Armiroke 0 Denunciar post Postado Janeiro 28, 2010 Estou com uma suspeita de contaminação, por exemplo se eu estivesse conversando no msn e a janela ficasse mto tempo sem nenhuma atividade, tipo que saía da janela ;/ e eu tinha que clicar dentro dela novamente para poder digitar, causava o mesmo efeito que se eu estivesse aqui e clicasse ali em baixo numa área vazia da barra de tarefas, isso me incomodava pq sempre tinha que clicar novamente dentro da janela, mas por via das dúvidas gostaria de postar aqui o log do combofix para vocês darem uma olhada, por enquanto eu acho que o problema desapareceu. Log: ComboFix 10-01-27.06 - Alan 28/01/2010 19:27:32.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.55.1046.18.767.391 [GMT -2:00] Executando de: c:\documents and settings\Alan\Meus documentos\Downloads\ComboFix.exe AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Alan\Dados de aplicativos\.# c:\documents and settings\Alan\Dados de aplicativos\inst.exe c:\windows\system32\crt.dat c:\windows\system32\Thumbs.db c:\windows\system32\vbzlib1.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Serviços ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_DUMETERSVC -------\Service_DUMeterSvc (((((((((((((((( Arquivos/Ficheiros criados de 2009-12-28 to 2010-01-28 )))))))))))))))))))))))))))) . 2010-01-28 20:33 . 2010-01-28 20:35 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\GetRightToGo 2010-01-27 21:04 . 2008-02-07 19:10 -------- d-----w- C:\ckis 2010-01-27 20:54 . 2010-01-27 22:46 95259 ----a-w- c:\windows\system32\drivers\klick.dat 2010-01-27 20:54 . 2010-01-27 22:46 108059 ----a-w- c:\windows\system32\drivers\klin.dat 2010-01-27 20:51 . 2010-01-28 21:43 39456 --sha-w- c:\windows\system32\drivers\fidbox.dat 2010-01-27 20:51 . 2010-01-28 21:41 36384 --sha-w- c:\windows\system32\drivers\fidbox2.dat 2010-01-27 20:51 . 2010-01-27 20:51 -------- d-----w- c:\arquivos de programas\Kaspersky Lab 2010-01-27 20:48 . 2010-01-27 20:48 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files 2010-01-26 18:02 . 2010-01-26 18:02 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\McAfee 2010-01-25 16:51 . 2008-10-10 18:01 26624 ----a-r- c:\windows\system32\LGDispDrv.dll 2010-01-25 16:51 . 2008-10-10 18:01 147456 ----a-r- c:\windows\system32\LgExport.dll 2010-01-25 16:50 . 2010-01-25 16:50 -------- d-----w- c:\arquivos de programas\LG Soft India 2010-01-25 16:41 . 2010-01-25 16:41 -------- d-----w- c:\arquivos de programas\NVIDIA Corporation 2010-01-25 14:48 . 2009-09-09 10:43 210352 ----a-w- c:\windows\system32\idmmbc.dll 2010-01-24 13:19 . 2010-01-12 17:19 30536 ----a-w- c:\windows\system32\TURegOpt.exe 2010-01-24 13:19 . 2010-01-12 17:13 30024 ----a-w- c:\windows\system32\uxtuneup.dll 2010-01-24 13:18 . 2010-01-24 13:22 -------- d-----w- c:\arquivos de programas\TuneUp Utilities 2010 2010-01-23 19:47 . 2010-01-23 19:47 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\GrabPro 2010-01-23 19:46 . 2010-01-23 21:00 -------- d-----w- c:\arquivos de programas\Orbitdownloader 2010-01-23 19:46 . 2010-01-23 20:45 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\Orbit 2010-01-22 03:49 . 2010-01-26 11:54 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\IDM 2010-01-22 03:49 . 2010-01-28 20:36 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\DMCache 2010-01-22 03:48 . 2010-01-28 18:53 -------- d-----w- c:\arquivos de programas\Internet Download Manager 2010-01-22 03:20 . 2010-01-23 17:48 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\FileZilla 2010-01-22 03:18 . 2010-01-22 03:24 -------- d-----w- c:\arquivos de programas\FileZilla FTP Client 2010-01-21 22:09 . 2010-01-21 22:09 -------- d-----w- c:\windows\system32\%PersonalRootCertificateFolder% 2010-01-21 22:04 . 2010-01-21 22:04 -------- d-----w- c:\arquivos de programas\What's my computer doing 2010-01-21 22:01 . 2010-01-21 22:01 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\Hagel Technologies 2010-01-21 22:01 . 2010-01-25 20:56 -------- d-----w- c:\arquivos de programas\TweakMASTER 2010-01-21 20:22 . 2010-01-22 05:57 -------- d-----w- c:\arquivos de programas\JDownloader 2010-01-19 17:47 . 2010-01-19 17:47 19072 ----a-w- c:\windows\system32\drivers\PS2.sys 2010-01-19 02:55 . 2010-01-19 03:06 -------- d-----w- c:\arquivos de programas\PcMedik 2010-01-18 10:05 . 2010-01-21 11:08 -------- d-----w- c:\arquivos de programas\JAM2 2010-01-17 15:20 . 2010-01-17 15:22 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\Mp3tag 2010-01-17 15:20 . 2010-01-17 15:20 -------- d-----w- c:\arquivos de programas\Mp3tag 2010-01-16 04:07 . 2005-01-19 02:15 28672 ----a-w- c:\windows\system32\regclass.dll 2010-01-15 03:09 . 2010-01-15 02:53 42496 ----a-w- c:\windows\system32\XPize Logo.scr 2010-01-15 03:09 . 2010-01-15 02:53 1634304 ----a-w- c:\windows\system32\Windows XP 3D Flag.scr 2010-01-15 03:05 . 2010-01-15 03:05 -------- d-----w- c:\arquivos de programas\Anolis 2010-01-14 16:35 . 2010-01-16 06:58 -------- d-----w- c:\arquivos de programas\VirtualDJ 2010-01-14 14:45 . 2010-01-14 14:45 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java 2010-01-14 13:41 . 2010-01-14 13:43 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2010-01-14 13:41 . 2010-01-21 11:05 -------- d-----w- c:\arquivos de programas\iTunes 2010-01-14 13:40 . 2010-01-14 13:40 -------- d-----w- c:\arquivos de programas\Bonjour 2010-01-14 05:38 . 2010-01-27 05:51 -------- d-----w- C:\LinhaDefensiva 2010-01-14 03:11 . 2010-01-14 03:11 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\NetMedia Providers 2010-01-14 03:11 . 2010-01-14 03:11 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\Publish Providers 2010-01-14 02:08 . 2010-01-14 02:08 -------- d-----w- c:\arquivos de programas\Sony Setup 2010-01-13 05:33 . 2010-01-13 05:33 -------- d-----w- c:\arquivos de programas\Alcohol Soft 2010-01-13 05:28 . 2010-01-13 05:28 717296 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-01-12 05:58 . 2010-01-12 05:58 -------- d-----w- c:\arquivos de programas\SopCast 2010-01-12 05:57 . 2010-01-12 05:57 -------- d-----w- c:\arquivos de programas\Orban 2010-01-12 05:56 . 2010-01-12 05:58 -------- d-----w- c:\arquivos de programas\Megacubo 2010-01-12 00:17 . 2010-01-12 00:17 278120 ----a-w- c:\windows\system32\nvmccs.dll 2010-01-12 00:17 . 2010-01-12 00:17 154216 ----a-w- c:\windows\system32\nvsvc32.exe 2010-01-12 00:17 . 2010-01-12 00:17 145000 ----a-w- c:\windows\system32\nvcolor.exe 2010-01-12 00:17 . 2010-01-12 00:17 13666408 ----a-w- c:\windows\system32\nvcpl.dll 2010-01-12 00:17 . 2010-01-12 00:17 110696 ----a-w- c:\windows\system32\nvmctray.dll 2010-01-12 00:17 . 2010-01-12 00:17 81920 ----a-w- c:\windows\system32\nvwddi.dll 2010-01-10 14:22 . 2010-01-10 14:34 -------- d-----w- c:\arquivos de programas\eMule 2010-01-10 13:10 . 2010-01-10 13:10 8704 ----a-w- c:\windows\system32\SpOrder.dll 2010-01-10 13:09 . 2010-01-15 04:11 -------- d-----w- c:\arquivos de programas\IP Hider 2010-01-10 11:37 . 2010-01-10 11:42 -------- d-----w- c:\windows\uninstall\Hanf Baron XS 2010-01-10 11:37 . 2010-01-10 11:37 -------- d-----w- c:\windows\uninstall 2010-01-10 11:31 . 2002-10-05 03:04 921600 ----a-w- c:\windows\system32\vorbisenc.dll 2010-01-10 11:31 . 2002-10-05 03:04 188416 ----a-w- c:\windows\system32\vorbis.dll 2010-01-10 11:31 . 2002-10-05 03:04 45056 ----a-w- c:\windows\system32\ogg.dll 2010-01-10 11:31 . 2002-10-06 22:42 237568 ----a-w- c:\windows\system32\OggDS.dll 2010-01-10 11:31 . 2010-01-10 11:41 -------- d-----w- c:\arquivos de programas\rondomedia 2010-01-09 22:31 . 2010-01-09 22:31 -------- d-----w- c:\arquivos de programas\Image Mender 2010-01-09 07:33 . 2010-01-09 12:21 -------- d-----w- c:\arquivos de programas\Loaris Trojan Remover 2010-01-08 11:53 . 2010-01-08 11:54 -------- d-----w- c:\arquivos de programas\MP3Gain 2010-01-08 07:09 . 2010-01-08 07:09 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\URSoft 2010-01-08 07:09 . 2010-01-08 07:09 -------- d-----w- c:\arquivos de programas\Your Uninstaller 2010 2010-01-07 00:10 . 2010-01-21 10:42 -------- d-----w- c:\arquivos de programas\CoolSMS 2010-01-06 22:20 . 2010-01-06 22:20 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe AIR 2010-01-06 08:44 . 2009-12-14 14:44 39352 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys 2010-01-06 08:44 . 2009-12-14 14:44 88632 ----a-w- c:\windows\system32\drivers\CSCrySec.sys 2010-01-06 08:43 . 2010-01-28 21:43 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab 2010-01-01 20:17 . 2009-09-02 23:58 626688 ----a-w- c:\windows\system32\vp7vfw.dll 2010-01-01 20:17 . 2009-09-02 23:57 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll 2009-12-31 18:56 . 2009-12-31 18:56 -------- d-----w- c:\arquivos de programas\Arquivos comuns\CyberLink 2009-12-31 18:55 . 2010-01-06 04:07 -------- d-----w- c:\arquivos de programas\CyberLink 2009-12-31 18:55 . 2009-12-31 18:54 29480 ----a-w- c:\windows\system32\msxml3a.dll . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-28 21:46 . 2010-01-27 20:51 32 --sha-w- c:\windows\system32\drivers\fidbox.idx 2010-01-28 21:43 . 2009-10-30 21:03 -------- d-----w- c:\arquivos de programas\cFosSpeed 2010-01-28 21:41 . 2010-01-27 20:51 5456 --sha-w- c:\windows\system32\drivers\fidbox2.idx 2010-01-28 21:19 . 2009-10-28 22:19 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\Lightcomm 2010-01-28 21:11 . 2009-12-18 16:34 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\SUPERAntiSpyware.com 2010-01-28 21:11 . 