Eиcrypted 0 Denunciar post Postado Fevereiro 1, 2010 Clico em desligar, mais não acontece nada, segue o log do hijackthis: Logfile of Trend Micro HijackThis v2.0.2Scan saved at 22:40:44, on 31/1/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Documents and Settings\All Users\Dados de aplicativos\kill.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe C:\Arquivos de programas\Orbitdownloader\orbitdm.exe C:\Arquivos de programas\Orbitdownloader\orbitnet.exe C:\WINDOWS\System32\svchost.exe C:\xampp\apache\bin\httpd.exe C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe C:\xampp\apache\bin\httpd.exe C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe C:\Arquivos de programas\McAfee\MSK\MskSrver.exe C:\xampp\mysql\bin\mysqld.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\iPod\bin\iPodService.exe C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe c:\ARQUIV~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Arquivos de programas\CCleaner\CCleaner.exe C:\Documents and Settings\Administrador\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.baixaki.com.br/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R3 - URLSearchHook: SHOUTcast Toolbar Search Class - {14f0d511-36a2-41ca-ae01-ba4f87282c97} - C:\Arquivos de programas\SHOUTcast Radio Toolbar\shoutcasttb.dll O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\ARQUIV~1\mcafee\msk\mskapbho.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Arquivos de programas\McAfee\VirusScan\scriptsn.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Arquivos de programas\Megaupload\Mega Manager\MegaIEMn.dll O2 - BHO: SHOUTcast Loader - {ccec60fc-2608-4e58-9659-3ffc159e8ea9} - C:\Arquivos de programas\SHOUTcast Radio Toolbar\shoutcasttb.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll O3 - Toolbar: SHOUTcast Radio Toolbar - {0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} - C:\Arquivos de programas\SHOUTcast Radio Toolbar\shoutcasttb.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sNPSTD2] C:\WINDOWS\vsnpstd2.exe O4 - HKLM\..\Run: [NokiaMServer] C:\Arquivos de programas\Arquivos comuns\Nokia\MPlatform\NokiaMServer /watchfiles startup O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Arquivos de programas\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:faststart O4 - HKLM\..\Run: [mcagent_exe] "C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [McENUI] C:\ARQUIV~1\McAfee\MHN\McENUI.exe /hide O4 - HKLM\..\Run: [Help] C:\WINDOWS\system32\Help.exe O4 - HKLM\..\Run: [kill.exe] C:\Documents and Settings\All Users\Dados de aplicativos\kill.exe O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Startup: SQLBACKUPZIP.lnk = C:\TEKLIFS\SQLBACKUPZIP.exe O4 - Global Startup: Help.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: &SHOUTcast Search - C:\Documents and Settings\All Users\Dados de aplicativos\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: Baixar Link Utiizando Gerenciador Mega... - C:\Arquivos de programas\Megaupload\Mega Manager\mm_file.htm O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{55B9FC3D-8E0D-4E23-9BB8-72A77C722F2B}: NameServer = 200.165.132.155,200.165.132.148 O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O23 - Service: McAfee Application Installer Cleanup (0238081264507318) (0238081264507318mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\023808~1.EXE (file missing) O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\httpd.exe O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing) O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2.exe O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Arquivos de programas\McAfee\MSK\MskSrver.exe O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld.exe O23 - Service: NMSAccessU - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe -- End of file - 13315 bytes Compartilhar este post Link para o post Compartilhar em outros sites
Sam Spade 2 Denunciar post Postado Fevereiro 1, 2010 Olá Eиcrypted! Baixe > '>http://www.linhadefensiva.org/dl/bankerfix"]BankerFix. Baixe também o Malwarebytes' Anti-Malware (MBAM) '>http://www.besttechie.net/tools/mbam-setup.exe"]neste link ou '>http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html"]neste aqui. Desative o seu anti vírus temporariamente, para não haver conflitos. Clique em OK na primeira e na segunda vez que aparecerem caixas de mensagem. Se você estiver executando o BankerFix pela segunda vez, ele irá pedir para verificar por uma atualização. Diga que Sim e depois clique em OK. Quando ele executar, aparecerá uma tela preta pedindo para que aperte qualquer tecla. Tecle Enter e espere ele terminar. Pode levar algum tempo. Ao terminar, leia a mensagem na tela e aperte Enter novamente. Atenção: não rode o BankerFix mais de uma vez, pois isso sobrescreverá o resultado e não se saberá se a remoção foi bem-sucedida. Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão. Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir. Se houver atualizações a serem feitas, serão baixadas e instaladas. Ao final da atualização, com o programa aberto, marque Verificação Rápida e clique no botão Verificar. Começará então o exame. Aguarde, pois pode demorar. Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório. Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover. Ao final da desinfecção, abrirá o Bloco de notas com um log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo) O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do programa. Habilite o seu anti vírus novamente. Selecione, copie e cole todo o conteúdo deste log na sua próxima resposta + o relatorio.txt do BankerFix que está em C:\LinhaDefensiva + um novo log do HijackThis. Habilite o seu anti vírus novamente. NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC. Compartilhar este post Link para o post Compartilhar em outros sites
Eиcrypted 0 Denunciar post Postado Fevereiro 1, 2010 Pronto amigo, segue os logs Malwarebytes Anti-Maware Malwarebytes' Anti-Malware 1.44Versão do banco de dados: 3671 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 1/2/2010 08:54:47 mbam-log-2010-02-01 (08-54-47).txt Tipo de Verificação: Rápida Objetos verificados: 112470 Tempo decorrido: 9 minute(s), 50 second(s) Processos da Memória infectados: 1 Módulos de Memória Infectados: 0 Chaves do Registro infectadas: 0 Valores do Registro infectados: 0 Ítens do Registro infectados: 0 Pastas infectadas: 0 Arquivos infectados: 2 Processos da Memória infectados: C:\WINDOWS\system32\help.exe (Backdoor.Bot) -> Unloaded process successfully. Módulos de Memória Infectados: (Nenhum ítem malicioso foi detectado) Chaves do Registro infectadas: (Nenhum ítem malicioso foi detectado) Valores do Registro infectados: (Nenhum ítem malicioso foi detectado) Ítens do Registro infectados: (Nenhum ítem malicioso foi detectado) Pastas infectadas: (Nenhum ítem malicioso foi detectado) Arquivos infectados: C:\WINDOWS\system32\help.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ProE.exe (Backdoor.Bot) -> Quarantined and deleted successfully. BankerFix BankerFix 3.1 VALKYRIE - Removedor de BankersLinha Defensiva | http://www.linhadefensiva.org http://www.linhadefensiva.org/bankerfix/ ------------------------------------------------------- Data: 2010-02-01 - 08:41 ------------------------------------------------------- Lista de Definição: 2010-01-14-1 | CORE: 2010-01-14-1 ======================================================= Arquivo infectado detectado: C:\WINDOWS\system32\aviso.bak Arquivo infectado removido com sucesso! Arquivo infectado detectado: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\help.exe Arquivo infectado removido com sucesso! ----- Fim ------------------------- HijackThis Logfile of Trend Micro HijackThis v2.0.2Scan saved at 09:04:45, on 1/2/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\RTHDCPL.EXE C:\Arquivos de programas\iTunes\iTunesHelper.exe C:\WINDOWS\vsnpstd2.exe C:\Arquivos de programas\Arquivos comuns\Nokia\MPlatform\NokiaMServer.exe C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe C:\Documents and Settings\All Users\Dados de aplicativos\kill.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe C:\Arquivos de programas\Orbitdownloader\orbitdm.exe C:\Arquivos de programas\Orbitdownloader\orbitnet.exe C:\WINDOWS\System32\svchost.exe C:\xampp\apache\bin\httpd.exe C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe C:\xampp\apache\bin\httpd.exe c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe C:\Arquivos de programas\McAfee\MSK\MskSrver.exe C:\xampp\mysql\bin\mysqld.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe C:\Arquivos de programas\iPod\bin\iPodService.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\System32\svchost.exe C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Documents and Settings\Administrador\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.baixaki.com.br/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R3 - URLSearchHook: SHOUTcast Toolbar Search Class - {14f0d511-36a2-41ca-ae01-ba4f87282c97} - C:\Arquivos de programas\SHOUTcast Radio Toolbar\shoutcasttb.dll O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\ARQUIV~1\mcafee\msk\mskapbho.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Arquivos de programas\McAfee\VirusScan\scriptsn.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Arquivos de programas\Megaupload\Mega Manager\MegaIEMn.dll O2 - BHO: SHOUTcast Loader - {ccec60fc-2608-4e58-9659-3ffc159e8ea9} - C:\Arquivos de programas\SHOUTcast Radio Toolbar\shoutcasttb.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll O3 - Toolbar: SHOUTcast Radio Toolbar - {0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} - C:\Arquivos de programas\SHOUTcast Radio Toolbar\shoutcasttb.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sNPSTD2] C:\WINDOWS\vsnpstd2.exe O4 - HKLM\..