[Arquivado] Computador não desliga

[Eиcrypted 0]

Clico em desligar, mais não acontece nada, segue o log do hijackthis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:40:44, on 31/1/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Documents and Settings\All Users\Dados de aplicativos\kill.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\WINDOWS\System32\svchost.exe

C:\xampp\apache\bin\httpd.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe

C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe

C:\xampp\apache\bin\httpd.exe

C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe

c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe

c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe

C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe

C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe

C:\Arquivos de programas\McAfee\MSK\MskSrver.exe

C:\xampp\mysql\bin\mysqld.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe

c:\ARQUIV~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\CCleaner\CCleaner.exe

C:\Documents and Settings\Administrador\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.baixaki.com.br/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R3 - URLSearchHook: SHOUTcast Toolbar Search Class - {14f0d511-36a2-41ca-ae01-ba4f87282c97} - C:\Arquivos de programas\SHOUTcast Radio Toolbar\shoutcasttb.dll

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\ARQUIV~1\mcafee\msk\mskapbho.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Arquivos de programas\McAfee\VirusScan\scriptsn.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Arquivos de programas\Megaupload\Mega Manager\MegaIEMn.dll

O2 - BHO: SHOUTcast Loader - {ccec60fc-2608-4e58-9659-3ffc159e8ea9} - C:\Arquivos de programas\SHOUTcast Radio Toolbar\shoutcasttb.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: SHOUTcast Radio Toolbar - {0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} - C:\Arquivos de programas\SHOUTcast Radio Toolbar\shoutcasttb.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sNPSTD2] C:\WINDOWS\vsnpstd2.exe

O4 - HKLM\..\Run: [NokiaMServer] C:\Arquivos de programas\Arquivos comuns\Nokia\MPlatform\NokiaMServer /watchfiles startup

O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Arquivos de programas\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:faststart

O4 - HKLM\..\Run: [mcagent_exe] "C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [McENUI] C:\ARQUIV~1\McAfee\MHN\McENUI.exe /hide

O4 - HKLM\..\Run: [Help] C:\WINDOWS\system32\Help.exe

O4 - HKLM\..\Run: [kill.exe] C:\Documents and Settings\All Users\Dados de aplicativos\kill.exe

O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Startup: SQLBACKUPZIP.lnk = C:\TEKLIFS\SQLBACKUPZIP.exe

O4 - Global Startup: Help.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: &SHOUTcast Search - C:\Documents and Settings\All Users\Dados de aplicativos\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: Baixar Link Utiizando Gerenciador Mega... - C:\Arquivos de programas\Megaupload\Mega Manager\mm_file.htm

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{55B9FC3D-8E0D-4E23-9BB8-72A77C722F2B}: NameServer = 200.165.132.155,200.165.132.148

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: McAfee Application Installer Cleanup (0238081264507318) (0238081264507318mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\023808~1.EXE (file missing)

O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\httpd.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Arquivos de programas\McAfee\MSK\MskSrver.exe

O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 13315 bytes

[Sam Spade 2]

Olá Eиcrypted! Baixe > '>http://www.linhadefensiva.org/dl/bankerfix"]BankerFix. Baixe também o Malwarebytes' Anti-Malware (MBAM) '>http://www.besttechie.net/tools/mbam-setup.exe"]neste link ou '>http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html"]neste aqui.

 

Desative o seu anti vírus temporariamente, para não haver conflitos.

 

Clique em OK na primeira e na segunda vez que aparecerem caixas de mensagem. Se você estiver executando o BankerFix pela segunda vez, ele irá pedir para verificar por uma atualização. Diga que Sim e depois clique em OK.

 

Quando ele executar, aparecerá uma tela preta pedindo para que aperte qualquer tecla. Tecle Enter e espere ele terminar. Pode levar algum tempo.

 

Ao terminar, leia a mensagem na tela e aperte Enter novamente.

 

Atenção: não rode o BankerFix mais de uma vez, pois isso sobrescreverá o resultado e não se saberá se a remoção foi bem-sucedida.

 

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.

 

• Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.
  
• Se houver atualizações a serem feitas, serão baixadas e instaladas.
  
• Ao final da atualização, com o programa aberto, marque Verificação Rápida e clique no botão Verificar.
  
• Começará então o exame. Aguarde, pois pode demorar.
  
• Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.
  
• Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.
  
• Ao final da desinfecção, abrirá o Bloco de notas com um log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
  
• O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do programa.
  
