- C:\LinhaDefensiva

2010-01-14 03:11 . 2010-01-14 03:11 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\NetMedia Providers

2010-01-14 03:11 . 2010-01-14 03:11 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\Publish Providers

2010-01-14 02:08 . 2010-01-14 02:08 -------- d-----w- c:\arquivos de programas\Sony Setup

2010-01-13 05:33 . 2010-01-13 05:33 -------- d-----w- c:\arquivos de programas\Alcohol Soft

2010-01-13 05:28 . 2010-01-13 05:28 717296 ----a-w- c:\windows\system32\drivers\sptd.sys

2010-01-12 05:58 . 2010-01-12 05:58 -------- d-----w- c:\arquivos de programas\SopCast

2010-01-12 05:57 . 2010-01-12 05:57 -------- d-----w- c:\arquivos de programas\Orban

2010-01-12 05:56 . 2010-01-12 05:58 -------- d-----w- c:\arquivos de programas\Megacubo

2010-01-12 00:17 . 2010-01-12 00:17 278120 ----a-w- c:\windows\system32\nvmccs.dll

2010-01-12 00:17 . 2010-01-12 00:17 154216 ----a-w- c:\windows\system32\nvsvc32.exe

2010-01-12 00:17 . 2010-01-12 00:17 145000 ----a-w- c:\windows\system32\nvcolor.exe

2010-01-12 00:17 . 2010-01-12 00:17 13666408 ----a-w- c:\windows\system32\nvcpl.dll

2010-01-12 00:17 . 2010-01-12 00:17 110696 ----a-w- c:\windows\system32\nvmctray.dll

2010-01-12 00:17 . 2010-01-12 00:17 81920 ----a-w- c:\windows\system32\nvwddi.dll

2010-01-10 14:22 . 2010-01-10 14:34 -------- d-----w- c:\arquivos de programas\eMule

2010-01-10 13:10 . 2010-01-10 13:10 8704 ----a-w- c:\windows\system32\SpOrder.dll

2010-01-10 13:09 . 2010-01-15 04:11 -------- d-----w- c:\arquivos de programas\IP Hider

2010-01-10 11:37 . 2010-01-10 11:42 -------- d-----w- c:\windows\uninstall\Hanf Baron XS

2010-01-10 11:37 . 2010-01-10 11:37 -------- d-----w- c:\windows\uninstall

2010-01-10 11:31 . 2002-10-05 03:04 921600 ----a-w- c:\windows\system32\vorbisenc.dll

2010-01-10 11:31 . 2002-10-05 03:04 188416 ----a-w- c:\windows\system32\vorbis.dll

2010-01-10 11:31 . 2002-10-05 03:04 45056 ----a-w- c:\windows\system32\ogg.dll

2010-01-10 11:31 . 2002-10-06 22:42 237568 ----a-w- c:\windows\system32\OggDS.dll

2010-01-10 11:31 . 2010-01-10 11:41 -------- d-----w- c:\arquivos de programas\rondomedia

2010-01-09 22:31 . 2010-01-09 22:31 -------- d-----w- c:\arquivos de programas\Image Mender

2010-01-09 07:33 . 2010-01-09 12:21 -------- d-----w- c:\arquivos de programas\Loaris Trojan Remover

2010-01-08 11:53 . 2010-01-08 11:54 -------- d-----w- c:\arquivos de programas\MP3Gain

2010-01-08 07:09 . 2010-01-08 07:09 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\URSoft

2010-01-08 07:09 . 2010-01-08 07:09 -------- d-----w- c:\arquivos de programas\Your Uninstaller 2010

2010-01-07 00:10 . 2010-01-21 10:42 -------- d-----w- c:\arquivos de programas\CoolSMS

2010-01-06 22:20 . 2010-01-06 22:20 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe AIR

2010-01-06 08:44 . 2009-12-14 14:44 39352 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys

2010-01-06 08:44 . 2009-12-14 14:44 88632 ----a-w- c:\windows\system32\drivers\CSCrySec.sys

2010-01-06 08:43 . 2010-01-28 21:43 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab

2010-01-01 20:17 . 2009-09-02 23:58 626688 ----a-w- c:\windows\system32\vp7vfw.dll

2010-01-01 20:17 . 2009-09-02 23:57 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll

2009-12-31 18:56 . 2009-12-31 18:56 -------- d-----w- c:\arquivos de programas\Arquivos comuns\CyberLink

2009-12-31 18:55 . 2010-01-06 04:07 -------- d-----w- c:\arquivos de programas\CyberLink

2009-12-31 18:55 . 2009-12-31 18:54 29480 ----a-w- c:\windows\system32\msxml3a.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-28 21:46 . 2010-01-27 20:51 32 --sha-w- c:\windows\system32\drivers\fidbox.idx

2010-01-28 21:43 . 2009-10-30 21:03 -------- d-----w- c:\arquivos de programas\cFosSpeed

2010-01-28 21:41 . 2010-01-27 20:51 5456 --sha-w- c:\windows\system32\drivers\fidbox2.idx

2010-01-28 21:19 . 2009-10-28 22:19 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\Lightcomm

2010-01-28 21:11 . 2009-12-18 16:34 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\SUPERAntiSpyware.com

2010-01-28 21:11 . 2009-11-21 13:06 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard

2010-01-28 20:38 . 2009-09-12 00:07 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\iolo

2010-01-28 20:26 . 2010-01-28 20:08 12456196 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\IDM\DwnlData\Alan\a2FreeSetup_45\a2FreeSetup.exe

2010-01-28 18:53 . 2009-12-13 05:10 -------- d-----w- c:\arquivos de programas\Mozilla Thunderbird

2010-01-28 14:14 . 2009-12-18 16:34 -------- d-----w- c:\arquivos de programas\SUPERAntiSpyware

2010-01-28 04:23 . 2009-09-12 00:07 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\iolo

2010-01-27 23:32 . 2009-12-02 09:21 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2010-01-27 22:51 . 2007-10-31 15:41 112144 ----a-w- c:\windows\system32\drivers\kl1.sys

2010-01-27 22:46 . 2010-01-27 22:46 25104 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\ushata.dll

2010-01-27 22:46 . 2010-01-27 22:46 112144 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\X86\kl1.sys

2010-01-27 22:46 . 2010-01-27 22:46 772624 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\updater.dll

2010-01-27 22:45 . 2010-01-27 22:45 150032 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\diffs.dll

2010-01-27 22:45 . 2010-01-27 22:45 354832 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\ckahum.dll

2010-01-27 18:07 . 2009-10-31 02:33 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2010-01-27 00:42 . 2004-08-04 12:00 83670 ----a-w- c:\windows\system32\perfc016.dat

2010-01-27 00:42 . 2004-08-04 12:00 479350 ----a-w- c:\windows\system32\perfh016.dat

2010-01-26 11:53 . 2010-01-22 03:51 198064 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\IDM\idmmzcc3\components\idmmzcc.dll

2010-01-26 01:53 . 2009-09-12 00:03 -------- d-----w- c:\arquivos de programas\Opera 10 Beta

2010-01-25 16:50 . 2009-09-12 06:16 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2010-01-25 15:32 . 2010-01-23 01:03 28672 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\IDM\NP_IDM5.dll

2010-01-25 15:32 . 2010-01-23 01:03 28672 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\IDM\NP_IDM4.dll

2010-01-25 15:32 . 2010-01-23 01:03 28672 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\IDM\NP_IDM3.dll

2010-01-25 15:32 . 2010-01-23 01:03 28672 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\IDM\NP_IDM2.dll

2010-01-25 15:32 . 2010-01-23 01:03 28672 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\IDM\NP_IDM1.dll

2010-01-24 21:40 . 2009-10-10 03:05 -------- d-----w- c:\arquivos de programas\DU Meter

2010-01-24 17:10 . 2009-11-08 16:10 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\Vso

2010-01-21 21:51 . 2009-10-10 03:05 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Hagel Technologies

2010-01-21 11:07 . 2009-12-16 01:17 -------- d-----w- c:\arquivos de programas\SeaMonkey

2010-01-21 11:05 . 2009-09-13 04:13 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Apple

2010-01-21 10:51 . 2009-10-11 14:26 -------- d-----w- c:\arquivos de programas\Driver Sweeper

2010-01-21 10:48 . 2009-12-02 13:04 -------- d-----w- c:\arquivos de programas\Driver Magician

2010-01-20 23:05 . 2009-09-24 18:02 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2010-01-20 22:14 . 2009-09-12 04:17 -------- d-----w- c:\arquivos de programas\Microsoft Silverlight

2010-01-16 03:22 . 2009-09-12 01:07 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2010-01-16 02:51 . 2009-09-12 00:54 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2010-01-15 03:12 . 2009-12-13 19:46 -------- d-----w- c:\arquivos de programas\7-Zip

2010-01-15 03:12 . 2009-09-20 12:40 -------- d-----w- c:\arquivos de programas\Windows Desktop Search

2010-01-15 03:10 . 2004-08-04 12:00 2789888 ----a-w- c:\windows\system32\logonui.exe

2010-01-15 03:10 . 2004-08-04 12:00 101376 ----a-w- c:\windows\system32\tcpmonui.dll

2010-01-15 03:10 . 2004-08-04 12:00 541184 ----a-w- c:\windows\system32\sti_ci.dll

2010-01-15 03:10 . 2004-08-04 12:00 829952 ----a-w- c:\windows\system32\rasdlg.dll