2009-11-21 13:06 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard 2010-01-28 20:38 . 2009-09-12 00:07 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\iolo 2010-01-28 20:26 . 2010-01-28 20:08 12456196 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\IDM\DwnlData\Alan\a2FreeSetup_45\a2FreeSetup.exe 2010-01-28 18:53 . 2009-12-13 05:10 -------- d-----w- c:\arquivos de programas\Mozilla Thunderbird 2010-01-28 14:14 . 2009-12-18 16:34 -------- d-----w- c:\arquivos de programas\SUPERAntiSpyware 2010-01-28 04:23 . 2009-09-12 00:07 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\iolo 2010-01-27 23:32 . 2009-12-02 09:21 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy 2010-01-27 22:51 . 2007-10-31 15:41 112144 ----a-w- c:\windows\system32\drivers\kl1.sys 2010-01-27 22:46 . 2010-01-27 22:46 25104 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\ushata.dll 2010-01-27 22:46 . 2010-01-27 22:46 112144 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\X86\kl1.sys 2010-01-27 22:46 . 2010-01-27 22:46 772624 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\updater.dll 2010-01-27 22:45 . 2010-01-27 22:45 150032 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\diffs.dll 2010-01-27 22:45 . 2010-01-27 22:45 354832 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\ckahum.dll 2010-01-27 18:07 . 2009-10-31 02:33 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP 2010-01-27 00:42 . 2004-08-04 12:00 83670 ----a-w- c:\windows\system32\perfc016.dat 2010-01-27 00:42 . 2004-08-04 12:00 479350 ----a-w- c:\windows\system32\perfh016.dat 2010-01-26 11:53 . 2010-01-22 03:51 198064 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\IDM\idmmzcc3\components\idmmzcc.dll 2010-01-26 01:53 . 2009-09-12 00:03 -------- d-----w- c:\arquivos de programas\Opera 10 Beta 2010-01-25 16:50 . 2009-09-12 06:16 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information 2010-01-25 15:32 . 2010-01-23 01:03 28672 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\IDM\NP_IDM5.dll 2010-01-25 15:32 . 2010-01-23 01:03 28672 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\IDM\NP_IDM4.dll 2010-01-25 15:32 . 2010-01-23 01:03 28672 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\IDM\NP_IDM3.dll 2010-01-25 15:32 . 2010-01-23 01:03 28672 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\IDM\NP_IDM2.dll 2010-01-25 15:32 . 2010-01-23 01:03 28672 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\IDM\NP_IDM1.dll 2010-01-24 21:40 . 2009-10-10 03:05 -------- d-----w- c:\arquivos de programas\DU Meter 2010-01-24 17:10 . 2009-11-08 16:10 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\Vso 2010-01-21 21:51 . 2009-10-10 03:05 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Hagel Technologies 2010-01-21 11:07 . 2009-12-16 01:17 -------- d-----w- c:\arquivos de programas\SeaMonkey 2010-01-21 11:05 . 2009-09-13 04:13 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Apple 2010-01-21 10:51 . 2009-10-11 14:26 -------- d-----w- c:\arquivos de programas\Driver Sweeper 2010-01-21 10:48 . 2009-12-02 13:04 -------- d-----w- c:\arquivos de programas\Driver Magician 2010-01-20 23:05 . 2009-09-24 18:02 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe 2010-01-20 22:14 . 2009-09-12 04:17 -------- d-----w- c:\arquivos de programas\Microsoft Silverlight 2010-01-16 03:22 . 2009-09-12 01:07 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus! 2010-01-16 02:51 . 2009-09-12 00:54 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live 2010-01-15 03:12 . 2009-12-13 19:46 -------- d-----w- c:\arquivos de programas\7-Zip 2010-01-15 03:12 . 2009-09-20 12:40 -------- d-----w- c:\arquivos de programas\Windows Desktop Search 2010-01-15 03:10 . 2004-08-04 12:00 2789888 ----a-w- c:\windows\system32\logonui.exe 2010-01-15 03:10 . 2004-08-04 12:00 101376 ----a-w- c:\windows\system32\tcpmonui.dll 2010-01-15 03:10 . 2004-08-04 12:00 541184 ----a-w- c:\windows\system32\sti_ci.dll 2010-01-15 03:10 . 2004-08-04 12:00 829952 ----a-w- c:\windows\system32\rasdlg.dll 2010-01-15 03:10 . 2004-08-04 12:00 201728 ----a-w- c:\windows\system32\mdminst.dll 2010-01-15 03:10 . 2004-08-04 12:00 399360 ----a-w- c:\windows\system32\fsquirt.exe 2010-01-15 03:10 . 2004-08-04 12:00 222208 ----a-w- c:\windows\system32\fldrclnr.dll 2010-01-15 03:10 . 2004-08-04 12:00 808960 ----a-w- c:\windows\system32\dmdlgs.dll 2010-01-15 03:09 . 2004-08-04 12:00 219648 ----a-w- c:\windows\system32\uxtheme.dll 2010-01-15 03:09 . 2004-08-04 12:00 708608 ----a-w- c:\windows\system32\sstext3d.scr 2010-01-15 03:09 . 2004-08-04 12:00 634880 ----a-w- c:\windows\system32\sspipes.scr 2010-01-15 03:09 . 2004-08-04 12:00 733184 ----a-w- c:\windows\system32\ss3dfo.scr 2010-01-15 03:09 . 2004-08-04 12:00 417792 ----a-w- c:\windows\system32\ssflwbox.scr 2010-01-15 03:09 . 2004-08-04 12:00 33792 ----a-w- c:\windows\system32\scrnsave.scr 2010-01-15 03:07 . 2004-08-04 12:00 386560 ----a-w- c:\windows\system32\msieftp.dll 2010-01-15 03:06 . 2009-09-11 23:36 88576 ----a-w- c:\windows\system32\remotepg.dll 2010-01-14 14:45 . 2010-01-14 14:45 503808 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-6992b684-n\msvcp71.dll 2010-01-14 14:45 . 2010-01-14 14:45 348160 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-6992b684-n\msvcr71.dll 2010-01-14 14:45 . 2010-01-14 14:45 499712 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-6992b684-n\jmc.dll 2010-01-14 14:45 . 2010-01-14 14:45 61440 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-6992b684-n\decora-sse.dll 2010-01-14 14:45 . 2010-01-14 14:45 12800 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-6992b684-n\decora-d3d.dll 2010-01-14 14:44 . 2010-01-14 14:44 114688 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-36e2bf13-n\jogl_cg.dll 2010-01-14 14:44 . 2010-01-14 14:44 315392 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-36e2bf13-n\jogl.dll 2010-01-14 14:44 . 2010-01-14 14:44 20480 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-36e2bf13-n\jogl_awt.dll 2010-01-14 14:44 . 2010-01-14 14:44 20480 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\45\4f710eed-3361dd68-n\gluegen-rt.dll 2010-01-14 14:43 . 2009-09-12 01:10 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-01-14 13:54 . 2009-09-13 04:20 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\Apple Computer 2010-01-14 13:41 . 2009-11-24 17:04 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer 2010-01-14 13:12 . 2009-10-01 02:14 181120 ------w- c:\windows\system32\MpSigStub.exe 2010-01-14 02:16 . 2009-09-14 17:59 -------- d-----w- c:\arquivos de programas\Sony 2010-01-13 12:10 . 2009-09-12 01:22 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help 2010-01-12 04:03 . 2010-01-25 16:39 61440 ----a-w- c:\windows\system32\OpenCL.dll 2010-01-12 04:03 . 2010-01-25 16:39 10276768 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2010-01-12 04:03 . 2010-01-25 16:39 2259560 ----a-w- c:\windows\system32\nvcuvid.dll 2010-01-12 04:03 . 2010-01-25 16:39 14458880 ----a-w- c:\windows\system32\nvoglnt.dll 2010-01-12 04:03 . 2010-01-25 16:39 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll 2010-01-12 04:03 . 2010-01-25 16:39 4104192 ----a-w- c:\windows\system32\nvcuda.dll 2010-01-12 04:03 . 2010-01-25 16:39 182888 ----a-w- c:\windows\system32\nvcodins.dll 2010-01-12 04:03 . 2010-01-25 16:39 182888 ----a-w- c:\windows\system32\nvcod.dll 2010-01-12 04:03 . 2010-01-25 16:39 11632640 ----a-w- c:\windows\system32\nvcompiler.dll 2010-01-12 04:03 . 2010-01-25 16:39 1081344 ----a-w- c:\windows\system32\nvapi.dll 2010-01-12 04:03 . 2010-01-25 16:39 6359168 ----a-w- c:\windows\system32\nv4_disp.dll 2010-01-12 04:03 . 2010-01-25 16:39 2283526 ----a-w- c:\windows\system32\nvdata.bin 2010-01-09 02:39 . 2009-09-12 04:12 -------- d-----w- c:\arquivos de programas\Microsoft SQL Server Compact Edition 2010-01-07 08:45 . 2009-12-23 02:53 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware 2010-01-07 08:45 . 2010-01-07 08:45 5061520 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-01-06 22:20 . 2010-01-06 22:21 38784 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-01-06 22:20 . 2010-01-06 22:21 38784 ----a-w- c:\documents and settings\Default User\Dados de aplicativos\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-01-06 08:37 . 2009-09-11 23:58 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\ESET 2010-01-06 04:24 . 2010-01-06 04:24 79488 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\Sun\Java\jre1.6.0_17\gtapi.dll 2010-01-06 04:04 . 2009-12-31 18:54 53319 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP\{8C20787A-7402-4FA7-BF25-6E5750930FDC}\PostBuild.exe 2010-01-03 00:35 . 2009-11-02 16:14 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\Audacity 2010-01-01 20:18 . 2009-11-08 16:10 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys 2010-01-01 20:18 . 2009-11-08 16:10 47360 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\pcouffin.sys 2010-01-01 20:18 . 2009-11-08 16:10 47360 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\pcouffin.sys 2010-01-01 20:17 . 2009-11-08 16:09 -------- d-----w- c:\arquivos de programas\VSO 2010-01-01 14:55 . 2010-01-01 14:55 10134 ----a-r- c:\documents and settings\Alan\Dados de aplicativos\Microsoft\Installer\{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}\ARPPRODUCTICON.exe 2010-01-01 08:18 . 