\Run: [NokiaMServer] C:\Arquivos de programas\Arquivos comuns\Nokia\MPlatform\NokiaMServer /watchfiles startup O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Arquivos de programas\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:faststart O4 - HKLM\..\Run: [mcagent_exe] "C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [McENUI] C:\ARQUIV~1\McAfee\MHN\McENUI.exe /hide O4 - HKLM\..\Run: [kill.exe] C:\Documents and Settings\All Users\Dados de aplicativos\kill.exe O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Startup: SQLBACKUPZIP.lnk = C:\TEKLIFS\SQLBACKUPZIP.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: &SHOUTcast Search - C:\Documents and Settings\All Users\Dados de aplicativos\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: Baixar Link Utiizando Gerenciador Mega... - C:\Arquivos de programas\Megaupload\Mega Manager\mm_file.htm O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{55B9FC3D-8E0D-4E23-9BB8-72A77C722F2B}: NameServer = 200.165.132.155,200.165.132.148 O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O23 - Service: McAfee Application Installer Cleanup (0238081264507318) (0238081264507318mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\023808~1.EXE (file missing) O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\httpd.exe O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing) O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2.exe O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Arquivos de programas\McAfee\MSK\MskSrver.exe O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld.exe O23 - Service: NMSAccessU - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe -- End of file - 13582 bytes Compartilhar este post Link para o post Compartilhar em outros sites
Sam Spade 2 Denunciar post Postado Fevereiro 2, 2010 Ok, baixe: ComboFix > salve na área de trabalho Desative seu antivirus, antispywares e firewall, para não causar conflitos. Mantenha-os desativados até terminar as instruções. Observe que isso significa que seus programas de proteção devem ser configurados para não inicializarem com o sistema. ATENÇÂO: Se o ComboFix detectar algum tipo de emulador de cd (Daemon Tools, Alcohol, etc), aparecerá um aviso de que o ComboFix precisa desabilitá-lo temporariamente. Dê o OK e o PC irá reiniciar. Dê um duplo-clique no combofix.exe e clique em Executar para prosseguir o Fix. Aguarde pois é um pouco demorado. O ComboFix reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, reinicie manualmente. Quando acabar, será gerado um log, que estará em C:\ComboFix.txt. IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Para parar ou sair do ComboFix, tecle "N". Anexe o ComboFix.txt à sua resposta conforme as instruções abaixohttp://linhadefensiva.org/forum/ind...p?showtopic=595 OBS: Não rode o ComboFix mais do que uma vez. Isso irá sobreescrever o log e dificultará a remoção do(s) malware(s) O ComboFix é uma ferramenta que pode danificar o sistema se for usada incorretamente. Use-o apenas sob supervisão de um analista de malwares. Compartilhar este post Link para o post Compartilhar em outros sites
Eиcrypted 0 Denunciar post Postado Fevereiro 2, 2010 Segue o log do ComboFix: ComboFix 10-02-01.02 - Administrador 01/02/2010 22:20:18.3.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2047.1401 [GMT -3:00] Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . (((((((((((((((( Arquivos/Ficheiros criados de 2010-01-02 to 2010-02-02 )))))))))))))))))))))))))))) . 2010-02-01 22:09 . 2010-02-01 22:09 -------- d-----w- c:\arquivos de programas\MP3SPLITTER 2010-01-30 14:32 . 2010-01-30 14:32 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\RoboForm 2010-01-30 14:32 . 2010-01-30 14:32 -------- d-----w- c:\arquivos de programas\Siber Systems 2010-01-29 00:48 . 2010-01-29 00:48 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Canneverbe_Limited 2010-01-29 00:48 . 2010-01-29 00:48 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Canneverbe Limited 2010-01-29 00:48 . 2009-11-12 16:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys 2010-01-29 00:48 . 2010-01-29 00:48 -------- d-----w- c:\arquivos de programas\CDBurnerXP 2010-01-28 08:58 . 2008-05-09 10:55 180224 ------w- c:\windows\system32\dllcache\scrobj.dll 2010-01-28 08:58 . 2008-05-09 10:55 90112 ------w- c:\windows\system32\dllcache\wshext.dll 2010-01-28 08:58 . 2008-05-09 10:55 172032 ------w- c:\windows\system32\dllcache\scrrun.dll 2010-01-28 08:58 . 2008-05-09 08:45 135168 ------w- c:\windows\system32\dllcache\cscript.exe 2010-01-28 08:58 . 2008-05-08 11:24 155648 ------w- c:\windows\system32\dllcache\wscript.exe 2010-01-27 10:19 . 2010-01-27 10:19 -------- d-----w- c:\windows\l2schemas 2010-01-27 10:19 . 2010-01-27 10:19 -------- d-----w- c:\windows\system32\bits 2010-01-27 10:12 . 2010-01-27 10:20 -------- d-----w- c:\windows\EHome 2010-01-26 23:45 . 