2010-01-15 03:10 . 2004-08-04 12:00 201728 ----a-w- c:\windows\system32\mdminst.dll

2010-01-15 03:10 . 2004-08-04 12:00 399360 ----a-w- c:\windows\system32\fsquirt.exe

2010-01-15 03:10 . 2004-08-04 12:00 222208 ----a-w- c:\windows\system32\fldrclnr.dll

2010-01-15 03:10 . 2004-08-04 12:00 808960 ----a-w- c:\windows\system32\dmdlgs.dll

2010-01-15 03:09 . 2004-08-04 12:00 219648 ----a-w- c:\windows\system32\uxtheme.dll

2010-01-15 03:09 . 2004-08-04 12:00 708608 ----a-w- c:\windows\system32\sstext3d.scr

2010-01-15 03:09 . 2004-08-04 12:00 634880 ----a-w- c:\windows\system32\sspipes.scr

2010-01-15 03:09 . 2004-08-04 12:00 733184 ----a-w- c:\windows\system32\ss3dfo.scr

2010-01-15 03:09 . 2004-08-04 12:00 417792 ----a-w- c:\windows\system32\ssflwbox.scr

2010-01-15 03:09 . 2004-08-04 12:00 33792 ----a-w- c:\windows\system32\scrnsave.scr

2010-01-15 03:07 . 2004-08-04 12:00 386560 ----a-w- c:\windows\system32\msieftp.dll

2010-01-15 03:06 . 2009-09-11 23:36 88576 ----a-w- c:\windows\system32\remotepg.dll

2010-01-14 14:45 . 2010-01-14 14:45 503808 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-6992b684-n\msvcp71.dll

2010-01-14 14:45 . 2010-01-14 14:45 348160 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-6992b684-n\msvcr71.dll

2010-01-14 14:45 . 2010-01-14 14:45 499712 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-6992b684-n\jmc.dll

2010-01-14 14:45 . 2010-01-14 14:45 61440 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-6992b684-n\decora-sse.dll

2010-01-14 14:45 . 2010-01-14 14:45 12800 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-6992b684-n\decora-d3d.dll

2010-01-14 14:44 . 2010-01-14 14:44 114688 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-36e2bf13-n\jogl_cg.dll

2010-01-14 14:44 . 2010-01-14 14:44 315392 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-36e2bf13-n\jogl.dll

2010-01-14 14:44 . 2010-01-14 14:44 20480 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-36e2bf13-n\jogl_awt.dll

2010-01-14 14:44 . 2010-01-14 14:44 20480 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\45\4f710eed-3361dd68-n\gluegen-rt.dll

2010-01-14 14:43 . 2009-09-12 01:10 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-01-14 13:54 . 2009-09-13 04:20 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\Apple Computer

2010-01-14 13:41 . 2009-11-24 17:04 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer

2010-01-14 13:12 . 2009-10-01 02:14 181120 ------w- c:\windows\system32\MpSigStub.exe

2010-01-14 02:16 . 2009-09-14 17:59 -------- d-----w- c:\arquivos de programas\Sony

2010-01-13 12:10 . 2009-09-12 01:22 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2010-01-12 04:03 . 2010-01-25 16:39 61440 ----a-w- c:\windows\system32\OpenCL.dll

2010-01-12 04:03 . 2010-01-25 16:39 10276768 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2010-01-12 04:03 . 2010-01-25 16:39 2259560 ----a-w- c:\windows\system32\nvcuvid.dll

2010-01-12 04:03 . 2010-01-25 16:39 14458880 ----a-w- c:\windows\system32\nvoglnt.dll

2010-01-12 04:03 . 2010-01-25 16:39 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll

2010-01-12 04:03 . 2010-01-25 16:39 4104192 ----a-w- c:\windows\system32\nvcuda.dll

2010-01-12 04:03 . 2010-01-25 16:39 182888 ----a-w- c:\windows\system32\nvcodins.dll

2010-01-12 04:03 . 2010-01-25 16:39 182888 ----a-w- c:\windows\system32\nvcod.dll

2010-01-12 04:03 . 2010-01-25 16:39 11632640 ----a-w- c:\windows\system32\nvcompiler.dll

2010-01-12 04:03 . 2010-01-25 16:39 1081344 ----a-w- c:\windows\system32\nvapi.dll

2010-01-12 04:03 . 2010-01-25 16:39 6359168 ----a-w- c:\windows\system32\nv4_disp.dll

2010-01-12 04:03 . 2010-01-25 16:39 2283526 ----a-w- c:\windows\system32\nvdata.bin

2010-01-09 02:39 . 2009-09-12 04:12 -------- d-----w- c:\arquivos de programas\Microsoft SQL Server Compact Edition

2010-01-07 08:45 . 2009-12-23 02:53 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-01-07 08:45 . 2010-01-07 08:45 5061520 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2010-01-06 22:20 . 2010-01-06 22:21 38784 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2010-01-06 22:20 . 2010-01-06 22:21 38784 ----a-w- c:\documents and settings\Default User\Dados de aplicativos\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2010-01-06 08:37 . 2009-09-11 23:58 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\ESET

2010-01-06 04:24 . 2010-01-06 04:24 79488 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\Sun\Java\jre1.6.0_17\gtapi.dll

2010-01-06 04:04 . 2009-12-31 18:54 53319 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP\{8C20787A-7402-4FA7-BF25-6E5750930FDC}\PostBuild.exe

2010-01-03 00:35 . 2009-11-02 16:14 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\Audacity

2010-01-01 20:18 . 2009-11-08 16:10 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys

2010-01-01 20:18 . 2009-11-08 16:10 47360 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\pcouffin.sys

2010-01-01 20:18 . 2009-11-08 16:10 47360 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\pcouffin.sys

2010-01-01 20:17 . 2009-11-08 16:09 -------- d-----w- c:\arquivos de programas\VSO

2010-01-01 14:55 . 2010-01-01 14:55 10134 ----a-r- c:\documents and settings\Alan\Dados de aplicativos\Microsoft\Installer\{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}\ARPPRODUCTICON.exe

2010-01-01 08:18 . 2009-12-18 11:50 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\runic games

.

 

------- Sigcheck -------

 

[-] 2009-10-31 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\TCPIP.SYS

[-] 2009-10-31 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\TCPIP.SYS

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys

[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\TCPIP.SYS

[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys

 

[-] 2010-01-15 . 063CFCB5320A1FAD700680D60F9CEE3D . 1087488 . . [6.00.2900.5512] . . c:\windows\explorer.exe

[7] 2008-04-13 . 064EC7FF5F58B928C3E119402977FA6D . 1035776 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\explorer.exe

[7] 2008-04-13 . 064EC7FF5F58B928C3E119402977FA6D . 1035776 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe

[7] 2004-08-04 . FA61A19050AE14BEC1A26DE82390DD65 . 1034240 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe

 

[-] 2010-01-15 . E21CADF65FA546C213634EDE63ACE389 . 30208 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe

[7] 2008-04-13 . 4E486ADFE3A0B9ED0EB0639902E9F64F . 15360 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ctfmon.exe

[7] 2008-04-13 . 4E486ADFE3A0B9ED0EB0639902E9F64F . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe

[7] 2004-08-04 . F40BC97996B8E53799EEF1D63996674B . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"VX1000"="c:\windows\vVX1000.exe" [2009-06-26 757248]

"ooccctrl.exe"="c:\arquivos de programas\OO Software\CleverCache\ooccctrl.exe" [2007-01-28 1911568]

"hpqSRMon"="c:\arquivos de programas\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]

"USB Antivirus"="c:\arquivos de programas\USB Disk Security\USBGuard.exe" [2009-10-09 815104]

"TweakMASTER"="c:\arquivos de programas\TweakMASTER\TMTray.exe" [2010-01-21 322608]

"AudioDeck"="c:\arquivos de programas\VIA\VIAudioi\SBADeck\ADeck.exe" [2007-08-09 528384]

"LifeCam"="c:\arquivos de programas\Microsoft LifeCam\LifeExp.exe" [2009-07-24 118640]

"cFosSpeed"="c:\arquivos de programas\cFosSpeed\cFosSpeed.exe" [2009-10-30 977624]

"CloneCDTray"="c:\arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-12 13666408]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\arquiv~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

 

c:\documents and settings\Alan\Menu Iniciar\Programas\Inicializar\

Ferramenta de Verifica‡Æo de M¡dia do PMB.lnk - c:\arquivos de programas\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-1-1 333088]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\arquivos de programas\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKLM\~\startupfolder\C:^Documents and Settings^Alan^Menu Iniciar^Programas^Inicializar^Stardock ObjectDock.lnk]

backup=c:\windows\pss\Stardock ObjectDock.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Alan^Menu Iniciar^Programas^Inicializar^Styler.lnk]

backup=c:\windows\pss\Styler.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^What's my computer doing.lnk]

backup=c:\windows\pss\What's my computer doing.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Windows Search.lnk]

backup=c:\windows\pss\Windows Search.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2009-09-19 03:20 133104 ----atw- c:\documents and settings\Alan\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2004-04-17 15:41 196608 ----a-w- c:\arquiv~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

2004-04-13 09:07 69632 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-01-11 17:21 246504 ----a-w- c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Opera 10 Beta\\opera.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Arquivos de programas\\Microsoft LifeCam\\LifeExp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqpse.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=