2009-12-18 11:50 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\runic games . ------- Sigcheck ------- [-] 2009-10-31 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\TCPIP.SYS [-] 2009-10-31 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\TCPIP.SYS [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\TCPIP.SYS [7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys [-] 2010-01-15 . 063CFCB5320A1FAD700680D60F9CEE3D . 1087488 . . [6.00.2900.5512] . . c:\windows\explorer.exe [7] 2008-04-13 . 064EC7FF5F58B928C3E119402977FA6D . 1035776 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\explorer.exe [7] 2008-04-13 . 064EC7FF5F58B928C3E119402977FA6D . 1035776 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe [7] 2004-08-04 . FA61A19050AE14BEC1A26DE82390DD65 . 1034240 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe [-] 2010-01-15 . E21CADF65FA546C213634EDE63ACE389 . 30208 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe [7] 2008-04-13 . 4E486ADFE3A0B9ED0EB0639902E9F64F . 15360 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ctfmon.exe [7] 2008-04-13 . 4E486ADFE3A0B9ED0EB0639902E9F64F . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe [7] 2004-08-04 . F40BC97996B8E53799EEF1D63996674B . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "VX1000"="c:\windows\vVX1000.exe" [2009-06-26 757248] "ooccctrl.exe"="c:\arquivos de programas\OO Software\CleverCache\ooccctrl.exe" [2007-01-28 1911568] "hpqSRMon"="c:\arquivos de programas\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016] "USB Antivirus"="c:\arquivos de programas\USB Disk Security\USBGuard.exe" [2009-10-09 815104] "TweakMASTER"="c:\arquivos de programas\TweakMASTER\TMTray.exe" [2010-01-21 322608] "AudioDeck"="c:\arquivos de programas\VIA\VIAudioi\SBADeck\ADeck.exe" [2007-08-09 528384] "LifeCam"="c:\arquivos de programas\Microsoft LifeCam\LifeExp.exe" [2009-07-24 118640] "cFosSpeed"="c:\arquivos de programas\cFosSpeed\cFosSpeed.exe" [2009-10-30 977624] "CloneCDTray"="c:\arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-12 13666408] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\arquiv~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096] c:\documents and settings\Alan\Menu Iniciar\Programas\Inicializar\ Ferramenta de Verifica‡Æo de M¡dia do PMB.lnk - c:\arquivos de programas\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-1-1 333088] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\arquivos de programas\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk * [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^Alan^Menu Iniciar^Programas^Inicializar^Stardock ObjectDock.lnk] backup=c:\windows\pss\Stardock ObjectDock.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Alan^Menu Iniciar^Programas^Inicializar^Styler.lnk] backup=c:\windows\pss\Styler.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^What's my computer doing.lnk] backup=c:\windows\pss\What's my computer doing.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Windows Search.lnk] backup=c:\windows\pss\Windows Search.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2009-09-19 03:20 133104 ----atw- c:\documents and settings\Alan\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] 2004-04-17 15:41 196608 ----a-w- c:\arquiv~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] 2004-04-13 09:07 69632 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-01-11 17:21 246504 ----a-w- c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\Opera 10 Beta\\opera.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Arquivos de programas\\Microsoft LifeCam\\LifeExp.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqpse.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqsudi.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"= "c:\\Documents and Settings\\Alan\\Configurações locais\\Dados de aplicativos\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\Alan\\Configurações locais\\Dados de aplicativos\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\Microsoft LifeCam\\LifeCam.exe"= "c:\\Arquivos de programas\\Microsoft LifeCam\\LifeEnC2.exe"= "c:\\Arquivos de programas\\Microsoft LifeCam\\LifeTray.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Arquivos de programas\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Arquivos de programas\\Opera\\opera.exe"= "c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"= "c:\\Arquivos de programas\\Megacubo\\megacubo.exe"= "c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"= "c:\\Documents and Settings\\All Users\\Dados de aplicativos\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\Brazilian\\setup.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "56740:TCP"= 56740:TCP:Pando Media Booster "56740:UDP"= 56740:UDP:Pando Media Booster R0 63780202;63780202 Boot Guard Driver;c:\windows\system32\drivers\63780202.sys [1/12/2009 13:34 37392] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13/1/2010 03:28 717296] R1 63780201;63780201;c:\windows\system32\drivers\63780201.sys [1/12/2009 13:34 128016] R1 setup_9.0.0.722_26.11.2009_09-03drv;setup_9.0.0.722_26.11.2009_09-03drv;c:\windows\system32\drivers\6378020.sys [1/12/2009 13:34 315408] R2 ioloFileInfoList;iolo FileInfoList Service;c:\arquivos de programas\iolo\Common\Lib\ioloServiceManager.exe [4/12/2009 07:04 650160] R2 ioloSystemService;iolo System Service;c:\arquivos de programas\iolo\Common\Lib\ioloServiceManager.exe [4/12/2009 07:04 650160] R2 Prvflder;Prvflder;c:\windows\system32\drivers\prvflder.sys [21/4/2006 08:22 70912] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\arquivos de programas\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [12/1/2010 15:16 1043784] R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [8/12/2009 12:40 17984] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13/12/2007 13:28 24592] R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [10/6/2002 00:09 31232] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\arquivos de programas\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14/10/2009 07:24 10064] S2 gupdate1ca59d74f36cc74;Google Update Service (gupdate1ca59d74f36cc74);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [31/10/2009 01:07 133104] S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [25/10/2009 01:43 6016] S3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys --> c:\windows\system32\DRIVERS\GenericMount.sys [?] S3 LGDDCDevice;LGDDCDevice;c:\arquivos de programas\LG Soft India\forteManager\bin\I2CDriver.sys [25/1/2010 14:50 14336] S3 LGII2CDevice;LGII2CDevice;c:\arquivos de programas\LG Soft India\forteManager\bin\PII2CDriver.sys [25/1/2010 14:50 18432] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [25/10/2009 01:43 19712] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [25/10/2009 01:43 8320] S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [25/10/2009 01:43 42752] S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [25/10/2009 01:43 23296] S3 viafilter;VIA USB Filter;c:\windows\system32\drivers\viausb1.sys [2/12/2009 11:22 9728] S3 VIASens;Vinyl Sensaura WDM 3D Audio Driver;c:\windows\system32\drivers\viasens.sys [7/11/2003 08:07 391680] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Conteúdo da pasta 'Tarefas Agendadas' 2010-01-26 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34] 2010-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-10-31 03:07] 2010-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-10-31 03:07] 2010-01-28 c:\windows\Tasks\Verificação de problemas automática.job - c:\arquivos de programas\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2010-01-12 17:22] . . ------- Scan Suplementar ------- . uStart Page = hxxp://www.microsoft.com mStart Page = hxxp://www.microsoft.com mWindow Title = Microsoft Internet Explorer uInternet Settings,ProxyOverride = *.local IE: Adicionar ao Anti-Banner - c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm IE: Baixar com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dllink.htm IE: Baixar tudo com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlall.htm IE: Baixar vídeo com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlfvideo.htm IE: Download all links with IDM - c:\arquivos de programas\Internet Download Manager\IEGetAll.htm IE: Download FLV video content with IDM - c:\arquivos de programas\Internet Download Manager\IEGetVL.htm IE: Download selecionado pelo Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlselected.htm IE: Download with IDM - c:\arquivos de programas\Internet Download Manager\IEExt.htm IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: {3E28D559-2A59-4DDF-AE73-A93DC34A5161} = 208.67.222.222,208.67.220.220 DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab FF - ProfilePath - c:\documents and settings\Alan\Dados de aplicativos\Mozilla\Firefox\Profiles\huqc20qd.default\ FF - component: c:\arquivos de programas\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll FF - component: c:\documents and settings\Alan\Dados de aplicativos\IDM\idmmzcc3\components\idmmzcc.dll FF - component: c:\documents and settings\Alan\Dados de aplicativos\Mozilla\Firefox\Profiles\huqc20qd.