2010-01-27 00:25 -------- d-----w- c:\arquivos de programas\Journal Macro 2010-01-26 15:14 . 2010-01-28 13:56 -------- d-----w- c:\arquivos de programas\Steam 2010-01-26 00:10 . 2010-01-26 00:10 -------- d-----w- c:\arquivos de programas\PhotoZoom Pro 3 2010-01-25 02:54 . 2004-08-04 01:29 25471 ------w- c:\windows\system32\drivers\watv10nt.sys 2010-01-25 02:54 . 2004-08-04 01:29 22271 ------w- c:\windows\system32\drivers\watv06nt.sys 2010-01-25 02:54 . 2004-08-04 01:29 11935 ------w- c:\windows\system32\drivers\wadv11nt.sys 2010-01-25 02:54 . 2004-08-04 01:29 11871 ------w- c:\windows\system32\drivers\wadv09nt.sys 2010-01-25 02:54 . 2004-08-04 01:29 11807 ------w- c:\windows\system32\drivers\wadv07nt.sys 2010-01-25 02:54 . 2004-08-04 01:29 11295 ------w- c:\windows\system32\drivers\wadv08nt.sys 2010-01-25 02:54 . 2004-08-04 01:29 166912 ------w- c:\windows\system32\drivers\s3gnbm.sys 2010-01-25 02:54 . 2004-08-04 01:29 452736 ------w- c:\windows\system32\drivers\mtxparhm.sys 2010-01-25 02:14 . 2010-01-26 11:56 -------- d-----w- c:\documents and settings\LocalService\Dados de aplicativos\SACore 2010-01-25 02:13 . 2010-01-25 02:13 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2010-01-25 02:00 . 2010-01-25 02:00 -------- d-----w- c:\windows\system32\KB905474 2010-01-25 02:00 . 2009-03-11 01:26 1434496 ----a-w- c:\windows\system32\KB905474\wganotifypackageinner.exe 2010-01-25 02:00 . 2009-03-11 01:18 454536 ----a-w- c:\windows\system32\KB905474\wgasetup.exe 2010-01-25 01:46 . 2010-01-27 10:16 -------- d-----w- c:\windows\ServicePackFiles 2010-01-25 01:45 . 2010-01-25 02:04 -------- d-----w- c:\windows\ie8updates 2010-01-25 01:44 . 2010-01-25 01:44 -------- d-----w- c:\arquivos de programas\MSXML 4.0 2010-01-25 01:38 . 2010-01-25 01:38 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SiteAdvisor 2010-01-25 01:38 . 2010-01-25 01:38 -------- d-----w- c:\arquivos de programas\SiteAdvisor 2010-01-25 01:35 . 2009-11-04 19:54 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2010-01-25 01:35 . 2009-11-04 19:54 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys 2010-01-25 01:35 . 2009-11-04 19:54 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2010-01-25 01:35 . 2009-07-16 15:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys 2010-01-25 01:34 . 2010-01-25 01:35 -------- d-----w- c:\arquivos de programas\Arquivos comuns\McAfee 2010-01-25 01:34 . 2010-01-25 01:34 -------- d-----w- c:\arquivos de programas\McAfee.com 2010-01-25 01:34 . 2010-01-26 12:00 -------- d-----w- c:\arquivos de programas\McAfee 2010-01-25 01:32 . 2009-11-04 19:53 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys 2010-01-25 00:45 . 2010-01-25 11:16 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\McAfee 2010-01-24 23:12 . 2010-01-24 23:18 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\GetRightToGo 2010-01-24 22:59 . 2009-12-21 19:07 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll 2010-01-24 22:59 . 2009-12-21 19:07 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll 2010-01-24 22:59 . 2009-12-21 19:07 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll 2010-01-24 22:59 . 2009-12-21 19:07 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll 2010-01-24 22:59 . 2009-12-21 19:08 12800 ------w- c:\windows\system32\dllcache\xpshims.dll 2010-01-24 22:59 . 2009-12-21 19:07 11070464 ------w- c:\windows\system32\dllcache\ieframe.dll 2010-01-24 22:55 . 2008-12-11 10:57 333952 ------w- c:\windows\system32\dllcache\srv.sys 2010-01-24 22:53 . 2008-06-14 17:34 272384 ------w- c:\windows\system32\dllcache\bthport.sys 2010-01-24 22:53 . 2008-06-14 17:34 272384 ------w- c:\windows\system32\drivers\bthport.sys 2010-01-24 22:46 . 2009-10-15 16:32 81920 ------w- c:\windows\system32\dllcache\fontsub.dll 2010-01-24 22:46 . 2009-10-15 16:32 119808 ------w- c:\windows\system32\dllcache\t2embed.dll 2010-01-24 22:44 . 2009-06-21 21:48 153088 ------w- c:\windows\system32\dllcache\triedit.dll 2010-01-24 22:37 . 2009-11-21 15:58 471552 ------w- c:\windows\system32\dllcache\aclayers.dll 2010-01-24 22:25 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys 2010-01-24 22:24 . 2008-10-24 11:21 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys 2010-01-24 22:24 . 2008-05-01 14:36 331776 ------w- c:\windows\system32\dllcache\msadce.dll 2010-01-24 22:24 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll 2010-01-24 22:22 . 2008-04-11 19:05 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll 2010-01-24 22:20 . 2009-06-10 12:21 2066432 ------w- c:\windows\system32\dllcache\mstscax.dll 2010-01-24 22:18 . 2008-10-15 16:36 337408 ------w- c:\windows\system32\dllcache\netapi32.dll 2010-01-24 22:18 . 2009-07-31 04:33 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll 2010-01-22 01:06 . 2010-01-30 18:21 -------- d-----w- C:\Hotspot Shield 2010-01-21 15:51 . 2010-01-21 15:51 -------- d-----w- c:\arquivos de programas\Caseiro 2010-01-21 15:50 . 