• Habilite o seu anti vírus novamente.
  
• Selecione, copie e cole todo o conteúdo deste log na sua próxima resposta + o relatorio.txt do BankerFix que está em C:\LinhaDefensiva + um novo log do HijackThis.
  
• Habilite o seu anti vírus novamente.
  

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

[Eиcrypted 0]

Pronto amigo, segue os logs

 

Malwarebytes Anti-Maware

 

Malwarebytes' Anti-Malware 1.44

Versão do banco de dados: 3671

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

1/2/2010 08:54:47

mbam-log-2010-02-01 (08-54-47).txt

 

Tipo de Verificação: Rápida

Objetos verificados: 112470

Tempo decorrido: 9 minute(s), 50 second(s)

 

Processos da Memória infectados: 1

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 2

 

Processos da Memória infectados:

C:\WINDOWS\system32\help.exe (Backdoor.Bot) -> Unloaded process successfully.

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

C:\WINDOWS\system32\help.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ProE.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

 

BankerFix

 

BankerFix 3.1 VALKYRIE - Removedor de Bankers

Linha Defensiva | http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

-------------------------------------------------------

Data: 2010-02-01 - 08:41

-------------------------------------------------------

Lista de Definição: 2010-01-14-1 | CORE: 2010-01-14-1

=======================================================

 

Arquivo infectado detectado: C:\WINDOWS\system32\aviso.bak

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\help.exe

Arquivo infectado removido com sucesso!

 

 

 

----- Fim -------------------------

 

 

HijackThis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:04:45, on 1/2/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\WINDOWS\vsnpstd2.exe

C:\Arquivos de programas\Arquivos comuns\Nokia\MPlatform\NokiaMServer.exe

C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe

C:\Documents and Settings\All Users\Dados de aplicativos\kill.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\WINDOWS\System32\svchost.exe

C:\xampp\apache\bin\httpd.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe

C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe

C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe

C:\xampp\apache\bin\httpd.exe

c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe

c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe

C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe

C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe

C:\Arquivos de programas\McAfee\MSK\MskSrver.exe

C:\xampp\mysql\bin\mysqld.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\System32\svchost.exe

C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Administrador\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.baixaki.com.br/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R3 - URLSearchHook: SHOUTcast Toolbar Search Class - {14f0d511-36a2-41ca-ae01-ba4f87282c97} - C:\Arquivos de programas\SHOUTcast Radio Toolbar\shoutcasttb.dll

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\ARQUIV~1\mcafee\msk\mskapbho.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Arquivos de programas\McAfee\VirusScan\scriptsn.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Arquivos de programas\Megaupload\Mega Manager\MegaIEMn.dll

O2 - BHO: SHOUTcast Loader - {ccec60fc-2608-4e58-9659-3ffc159e8ea9} - C:\Arquivos de programas\SHOUTcast Radio Toolbar\shoutcasttb.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: SHOUTcast Radio Toolbar - {0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} - C:\Arquivos de programas\SHOUTcast Radio Toolbar\shoutcasttb.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sNPSTD2] C:\WINDOWS\vsnpstd2.exe

O4 - HKLM\..\Run: [NokiaMServer] C:\Arquivos de programas\Arquivos comuns\Nokia\MPlatform\NokiaMServer /watchfiles startup

O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Arquivos de programas\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:faststart

O4 - HKLM\..\Run: [mcagent_exe] "C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [McENUI] C:\ARQUIV~1\McAfee\MHN\McENUI.exe /hide

O4 - HKLM\..\Run: [kill.exe] C:\Documents and Settings\All Users\Dados de aplicativos\kill.exe

O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Startup: SQLBACKUPZIP.lnk = C:\TEKLIFS\SQLBACKUPZIP.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: &SHOUTcast Search - C:\Documents and Settings\All Users\Dados de aplicativos\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: Baixar Link Utiizando Gerenciador Mega... - C:\Arquivos de programas\Megaupload\Mega Manager\mm_file.htm

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{55B9FC3D-8E0D-4E23-9BB8-72A77C722F2B}: NameServer = 200.165.132.155,200.165.132.148

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: McAfee Application Installer Cleanup (0238081264507318) (0238081264507318mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\023808~1.EXE (file missing)

O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\httpd.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Arquivos de programas\McAfee\MSK\MskSrver.exe

O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 13582 bytes

[Sam Spade 2]

Ok, baixe: ComboFix > salve na área de trabalho

• Desative seu antivirus, antispywares e firewall, para não causar conflitos. Mantenha-os desativados até terminar as instruções. Observe que isso significa que seus programas de proteção devem ser configurados para não inicializarem com o sistema.
  