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\npAFOM.dll FF - plugin: c:\arquivos de programas\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll FF - plugin: c:\arquivos de programas\Opera 10 Beta\program\plugins\np_gp.dll FF - plugin: c:\arquivos de programas\Opera 10 Beta\program\plugins\np_gp.dll FF - plugin: c:\arquivos de programas\Opera 10 Beta\program\plugins\npdsplay.dll FF - plugin: c:\arquivos de programas\Opera 10 Beta\program\plugins\NPOFF12.DLL FF - plugin: c:\arquivos de programas\Opera 10 Beta\program\plugins\nppl3260.dll FF - plugin: c:\arquivos de programas\Opera 10 Beta\program\plugins\npqtplugin.dll FF - plugin: c:\arquivos de programas\Opera 10 Beta\program\plugins\npqtplugin2.dll FF - plugin: c:\arquivos de programas\Opera 10 Beta\program\plugins\npqtplugin3.dll FF - plugin: c:\arquivos de programas\Opera 10 Beta\program\plugins\npqtplugin4.dll FF - plugin: c:\arquivos de programas\Opera 10 Beta\program\plugins\npqtplugin5.dll FF - plugin: c:\arquivos de programas\Opera 10 Beta\program\plugins\npqtplugin6.dll FF - plugin: c:\arquivos de programas\Opera 10 Beta\program\plugins\npqtplugin7.dll FF - plugin: c:\arquivos de programas\Opera 10 Beta\program\plugins\nprpjplug.dll FF - plugin: c:\arquivos de programas\Opera 10 Beta\program\plugins\NPSWF32.dll FF - plugin: c:\arquivos de programas\Opera 10 Beta\program\plugins\npwmsdrm.dll FF - plugin: c:\arquivos de programas\Virtools\3D Life Player\nppl3260.dll FF - plugin: c:\arquivos de programas\Virtools\3D Life Player\nprpjplug.dll FF - plugin: c:\arquivos de programas\Virtools\3D Life Player\npvirtools.dll FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: c:\documents and settings\Alan\Dados de aplicativos\Mozilla\Firefox\Profiles\huqc20qd.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll FF - plugin: c:\documents and settings\Alan\Dados de aplicativos\Mozilla\plugins\npgoogletalk.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-connections-per-server - 6 FF - user.js: nglayout.initialpaint.delay - 750 FF - user.js: content.notify.interval - 750000 FF - user.js: content.max.tokenizing.time - 2250000 FF - user.js: network.http.max-persistent-connections-per-server - 3 c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . . ------- Associação de arquivos/ficheiros ------- . JSEFile=NOTEPAD.EXE %1 . - - - - ORFÃOS REMOVIDOS - - - - ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-28 19:44 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run AudioDeck = c:\arquivos de programas\VIA\VIAudioi\SBADeck\ADeck.exe 1???????????????????????????????????????????????????????? Procurando ficheiros/arquivos ocultos ... c:\windows\system32\sys_drv.dat 7028 bytes c:\windows\system32\sys_drv_2.dat 6024 bytes c:\windows\system32\WinFLdrv.sys 17984 bytes executable c:\documents and settings\Alan\Dados de aplicativos\systemfl.$dk 990 bytes Varredura completada com sucesso arquivos/ficheiros ocultos: 4 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys hal.dll ACPI.sys atapi.sys spfc.sys >>UNKNOWN [0x82F8F938]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf7572f28 \Driver\ACPI -> ACPI.sys @ 0xf73cdcb8 \Driver\atapi -> atapi.sys @ 0xf7388b40 IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9 ParseProcedure -> ntoskrnl.exe @ 0x8056ea15 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9 ParseProcedure -> ntoskrnl.exe @ 0x8056ea15 NDIS: VIA Rhine II Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf727ebb0 PacketIndicateHandler -> NDIS.sys @ 0xf728ba21 SendHandler -> NDIS.sys @ 0xf726987b user & kernel MBR OK ************************************************************************** . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- [HKEY_USERS\S-1-5-21-854245398-1214440339-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{25E0F91C-A38A-BA01-33E1-8D62C355C79F}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "abfkkhfkdlkllngpkidccjinfdgnnpejgf"=hex:69,61,6b,6c,6b,69,68,70,66,61,6e,68, 69,66,66,63,63,67,00,00 "maikhgnofpdcjjfmjlhpkdfihh"=hex:6f,61,62,6a,6f,66,64,6f,6e,6d,66,61,64,66,6e, 6b,66,70,6e,6b,6f,6a,6d,66,6c,67,65,6c,70,66,00,00 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*] "OOCC06.00.00.01WSSV"="1FC2F17C14E5349210309F5AE35379B22B1A43AA3AAF3B0D5A05F32E2AB184F054E58843813010731047281E248D09AC037AB909BBB01788BDD6973DB08FC023CC129A50F74F1F39EB9E719FADE3D9A78D1FCBDB0757FBF3ADE8CCA487098F717597DBA4938F126CB22E35504A9EB3EA9648D729AF06E67752633A152FB74204F4275644E365B155234F01A734A8F2819A1C8F774040E90186D355CA1F5941C9245766BBEAE65802B54236A09B12FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452BA7FD869164D67949DB7CE019D40AA5C280A4868A4C334F638AD57DF90DB71C754C9840625DF9574F49338E66BBBBA2161ACB74DBAC3455F1F4A16E45075409E32F37AF432338BA12C57B39AEFA0558E10A01B9DA288E881816D4C56CED14A40C149A89B0288246D06BC2947D571805694E905C931B0D94EB2BEA94AE404F5956D30F759110511D7A18B5E38E081DBB3DED13A238E6246579BA68EBAC1A12029B0D30874B34FFD84AD51CF99282BFE02F66432E0384853D3B5D4110A674597AC9B232B14101407BE715C2DFE19C9F4C57674999DFD0F959D11BAF9F9AA10A171D2D1E6C4A0023EF14542595B713F39A38A17D0D605E919B5518E47B1352175F10E56767734CD272F175AEB8946EEBFE47824ECEFC60CDCBD2CCA2BBC06A240C81B6BC800EEAD3B2CE64131C5FE43ED78933A36AD0FB0D4FCEEAC090BED3B21B4D7910096C5DE67C0CBD6A733D6A69EEF473AA8BCFE16665E77B77CEF929D2C1C3A0CF25884A08DE9EDC083D55F8A9E811248752A8C7D6EF0B9B0D2236EF9E9064ADF2C46C9B502498AE3AC96F9E43086854D81687E2BBAE63DA28DBE4F87D51E23DAE8C287E68E24F1EEBDC460AD89FC49F7654D72690E179CDAE0C2D502DFB3770B1D97867E6E610C5206901DDF55071639EB94D9869FFC07EC379378A5EB3B09C16F715FCDD58F50400A0F11FEB06ABA45175CF7D49BB8BF2E2FF68137D2CDB11939DE02A6E5DF4DB201BAEE0DAE111A961B26E7289F0A1FB8981A8E7C60255DEA89573162BAA522655670BE94D4092A686159145B3F5B8FEA790A114154228B56A3AF03DBDFDB06D72AF05C211C0574BD84BF3ECA023411660C3D4FD2E248523EFCA76373561DC0CD4FE2784373D8195B5609FB5A62C636123D09E1833441D7CAC0DD108B132CB1D1CCCF16913D80C749DB45356DCEE3A518AE28372B6456D9E5CCD51C0C006DC7ACDE230D214F18C8D4CCEBA5EE2C031CE535BB12A482F928BFB4F96E62FA698971752F8892F263F59095D8DFCCCE3EE72DDB47074D93BDA74A3F16427B52CC90F1B32B880467463C51564849F784D5EC65DE317F880F5BCE3E64D9254DCC6889C870ADE19ADDCC20AE" . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'winlogon.exe'(1520) c:\windows\system32\SETUPAPI.dll c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll c:\windows\system32\klogon.dll c:\windows\system32\cscui.dll - - - - - - - > 'lsass.exe'(1576) c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll c:\windows\system32\SETUPAPI.dll c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll - - - - - - - > 'explorer.exe'(3568) c:\windows\system32\SHDOCVW.dll c:\windows\system32\WININET.dll c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll c:\windows\System32\cscui.dll c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll c:\arquivos de programas\Microsoft Private Folder 1.0\ShellExt.dll c:\windows\system32\PFLib.dll c:\windows\system32\SETUPAPI.dll c:\windows\system32\webcheck.dll c:\windows\system32\NETSHELL.dll c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Outros Processos em Execução ------------------------ . c:\windows\system32\nvsvc32.exe c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe c:\arquivos de programas\cFosSpeed\spd.exe c:\arquivos de programas\Microsoft LifeCam\MSCamS32.exe c:\arquivos de programas\OO Software\CleverCache\ooccag.exe c:\arquivos de programas\Raxco\PerfectDisk10\PDAgent.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\PnkBstrB.exe c:\arquivos de programas\Microsoft Private Folder 1.0\PrfldSvc.exe c:\arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe c:\arquivos de programas\Raxco\PerfectDisk10\PDEngine.exe c:\windows\system32\wscntfy.exe c:\arquivos de programas\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe . ************************************************************************** . Tempo para conclusão: 2010-01-28 19:52:58 - Máquina reiniciou ComboFix-quarantined-files.txt 2010-01-28 21:52 ComboFix2.txt 2009-11-08 14:22 Pré-execução: 17 pasta(s) 11.392.405.504 bytes disponíveis Pós execução: 20 pasta(s) 11.324.977.152 bytes disponíveis WindowsXP-KB310994-SP2-Home-BootDisk-PTB.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /NOGUIBOOT /BOOTLOGO - - End Of File - - 11652021759A47B91FDE8F893F7490B7 Compartilhar este post Link para o post Compartilhar em outros sites
Sam Spade 2 Denunciar post Postado Janeiro 30, 2010 Olá Armiroke! Há um resultado no log do ComboFix que precisamos verificar: Stealth MBR rootkit/Mebroot/Sinowal detector Isso pode ser causado por um driver do Daemon Tools, que você deve tê-lo tido instalado anteriormente, por isso temos de ver se há um rootkit de boot ou é por causa do programa citado. Baixe o SPTDinst-v162-x86.exe e salve no desktop. Execute o desinstalador e clique no botão Uninstall. Este aplicativo é instalador e desinstalador ao mesmo tempo do driver do Daemon Tools. Se o driver está instalado, ao executá-lo, será removido. E vice-versa. Rode o ComboFix e poste o novo ComboFix.txt. Compartilhar este post Link para o post Compartilhar em outros sites
Armiroke 0 Denunciar post Postado Janeiro 31, 2010 Olá Armiroke! Há um resultado no log do ComboFix que precisamos verificar: Stealth MBR rootkit/Mebroot/Sinowal detector Isso pode ser causado por um driver do Daemon Tools, que você deve tê-lo tido instalado anteriormente, por isso temos de ver se há um rootkit de boot ou é por causa do programa citado. Baixe o SPTDinst-v162-x86.exe e salve no desktop. Execute o desinstalador e clique no botão Uninstall. Este aplicativo é instalador e desinstalador ao mesmo tempo do driver do Daemon Tools. Se o driver está instalado, ao executá-lo, será removido. E vice-versa. Rode o ComboFix e poste o novo ComboFix.txt. Olá Sam Spade, pelo que você me disse acredito que realmente seja um rootkit, pois a desinstalação não pode ser feita a opção "uninstall" fica desabilitada ;/ Espero novas instruções, desde já obrigado. Ah, uma outra coisa que seria interessante dizer aqui, passei o mbr e os resultados foram esses: Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK Será que ainda tem riscos de contaminação? Compartilhar este post Link para o post Compartilhar em outros sites