2010-01-21 15:50 249856 ------w- c:\windows\Setup1.exe 2010-01-21 15:50 . 2010-01-21 15:50 73216 ----a-w- c:\windows\ST6UNST.EXE 2010-01-20 16:15 . 2010-01-20 16:16 -------- d-----w- c:\arquivos de programas\rita 2010-01-13 16:43 . 2010-01-13 16:43 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2010-01-08 23:42 . 2010-01-08 23:42 32768 ----a-w- c:\windows\system32\drivers\taphss.sys 2010-01-08 19:52 . 2010-01-26 00:45 -------- d-----w- C:\Server_ 2010-01-08 18:34 . 2010-01-08 18:35 -------- d-----w- c:\arquivos de programas\Paint.NET 2010-01-08 18:32 . 2010-01-08 18:32 -------- d-----w- c:\documents and settings\Administrador\.thumbnails 2010-01-08 18:30 . 2010-01-08 18:33 -------- d-----w- c:\documents and settings\Administrador\.gimp-2.6 2010-01-07 22:50 . 2010-01-07 22:52 -------- d-----w- c:\windows\system32\Adobe 2010-01-07 17:25 . 2010-01-07 17:25 -------- d-sh--w- c:\documents and settings\Administrador\PrivacIE 2010-01-07 17:20 . 2010-01-07 17:20 -------- d-sh--w- c:\documents and settings\Administrador\IETldCache 2010-01-07 16:45 . 2010-01-27 10:19 -------- d-----w- c:\windows\system32\pt-BR 2010-01-07 16:45 . 2010-01-07 16:46 -------- dc-h--w- c:\windows\ie8 2010-01-07 16:36 . 2010-01-28 10:51 -------- d--h--w- c:\windows\$hf_mig$ 2010-01-07 04:43 . 2010-01-07 04:47 -------- d-----w- c:\arquivos de programas\SQL Server Backup 8 2010-01-07 04:01 . 2010-02-01 11:57 -------- d--h--w- c:\windows\PIF 2010-01-06 05:12 . 2010-01-06 05:12 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SqlBackupAndFtp 2010-01-06 04:50 . 2010-01-20 11:54 -------- d-----w- C:\Backups 2010-01-06 04:34 . 2010-01-14 21:43 -------- d-----w- c:\arquivos de programas\Cobian Backup 9 2010-01-05 23:04 . 2010-01-05 23:04 664 ----a-w- c:\windows\system32\d3d9caps.dat . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-02 01:16 . 2009-12-03 04:39 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Orbit 2010-02-02 00:58 . 2009-12-20 04:35 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Akamai 2010-02-01 20:05 . 2009-12-22 15:05 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Nokia 2010-02-01 20:03 . 2010-02-01 20:03 -------- d-----w- c:\arquivos de programas\Arquivos comuns\PCSuite 2010-02-01 20:03 . 2009-12-22 15:01 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Nokia 2010-02-01 20:03 . 2009-12-22 14:59 -------- d-----w- c:\arquivos de programas\Nokia 2010-02-01 19:56 . 2010-02-01 19:56 36864 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\Sleep.exe 2010-02-01 19:56 . 2010-02-01 19:56 3351812 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\msxml6Exec.exe 2010-02-01 19:56 . 2010-02-01 19:56 3203453 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\vcredistExec.exe 2010-02-01 19:55 . 2009-12-23 22:54 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Installations 2010-02-01 11:28 . 2010-02-01 11:28 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Malwarebytes 2010-02-01 11:28 . 2010-02-01 11:28 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware 2010-02-01 11:28 . 2010-02-01 11:28 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes 2010-02-01 00:24 . 2009-12-03 11:19 -------- d-----w- c:\arquivos de programas\Radix Priston Tale 2010-01-31 18:02 . 2010-01-31 18:02 2558976 --sh--w- c:\windows\system32\kill.exe 2010-01-31 18:01 . 2010-01-31 18:01 1127936 ----a-w- c:\windows\system32\auto_msn.exe 2010-01-28 02:19 . 2009-12-12 23:13 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Apple Computer 2010-01-26 13:15 . 2010-01-26 13:15 -------- d-----w- c:\arquivos de programas\microsoft frontpage 2010-01-25 02:03 . 2001-10-28 14:07 98700 ----a-w- c:\windows\system32\perfc016.dat 2010-01-25 02:03 . 2001-10-28 14:07 520636 ----a-w- c:\windows\system32\perfh016.dat 2010-01-24 19:51 . 2009-12-10 01:11 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\FileZilla 2010-01-22 02:40 . 2009-12-28 05:17 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\uTorrent 2010-01-20 22:44 . 2009-12-03 04:39 -------- d-----w- c:\arquivos de programas\Orbitdownloader 2010-01-16 21:29 . 2009-12-03 18:17 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus! 2010-01-16 20:55 . 2009-12-03 13:01 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live 2010-01-08 18:01 . 2009-12-09 17:22 -------- d-----w- c:\arquivos de programas\Google 2010-01-08 17:56 . 2009-12-19 05:29 -------- d-----w- c:\arquivos de programas\ss 2010-01-07 20:41 . 2010-01-07 20:41 1329717 ----a-w- c:\arquivos de programas\richeia.PNG 2010-01-07 19:07 . 2010-02-01 11:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-07 19:07 . 2010-02-01 11:28 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-06 18:02 . 2009-12-05 19:36 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\FLEXnet 2010-01-03 05:24 . 2009-12-21 17:48 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Skype 2010-01-03 03:30 . 