"c:\\Documents and Settings\\Alan\\Configurações locais\\Dados de aplicativos\\Google\\Google Talk Plugin\\googletalkplugin.dll"=

"c:\\Documents and Settings\\Alan\\Configurações locais\\Dados de aplicativos\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Microsoft LifeCam\\LifeCam.exe"=

"c:\\Arquivos de programas\\Microsoft LifeCam\\LifeEnC2.exe"=

"c:\\Arquivos de programas\\Microsoft LifeCam\\LifeTray.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Arquivos de programas\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\Arquivos de programas\\Opera\\opera.exe"=

"c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"c:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Documents and Settings\\All Users\\Dados de aplicativos\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\Brazilian\\setup.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"56740:TCP"= 56740:TCP:Pando Media Booster

"56740:UDP"= 56740:UDP:Pando Media Booster

 

R0 63780202;63780202 Boot Guard Driver;c:\windows\system32\drivers\63780202.sys [1/12/2009 13:34 37392]

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13/1/2010 03:28 717296]

R1 63780201;63780201;c:\windows\system32\drivers\63780201.sys [1/12/2009 13:34 128016]

R1 setup_9.0.0.722_26.11.2009_09-03drv;setup_9.0.0.722_26.11.2009_09-03drv;c:\windows\system32\drivers\6378020.sys [1/12/2009 13:34 315408]

R2 ioloFileInfoList;iolo FileInfoList Service;c:\arquivos de programas\iolo\Common\Lib\ioloServiceManager.exe [4/12/2009 07:04 650160]

R2 ioloSystemService;iolo System Service;c:\arquivos de programas\iolo\Common\Lib\ioloServiceManager.exe [4/12/2009 07:04 650160]

R2 Prvflder;Prvflder;c:\windows\system32\drivers\prvflder.sys [21/4/2006 08:22 70912]

R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\arquivos de programas\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [12/1/2010 15:16 1043784]

R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [8/12/2009 12:40 17984]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13/12/2007 13:28 24592]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [10/6/2002 00:09 31232]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\arquivos de programas\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14/10/2009 07:24 10064]

S2 gupdate1ca59d74f36cc74;Google Update Service (gupdate1ca59d74f36cc74);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [31/10/2009 01:07 133104]

S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [25/10/2009 01:43 6016]

S3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys --> c:\windows\system32\DRIVERS\GenericMount.sys [?]

S3 LGDDCDevice;LGDDCDevice;c:\arquivos de programas\LG Soft India\forteManager\bin\I2CDriver.sys [25/1/2010 14:50 14336]

S3 LGII2CDevice;LGII2CDevice;c:\arquivos de programas\LG Soft India\forteManager\bin\PII2CDriver.sys [25/1/2010 14:50 18432]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [25/10/2009 01:43 19712]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [25/10/2009 01:43 8320]

S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [25/10/2009 01:43 42752]

S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [25/10/2009 01:43 23296]

S3 viafilter;VIA USB Filter;c:\windows\system32\drivers\viausb1.sys [2/12/2009 11:22 9728]

S3 VIASens;Vinyl Sensaura WDM 3D Audio Driver;c:\windows\system32\drivers\viasens.sys [7/11/2003 08:07 391680]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-01-26 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34]

 

2010-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-10-31 03:07]

 

2010-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-10-31 03:07]

 

2010-01-28 c:\windows\Tasks\Verificação de problemas automática.job

- c:\arquivos de programas\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2010-01-12 17:22]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.microsoft.com

mStart Page = hxxp://www.microsoft.com

mWindow Title = Microsoft Internet Explorer

uInternet Settings,ProxyOverride = *.local

IE: Adicionar ao Anti-Banner - c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm

IE: Baixar com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dllink.htm

IE: Baixar tudo com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlall.htm

IE: Baixar vídeo com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlfvideo.htm

IE: Download all links with IDM - c:\arquivos de programas\Internet Download Manager\IEGetAll.htm

IE: Download FLV video content with IDM - c:\arquivos de programas\Internet Download Manager\IEGetVL.htm

IE: Download selecionado pelo Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlselected.htm

IE: Download with IDM - c:\arquivos de programas\Internet Download Manager\IEExt.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: {3E28D559-2A59-4DDF-AE73-A93DC34A5161} = 208.67.222.222,208.67.220.220

DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab

FF - ProfilePath - c:\documents and settings\Alan\Dados de aplicativos\Mozilla\Firefox\Profiles\huqc20qd.default\

FF - component: c:\arquivos de programas\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll

FF - component: c:\documents and settings\Alan\Dados de aplicativos\IDM\idmmzcc3\components\idmmzcc.dll

FF - component: c:\documents and settings\Alan\Dados de aplicativos\Mozilla\Firefox\Profiles\huqc20qd.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\npAFOM.dll

FF - plugin: c:\arquivos de programas\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\arquivos de programas\Opera 10 Beta\program\plugins\np_gp.dll

FF - plugin: c:\arquivos de programas\Opera 10 Beta\program\plugins\np_gp.dll

FF - plugin: c:\arquivos de programas\Opera 10 Beta\program\plugins\npdsplay.dll

FF - plugin: c:\arquivos de programas\Opera 10 Beta\program\plugins\NPOFF12.DLL

FF - plugin: c:\arquivos de programas\Opera 10 Beta\program\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\Opera 10 Beta\program\plugins\npqtplugin.dll

FF - plugin: c:\arquivos de programas\Opera 10 Beta\program\plugins\npqtplugin2.dll

FF - plugin: c:\arquivos de programas\Opera 10 Beta\program\plugins\npqtplugin3.dll

FF - plugin: c:\arquivos de programas\Opera 10 Beta\program\plugins\npqtplugin4.dll

FF - plugin: c:\arquivos de programas\Opera 10 Beta\program\plugins\npqtplugin5.dll

FF - plugin: c:\arquivos de programas\Opera 10 Beta\program\plugins\npqtplugin6.dll

FF - plugin: c:\arquivos de programas\Opera 10 Beta\program\plugins\npqtplugin7.dll

FF - plugin: c:\arquivos de programas\Opera 10 Beta\program\plugins\nprpjplug.dll

FF - plugin: c:\arquivos de programas\Opera 10 Beta\program\plugins\NPSWF32.dll

FF - plugin: c:\arquivos de programas\Opera 10 Beta\program\plugins\npwmsdrm.dll

FF - plugin: c:\arquivos de programas\Virtools\3D Life Player\nppl3260.dll

FF - plugin: c:\arquivos de programas\Virtools\3D Life Player\nprpjplug.dll

FF - plugin: c:\arquivos de programas\Virtools\3D Life Player\npvirtools.dll

FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\documents and settings\Alan\Dados de aplicativos\Mozilla\Firefox\Profiles\huqc20qd.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll

FF - plugin: c:\documents and settings\Alan\Dados de aplicativos\Mozilla\plugins\npgoogletalk.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

FF - user.js: network.http.max-connections-per-server - 6

FF - user.js: nglayout.initialpaint.delay - 750

FF - user.js: content.notify.interval - 750000

FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: network.http.max-persistent-connections-per-server - 3

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

.

------- Associação de arquivos/ficheiros -------

.

JSEFile=NOTEPAD.EXE %1

.

- - - - ORFÃOS REMOVIDOS - - - -

 

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-01-28 19:44

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

AudioDeck = c:\arquivos de programas\VIA\VIAudioi\SBADeck\ADeck.exe 1????????????????????????????????????????????????????????

 

Procurando ficheiros/arquivos ocultos ...

 

 

c:\windows\system32\sys_drv.dat 7028 bytes

c:\windows\system32\sys_drv_2.dat 6024 bytes

c:\windows\system32\WinFLdrv.sys 17984 bytes executable

c:\documents and settings\Alan\Dados de aplicativos\systemfl.$dk 990 bytes

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 4

 

**************************************************************************

 

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

 

device: opened successfully

user: MBR read successfully

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys hal.dll ACPI.sys atapi.sys spfc.sys >>UNKNOWN [0x82F8F938]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xf7572f28

\Driver\ACPI -> ACPI.sys @ 0xf73cdcb8

\Driver\atapi -> atapi.sys @ 0xf7388b40

IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9

ParseProcedure -> ntoskrnl.exe @ 0x8056ea15

\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9

ParseProcedure -> ntoskrnl.exe @ 0x8056ea15

NDIS: VIA Rhine II Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf727ebb0

PacketIndicateHandler -> NDIS.sys @ 0xf728ba21

SendHandler -> NDIS.sys @ 0xf726987b

user & kernel MBR OK

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_USERS\S-1-5-21-854245398-1214440339-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{25E0F91C-A38A-BA01-33E1-8D62C355C79F}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"abfkkhfkdlkllngpkidccjinfdgnnpejgf"=hex:69,61,6b,6c,6b,69,68,70,66,61,6e,68,

69,66,66,63,63,67,00,00

"maikhgnofpdcjjfmjlhpkdfihh"=hex:6f,61,62,6a,6f,66,64,6f,6e,6d,66,61,64,66,6e,

6b,66,70,6e,6b,6f,6a,6d,66,6c,67,65,6c,70,66,00,00

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]