Armiroke 0 Denunciar post Postado Janeiro 31, 2010 Desculpa o flood, mas lembrei que eu uso o Ultra ISO que cria um Drive Virtual, então eu o desinstalei e passei de novo o Combofix. Acredito que era por causa do Ultra ISO, mas segue abaixo o log: ComboFix 10-01-27.06 - Alan 31/01/2010 14:43:51.3.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.55.1046.18.767.375 [GMT -2:00] Executando de: c:\documents and settings\Alan\Meus documentos\Downloads\ComboFix.exe AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF} . (((((((((((((((( Arquivos/Ficheiros criados de 2009-12-28 to 2010-01-31 )))))))))))))))))))))))))))) . 2010-01-31 16:32 . 2010-01-31 16:38 12552 ----a-w- c:\windows\system32\drivers\hddirect.sys 2010-01-31 16:31 . 2010-01-31 16:21 77312 ----a-w- C:\mbr.exe 2010-01-31 05:59 . 2010-01-31 05:59 -------- d-----w- c:\arquivos de programas\uTorrent 2010-01-30 21:36 . 2010-01-30 21:37 -------- d-----w- c:\arquivos de programas\Microsoft Security Essentials 2010-01-30 18:43 . 2010-01-30 18:43 52224 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-01-30 18:43 . 2010-01-30 18:43 117760 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-01-30 14:51 . 2010-01-30 14:51 -------- d-----w- c:\arquivos de programas\AdvancedDefrag 2010-01-30 01:22 . 2008-10-10 18:01 26624 ----a-r- c:\windows\system32\LGDispDrv.dll 2010-01-30 01:22 . 2008-10-10 18:01 147456 ----a-r- c:\windows\system32\LgExport.dll 2010-01-30 01:21 . 2010-01-30 01:21 -------- d-----w- c:\arquivos de programas\LG Soft India 2010-01-30 01:13 . 2010-01-30 01:13 -------- d-----w- c:\arquivos de programas\NVIDIA Corporation 2010-01-29 05:59 . 2010-01-30 18:41 -------- d-----w- c:\arquivos de programas\a-squared Free 2010-01-28 20:33 . 2010-01-28 20:35 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\GetRightToGo 2010-01-27 21:04 . 2008-02-07 19:10 -------- d-----w- C:\ckis 2010-01-27 20:51 . 2010-01-27 20:51 -------- d-----w- c:\arquivos de programas\Kaspersky Lab 2010-01-27 20:48 . 2010-01-27 20:48 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files 2010-01-26 18:02 . 2010-01-26 18:02 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\McAfee 2010-01-25 14:48 . 2009-09-09 10:43 210352 ----a-w- c:\windows\system32\idmmbc.dll 2010-01-24 13:19 . 2010-01-12 17:19 30536 ----a-w- c:\windows\system32\TURegOpt.exe 2010-01-24 13:19 . 2010-01-12 17:13 30024 ----a-w- c:\windows\system32\uxtuneup.dll 2010-01-24 13:18 . 2010-01-24 13:22 -------- d-----w- c:\arquivos de programas\TuneUp Utilities 2010 2010-01-23 19:47 . 2010-01-23 19:47 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\GrabPro 2010-01-23 19:46 . 2010-01-23 21:00 -------- d-----w- c:\arquivos de programas\Orbitdownloader 2010-01-23 19:46 . 2010-01-23 20:45 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\Orbit 2010-01-23 01:03 . 2010-01-25 15:32 28672 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\IDM\NP_IDM5.dll 2010-01-23 01:03 . 2010-01-25 15:32 28672 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\IDM\NP_IDM4.dll 2010-01-23 01:03 . 2010-01-25 15:32 28672 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\IDM\NP_IDM3.dll 2010-01-23 01:03 . 2010-01-25 15:32 28672 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\IDM\NP_IDM2.dll 2010-01-23 01:03 . 2010-01-25 15:32 28672 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\IDM\NP_IDM1.dll 2010-01-22 06:12 . 2010-01-22 06:12 278120 ----a-w- c:\windows\system32\nvmccs.dll 2010-01-22 06:12 . 2010-01-22 06:12 154216 ----a-w- c:\windows\system32\nvsvc32.exe 2010-01-22 06:12 . 2010-01-22 06:12 145000 ----a-w- c:\windows\system32\nvcolor.exe 2010-01-22 06:12 . 2010-01-22 06:12 13666408 ----a-w- c:\windows\system32\nvcpl.dll 2010-01-22 06:12 . 2010-01-22 06:12 110696 ----a-w- c:\windows\system32\nvmctray.dll 2010-01-22 06:11 . 2010-01-22 06:11 81920 ----a-w- c:\windows\system32\nvwddi.dll 2010-01-22 03:51 . 2010-01-26 11:53 198064 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\IDM\idmmzcc3\components\idmmzcc.dll 2010-01-22 03:49 . 2010-01-30 14:45 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\IDM 2010-01-22 03:49 . 2010-01-31 15:21 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\DMCache 2010-01-22 03:48 . 2010-01-28 18:53 -------- d-----w- c:\arquivos de programas\Internet Download Manager 2010-01-22 03:20 . 2010-01-23 17:48 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\FileZilla 2010-01-22 03:18 . 2010-01-22 03:24 -------- d-----w- c:\arquivos de programas\FileZilla FTP Client 2010-01-21 22:09 . 2010-01-21 22:09 -------- d-----w- c:\windows\system32\%PersonalRootCertificateFolder% 2010-01-21 22:01 . 2010-01-21 22:01 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\Hagel Technologies 2010-01-21 22:01 . 2010-01-25 20:56 -------- d-----w- c:\arquivos de programas\TweakMASTER 2010-01-21 20:22 . 2010-01-22 05:57 -------- d-----w- c:\arquivos de programas\JDownloader 2010-01-19 17:47 . 2010-01-19 17:47 19072 ----a-w- c:\windows\system32\drivers\PS2.sys 2010-01-19 02:55 . 2010-01-19 03:06 -------- d-----w- c:\arquivos de programas\PcMedik 2010-01-18 10:05 . 2010-01-21 11:08 -------- d-----w- c:\arquivos de programas\JAM2 2010-01-17 15:20 . 2010-01-17 15:22 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\Mp3tag 2010-01-17 15:20 . 2010-01-17 15:20 -------- d-----w- c:\arquivos de programas\Mp3tag 2010-01-16 04:07 . 2005-01-19 02:15 28672 ----a-w- c:\windows\system32\regclass.dll 2010-01-15 03:09 . 2010-01-15 02:53 42496 ----a-w- c:\windows\system32\XPize Logo.scr 2010-01-15 03:09 . 2010-01-15 02:53 1634304 ----a-w- c:\windows\system32\Windows XP 3D Flag.scr 2010-01-15 03:05 . 2010-01-15 03:05 -------- d-----w- c:\arquivos de programas\Anolis 2010-01-14 16:35 . 2010-01-16 06:58 -------- d-----w- c:\arquivos de programas\VirtualDJ 2010-01-14 14:45 . 2010-01-14 14:45 503808 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-6992b684-n\msvcp71.dll 2010-01-14 14:45 . 2010-01-14 14:45 348160 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-6992b684-n\msvcr71.dll 2010-01-14 14:45 . 2010-01-14 14:45 499712 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-6992b684-n\jmc.dll 2010-01-14 14:45 . 2010-01-14 14:45 61440 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-6992b684-n\decora-sse.dll 2010-01-14 14:45 . 2010-01-14 14:45 12800 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-6992b684-n\decora-d3d.dll 2010-01-14 14:45 . 2010-01-14 14:45 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java 2010-01-14 14:44 . 2010-01-14 14:44 114688 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-36e2bf13-n\jogl_cg.dll 2010-01-14 14:44 . 2010-01-14 14:44 315392 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-36e2bf13-n\jogl.dll 2010-01-14 14:44 . 2010-01-14 14:44 20480 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-36e2bf13-n\jogl_awt.dll 2010-01-14 14:44 . 2010-01-14 14:44 20480 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\45\4f710eed-3361dd68-n\gluegen-rt.dll 2010-01-14 13:41 . 2010-01-14 13:43 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2010-01-14 13:41 . 2010-01-21 11:05 -------- d-----w- c:\arquivos de programas\iTunes 2010-01-14 13:40 . 2010-01-14 13:40 -------- d-----w- c:\arquivos de programas\Bonjour 2010-01-14 05:38 . 2010-01-29 00:09 -------- d-----w- C:\LinhaDefensiva 2010-01-14 03:11 . 2010-01-14 03:11 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\NetMedia Providers 2010-01-14 03:11 . 2010-01-14 03:11 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\Publish Providers 2010-01-14 02:08 . 2010-01-14 02:08 -------- d-----w- c:\arquivos de programas\Sony Setup 2010-01-13 05:33 . 2010-01-13 05:33 -------- d-----w- c:\arquivos de programas\Alcohol Soft 2010-01-13 05:28 . 2010-01-13 05:28 717296 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-01-12 05:58 . 2010-01-12 05:58 -------- d-----w- c:\arquivos de programas\SopCast 2010-01-12 05:57 . 2010-01-12 05:57 -------- d-----w- c:\arquivos de programas\Orban 2010-01-12 05:56 . 2010-01-12 05:58 -------- d-----w- c:\arquivos de programas\Megacubo 2010-01-11 07:49 . 2009-09-14 19:58 1291640 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\Mozilla\Firefox\Profiles\huqc20qd.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe 2010-01-11 07:49 . 2009-09-14 19:58 729088 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\Mozilla\Firefox\Profiles\huqc20qd.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll 2010-01-10 14:22 . 2010-01-10 14:34 -------- d-----w- c:\arquivos de programas\eMule 2010-01-10 13:10 . 2010-01-10 13:10 8704 ----a-w- c:\windows\system32\SpOrder.dll 2010-01-10 13:09 . 2010-01-15 04:11 -------- d-----w- c:\arquivos de programas\IP Hider 2010-01-10 11:37 . 2010-01-10 11:42 -------- d-----w- c:\windows\uninstall\Hanf Baron XS 2010-01-10 11:37 . 2010-01-10 11:37 -------- d-----w- c:\windows\uninstall 2010-01-10 11:31 . 2002-10-05 03:04 921600 ----a-w- c:\windows\system32\vorbisenc.dll 2010-01-10 11:31 . 2002-10-05 03:04 188416 ----a-w- c:\windows\system32\vorbis.dll 2010-01-10 11:31 . 2002-10-05 03:04 45056 ----a-w- c:\windows\system32\ogg.dll 2010-01-10 11:31 . 