• ATENÇÂO: Se o ComboFix detectar algum tipo de emulador de cd (Daemon Tools, Alcohol, etc), aparecerá um aviso de que o ComboFix precisa desabilitá-lo temporariamente. Dê o OK e o PC irá reiniciar.
  
  
• Dê um duplo-clique no combofix.exe e clique em Executar para prosseguir o Fix. Aguarde pois é um pouco demorado.
  
• O ComboFix reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, reinicie manualmente.
  
• Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.
  
• IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Para parar ou sair do ComboFix, tecle "N".
  
• Anexe o ComboFix.txt à sua resposta conforme as instruções abaixo
  http://linhadefensiva.org/forum/ind...p?showtopic=595
   
  OBS: Não rode o ComboFix mais do que uma vez. Isso irá sobreescrever o log e dificultará a remoção do(s) malware(s)
  

O ComboFix é uma ferramenta que pode danificar o sistema se for usada incorretamente. Use-o apenas sob supervisão de um analista de malwares.

[Eиcrypted 0]

Segue o log do ComboFix:

 

ComboFix 10-02-01.02 - Administrador 01/02/2010 22:20:18.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2047.1401 [GMT -3:00]

Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2010-01-02 to 2010-02-02 ))))))))))))))))))))))))))))

.

 

2010-02-01 22:09 . 2010-02-01 22:09 -------- d-----w- c:\arquivos de programas\MP3SPLITTER

2010-01-30 14:32 . 2010-01-30 14:32 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\RoboForm

2010-01-30 14:32 . 2010-01-30 14:32 -------- d-----w- c:\arquivos de programas\Siber Systems

2010-01-29 00:48 . 2010-01-29 00:48 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Canneverbe_Limited

2010-01-29 00:48 . 2010-01-29 00:48 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Canneverbe Limited

2010-01-29 00:48 . 2009-11-12 16:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys

2010-01-29 00:48 . 2010-01-29 00:48 -------- d-----w- c:\arquivos de programas\CDBurnerXP

2010-01-28 08:58 . 2008-05-09 10:55 180224 ------w- c:\windows\system32\dllcache\scrobj.dll

2010-01-28 08:58 . 2008-05-09 10:55 90112 ------w- c:\windows\system32\dllcache\wshext.dll

2010-01-28 08:58 . 2008-05-09 10:55 172032 ------w- c:\windows\system32\dllcache\scrrun.dll

2010-01-28 08:58 . 2008-05-09 08:45 135168 ------w- c:\windows\system32\dllcache\cscript.exe

2010-01-28 08:58 . 2008-05-08 11:24 155648 ------w- c:\windows\system32\dllcache\wscript.exe

2010-01-27 10:19 . 2010-01-27 10:19 -------- d-----w- c:\windows\l2schemas

2010-01-27 10:19 . 2010-01-27 10:19 -------- d-----w- c:\windows\system32\bits

2010-01-27 10:12 . 2010-01-27 10:20 -------- d-----w- c:\windows\EHome

2010-01-26 23:45 . 2010-01-27 00:25 -------- d-----w- c:\arquivos de programas\Journal Macro

2010-01-26 15:14 . 2010-01-28 13:56 -------- d-----w- c:\arquivos de programas\Steam

2010-01-26 00:10 . 2010-01-26 00:10 -------- d-----w- c:\arquivos de programas\PhotoZoom Pro 3

2010-01-25 02:54 . 2004-08-04 01:29 25471 ------w- c:\windows\system32\drivers\watv10nt.sys

2010-01-25 02:54 . 2004-08-04 01:29 22271 ------w- c:\windows\system32\drivers\watv06nt.sys

2010-01-25 02:54 . 2004-08-04 01:29 11935 ------w- c:\windows\system32\drivers\wadv11nt.sys

2010-01-25 02:54 . 2004-08-04 01:29 11871 ------w- c:\windows\system32\drivers\wadv09nt.sys

2010-01-25 02:54 . 2004-08-04 01:29 11807 ------w- c:\windows\system32\drivers\wadv07nt.sys

2010-01-25 02:54 . 2004-08-04 01:29 11295 ------w- c:\windows\system32\drivers\wadv08nt.sys

2010-01-25 02:54 . 2004-08-04 01:29 166912 ------w- c:\windows\system32\drivers\s3gnbm.sys