"OOCC06.00.00.01WSSV"="1FC2F17C14E5349210309F5AE35379B22B1A43AA3AAF3B0D5A05F32E2AB184F054E58843813010731047281E248D09AC037AB909BBB01788BDD6973DB08FC023CC129A50F74F1F39EB9E719FADE3D9A78D1FCBDB0757FBF3ADE8CCA487098F717597DBA4938F126CB22E35504A9EB3EA9648D729AF06E67752633A152FB74204F4275644E365B155234F01A734A8F2819A1C8F774040E90186D355CA1F5941C9245766BBEAE65802B54236A09B12FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452BA7FD869164D67949DB7CE019D40AA5C280A4868A4C334F638AD57DF90DB71C754C9840625DF9574F49338E66BBBBA2161ACB74DBAC3455F1F4A16E45075409E32F37AF432338BA12C57B39AEFA0558E10A01B9DA288E881816D4C56CED14A40C149A89B0288246D06BC2947D571805694E905C931B0D94EB2BEA94AE404F5956D30F759110511D7A18B5E38E081DBB3DED13A238E6246579BA68EBAC1A12029B0D30874B34FFD84AD51CF99282BFE02F66432E0384853D3B5D4110A674597AC9B232B14101407BE715C2DFE19C9F4C57674999DFD0F959D11BAF9F9AA10A171D2D1E6C4A0023EF14542595B713F39A38A17D0D605E919B5518E47B1352175F10E56767734CD272F175AEB8946EEBFE47824ECEFC60CDCBD2CCA2BBC06A240C81B6BC800EEAD3B2CE64131C5FE43ED78933A36AD0FB0D4FCEEAC090BED3B21B4D7910096C5DE67C0CBD6A733D6A69EEF473AA8BCFE16665E77B77CEF929D2C1C3A0CF25884A08DE9EDC083D55F8A9E811248752A8C7D6EF0B9B0D2236EF9E9064ADF2C46C9B502498AE3AC96F9E43086854D81687E2BBAE63DA28DBE4F87D51E23DAE8C287E68E24F1EEBDC460AD89FC49F7654D72690E179CDAE0C2D502DFB3770B1D97867E6E610C5206901DDF55071639EB94D9869FFC07EC379378A5EB3B09C16F715FCDD58F50400A0F11FEB06ABA45175CF7D49BB8BF2E2FF68137D2CDB11939DE02A6E5DF4DB201BAEE0DAE111A961B26E7289F0A1FB8981A8E7C60255DEA89573162BAA522655670BE94D4092A686159145B3F5B8FEA790A114154228B56A3AF03DBDFDB06D72AF05C211C0574BD84BF3ECA023411660C3D4FD2E248523EFCA76373561DC0CD4FE2784373D8195B5609FB5A62C636123D09E1833441D7CAC0DD108B132CB1D1CCCF16913D80C749DB45356DCEE3A518AE28372B6456D9E5CCD51C0C006DC7ACDE230D214F18C8D4CCEBA5EE2C031CE535BB12A482F928BFB4F96E62FA698971752F8892F263F59095D8DFCCCE3EE72DDB47074D93BDA74A3F16427B52CC90F1B32B880467463C51564849F784D5EC65DE317F880F5BCE3E64D9254DCC6889C870ADE19ADDCC20AE"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(1520)

c:\windows\system32\SETUPAPI.dll

c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll

c:\windows\system32\klogon.dll

c:\windows\system32\cscui.dll

 

- - - - - - - > 'lsass.exe'(1576)

c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll

c:\windows\system32\SETUPAPI.dll

c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll

c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll

 

- - - - - - - > 'explorer.exe'(3568)

c:\windows\system32\SHDOCVW.dll

c:\windows\system32\WININET.dll

c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll

c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll

c:\windows\System32\cscui.dll

c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll

c:\arquivos de programas\Microsoft Private Folder 1.0\ShellExt.dll

c:\windows\system32\PFLib.dll

c:\windows\system32\SETUPAPI.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\NETSHELL.dll

c:\windows\system32\msi.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\system32\nvsvc32.exe

c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

c:\arquivos de programas\cFosSpeed\spd.exe

c:\arquivos de programas\Microsoft LifeCam\MSCamS32.exe

c:\arquivos de programas\OO Software\CleverCache\ooccag.exe

c:\arquivos de programas\Raxco\PerfectDisk10\PDAgent.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\PnkBstrB.exe

c:\arquivos de programas\Microsoft Private Folder 1.0\PrfldSvc.exe

c:\arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

c:\arquivos de programas\Raxco\PerfectDisk10\PDEngine.exe

c:\windows\system32\wscntfy.exe

c:\arquivos de programas\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe

.

**************************************************************************

.

Tempo para conclusão: 2010-01-28 19:52:58 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-01-28 21:52

ComboFix2.txt 2009-11-08 14:22

 

Pré-execução: 17 pasta(s) 11.392.405.504 bytes disponíveis

Pós execução: 20 pasta(s) 11.324.977.152 bytes disponíveis

 

WindowsXP-KB310994-SP2-Home-BootDisk-PTB.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /NOGUIBOOT /BOOTLOGO

 

- - End Of File - - 11652021759A47B91FDE8F893F7490B7

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Armiroke! Há um resultado no log do ComboFix que precisamos verificar:

 

Stealth MBR rootkit/Mebroot/Sinowal detector

Isso pode ser causado por um driver do Daemon Tools, que você deve tê-lo tido instalado anteriormente, por isso temos de ver se há um rootkit de boot ou é por causa do programa citado.

 

Baixe o SPTDinst-v162-x86.exe e salve no desktop.

 

Execute o desinstalador e clique no botão Uninstall.

 

Este aplicativo é instalador e desinstalador ao mesmo tempo do driver do Daemon Tools. Se o driver está instalado, ao executá-lo, será removido. E vice-versa.

 

Rode o ComboFix e poste o novo ComboFix.txt.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Armiroke! Há um resultado no log do ComboFix que precisamos verificar:

 

Stealth MBR rootkit/Mebroot/Sinowal detector

Isso pode ser causado por um driver do Daemon Tools, que você deve tê-lo tido instalado anteriormente, por isso temos de ver se há um rootkit de boot ou é por causa do programa citado.

 

Baixe o SPTDinst-v162-x86.exe e salve no desktop.

 

Execute o desinstalador e clique no botão Uninstall.

 

Este aplicativo é instalador e desinstalador ao mesmo tempo do driver do Daemon Tools. Se o driver está instalado, ao executá-lo, será removido. E vice-versa.

 

Rode o ComboFix e poste o novo ComboFix.txt.

 

 

Olá Sam Spade, pelo que você me disse acredito que realmente seja um rootkit, pois a desinstalação não pode ser feita a opção "uninstall" fica desabilitada ;/

 

Espero novas instruções, desde já obrigado.

 

 

Ah, uma outra coisa que seria interessante dizer aqui, passei o mbr e os resultados foram esses:

 

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

 

device: opened successfully

user: MBR read successfully

kernel: MBR read successfully

user & kernel MBR OK

 

 

Será que ainda tem riscos de contaminação?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desculpa o flood, mas lembrei que eu uso o Ultra ISO que cria um Drive Virtual, então eu o desinstalei e passei de novo o Combofix. Acredito que era por causa do Ultra ISO, mas segue abaixo o log:

 

ComboFix 10-01-27.06 - Alan 31/01/2010 14:43:51.3.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.55.1046.18.767.375 [GMT -2:00]

Executando de: c:\documents and settings\Alan\Meus documentos\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-12-28 to 2010-01-31 ))))))))))))))))))))))))))))

.

 

2010-01-31 16:32 . 2010-01-31 16:38 12552 ----a-w- c:\windows\system32\drivers\hddirect.sys

2010-01-31 16:31 . 2010-01-31 16:21 77312 ----a-w- C:\mbr.exe

2010-01-31 05:59 . 2010-01-31 05:59 -------- d-----w- c:\arquivos de programas\uTorrent

2010-01-30 21:36 . 2010-01-30 21:37 -------- d-----w- c:\arquivos de programas\Microsoft Security Essentials

2010-01-30 18:43 . 2010-01-30 18:43 52224 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-01-30 18:43 . 2010-01-30 18:43 117760 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-01-30 14:51 . 2010-01-30 14:51 -------- d-----w- c:\arquivos de programas\AdvancedDefrag

2010-01-30 01:22 . 2008-10-10 18:01 26624 ----a-r- c:\windows\system32\LGDispDrv.dll

2010-01-30 01:22 . 2008-10-10 18:01 147456 ----a-r- c:\windows\system32\LgExport.dll

2010-01-30 01:21 . 2010-01-30 01:21 -------- d-----w- c:\arquivos de programas\LG Soft India

2010-01-30 01:13 . 2010-01-30 01:13 -------- d-----w- c:\arquivos de programas\NVIDIA Corporation

2010-01-29 05:59 . 2010-01-30 18:41 -------- d-----w- c:\arquivos de programas\a-squared Free

2010-01-28 20:33 . 2010-01-28 20:35 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\GetRightToGo

2010-01-27 21:04 . 2008-02-07 19:10 -------- d-----w- C:\ckis

2010-01-27 20:51 . 2010-01-27 20:51 -------- d-----w- c:\arquivos de programas\Kaspersky Lab

2010-01-27 20:48 . 2010-01-27 20:48 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files

2010-01-26 18:02 . 2010-01-26 18:02 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\McAfee

2010-01-25 14:48 . 2009-09-09 10:43 210352 ----a-w- c:\windows\system32\idmmbc.dll

2010-01-24 13:19 . 2010-01-12 17:19 30536 ----a-w- c:\windows\system32\TURegOpt.exe