2002-10-06 22:42 237568 ----a-w- c:\windows\system32\OggDS.dll 2010-01-10 11:31 . 2010-01-10 11:41 -------- d-----w- c:\arquivos de programas\rondomedia 2010-01-09 22:31 . 2010-01-09 22:31 -------- d-----w- c:\arquivos de programas\Image Mender 2010-01-09 07:33 . 2010-01-09 12:21 -------- d-----w- c:\arquivos de programas\Loaris Trojan Remover 2010-01-08 11:53 . 2010-01-08 11:54 -------- d-----w- c:\arquivos de programas\MP3Gain 2010-01-08 07:09 . 2010-01-08 07:09 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\URSoft 2010-01-08 07:09 . 2010-01-08 07:09 -------- d-----w- c:\arquivos de programas\Your Uninstaller 2010 2010-01-07 00:10 . 2010-01-21 10:42 -------- d-----w- c:\arquivos de programas\CoolSMS 2010-01-06 22:21 . 2010-01-06 22:20 38784 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-01-06 22:21 . 2010-01-06 22:20 38784 ----a-w- c:\documents and settings\Default User\Dados de aplicativos\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-01-06 22:20 . 2010-01-06 22:20 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe AIR 2010-01-06 08:44 . 2009-12-14 14:44 39352 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys 2010-01-06 08:44 . 2009-12-14 14:44 88632 ----a-w- c:\windows\system32\drivers\CSCrySec.sys 2010-01-06 08:43 . 2010-01-30 11:33 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab 2010-01-06 04:24 . 2010-01-06 04:24 79488 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\Sun\Java\jre1.6.0_17\gtapi.dll 2010-01-01 20:17 . 2009-09-02 23:58 626688 ----a-w- c:\windows\system32\vp7vfw.dll 2010-01-01 20:17 . 2009-09-02 23:57 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-31 16:50 . 2009-10-30 21:03 -------- d-----w- c:\arquivos de programas\cFosSpeed 2010-01-31 16:39 . 2009-10-28 22:19 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\Lightcomm 2010-01-31 16:33 . 2009-09-12 00:07 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\iolo 2010-01-31 15:22 . 2009-12-13 05:10 -------- d-----w- c:\arquivos de programas\Mozilla Thunderbird 2010-01-31 15:21 . 2009-09-23 00:39 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\uTorrent 2010-01-31 05:56 . 2009-10-31 02:33 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP 2010-01-30 20:23 . 2009-09-12 00:03 -------- d-----w- c:\arquivos de programas\Opera 10 Beta 2010-01-30 18:42 . 2009-12-18 16:34 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\SUPERAntiSpyware.com 2010-01-30 01:21 . 2009-09-12 06:16 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information 2010-01-28 21:11 . 2009-11-21 13:06 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard 2010-01-28 14:14 . 2009-12-18 16:34 -------- d-----w- c:\arquivos de programas\SUPERAntiSpyware 2010-01-28 04:23 . 2009-09-12 00:07 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\iolo 2010-01-27 23:32 . 2009-12-02 09:21 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy 2010-01-27 00:42 . 2004-08-04 12:00 83670 ----a-w- c:\windows\system32\perfc016.dat 2010-01-27 00:42 . 2004-08-04 12:00 479350 ----a-w- c:\windows\system32\perfh016.dat 2010-01-24 21:40 . 2009-10-10 03:05 -------- d-----w- c:\arquivos de programas\DU Meter 2010-01-24 17:10 . 2009-11-08 16:10 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\Vso 2010-01-22 09:50 . 2010-01-30 01:11 61440 ----a-w- c:\windows\system32\OpenCL.dll 2010-01-22 09:50 . 2010-01-30 01:11 10276992 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2010-01-22 09:50 . 2010-01-30 01:11 2259560 ----a-w- c:\windows\system32\nvcuvid.dll 2010-01-22 09:50 . 2010-01-30 01:11 14458880 ----a-w- c:\windows\system32\nvoglnt.dll 2010-01-22 09:50 . 2010-01-30 01:11 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll 2010-01-22 09:50 . 2010-01-30 01:11 4104192 ----a-w- c:\windows\system32\nvcuda.dll 2010-01-22 09:50 . 2010-01-30 01:11 182888 ----a-w- c:\windows\system32\nvcodins.dll 2010-01-22 09:50 . 2010-01-30 01:11 182888 ----a-w- c:\windows\system32\nvcod.dll 2010-01-22 09:50 . 2010-01-30 01:11 11639400 ----a-w- c:\windows\system32\nvcompiler.dll 2010-01-22 09:50 . 2010-01-30 01:11 1081344 ----a-w- c:\windows\system32\nvapi.dll 2010-01-22 09:50 . 2010-01-30 01:11 6359168 ----a-w- c:\windows\system32\nv4_disp.dll 2010-01-22 09:50 . 2010-01-30 01:11 2283526 ----a-w- c:\windows\system32\nvdata.bin 2010-01-21 21:51 . 2009-10-10 03:05 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Hagel Technologies 2010-01-21 11:07 . 2009-12-16 01:17 -------- d-----w- c:\arquivos de programas\SeaMonkey 2010-01-21 11:05 . 2009-09-13 04:13 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Apple 2010-01-21 10:51 . 2009-10-11 14:26 -------- d-----w- c:\arquivos de programas\Driver Sweeper 2010-01-21 10:48 . 2009-12-02 13:04 -------- d-----w- c:\arquivos de programas\Driver Magician 2010-01-20 23:05 . 2009-09-24 18:02 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe 2010-01-20 22:14 . 2009-09-12 04:17 -------- d-----w- c:\arquivos de programas\Microsoft Silverlight 2010-01-16 03:22 . 2009-09-12 01:07 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus! 2010-01-16 02:51 . 2009-09-12 00:54 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live 2010-01-15 03:12 . 2009-12-13 19:46 -------- d-----w- c:\arquivos de programas\7-Zip 2010-01-15 03:12 . 2009-09-20 12:40 -------- d-----w- c:\arquivos de programas\Windows Desktop Search 2010-01-15 03:10 . 2004-08-04 12:00 2789888 ----a-w- c:\windows\system32\logonui.exe 2010-01-15 03:10 . 2004-08-04 12:00 101376 ----a-w- c:\windows\system32\tcpmonui.dll 2010-01-15 03:10 . 2004-08-04 12:00 541184 ----a-w- c:\windows\system32\sti_ci.dll 2010-01-15 03:10 . 2004-08-04 12:00 829952 ----a-w- c:\windows\system32\rasdlg.dll 2010-01-15 03:10 . 2004-08-04 12:00 201728 ----a-w- c:\windows\system32\mdminst.dll 2010-01-15 03:10 . 2004-08-04 12:00 399360 ----a-w- c:\windows\system32\fsquirt.exe 2010-01-15 03:10 . 2004-08-04 12:00 222208 ----a-w- c:\windows\system32\fldrclnr.dll 2010-01-15 03:10 . 2004-08-04 12:00 808960 ----a-w- c:\windows\system32\dmdlgs.dll 2010-01-15 03:09 . 2004-08-04 12:00 219648 ----a-w- c:\windows\system32\uxtheme.dll 2010-01-15 03:09 . 2004-08-04 12:00 708608 ----a-w- c:\windows\system32\sstext3d.scr 2010-01-15 03:09 . 2004-08-04 12:00 634880 ----a-w- c:\windows\system32\sspipes.scr 2010-01-15 03:09 . 2004-08-04 12:00 733184 ----a-w- c:\windows\system32\ss3dfo.scr 2010-01-15 03:09 . 2004-08-04 12:00 417792 ----a-w- c:\windows\system32\ssflwbox.scr 2010-01-15 03:09 . 2004-08-04 12:00 33792 ----a-w- c:\windows\system32\scrnsave.scr 2010-01-15 03:07 . 2004-08-04 12:00 386560 ----a-w- c:\windows\system32\msieftp.dll 2010-01-15 03:06 . 2009-09-11 23:36 88576 ----a-w- c:\windows\system32\remotepg.dll 2010-01-14 14:43 . 2009-09-12 01:10 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-01-14 13:54 . 2009-09-13 04:20 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\Apple Computer 2010-01-14 13:41 . 2009-11-24 17:04 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer 2010-01-14 13:12 . 2009-10-01 02:14 181120 ------w- c:\windows\system32\MpSigStub.exe 2010-01-14 02:16 . 2009-09-14 17:59 -------- d-----w- c:\arquivos de programas\Sony 2010-01-13 12:10 . 2009-09-12 01:22 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help 2010-01-09 02:39 . 2009-09-12 04:12 -------- d-----w- c:\arquivos de programas\Microsoft SQL Server Compact Edition 2010-01-06 08:37 . 2009-09-11 23:58 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\ESET 2010-01-06 04:07 . 2009-12-31 18:55 -------- d-----w- c:\arquivos de programas\CyberLink 2010-01-06 04:04 . 2009-12-31 18:54 53319 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP\{8C20787A-7402-4FA7-BF25-6E5750930FDC}\PostBuild.exe 2010-01-03 00:35 . 2009-11-02 16:14 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\Audacity 2010-01-01 20:18 . 2009-11-08 16:10 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys 2010-01-01 20:18 . 2009-11-08 16:10 47360 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\pcouffin.sys 2010-01-01 20:18 . 2009-11-08 16:10 47360 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\pcouffin.sys 2010-01-01 20:17 . 2009-11-08 16:09 -------- d-----w- c:\arquivos de programas\VSO 2010-01-01 14:55 . 2010-01-01 14:55 10134 ----a-r- c:\documents and settings\Alan\Dados de aplicativos\Microsoft\Installer\{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}\ARPPRODUCTICON.exe 2010-01-01 08:18 . 2009-12-18 11:50 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\runic games 2010-01-01 08:18 . 2009-12-18 11:44 -------- d-----w- c:\arquivos de programas\Runic Games 2010-01-01 03:10 . 2009-12-26 02:52 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\Skype 2010-01-01 02:21 . 2009-12-26 04:23 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\skypePM 2009-12-31 22:34 . 2009-09-13 22:53 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\CyberLink 2009-12-31 22:34 . 2009-09-12 19:30 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\CyberLink 2009-12-31 18:56 . 2009-12-31 18:56 -------- d-----w- c:\arquivos de programas\Arquivos comuns\CyberLink 2009-12-31 18:54 . 2009-12-31 18:55 29480 ----a-w- c:\windows\system32\msxml3a.dll 2009-12-31 07:49 . 2009-10-09 15:41 -------- d-----w- c:\arquivos de programas\USB Disk Security 2009-12-29 07:38 . 2009-11-25 21:02 -------- d-----w- c:\arquivos de programas\NetScream 2009-12-29 06:20 . 2009-12-24 21:04 -------- d-----w- c:\arquivos de programas\SlySoft 2009-12-29 01:53 . 