2009-12-21 17:49 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\skypePM 2010-01-01 19:06 . 2010-01-01 19:05 1407955 ----atw- c:\arquivos de programas\DSC01087.JPG 2010-01-01 18:39 . 2010-01-01 18:35 1497477 ----atw- c:\arquivos de programas\DSC01067.JPG 2010-01-01 18:39 . 2010-01-01 18:35 1368014 ----atw- c:\arquivos de programas\DSC01069.JPG 2010-01-01 18:39 . 2010-01-01 18:35 1413153 ----atw- c:\arquivos de programas\DSC01068.JPG 2010-01-01 18:38 . 2010-01-01 18:35 959701 ----atw- c:\arquivos de programas\DSC01069 cópia.jpg 2010-01-01 00:43 . 2010-01-01 00:43 -------- d-----w- c:\arquivos de programas\ZaraSoft 2009-12-30 02:33 . 2009-12-30 02:33 -------- d-----w- c:\arquivos de programas\SpacialAudio 2009-12-30 02:33 . 2009-12-30 02:33 -------- d-----w- c:\arquivos de programas\Firebird 2009-12-30 02:17 . 2009-12-30 02:17 -------- d-----w- c:\arquivos de programas\SHOUTcast Radio Toolbar 2009-12-30 02:17 . 2009-12-30 02:17 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SHOUTcast Radio Toolbar 2009-12-30 02:16 . 2009-12-30 02:16 -------- d-----w- c:\arquivos de programas\Winamp Detect 2009-12-29 19:13 . 2009-12-29 18:15 5 ----a-w- c:\windows\system32\SySMP3CutJoin.dat 2009-12-29 18:15 . 2009-12-29 18:15 -------- d-----w- c:\arquivos de programas\AudioToolsFactory 2009-12-29 18:11 . 2009-12-29 18:11 -------- d-----w- c:\arquivos de programas\MP3JOINER 2009-12-29 17:09 . 2009-12-29 17:09 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\HP 2009-12-28 05:19 . 2009-12-28 05:19 -------- d-----w- c:\arquivos de programas\uTorrent 2009-12-24 16:02 . 2009-12-24 15:27 -------- d-----w- c:\arquivos de programas\Your Freedom 2009-12-24 15:58 . 2009-12-24 15:58 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\ProxyCap 2009-12-24 15:31 . 2009-12-24 15:31 -------- d-----w- c:\arquivos de programas\Proxy Labs 2009-12-24 15:14 . 2009-12-24 14:50 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NexonUS 2009-12-24 15:14 . 2009-12-24 15:14 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Nexon 2009-12-24 14:50 . 2009-12-24 14:50 90112 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\npNxGameUS.dll 2009-12-24 14:50 . 2009-12-24 14:50 561152 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\NGMDll.dll 2009-12-24 14:50 . 2009-12-24 14:50 393216 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\NGMResource.dll 2009-12-24 14:50 . 2009-12-24 14:50 258352 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\unicows.dll 2009-12-24 14:50 . 2009-12-24 14:50 118784 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\nxgameus.dll 2009-12-24 14:50 . 2009-12-24 14:50 167936 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\NGM.exe 2009-12-23 23:39 . 2009-12-23 23:39 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Nseries 2009-12-23 23:18 . 2009-12-22 15:12 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\PC Suite 2009-12-23 23:17 . 2009-12-23 23:17 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf 2009-12-23 22:56 . 2009-12-23 22:56 -------- d-----w- c:\arquivos de programas\PC Connectivity Solution 2009-12-23 22:55 . 2009-12-23 22:55 95232 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe 2009-12-23 22:55 . 2009-12-23 22:55 8192 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe 2009-12-23 22:55 . 2009-12-23 22:55 61440 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe 2009-12-23 22:55 . 2009-12-23 22:55 10240 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe 2009-12-23 22:45 . 2009-12-23 22:45 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Nokia 2009-12-23 18:02 . 2009-12-23 18:02 -------- d-----w- c:\arquivos de programas\LogMeIn Hamachi 2009-12-23 14:21 . 2009-12-23 14:21 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf 2009-12-23 14:21 . 2009-12-23 14:21 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf 2009-12-22 15:35 . 2009-12-22 14:59 -------- d-----w- c:\arquivos de programas\DIFX 2009-12-22 15:20 . 2009-12-22 15:19 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\PC Suite 2009-12-22 15:19 . 2009-12-22 15:19 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf 2009-12-22 15:19 . 2009-12-22 15:19 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2009-12-22 15:03 . 2009-12-22 15:03 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NokiaMusic 2009-12-22 15:03 . 2009-12-22 15:02 -------- d-----w- c:\arquivos de programas\Arquivos comuns\muvee Technologies 2009-12-22 14:53 . 2009-12-22 14:53 -------- d-----w- c:\arquivos de programas\MSBuild 2009-12-22 14:53 . 2009-12-22 14:53 -------- d-----w- c:\arquivos de programas\Reference Assemblies 2009-12-22 14:50 . 2009-12-22 14:50 -------- d-----w- c:\arquivos de programas\MSXML 6.0 2009-12-21 19:08 . 2004-08-04 02:45 916480 ------w- c:\windows\system32\wininet.dll 2009-12-21 17:48 . 2009-12-21 17:47 -------- d-----r- c:\arquivos de programas\Skype 2009-12-21 17:47 . 