2010-01-24 13:19 . 2010-01-12 17:13 30024 ----a-w- c:\windows\system32\uxtuneup.dll

2010-01-24 13:18 . 2010-01-24 13:22 -------- d-----w- c:\arquivos de programas\TuneUp Utilities 2010

2010-01-23 19:47 . 2010-01-23 19:47 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\GrabPro

2010-01-23 19:46 . 2010-01-23 21:00 -------- d-----w- c:\arquivos de programas\Orbitdownloader

2010-01-23 19:46 . 2010-01-23 20:45 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\Orbit

2010-01-23 01:03 . 2010-01-25 15:32 28672 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\IDM\NP_IDM5.dll

2010-01-23 01:03 . 2010-01-25 15:32 28672 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\IDM\NP_IDM4.dll

2010-01-23 01:03 . 2010-01-25 15:32 28672 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\IDM\NP_IDM3.dll

2010-01-23 01:03 . 2010-01-25 15:32 28672 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\IDM\NP_IDM2.dll

2010-01-23 01:03 . 2010-01-25 15:32 28672 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\IDM\NP_IDM1.dll

2010-01-22 06:12 . 2010-01-22 06:12 278120 ----a-w- c:\windows\system32\nvmccs.dll

2010-01-22 06:12 . 2010-01-22 06:12 154216 ----a-w- c:\windows\system32\nvsvc32.exe

2010-01-22 06:12 . 2010-01-22 06:12 145000 ----a-w- c:\windows\system32\nvcolor.exe

2010-01-22 06:12 . 2010-01-22 06:12 13666408 ----a-w- c:\windows\system32\nvcpl.dll

2010-01-22 06:12 . 2010-01-22 06:12 110696 ----a-w- c:\windows\system32\nvmctray.dll

2010-01-22 06:11 . 2010-01-22 06:11 81920 ----a-w- c:\windows\system32\nvwddi.dll

2010-01-22 03:51 . 2010-01-26 11:53 198064 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\IDM\idmmzcc3\components\idmmzcc.dll

2010-01-22 03:49 . 2010-01-30 14:45 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\IDM

2010-01-22 03:49 . 2010-01-31 15:21 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\DMCache

2010-01-22 03:48 . 2010-01-28 18:53 -------- d-----w- c:\arquivos de programas\Internet Download Manager

2010-01-22 03:20 . 2010-01-23 17:48 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\FileZilla

2010-01-22 03:18 . 2010-01-22 03:24 -------- d-----w- c:\arquivos de programas\FileZilla FTP Client

2010-01-21 22:09 . 2010-01-21 22:09 -------- d-----w- c:\windows\system32\%PersonalRootCertificateFolder%

2010-01-21 22:01 . 2010-01-21 22:01 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\Hagel Technologies

2010-01-21 22:01 . 2010-01-25 20:56 -------- d-----w- c:\arquivos de programas\TweakMASTER

2010-01-21 20:22 . 2010-01-22 05:57 -------- d-----w- c:\arquivos de programas\JDownloader

2010-01-19 17:47 . 2010-01-19 17:47 19072 ----a-w- c:\windows\system32\drivers\PS2.sys

2010-01-19 02:55 . 2010-01-19 03:06 -------- d-----w- c:\arquivos de programas\PcMedik

2010-01-18 10:05 . 2010-01-21 11:08 -------- d-----w- c:\arquivos de programas\JAM2

2010-01-17 15:20 . 2010-01-17 15:22 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\Mp3tag

2010-01-17 15:20 . 2010-01-17 15:20 -------- d-----w- c:\arquivos de programas\Mp3tag

2010-01-16 04:07 . 2005-01-19 02:15 28672 ----a-w- c:\windows\system32\regclass.dll

2010-01-15 03:09 . 2010-01-15 02:53 42496 ----a-w- c:\windows\system32\XPize Logo.scr

2010-01-15 03:09 . 2010-01-15 02:53 1634304 ----a-w- c:\windows\system32\Windows XP 3D Flag.scr

2010-01-15 03:05 . 2010-01-15 03:05 -------- d-----w- c:\arquivos de programas\Anolis

2010-01-14 16:35 . 2010-01-16 06:58 -------- d-----w- c:\arquivos de programas\VirtualDJ

2010-01-14 14:45 . 2010-01-14 14:45 503808 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-6992b684-n\msvcp71.dll

2010-01-14 14:45 . 2010-01-14 14:45 348160 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-6992b684-n\msvcr71.dll

2010-01-14 14:45 . 2010-01-14 14:45 499712 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-6992b684-n\jmc.dll

2010-01-14 14:45 . 2010-01-14 14:45 61440 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-6992b684-n\decora-sse.dll

2010-01-14 14:45 . 2010-01-14 14:45 12800 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-6992b684-n\decora-d3d.dll

2010-01-14 14:45 . 2010-01-14 14:45 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java

2010-01-14 14:44 . 2010-01-14 14:44 114688 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-36e2bf13-n\jogl_cg.dll

2010-01-14 14:44 . 2010-01-14 14:44 315392 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-36e2bf13-n\jogl.dll

2010-01-14 14:44 . 2010-01-14 14:44 20480 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-36e2bf13-n\jogl_awt.dll

2010-01-14 14:44 . 2010-01-14 14:44 20480 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\45\4f710eed-3361dd68-n\gluegen-rt.dll

2010-01-14 13:41 . 2010-01-14 13:43 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\{755AC846-7372-4AC8-8550-C52491DAA8BD}

2010-01-14 13:41 . 2010-01-21 11:05 -------- d-----w- c:\arquivos de programas\iTunes

2010-01-14 13:40 . 2010-01-14 13:40 -------- d-----w- c:\arquivos de programas\Bonjour

2010-01-14 05:38 . 2010-01-29 00:09 -------- d-----w- C:\LinhaDefensiva

2010-01-14 03:11 . 2010-01-14 03:11 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\NetMedia Providers

2010-01-14 03:11 . 2010-01-14 03:11 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\Publish Providers

2010-01-14 02:08 . 2010-01-14 02:08 -------- d-----w- c:\arquivos de programas\Sony Setup

2010-01-13 05:33 . 2010-01-13 05:33 -------- d-----w- c:\arquivos de programas\Alcohol Soft

2010-01-13 05:28 . 2010-01-13 05:28 717296 ----a-w- c:\windows\system32\drivers\sptd.sys

2010-01-12 05:58 . 2010-01-12 05:58 -------- d-----w- c:\arquivos de programas\SopCast

2010-01-12 05:57 . 2010-01-12 05:57 -------- d-----w- c:\arquivos de programas\Orban

2010-01-12 05:56 . 2010-01-12 05:58 -------- d-----w- c:\arquivos de programas\Megacubo

2010-01-11 07:49 . 2009-09-14 19:58 1291640 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\Mozilla\Firefox\Profiles\huqc20qd.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe

2010-01-11 07:49 . 2009-09-14 19:58 729088 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\Mozilla\Firefox\Profiles\huqc20qd.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll

2010-01-10 14:22 . 2010-01-10 14:34 -------- d-----w- c:\arquivos de programas\eMule

2010-01-10 13:10 . 2010-01-10 13:10 8704 ----a-w- c:\windows\system32\SpOrder.dll

2010-01-10 13:09 . 2010-01-15 04:11 -------- d-----w- c:\arquivos de programas\IP Hider

2010-01-10 11:37 . 2010-01-10 11:42 -------- d-----w- c:\windows\uninstall\Hanf Baron XS

2010-01-10 11:37 . 2010-01-10 11:37 -------- d-----w- c:\windows\uninstall

2010-01-10 11:31 . 2002-10-05 03:04 921600 ----a-w- c:\windows\system32\vorbisenc.dll

2010-01-10 11:31 . 2002-10-05 03:04 188416 ----a-w- c:\windows\system32\vorbis.dll

2010-01-10 11:31 . 2002-10-05 03:04 45056 ----a-w- c:\windows\system32\ogg.dll

2010-01-10 11:31 . 2002-10-06 22:42 237568 ----a-w- c:\windows\system32\OggDS.dll

2010-01-10 11:31 . 2010-01-10 11:41 -------- d-----w- c:\arquivos de programas\rondomedia

2010-01-09 22:31 . 2010-01-09 22:31 -------- d-----w- c:\arquivos de programas\Image Mender

2010-01-09 07:33 . 2010-01-09 12:21 -------- d-----w- c:\arquivos de programas\Loaris Trojan Remover

2010-01-08 11:53 . 2010-01-08 11:54 -------- d-----w- c:\arquivos de programas\MP3Gain

2010-01-08 07:09 . 2010-01-08 07:09 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\URSoft

2010-01-08 07:09 . 2010-01-08 07:09 -------- d-----w- c:\arquivos de programas\Your Uninstaller 2010

2010-01-07 00:10 . 2010-01-21 10:42 -------- d-----w- c:\arquivos de programas\CoolSMS

2010-01-06 22:21 . 2010-01-06 22:20 38784 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2010-01-06 22:21 . 2010-01-06 22:20 38784 ----a-w- c:\documents and settings\Default User\Dados de aplicativos\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2010-01-06 22:20 . 2010-01-06 22:20 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe AIR

2010-01-06 08:44 . 2009-12-14 14:44 39352 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys

2010-01-06 08:44 . 2009-12-14 14:44 88632 ----a-w- c:\windows\system32\drivers\CSCrySec.sys

2010-01-06 08:43 . 2010-01-30 11:33 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab

2010-01-06 04:24 . 2010-01-06 04:24 79488 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\Sun\Java\jre1.6.0_17\gtapi.dll

2010-01-01 20:17 . 2009-09-02 23:58 626688 ----a-w- c:\windows\system32\vp7vfw.dll

2010-01-01 20:17 . 2009-09-02 23:57 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-31 16:50 . 2009-10-30 21:03 -------- d-----w- c:\arquivos de programas\cFosSpeed

2010-01-31 16:39 . 2009-10-28 22:19 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\Lightcomm

2010-01-31 16:33 . 2009-09-12 00:07 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\iolo

2010-01-31 15:22 . 2009-12-13 05:10 -------- d-----w- c:\arquivos de programas\Mozilla Thunderbird

2010-01-31 15:21 . 2009-09-23 00:39 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\uTorrent

2010-01-31 05:56 . 2009-10-31 02:33 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2010-01-30 20:23 . 2009-09-12 00:03 -------- d-----w- c:\arquivos de programas\Opera 10 Beta

2010-01-30 18:42 . 2009-12-18 16:34 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\SUPERAntiSpyware.com

2010-01-30 01:21 . 2009-09-12 06:16 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2010-01-28 21:11 . 2009-11-21 13:06 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard

2010-01-28 14:14 . 2009-12-18 16:34 -------- d-----w- c:\arquivos de programas\SUPERAntiSpyware

2010-01-28 04:23 . 2009-09-12 00:07 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\iolo

2010-01-27 23:32 . 2009-12-02 09:21 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2010-01-27 00:42 . 2004-08-04 12:00 83670 ----a-w- c:\windows\system32\perfc016.dat

2010-01-27 00:42 . 2004-08-04 12:00 479350 ----a-w- c:\windows\system32\perfh016.dat

2010-01-24 21:40 . 2009-10-10 03:05 -------- d-----w- c:\arquivos de programas\DU Meter

2010-01-24 17:10 . 2009-11-08 16:10 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\Vso

2010-01-22 09:50 . 2010-01-30 01:11 61440 ----a-w- c:\windows\system32\OpenCL.dll

2010-01-22 09:50 . 2010-01-30 01:11 10276992 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2010-01-22 09:50 . 2010-01-30 01:11 2259560 ----a-w- c:\windows\system32\nvcuvid.dll

2010-01-22 09:50 . 2010-01-30 01:11 14458880 ----a-w- c:\windows\system32\nvoglnt.dll

2010-01-22 09:50 . 2010-01-30 01:11 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll

2010-01-22 09:50 . 2010-01-30 01:11 4104192 ----a-w- c:\windows\system32\nvcuda.dll

2010-01-22 09:50 . 2010-01-30 01:11 182888 ----a-w- c:\windows\system32\nvcodins.dll

2010-01-22 09:50 . 2010-01-30 01:11 182888 ----a-w- c:\windows\system32\nvcod.dll

2010-01-22 09:50 . 2010-01-30 01:11 11639400 ----a-w- c:\windows\system32\nvcompiler.dll

2010-01-22 09:50 . 2010-01-30 01:11 1081344 ----a-w- c:\windows\system32\nvapi.dll

2010-01-22 09:50 . 2010-01-30 01:11 6359168 ----a-w- c:\windows\system32\nv4_disp.dll

2010-01-22 09:50 . 2010-01-30 01:11 2283526 ----a-w- c:\windows\system32\nvdata.bin

2010-01-21 21:51 . 2009-10-10 03:05 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Hagel Technologies

2010-01-21 11:07 . 2009-12-16 01:17 -------- d-----w- c:\arquivos de programas\SeaMonkey

2010-01-21 11:05 . 2009-09-13 04:13 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Apple

2010-01-21 10:51 . 2009-10-11 14:26 -------- d-----w- c:\arquivos de programas\Driver Sweeper

2010-01-21 10:48 . 2009-12-02 13:04 -------- d-----w- c:\arquivos de programas\Driver Magician

2010-01-20 23:05 . 2009-09-24 18:02 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2010-01-20 22:14 . 2009-09-12 04:17 -------- d-----w- c:\arquivos de programas\Microsoft Silverlight

2010-01-16 03:22 . 2009-09-12 01:07 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2010-01-16 02:51 . 2009-09-12 00:54 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2010-01-15 03:12 . 2009-12-13 19:46 -------- d-----w- c:\arquivos de programas\7-Zip

2010-01-15 03:12 . 2009-09-20 12:40 -------- d-----w- c:\arquivos de programas\Windows Desktop Search

2010-01-15 03:10 . 2004-08-04 12:00 2789888 ----a-w- c:\windows\system32\logonui.exe

2010-01-15 03:10 . 2004-08-04 12:00 101376 ----a-w- c:\windows\system32\tcpmonui.dll

2010-01-15 03:10 . 2004-08-04 12:00 541184 ----a-w- c:\windows\system32\sti_ci.dll

2010-01-15 03:10 . 2004-08-04 12:00 829952 ----a-w- c:\windows\system32\rasdlg.dll

2010-01-15 03:10 . 2004-08-04 12:00 201728 ----a-w- c:\windows\system32\mdminst.dll

2010-01-15 03:10 . 2004-08-04 12:00 399360 ----a-w- c:\windows\system32\fsquirt.exe

2010-01-15 03:10 . 2004-08-04 12:00 222208 ----a-w- c:\windows\system32\fldrclnr.dll

2010-01-15 03:10 . 2004-08-04 12:00 808960 ----a-w- c:\windows\system32\dmdlgs.dll

2010-01-15 03:09 . 2004-08-04 12:00 219648 ----a-w- c:\windows\system32\uxtheme.dll

2010-01-15 03:09 . 2004-08-04 12:00 708608 ----a-w- c:\windows\system32\sstext3d.scr

2010-01-15 03:09 . 2004-08-04 12:00 634880 ----a-w- c:\windows\system32\sspipes.scr

2010-01-15 03:09 . 2004-08-04 12:00 733184 ----a-w- c:\windows\system32\ss3dfo.scr

2010-01-15 03:09 . 2004-08-04 12:00 417792 ----a-w- c:\windows\system32\ssflwbox.scr

2010-01-15 03:09 . 2004-08-04 12:00 33792 ----a-w- c:\windows\system32\scrnsave.scr

2010-01-15 03:07 . 2004-08-04 12:00 386560 ----a-w- c:\windows\system32\msieftp.dll

2010-01-15 03:06 . 2009-09-11 23:36 88576 ----a-w- c:\windows\system32\remotepg.dll

2010-01-14 14:43 . 2009-09-12 01:10 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-01-14 13:54 . 2009-09-13 04:20 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\Apple Computer

2010-01-14 13:41 . 2009-11-24 17:04 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer

2010-01-14 13:12 . 2009-10-01 02:14 181120 ------w- c:\windows\system32\MpSigStub.exe

2010-01-14 02:16 . 2009-09-14 17:59 -------- d-----w- c:\arquivos de programas\Sony

2010-01-13 12:10 . 2009-09-12 01:22 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2010-01-09 02:39 . 2009-09-12 04:12 -------- d-----w- c:\arquivos de programas\Microsoft SQL Server Compact Edition

2010-01-06 08:37 . 2009-09-11 23:58 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\ESET

2010-01-06 04:07 . 2009-12-31 18:55 -------- d-----w- c:\arquivos de programas\CyberLink

2010-01-06 04:04 . 2009-12-31 18:54 53319 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP\{8C20787A-7402-4FA7-BF25-6E5750930FDC}\PostBuild.exe

2010-01-03 00:35 . 2009-11-02 16:14 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\Audacity

2010-01-01 20:18 . 2009-11-08 16:10 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys

2010-01-01 20:18 . 2009-11-08 16:10 47360 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\pcouffin.sys

2010-01-01 20:18 . 2009-11-08 16:10 47360 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\pcouffin.sys

2010-01-01 20:17 . 2009-11-08 16:09 -------- d-----w- c:\arquivos de programas\VSO

2010-01-01 14:55 . 2010-01-01 14:55 10134 ----a-r- c:\documents and settings\Alan\Dados de aplicativos\Microsoft\Installer\{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}\ARPPRODUCTICON.exe

2010-01-01 08:18 . 2009-12-18 11:50 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\runic games

2010-01-01 08:18 . 2009-12-18 11:44 -------- d-----w- c:\arquivos de programas\Runic Games

2010-01-01 03:10 . 2009-12-26 02:52 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\Skype

2010-01-01 02:21 . 2009-12-26 04:23 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\skypePM

2009-12-31 22:34 . 2009-09-13 22:53 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\CyberLink

2009-12-31 22:34 . 2009-09-12 19:30 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\CyberLink

2009-12-31 18:56 . 2009-12-31 18:56 -------- d-----w- c:\arquivos de programas\Arquivos comuns\CyberLink

2009-12-31 18:54 . 2009-12-31 18:55 29480 ----a-w- c:\windows\system32\msxml3a.dll

2009-12-31 07:49 . 2009-10-09 15:41 -------- d-----w- c:\arquivos de programas\USB Disk Security

2009-12-29 07:38 . 2009-11-25 21:02 -------- d-----w- c:\arquivos de programas\NetScream

2009-12-29 06:20 . 2009-12-24 21:04 -------- d-----w- c:\arquivos de programas\SlySoft

2009-12-29 01:53 . 2009-12-29 01:53 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Elaborate Bytes