2009-12-29 01:53 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Elaborate Bytes 2009-12-29 01:49 . 2009-12-29 01:49 -------- d-----w- c:\arquivos de programas\Elaborate Bytes 2009-12-27 14:16 . 2009-12-02 00:44 -------- d-----w- c:\documents and settings\NetworkService\Dados de aplicativos\iolo 2009-12-26 04:23 . 2009-12-26 04:23 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2009-12-26 02:51 . 2009-12-26 02:51 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Skype 2009-12-26 02:51 . 2009-12-26 02:51 -------- d-----r- c:\arquivos de programas\Skype 2009-12-26 02:51 . 2009-12-26 02:51 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Skype 2009-12-24 21:08 . 2009-12-24 21:08 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SlySoft 2009-12-24 17:28 . 2009-12-22 19:56 -------- d-----w- c:\arquivos de programas\Opera 2009-12-23 02:53 . 2009-12-23 02:53 -------- d-----w- c:\documents and settings\Alan\Dados de aplicativos\Malwarebytes 2009-12-23 02:53 . 2009-12-23 02:53 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes 2009-12-21 19:08 . 2004-08-04 12:00 916480 ------w- c:\windows\system32\wininet.dll 2009-12-21 16:53 . 2009-12-21 16:53 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-12-20 20:31 . 2009-09-12 13:50 1551 ----a-w- c:\documents and settings\Alan\Dados de aplicativos\iolo\restore.bat 2009-12-20 04:58 . 2009-10-31 03:07 -------- d-----w- c:\arquivos de programas\Google 2009-12-20 03:36 . 2009-12-20 03:36 -------- d-----w- c:\arquivos de programas\Microsoft Private Folder 1.0 2009-12-20 03:12 . 2009-09-25 09:34 -------- d-----w- c:\arquivos de programas\Raxco . ------- Sigcheck ------- [-] 2009-10-31 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\TCPIP.SYS [-] 2009-10-31 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\TCPIP.SYS [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\TCPIP.SYS [7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys [-] 2010-01-15 . 063CFCB5320A1FAD700680D60F9CEE3D . 1087488 . . [6.00.2900.5512] . . c:\windows\explorer.exe [7] 2008-04-13 . 064EC7FF5F58B928C3E119402977FA6D . 1035776 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\explorer.exe [7] 2008-04-13 . 064EC7FF5F58B928C3E119402977FA6D . 1035776 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe [7] 2004-08-04 . FA61A19050AE14BEC1A26DE82390DD65 . 1034240 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe [-] 2010-01-15 . E21CADF65FA546C213634EDE63ACE389 . 30208 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe [7] 2008-04-13 . 4E486ADFE3A0B9ED0EB0639902E9F64F . 15360 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ctfmon.exe [7] 2008-04-13 . 4E486ADFE3A0B9ED0EB0639902E9F64F . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe [7] 2004-08-04 . F40BC97996B8E53799EEF1D63996674B . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-05 2002160] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "VX1000"="c:\windows\vVX1000.exe" [2009-06-26 757248] "ooccctrl.exe"="c:\arquivos de programas\OO Software\CleverCache\ooccctrl.exe" [2007-01-28 1911568] "hpqSRMon"="c:\arquivos de programas\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016] "USB Antivirus"="c:\arquivos de programas\USB Disk Security\USBGuard.exe" [2009-10-09 815104] "TweakMASTER"="c:\arquivos de programas\TweakMASTER\TMTray.exe" [2010-01-21 322608] "AudioDeck"="c:\arquivos de programas\VIA\VIAudioi\SBADeck\ADeck.exe" [2007-08-09 528384] "LifeCam"="c:\arquivos de programas\Microsoft LifeCam\LifeExp.exe" [2009-07-24 118640] "cFosSpeed"="c:\arquivos de programas\cFosSpeed\cFosSpeed.exe" [2009-10-30 977624] "CloneCDTray"="c:\arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-22 110696] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-22 13666408] "ISUSPM Startup"="c:\arquiv~1\ARQUIV~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608] "MSSE"="c:\arquivos de programas\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\arquiv~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096] c:\documents and settings\Alan\Menu Iniciar\Programas\Inicializar\ Ferramenta de Verifica‡Æo de M¡dia do PMB.lnk - c:\arquivos de programas\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-1-1 333088] c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\ forteManager.lnk - c:\arquivos de programas\LG Soft India\forteManager\bin\Monitor.exe [2010-1-29 1687552] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\arquivos de programas\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk * [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^Alan^Menu Iniciar^Programas^Inicializar^Stardock ObjectDock.lnk] backup=c:\windows\pss\Stardock ObjectDock.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Alan^Menu Iniciar^Programas^Inicializar^Styler.lnk] backup=c:\windows\pss\Styler.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^What's my computer doing.lnk] backup=c:\windows\pss\What's my computer doing.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Windows Search.lnk] backup=c:\windows\pss\Windows Search.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2009-09-19 03:20 133104 ----atw- c:\documents and settings\Alan\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] 2004-04-17 15:41 196608 ----a-w- c:\arquiv~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] 2004-04-13 09:07 69632 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-01-11 17:21 246504 ----a-w- c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\Opera 10 Beta\\opera.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Arquivos de programas\\Microsoft LifeCam\\LifeExp.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqpse.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqsudi.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"= "c:\\Documents and Settings\\Alan\\Configurações locais\\Dados de aplicativos\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\Alan\\Configurações locais\\Dados de aplicativos\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\Microsoft LifeCam\\LifeCam.exe"= "c:\\Arquivos de programas\\Microsoft LifeCam\\LifeEnC2.exe"= "c:\\Arquivos de programas\\Microsoft LifeCam\\LifeTray.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Arquivos de programas\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Arquivos de programas\\Opera\\opera.exe"= "c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"= "c:\\Arquivos de programas\\Megacubo\\megacubo.exe"= "c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"= "c:\\Documents and Settings\\All Users\\Dados de aplicativos\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\Brazilian\\setup.exe"= "c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "56740:TCP"= 56740:TCP:Pando Media Booster "56740:UDP"= 56740:UDP:Pando Media Booster R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-13 717296] R2 gupdate1ca59d74f36cc74;Google Update Service (gupdate1ca59d74f36cc74);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-10-31 133104] R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6016] R3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys [x] R3 HDDirect;Hard Disk Direct Control;c:\windows\system32\drivers\hddirect.sys [2010-01-31 12552] R3 LGDDCDevice;LGDDCDevice;c:\arquivos de programas\LG Soft India\forteManager\bin\I2CDriver.sys [2008-11-08 14336] R3 LGII2CDevice;LGII2CDevice;c:\arquivos de programas\LG Soft India\forteManager\bin\PII2CDriver.sys [2008-11-08 18432] R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2009-06-19 19712] R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 8320] R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2009-05-08 42752] R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2009-01-29 23296] R3 SASENUM;SASENUM;c:\arquivos de programas\SUPERAntiSpyware\SASENUM.SYS [2009-12-16 7408] R3 viafilter;VIA USB Filter;c:\windows\System32\Drivers\viausb1.sys [2001-09-19 9728] R3 VIASens;Vinyl Sensaura WDM 3D Audio Driver;c:\windows\system32\drivers\viasens.sys [2003-11-07 391680] S0 63780202;63780202 Boot Guard Driver;c:\windows\system32\DRIVERS\63780202.sys [2009-10-22 37392] S1 63780201;63780201;c:\windows\system32\DRIVERS\63780201.sys [2009-09-25 128016] S1 SASDIFSV;SASDIFSV;c:\arquivos de programas\SUPERAntiSpyware\SASDIFSV.SYS [2009-12-16 9968] S1 SASKUTIL;SASKUTIL;c:\arquivos de programas\SUPERAntiSpyware\SASKUTIL.sys [2009-12-16 74480] S1 setup_9.0.0.722_26.11.2009_09-03drv;setup_9.0.0.722_26.11.2009_09-03drv;c:\windows\system32\DRIVERS\6378020.sys [2009-10-10 315408] S2 ioloFileInfoList;iolo FileInfoList Service;c:\arquivos de programas\iolo\common\lib\ioloServiceManager.exe [2009-12-09 650160] S2 ioloSystemService;iolo System Service;c:\arquivos de programas\iolo\common\lib\ioloServiceManager.exe [2009-12-09 650160] S2 Prvflder;Prvflder;c:\windows\system32\DRIVERS\prvflder.sys [2006-04-21 70912] S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\arquivos de programas\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-01-12 1043784] S3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\DRIVERS\RMSPPPOE.SYS [2002-06-10 31232] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\arquivos de programas\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Conteúdo da pasta 'Tarefas Agendadas' 2010-01-26 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34] 2010-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-10-31 03:07] 2010-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-10-31 03:07] 2010-01-31 c:\windows\Tasks\MP Scheduled