2009-12-21 17:47 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Skype 2009-12-21 17:47 . 2009-12-21 17:47 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Skype 2009-12-20 12:20 . 2009-12-05 10:05 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe 2009-12-19 18:36 . 2009-12-19 18:36 33824 ----a-w- c:\windows\system32\drivers\oreans32.sys 2009-12-19 18:23 . 2009-12-19 18:23 -------- d-----w- c:\arquivos de programas\MU Season 4 2009-12-19 05:10 . 2009-12-18 03:06 -------- d-----w- c:\arquivos de programas\KYE 2009-12-19 05:10 . 2009-12-19 05:10 -------- d-----w- c:\arquivos de programas\Arquivos comuns\snpstd2 2009-12-19 05:09 . 2009-12-03 03:19 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information 2009-12-17 03:09 . 2009-12-17 03:08 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack 2009-12-17 02:56 . 2009-12-17 02:56 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Media Player Classic 2009-12-17 01:55 . 2009-12-17 01:55 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Megaupload 2009-12-17 01:51 . 2009-12-17 01:51 -------- d-----w- c:\arquivos de programas\Megaupload 2009-12-17 01:51 . 2009-12-17 01:51 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\InstallShield 2009-12-13 21:57 . 2009-12-13 21:57 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help 2009-12-13 21:54 . 2009-12-09 14:52 -------- d-----w- c:\arquivos de programas\Microsoft.NET 2009-12-13 21:54 . 2009-12-13 21:52 -------- d-----w- c:\arquivos de programas\Microsoft SQL Server 2009-12-13 05:38 . 2009-12-12 23:10 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple . ((((((((((((((((((((((((((((( SnapShot@2010-02-01_23.46.39 ))))))))))))))))))))))))))))))))))))))))) . + 2009-12-03 04:38 . 2010-02-02 00:21 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe - 2010-01-26 16:29 . 2010-02-01 19:19 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2010-02-02 00:18 . 2010-02-02 00:18 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat - 2010-01-25 02:13 . 2010-02-01 19:19 16384 c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat + 2010-01-25 02:13 . 2010-02-02 00:18 16384 c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat + 2009-10-28 03:40 . 2009-10-28 03:40 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe - 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe + 2009-10-28 03:40 . 2009-10-28 03:40 3885984 c:\windows\system32\Macromed\Flash\NPSWF32.dll . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{14f0d511-36a2-41ca-ae01-ba4f87282c97}"= "c:\arquivos de programas\SHOUTcast Radio Toolbar\shoutcasttb.dll" [2008-09-17 1275176] [HKEY_CLASSES_ROOT\clsid\{14f0d511-36a2-41ca-ae01-ba4f87282c97}] [HKEY_CLASSES_ROOT\SHOUTcastTb.AOLTBSearch.1] [HKEY_CLASSES_ROOT\TypeLib\{8613efdf-b530-4b1d-b970-b09f99977813}] [HKEY_CLASSES_ROOT\SHOUTcastTb.AOLTBSearch] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" [2008-04-14 1695232] "PC Suite Tray"="c:\arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NokiaMServer"="c:\arquivos de programas\Arquivos comuns\Nokia\MPlatform\NokiaMServer" [X] "HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-20 110184] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-20 12669544] "RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464] "AdobeCS4ServiceManager"="c:\arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "QuickTime Task"="c:\arquivos de programas\QuickTime\QTTask.exe" [2009-09-05 417792] "iTunesHelper"="c:\arquivos de programas\iTunes\iTunesHelper.exe" [2009-10-28 141600] "Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-06-10 286720] "NokiaMusic FastStart"="c:\arquivos de programas\Nokia\Ovi Player\NokiaOviPlayer.exe" [2009-11-06 2090272] "mcagent_exe"="c:\arquivos de programas\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008] "McENUI"="c:\arquiv~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "WIAWizardMenu"="c:\windows\system32\sti_ci.dll" [2008-04-14 137216] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2009-03-08 128512] c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\ HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520] Orbit.lnk - c:\arquivos de programas\Orbitdownloader\orbitdm.exe [2009-12-3 1785104] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) "NoResolveTrack"= 1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^SQLBACKUPZIP.lnk] path=c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\SQLBACKUPZIP.lnk backup=c:\windows\pss\SQLBACKUPZIP.