2009-12-29 01:49 . 2009-12-29 01:49 -------- d-----w- c:\arquivos de programas\Elaborate Bytes

2009-12-27 14:16 . 2009-12-02 00:44 -------- d-----w- c:\documents and settings\NetworkService\Dados de aplicativos\iolo

2009-12-26 04:23 . 2009-12-26 04:23 56 ---ha-w- c:\windows\system32\ezsidmv.dat

2009-12-26 02:51 . 2009-12-26 02:51 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Skype

2009-12-26 02:51 . 2009-12-26 02:51 -------- d-----r- c:\arquivos de programas\Skype

2009-12-26 02:51 . 2009-12-26 02:51 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Skype

2009-12-24 21:08 . 2009-12-24 21:08 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SlySoft

2009-12-24 17:28 . 2009-12-22 19:56 -------- d-----w- c:\arquivos de programas\Opera

2009-12-23 02:53 . 2009-12-23 02:53 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\Malwarebytes

2009-12-23 02:53 . 2009-12-23 02:53 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-12-21 19:08 . 2004-08-04 12:00 916480 ------w- c:\windows\system32\wininet.dll

2009-12-21 16:53 . 2009-12-21 16:53 664 ----a-w- c:\windows\system32\d3d9caps.dat

2009-12-20 20:31 . 2009-09-12 13:50 1551 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\iolo\restore.bat

2009-12-20 04:58 . 2009-10-31 03:07 -------- d-----w- c:\arquivos de programas\Google

2009-12-20 03:36 . 2009-12-20 03:36 -------- d-----w- c:\arquivos de programas\Microsoft Private Folder 1.0

2009-12-20 03:12 . 2009-09-25 09:34 -------- d-----w- c:\arquivos de programas\Raxco

.

 

------- Sigcheck -------

 

[-] 2009-10-31 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\TCPIP.SYS

[-] 2009-10-31 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\TCPIP.SYS

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys

[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\TCPIP.SYS

[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys

 

[-] 2010-01-15 . 063CFCB5320A1FAD700680D60F9CEE3D . 1087488 . . [6.00.2900.5512] . . c:\windows\explorer.exe

[7] 2008-04-13 . 064EC7FF5F58B928C3E119402977FA6D . 1035776 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\explorer.exe

[7] 2008-04-13 . 064EC7FF5F58B928C3E119402977FA6D . 1035776 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe

[7] 2004-08-04 . FA61A19050AE14BEC1A26DE82390DD65 . 1034240 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe

 

[-] 2010-01-15 . E21CADF65FA546C213634EDE63ACE389 . 30208 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe

[7] 2008-04-13 . 4E486ADFE3A0B9ED0EB0639902E9F64F . 15360 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ctfmon.exe

[7] 2008-04-13 . 4E486ADFE3A0B9ED0EB0639902E9F64F . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe

[7] 2004-08-04 . F40BC97996B8E53799EEF1D63996674B . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"="c:\arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-05 2002160]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"VX1000"="c:\windows\vVX1000.exe" [2009-06-26 757248]

"ooccctrl.exe"="c:\arquivos de programas\OO Software\CleverCache\ooccctrl.exe" [2007-01-28 1911568]

"hpqSRMon"="c:\arquivos de programas\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]

"USB Antivirus"="c:\arquivos de programas\USB Disk Security\USBGuard.exe" [2009-10-09 815104]

"TweakMASTER"="c:\arquivos de programas\TweakMASTER\TMTray.exe" [2010-01-21 322608]

"AudioDeck"="c:\arquivos de programas\VIA\VIAudioi\SBADeck\ADeck.exe" [2007-08-09 528384]

"LifeCam"="c:\arquivos de programas\Microsoft LifeCam\LifeExp.exe" [2009-07-24 118640]

"cFosSpeed"="c:\arquivos de programas\cFosSpeed\cFosSpeed.exe" [2009-10-30 977624]

"CloneCDTray"="c:\arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-22 110696]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-22 13666408]

"ISUSPM Startup"="c:\arquiv~1\ARQUIV~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]

"MSSE"="c:\arquivos de programas\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\arquiv~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

 

c:\documents and settings\Alan\Menu Iniciar\Programas\Inicializar\

Ferramenta de Verifica‡Æo de M¡dia do PMB.lnk - c:\arquivos de programas\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-1-1 333088]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

forteManager.lnk - c:\arquivos de programas\LG Soft India\forteManager\bin\Monitor.exe [2010-1-29 1687552]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\arquivos de programas\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

 

[HKLM\~\startupfolder\C:^Documents and Settings^Alan^Menu Iniciar^Programas^Inicializar^Stardock ObjectDock.lnk]

backup=c:\windows\pss\Stardock ObjectDock.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Alan^Menu Iniciar^Programas^Inicializar^Styler.lnk]

backup=c:\windows\pss\Styler.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^What's my computer doing.lnk]

backup=c:\windows\pss\What's my computer doing.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Windows Search.lnk]

backup=c:\windows\pss\Windows Search.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2009-09-19 03:20 133104 ----atw- c:\documents and settings\Alan\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2004-04-17 15:41 196608 ----a-w- c:\arquiv~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

2004-04-13 09:07 69632 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-01-11 17:21 246504 ----a-w- c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Opera 10 Beta\\opera.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Arquivos de programas\\Microsoft LifeCam\\LifeExp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqpse.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=

"c:\\Documents and Settings\\Alan\\Configurações locais\\Dados de aplicativos\\Google\\Google Talk Plugin\\googletalkplugin.dll"=

"c:\\Documents and Settings\\Alan\\Configurações locais\\Dados de aplicativos\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Microsoft LifeCam\\LifeCam.exe"=

"c:\\Arquivos de programas\\Microsoft LifeCam\\LifeEnC2.exe"=

"c:\\Arquivos de programas\\Microsoft LifeCam\\LifeTray.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Arquivos de programas\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\Arquivos de programas\\Opera\\opera.exe"=

"c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"c:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Documents and Settings\\All Users\\Dados de aplicativos\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\Brazilian\\setup.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"56740:TCP"= 56740:TCP:Pando Media Booster

"56740:UDP"= 56740:UDP:Pando Media Booster

 

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-13 717296]

R2 gupdate1ca59d74f36cc74;Google Update Service (gupdate1ca59d74f36cc74);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-10-31 133104]

R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6016]

R3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys [x]

R3 HDDirect;Hard Disk Direct Control;c:\windows\system32\drivers\hddirect.sys [2010-01-31 12552]

R3 LGDDCDevice;LGDDCDevice;c:\arquivos de programas\LG Soft India\forteManager\bin\I2CDriver.sys [2008-11-08 14336]

R3 LGII2CDevice;LGII2CDevice;c:\arquivos de programas\LG Soft India\forteManager\bin\PII2CDriver.sys [2008-11-08 18432]

R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2009-06-19 19712]

R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 8320]

R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2009-05-08 42752]

R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2009-01-29 23296]

R3 SASENUM;SASENUM;c:\arquivos de programas\SUPERAntiSpyware\SASENUM.SYS [2009-12-16 7408]

R3 viafilter;VIA USB Filter;c:\windows\System32\Drivers\viausb1.sys [2001-09-19 9728]

R3 VIASens;Vinyl Sensaura WDM 3D Audio Driver;c:\windows\system32\drivers\viasens.sys [2003-11-07 391680]

S0 63780202;63780202 Boot Guard Driver;c:\windows\system32\DRIVERS\63780202.sys [2009-10-22 37392]

S1 63780201;63780201;c:\windows\system32\DRIVERS\63780201.sys [2009-09-25 128016]

S1 SASDIFSV;SASDIFSV;c:\arquivos de programas\SUPERAntiSpyware\SASDIFSV.SYS [2009-12-16 9968]

S1 SASKUTIL;SASKUTIL;c:\arquivos de programas\SUPERAntiSpyware\SASKUTIL.sys [2009-12-16 74480]

S1 setup_9.0.0.722_26.11.2009_09-03drv;setup_9.0.0.722_26.11.2009_09-03drv;c:\windows\system32\DRIVERS\6378020.sys [2009-10-10 315408]

S2 ioloFileInfoList;iolo FileInfoList Service;c:\arquivos de programas\iolo\common\lib\ioloServiceManager.exe [2009-12-09 650160]

S2 ioloSystemService;iolo System Service;c:\arquivos de programas\iolo\common\lib\ioloServiceManager.exe [2009-12-09 650160]

S2 Prvflder;Prvflder;c:\windows\system32\DRIVERS\prvflder.sys [2006-04-21 70912]

S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\arquivos de programas\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-01-12 1043784]

S3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\DRIVERS\RMSPPPOE.SYS [2002-06-10 31232]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\arquivos de programas\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-01-26 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34]

 

2010-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-10-31 03:07]

 

2010-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-10-31 03:07]

 

2010-01-31 c:\windows\Tasks\MP Scheduled Scan.job

- c:\arquivos de programas\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 19:36]

 

2010-01-31 c:\windows\Tasks\Verificação de problemas automática.job

- c:\arquivos de programas\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2010-01-12 17:22]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.microsoft.com

mStart Page = hxxp://www.microsoft.com

mWindow Title = Microsoft Internet Explorer

uInternet Settings,ProxyOverride = *.local

IE: Baixar com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dllink.htm

IE: Baixar tudo com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlall.htm

IE: Baixar vídeo com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlfvideo.htm

IE: Download all links with IDM - c:\arquivos de programas\Internet Download Manager\IEGetAll.htm

IE: Download FLV video content with IDM - c:\arquivos de programas\Internet Download Manager\IEGetVL.htm

IE: Download selecionado pelo Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlselected.htm

IE: Download with IDM - c:\arquivos de programas\Internet Download Manager\IEExt.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: {3E28D559-2A59-4DDF-AE73-A93DC34A5161} = 208.67.222.222,208.67.220.220

DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab

FF - ProfilePath - c:\documents and settings\Alan\Dados de aplicativos\Mozilla\Firefox\Profiles\huqc20qd.default\

FF - component: c:\arquivos de programas\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll

FF - component: c:\documents and settings\Alan\Dados de aplicativos\IDM\idmmzcc3\components\idmmzcc.dll

FF - component: c:\documents and settings\Alan\Dados de aplicativos\Mozilla\Firefox\Profiles\huqc20qd.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\npAFOM.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

FF - user.js: network.http.max-connections-per-server - 6

FF - user.js: nglayout.initialpaint.delay - 750

FF - user.js: content.notify.interval - 750000

FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: network.http.max-persistent-connections-per-server - 3

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

.