Scan.job - c:\arquivos de programas\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 19:36] 2010-01-31 c:\windows\Tasks\Verificação de problemas automática.job - c:\arquivos de programas\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2010-01-12 17:22] . . ------- Scan Suplementar ------- . uStart Page = hxxp://www.microsoft.com mStart Page = hxxp://www.microsoft.com mWindow Title = Microsoft Internet Explorer uInternet Settings,ProxyOverride = *.local IE: Baixar com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dllink.htm IE: Baixar tudo com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlall.htm IE: Baixar vídeo com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlfvideo.htm IE: Download all links with IDM - c:\arquivos de programas\Internet Download Manager\IEGetAll.htm IE: Download FLV video content with IDM - c:\arquivos de programas\Internet Download Manager\IEGetVL.htm IE: Download selecionado pelo Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlselected.htm IE: Download with IDM - c:\arquivos de programas\Internet Download Manager\IEExt.htm IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: {3E28D559-2A59-4DDF-AE73-A93DC34A5161} = 208.67.222.222,208.67.220.220 DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab FF - ProfilePath - c:\documents and settings\Alan\Dados de aplicativos\Mozilla\Firefox\Profiles\huqc20qd.default\ FF - component: c:\arquivos de programas\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll FF - component: c:\documents and settings\Alan\Dados de aplicativos\IDM\idmmzcc3\components\idmmzcc.dll FF - component: c:\documents and settings\Alan\Dados de aplicativos\Mozilla\Firefox\Profiles\huqc20qd.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\npAFOM.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-connections-per-server - 6 FF - user.js: nglayout.initialpaint.delay - 750 FF - user.js: content.notify.interval - 750000 FF - user.js: content.max.tokenizing.time - 2250000 FF - user.js: network.http.max-persistent-connections-per-server - 3 c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . . ------- Associação de arquivos/ficheiros ------- . JSEFile=NOTEPAD.EXE %1 . - - - - ORFÃOS REMOVIDOS - - - - SafeBoot-Wdf01000.sys ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-31 14:50 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run AudioDeck = c:\arquivos de programas\VIA\VIAudioi\SBADeck\ADeck.exe 1???????????????????????????????????????????????????????? Procurando ficheiros/arquivos ocultos ... c:\windows\system32\sys_drv.dat 7028 bytes c:\windows\system32\sys_drv_2.dat 6024 bytes c:\windows\system32\WinFLdrv.sys 17984 bytes executable Varredura completada com sucesso arquivos/ficheiros ocultos: 3 ************************************************************************** . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- [HKEY_USERS\S-1-5-21-854245398-1214440339-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{25E0F91C-A38A-BA01-33E1-8D62C355C79F}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "abfkkhfkdlkllngpkidccjinfdgnnpejgf"=hex:69,61,6b,6c,6b,69,68,70,66,61,6e,68, 69,66,66,63,63,67,00,00 "maikhgnofpdcjjfmjlhpkdfihh"=hex:6f,61,62,6a,6f,66,64,6f,6e,6d,66,61,64,66,6e, 6b,66,70,6e,6b,6f,6a,6d,66,6c,67,65,6c,70,66,00,00 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*] "OOCC06.00.00.01WSSV"="1FC2F17C14E5349210309F5AE35379B22B1A43AA3AAF3B0D5A05F32E2AB184F054E58843813010731047281E248D09AC037AB909BBB01788BDD6973DB08FC023CC129A50F74F1F39EB9E719FADE3D9A78D1FCBDB0757FBF3ADE8CCA487098F717597DBA4938F126CB22E35504A9EB3EA9648D729AF06E67752633A152FB74204F4275644E365B155234F01A734A8F2819A1C8F774040E90186D355CA1F5941C9245766BBEAE65802B54236A09B12FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452BA7FD869164D67949DB7CE019D40AA5C280A4868A4C334F638AD57DF90DB71C754C9840625DF9574F49338E66BBBBA2161ACB74DBAC3455F1F4A16E45075409E32F37AF432338BA12C57B39AEFA0558E10A01B9DA288E881816D4C56CED14A40C149A89B0288246D06BC2947D571805694E905C931B0D94EB2BEA94AE404F5956D30F759110511D7A18B5E38E081DBB3DED13A238E6246579BA68EBAC1A12029B0D30874B34FFD84AD51CF99282BFE02F66432E0384853D3B5D4110A674597AC9B232B14101407BE715C2DFE19C9F4C57674999DFD0F959D11BAF9F9AA10A171D2D1E6C4A0023EF14542595B713F39A38A17D0D605E919B5518E47B1352175F10E56767734CD272F175AEB8946EEBFE47824ECEFC60CDCBD2CCA2BBC06A240C81B6BC800EEAD3B2CE64131C5FE43ED78933A36AD0FB0D4FCEEAC090BED3B21B4D7910096C5DE67C0CBD6A733D6A69EEF473AA8BCFE16665E77B77CEF929D2C1C3A0CF25884A08DE9EDC083D55F8A9E811248752A8C7D6EF0B9B0D2236EF9E9064ADF2C46C9B502498AE3AC96F9E43086854D81687E2BBAE63DA28DBE4F87D51E23DAE8C287E68E24F1EEBDC460AD89FC49F7654D72690E179CDAE0C2D502DFB3770B1D97867E6E610C5206901DDF55071639EB94D9869FFC07EC379378A5EB3B09C16F715FCDD58F50400A0F11FEB06ABA45175CF7D49BB8BF2E2FF68137D2CDB11939DE02A6E5DF4DB201BAEE0DAE111A961B26E7289F0A1FB8981A8E7C60255DEA89573162BAA522655670BE94D4092A686159145B3F5B8FEA790A114154228B56A3AF03DBDFDB06D72AF05C211C0574BD84BF3ECA023411660C3D4FD2E248523EFCA76373561DC0CD4FE2784373D8195B5609FB5A62C636123D09E1833441D7CAC0DD108B132CB1D1CCCF16913D80C749DB45356DCEE3A518AE28372B6456D9E5CCD51C0C006DC7ACDE230D214F18C8D4CCEBA5EE2C031CE535BB12A482F928BFB4F96E62FA698971752F8892F263F59095D8DFCCCE3EE72DDB47074D93BDA74A3F16427B52CC90F1B32B880467463C51564849F784D5EC65DE317F880F5BCE3E64D9254DCC6889C870ADE19ADDCC20AE" . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'winlogon.exe'(1060) c:\windows\system32\SETUPAPI.dll c:\windows\system32\cscui.dll - - - - - - - > 'lsass.exe'(1116) c:\windows\system32\SETUPAPI.dll . Tempo para conclusão: 2010-01-31 14:53:32 ComboFix-quarantined-files.txt 2010-01-31 16:53 ComboFix2.txt 2010-01-31 14:51 ComboFix3.txt 2010-01-28 21:53 ComboFix4.txt 2009-11-08 14:22 Pré-execução: 9.000.247.296 bytes disponíveis Pós execução: 8.963.256.320 bytes disponíveis - - End Of File - - 7C4462271EF31C291AA23B1DD433AD7C Compartilhar este post Link para o post Compartilhar em outros sites
Sam Spade 2 Denunciar post Postado Fevereiro 1, 2010 Ok, o log do MBR não apareceu agora, provavelmente foi o driver do Ultra ISO que fez dar aquele resultado. Acesse o BitDefender.com. Clique em Start Scanner Vai abrir uma pop. Marque ao lado de I Agree with the Terms and Conditions, aguarde o botão Start Here ficar verde e clique nele. Aguarde uns instantes, até aparecer uma barra amarela na parte de cima da pop, pedindo para instalar o controle activeX. Clique na barra e depois clique em Instalar este complemento para todos os usuários deste computador. Na janela que aparecer, clique em Instalar Aguarde o site carregar as informações. Clique em Folders to Scan. Vai abrir uma janela do explorer. Clique ao lado de Meu Computador para selecionar e depois clique em OK De volta à janela anterior, agora clique em Cleaning Options Tal como na imagem acima, em Action Options, marque a opção Report OnlyDesmarque a opção Second Action e clique em OK Clique em Start Scan Tenha paciência, pois é um pouco demorado. Quando ele terminar, salve o resultado, copie e cole na sua resposta. Compartilhar este post Link para o post Compartilhar em outros sites
Armiroke 0 Denunciar post Postado Fevereiro 2, 2010 Olá Sam, Ainda não passei o Bitdefender, pois nunca consegue atualizar ;/ Mas estou tendo um problema pior agora, ao instalar o NOD32. Aparece várias janelas do DOS na tela, sempre que reinicio acontece isso tbem, aparece uma janela com o seguinte comando tbem "command.com" e ao executar esse comando no DOS aparece vários caracteres "embolados" o que isso pode ser? ;/ Compartilhar este post Link para o post Compartilhar em outros sites
Armiroke 0 Denunciar post Postado Fevereiro 3, 2010 Desculpa de novo pelo Double Post Sam ;/ é que a medida que eu vou fazendo alguns procedimentos aqui acontece alguma coisa que seria interessante você saber, mas pra não haver mais isso colocarei todas as informações que fiz até aqui ok? Ontem de tarde, na pressa de verificar o arquivo baixei um virus pensando que era outro arquivo, o Microsoft Essentials Security não excluiu o vírus logo de cara, mas ao executar recebi uma janela que um virus tinha sido excluído, mas mesmo assim fiquei na dúvida ;/ olhei a descrição do virus no próprio site da Microsoft e encontrei isso: http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3AWin32%2FPoison.AC&ThreatID=-2147349035 De qualquer forma, executei o Panda Scan On line e não encontrou nada, o Bitdefender tentarei passar agora de madrugada, mas não tenho certeza se terei êxito.. Nesse momento estou usando o NOD32, consegui instalo sem aparecer aquelas janelas do prompt de comando piscando na tela, era estranho pq ficava piscando e alternava entre System32 e commando.com e apitava na placa mãe, mas agora estou usando normalmente o NOD32, fiz o teste no msmo site para ver como o NOD32 reagiria com o virus e ele excluiu o virus antes de eu baixa-lo o NOD32 classifica-o como: Win32/Poison.PUQ cavalo de tróia. Peço desculpas a qualquer incomodo que eu esteja lhe causando Sam ;/ Mas espero que você possa me ajudar. Abraços. Compartilhar este post Link para o post Compartilhar em outros sites
Sam Spade 2 Denunciar post Postado Fevereiro 4, 2010 Ok, vamos aguardar o resultado da Bit. Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Março 4, 2010 Tópico Arquivado Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado. Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura. Compartilhar este post Link para o post Compartilhar em outros sites