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"= "c:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"= "c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\xampp\\apache\\bin\\httpd.exe"= "c:\\Arquivos de programas\\Arquivos comuns\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Arquivos de programas\\TeamViewer\\Version5\\TeamViewer.exe"= "c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"= "c:\\Arquivos de programas\\iTunes\\iTunes.exe"= "c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\xampp\\mysql\\bin\\mysqld.exe"= "c:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"= "c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe "c:\\Nexon\\Combat Arms\\NMService.exe"= "c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"= "c:\\Server\\servidorpt.exe"= "c:\\Server\\Serverteste.exe"= "c:\\Nexon\\Combat Arms\\Engine.exe"= "c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"= "c:\\Arquivos de programas\\SpacialAudio\\SAMBC\\SAMBC.exe"= "c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"= "c:\\Server\\Server Radix PT.exe"= "c:\\Server\\Itens sem replace.exe"= "c:\\Arquivos de programas\\LiveZilla\\LiveZilla Server Admin.exe"= "c:\\Arquivos de programas\\Arquivos comuns\\McAfee\\MNA\\McNASvc.exe"= "c:\\Arquivos de programas\\Steam\\Steam.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [3/8/2004 23:45 14336] R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [9/12/2008 20:10 24636] R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\arquivos de programas\LogMeIn Hamachi\hamachi-2.exe [29/10/2009 12:27 1074568] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\arquivos de programas\McAfee\SiteAdvisor\McSACore.exe [24/1/2010 22:37 93320] S2 0238081264507318mcinstcleanup;McAfee Application Installer Cleanup (0238081264507318);c:\windows\TEMP\023808~1.EXE c:\arquiv~1\ARQUIV~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\023808~1.EXE c:\arquiv~1\ARQUIV~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?] S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe -s DefaultInstance --> c:\arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe -s DefaultInstance [?] S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance --> c:\arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance [?] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [23/12/2009 19:56 136704] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [23/12/2009 19:56 8320] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc Akamai REG_MULTI_SZ Akamai . Conteúdo da pasta 'Tarefas Agendadas' 2010-01-22 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34] 2010-01-25 c:\windows\Tasks\McDefragTask.job - c:\arquiv~1\mcafee\mqc\QcConsol.exe [2010-01-25 15:22] 2010-01-25 c:\windows\Tasks\McQcTask.job - c:\arquiv~1\mcafee\mqc\QcConsol.exe [2010-01-25 15:22] 2010-02-01 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2010-01-25 01:18] . . ------- Scan Suplementar ------- . uStart Page = about:blank uInternet Connection Wizard,ShellNext = hxxp://www.baixaki.com.br/ uInternet Settings,ProxyOverride = local IE: &Download by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204 IE: &SHOUTcast Search - c:\documents and settings\All Users\Dados de aplicativos\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html IE: Baixar Link Utiizando Gerenciador Mega... - c:\arquivos de programas\Megaupload\Mega Manager\mm_file.htm IE: Do&wnload selected by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202 IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: {55B9FC3D-8E0D-4E23-9BB8-72A77C722F2B} = 200.165.132.155,200.165.132.148 FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\x0ye2gvo.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-chromesbox-en-us&query= FF - prefs.js: browser.search.selectedEngine - Winamp Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-ab-en-us&query= FF - component: c:\arquivos de programas\McAfee\SiteAdvisor\components\McFFPlg.dll FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - component: c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\x0ye2gvo.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npwachk.dll FF - plugin: c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\npNxGameUS.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-01 22:25 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'explorer.exe'(5348) c:\windows\system32\WININET.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Tempo para conclusão: 2010-02-01 22:30:36 ComboFix-quarantined-files.txt 2010-02-02 01:30 ComboFix2.txt 2010-02-01 23:48 ComboFix3.txt 2010-01-26 13:23 Pré-execução: 22 pasta(s) 93.008.572.416 bytes disponíveis Pós execução: 23 pasta(s) 93.000.261.632 bytes disponíveis - - End Of File - - B42DB7534F92B3C77AFAD5B3EF2AF2C5 Compartilhar este post Link para o post Compartilhar em outros sites
Sam Spade 2 Denunciar post Postado Fevereiro 4, 2010 Sabe o que é isso? 2010-01-01 19:06 . 2010-01-01 19:05 1407955 ----atw- c:\arquivos de programas\DSC01087.JPG 2010-01-01 18:39 . 2010-01-01 18:35 1497477 ----atw- c:\arquivos de programas\DSC01067.JPG Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Março 4, 2010 Tópico Arquivado Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado. Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura. Compartilhar este post Link para o post Compartilhar em outros sites