------- Associação de arquivos/ficheiros -------

.

JSEFile=NOTEPAD.EXE %1

.

- - - - ORFÃOS REMOVIDOS - - - -

 

SafeBoot-Wdf01000.sys

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-01-31 14:50

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

AudioDeck = c:\arquivos de programas\VIA\VIAudioi\SBADeck\ADeck.exe 1????????????????????????????????????????????????????????

 

Procurando ficheiros/arquivos ocultos ...

 

 

c:\windows\system32\sys_drv.dat 7028 bytes

c:\windows\system32\sys_drv_2.dat 6024 bytes

c:\windows\system32\WinFLdrv.sys 17984 bytes executable

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 3

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_USERS\S-1-5-21-854245398-1214440339-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{25E0F91C-A38A-BA01-33E1-8D62C355C79F}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"abfkkhfkdlkllngpkidccjinfdgnnpejgf"=hex:69,61,6b,6c,6b,69,68,70,66,61,6e,68,

69,66,66,63,63,67,00,00

"maikhgnofpdcjjfmjlhpkdfihh"=hex:6f,61,62,6a,6f,66,64,6f,6e,6d,66,61,64,66,6e,

6b,66,70,6e,6b,6f,6a,6d,66,6c,67,65,6c,70,66,00,00

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]

"OOCC06.00.00.01WSSV"="1FC2F17C14E5349210309F5AE35379B22B1A43AA3AAF3B0D5A05F32E2AB184F054E58843813010731047281E248D09AC037AB909BBB01788BDD6973DB08FC023CC129A50F74F1F39EB9E719FADE3D9A78D1FCBDB0757FBF3ADE8CCA487098F717597DBA4938F126CB22E35504A9EB3EA9648D729AF06E67752633A152FB74204F4275644E365B155234F01A734A8F2819A1C8F774040E90186D355CA1F5941C9245766BBEAE65802B54236A09B12FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452BA7FD869164D67949DB7CE019D40AA5C280A4868A4C334F638AD57DF90DB71C754C9840625DF9574F49338E66BBBBA2161ACB74DBAC3455F1F4A16E45075409E32F37AF432338BA12C57B39AEFA0558E10A01B9DA288E881816D4C56CED14A40C149A89B0288246D06BC2947D571805694E905C931B0D94EB2BEA94AE404F5956D30F759110511D7A18B5E38E081DBB3DED13A238E6246579BA68EBAC1A12029B0D30874B34FFD84AD51CF99282BFE02F66432E0384853D3B5D4110A674597AC9B232B14101407BE715C2DFE19C9F4C57674999DFD0F959D11BAF9F9AA10A171D2D1E6C4A0023EF14542595B713F39A38A17D0D605E919B5518E47B1352175F10E56767734CD272F175AEB8946EEBFE47824ECEFC60CDCBD2CCA2BBC06A240C81B6BC800EEAD3B2CE64131C5FE43ED78933A36AD0FB0D4FCEEAC090BED3B21B4D7910096C5DE67C0CBD6A733D6A69EEF473AA8BCFE16665E77B77CEF929D2C1C3A0CF25884A08DE9EDC083D55F8A9E811248752A8C7D6EF0B9B0D2236EF9E9064ADF2C46C9B502498AE3AC96F9E43086854D81687E2BBAE63DA28DBE4F87D51E23DAE8C287E68E24F1EEBDC460AD89FC49F7654D72690E179CDAE0C2D502DFB3770B1D97867E6E610C5206901DDF55071639EB94D9869FFC07EC379378A5EB3B09C16F715FCDD58F50400A0F11FEB06ABA45175CF7D49BB8BF2E2FF68137D2CDB11939DE02A6E5DF4DB201BAEE0DAE111A961B26E7289F0A1FB8981A8E7C60255DEA89573162BAA522655670BE94D4092A686159145B3F5B8FEA790A114154228B56A3AF03DBDFDB06D72AF05C211C0574BD84BF3ECA023411660C3D4FD2E248523EFCA76373561DC0CD4FE2784373D8195B5609FB5A62C636123D09E1833441D7CAC0DD108B132CB1D1CCCF16913D80C749DB45356DCEE3A518AE28372B6456D9E5CCD51C0C006DC7ACDE230D214F18C8D4CCEBA5EE2C031CE535BB12A482F928BFB4F96E62FA698971752F8892F263F59095D8DFCCCE3EE72DDB47074D93BDA74A3F16427B52CC90F1B32B880467463C51564849F784D5EC65DE317F880F5BCE3E64D9254DCC6889C870ADE19ADDCC20AE"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(1060)

c:\windows\system32\SETUPAPI.dll

c:\windows\system32\cscui.dll

 

- - - - - - - > 'lsass.exe'(1116)

c:\windows\system32\SETUPAPI.dll

.

Tempo para conclusão: 2010-01-31 14:53:32

ComboFix-quarantined-files.txt 2010-01-31 16:53

ComboFix2.txt 2010-01-31 14:51

ComboFix3.txt 2010-01-28 21:53

ComboFix4.txt 2009-11-08 14:22

 

Pré-execução: 9.000.247.296 bytes disponíveis

Pós execução: 8.963.256.320 bytes disponíveis

 

- - End Of File - - 7C4462271EF31C291AA23B1DD433AD7C

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, o log do MBR não apareceu agora, provavelmente foi o driver do Ultra ISO que fez dar aquele resultado. Acesse o BitDefender.com.

  • Clique em Start Scanner
  • Vai abrir uma pop.
    Marque ao lado de I Agree with the Terms and Conditions, aguarde o botão Start Here ficar verde e clique nele.
  • Aguarde uns instantes, até aparecer uma barra amarela na parte de cima da pop, pedindo para instalar o controle activeX.
  • Clique na barra e depois clique em Instalar este complemento para todos os usuários deste computador.
  • Na janela que aparecer, clique em Instalar
  • Aguarde o site carregar as informações.
  • Clique em Folders to Scan. Vai abrir uma janela do explorer. Clique ao lado de Meu Computador para selecionar e depois clique em OK
  • De volta à janela anterior, agora clique em Cleaning Options
     
    bitdefender2.jpg
     
    Tal como na imagem acima, em Action Options, marque a opção Report Only
    Desmarque a opção Second Action e clique em OK
  • Clique em Start Scan

 

Tenha paciência, pois é um pouco demorado.

 

Quando ele terminar, salve o resultado, copie e cole na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Sam,

 

Ainda não passei o Bitdefender, pois nunca consegue atualizar ;/

 

Mas estou tendo um problema pior agora, ao instalar o NOD32.

 

Aparece várias janelas do DOS na tela, sempre que reinicio acontece isso tbem, aparece uma janela com o seguinte comando tbem "command.com" e ao executar esse comando no DOS aparece vários caracteres "embolados" o que isso pode ser? ;/

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desculpa de novo pelo Double Post Sam ;/ é que a medida que eu vou fazendo alguns procedimentos aqui acontece alguma coisa que seria interessante você saber, mas pra não haver mais isso colocarei todas as informações que fiz até aqui ok?

 

Ontem de tarde, na pressa de verificar o arquivo baixei um virus pensando que era outro arquivo, o Microsoft Essentials Security não excluiu o vírus logo de cara, mas ao executar recebi uma janela que um virus tinha sido excluído, mas mesmo assim fiquei na dúvida ;/ olhei a descrição do virus no próprio site da Microsoft e encontrei isso:

 

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3AWin32%2FPoison.AC&ThreatID=-2147349035

 

De qualquer forma, executei o Panda Scan On line e não encontrou nada, o Bitdefender tentarei passar agora de madrugada, mas não tenho certeza se terei êxito.. Nesse momento estou usando o NOD32, consegui instalo sem aparecer aquelas janelas do prompt de comando piscando na tela, era estranho pq ficava piscando e alternava entre System32 e commando.com e apitava na placa mãe, mas agora estou usando normalmente o NOD32, fiz o teste no msmo site para ver como o NOD32 reagiria com o virus e ele excluiu o virus antes de eu baixa-lo o NOD32 classifica-o como: Win32/Poison.PUQ cavalo de tróia.

 

Peço desculpas a qualquer incomodo que eu esteja lhe causando Sam ;/ Mas espero que você possa me ajudar.

 

Abraços.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.