2010-01-25 02:54 . 2004-08-04 01:29 452736 ------w- c:\windows\system32\drivers\mtxparhm.sys

2010-01-25 02:14 . 2010-01-26 11:56 -------- d-----w- c:\documents and settings\LocalService\Dados de aplicativos\SACore

2010-01-25 02:13 . 2010-01-25 02:13 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2010-01-25 02:00 . 2010-01-25 02:00 -------- d-----w- c:\windows\system32\KB905474

2010-01-25 02:00 . 2009-03-11 01:26 1434496 ----a-w- c:\windows\system32\KB905474\wganotifypackageinner.exe

2010-01-25 02:00 . 2009-03-11 01:18 454536 ----a-w- c:\windows\system32\KB905474\wgasetup.exe

2010-01-25 01:46 . 2010-01-27 10:16 -------- d-----w- c:\windows\ServicePackFiles

2010-01-25 01:45 . 2010-01-25 02:04 -------- d-----w- c:\windows\ie8updates

2010-01-25 01:44 . 2010-01-25 01:44 -------- d-----w- c:\arquivos de programas\MSXML 4.0

2010-01-25 01:38 . 2010-01-25 01:38 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SiteAdvisor

2010-01-25 01:38 . 2010-01-25 01:38 -------- d-----w- c:\arquivos de programas\SiteAdvisor

2010-01-25 01:35 . 2009-11-04 19:54 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2010-01-25 01:35 . 2009-11-04 19:54 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys

2010-01-25 01:35 . 2009-11-04 19:54 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2010-01-25 01:35 . 2009-07-16 15:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys

2010-01-25 01:34 . 2010-01-25 01:35 -------- d-----w- c:\arquivos de programas\Arquivos comuns\McAfee

2010-01-25 01:34 . 2010-01-25 01:34 -------- d-----w- c:\arquivos de programas\McAfee.com

2010-01-25 01:34 . 2010-01-26 12:00 -------- d-----w- c:\arquivos de programas\McAfee

2010-01-25 01:32 . 2009-11-04 19:53 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys

2010-01-25 00:45 . 2010-01-25 11:16 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\McAfee

2010-01-24 23:12 . 2010-01-24 23:18 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\GetRightToGo

2010-01-24 22:59 . 2009-12-21 19:07 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll

2010-01-24 22:59 . 2009-12-21 19:07 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll

2010-01-24 22:59 . 2009-12-21 19:07 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll

2010-01-24 22:59 . 2009-12-21 19:07 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-01-24 22:59 . 2009-12-21 19:08 12800 ------w- c:\windows\system32\dllcache\xpshims.dll

2010-01-24 22:59 . 2009-12-21 19:07 11070464 ------w- c:\windows\system32\dllcache\ieframe.dll

2010-01-24 22:55 . 2008-12-11 10:57 333952 ------w- c:\windows\system32\dllcache\srv.sys

2010-01-24 22:53 . 2008-06-14 17:34 272384 ------w- c:\windows\system32\dllcache\bthport.sys

2010-01-24 22:53 . 2008-06-14 17:34 272384 ------w- c:\windows\system32\drivers\bthport.sys

2010-01-24 22:46 . 2009-10-15 16:32 81920 ------w- c:\windows\system32\dllcache\fontsub.dll

2010-01-24 22:46 . 2009-10-15 16:32 119808 ------w- c:\windows\system32\dllcache\t2embed.dll

2010-01-24 22:44 . 2009-06-21 21:48 153088 ------w- c:\windows\system32\dllcache\triedit.dll

2010-01-24 22:37 . 2009-11-21 15:58 471552 ------w- c:\windows\system32\dllcache\aclayers.dll

2010-01-24 22:25 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys

2010-01-24 22:24 . 2008-10-24 11:21 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys

2010-01-24 22:24 . 2008-05-01 14:36 331776 ------w- c:\windows\system32\dllcache\msadce.dll

2010-01-24 22:24 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll

2010-01-24 22:22 . 2008-04-11 19:05 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll

2010-01-24 22:20 . 2009-06-10 12:21 2066432 ------w- c:\windows\system32\dllcache\mstscax.dll

2010-01-24 22:18 . 2008-10-15 16:36 337408 ------w- c:\windows\system32\dllcache\netapi32.dll

2010-01-24 22:18 . 2009-07-31 04:33 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll

2010-01-22 01:06 . 2010-01-30 18:21 -------- d-----w- C:\Hotspot Shield

2010-01-21 15:51 . 2010-01-21 15:51 -------- d-----w- c:\arquivos de programas\Caseiro

2010-01-21 15:50 . 2010-01-21 15:50 249856 ------w- c:\windows\Setup1.exe

2010-01-21 15:50 . 2010-01-21 15:50 73216 ----a-w- c:\windows\ST6UNST.EXE

2010-01-20 16:15 . 2010-01-20 16:16 -------- d-----w- c:\arquivos de programas\rita

2010-01-13 16:43 . 2010-01-13 16:43 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2010-01-08 23:42 . 2010-01-08 23:42 32768 ----a-w- c:\windows\system32\drivers\taphss.sys

2010-01-08 19:52 . 2010-01-26 00:45 -------- d-----w- C:\Server_

2010-01-08 18:34 . 2010-01-08 18:35 -------- d-----w- c:\arquivos de programas\Paint.NET

2010-01-08 18:32 . 2010-01-08 18:32 -------- d-----w- c:\documents and settings\Administrador\.thumbnails

2010-01-08 18:30 . 2010-01-08 18:33 -------- d-----w- c:\documents and settings\Administrador\.gimp-2.6

2010-01-07 22:50 . 2010-01-07 22:52 -------- d-----w- c:\windows\system32\Adobe

2010-01-07 17:25 . 2010-01-07 17:25 -------- d-sh--w- c:\documents and settings\Administrador\PrivacIE

2010-01-07 17:20 . 2010-01-07 17:20 -------- d-sh--w- c:\documents and settings\Administrador\IETldCache

2010-01-07 16:45 . 2010-01-27 10:19 -------- d-----w- c:\windows\system32\pt-BR

2010-01-07 16:45 . 2010-01-07 16:46 -------- dc-h--w- c:\windows\ie8

2010-01-07 16:36 . 2010-01-28 10:51 -------- d--h--w- c:\windows\$hf_mig$

2010-01-07 04:43 . 2010-01-07 04:47 -------- d-----w- c:\arquivos de programas\SQL Server Backup 8

2010-01-07 04:01 . 2010-02-01 11:57 -------- d--h--w- c:\windows\PIF

2010-01-06 05:12 . 2010-01-06 05:12 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SqlBackupAndFtp

2010-01-06 04:50 . 2010-01-20 11:54 -------- d-----w- C:\Backups

2010-01-06 04:34 . 2010-01-14 21:43 -------- d-----w- c:\arquivos de programas\Cobian Backup 9

2010-01-05 23:04 . 2010-01-05 23:04 664 ----a-w- c:\windows\system32\d3d9caps.dat

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-02-02 01:16 . 2009-12-03 04:39 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Orbit

2010-02-02 00:58 . 2009-12-20 04:35 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Akamai

2010-02-01 20:05 . 2009-12-22 15:05 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Nokia

2010-02-01 20:03 . 2010-02-01 20:03 -------- d-----w- c:\arquivos de programas\Arquivos comuns\PCSuite

2010-02-01 20:03 . 2009-12-22 15:01 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Nokia

2010-02-01 20:03 . 2009-12-22 14:59 -------- d-----w- c:\arquivos de programas\Nokia

2010-02-01 19:56 . 2010-02-01 19:56 36864 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\Sleep.exe

2010-02-01 19:56 . 2010-02-01 19:56 3351812 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\msxml6Exec.exe

2010-02-01 19:56 . 2010-02-01 19:56 3203453 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\vcredistExec.exe

2010-02-01 19:55 . 2009-12-23 22:54 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Installations

2010-02-01 11:28 . 2010-02-01 11:28 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Malwarebytes

2010-02-01 11:28 . 2010-02-01 11:28 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-02-01 11:28 . 2010-02-01 11:28 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2010-02-01 00:24 . 2009-12-03 11:19 -------- d-----w- c:\arquivos de programas\Radix Priston Tale

2010-01-31 18:02 . 2010-01-31 18:02 2558976 --sh--w- c:\windows\system32\kill.exe

2010-01-31 18:01 . 2010-01-31 18:01 1127936 ----a-w- c:\windows\system32\auto_msn.exe

2010-01-28 02:19 . 2009-12-12 23:13 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Apple Computer

2010-01-26 13:15 . 2010-01-26 13:15 -------- d-----w- c:\arquivos de programas\microsoft frontpage

2010-01-25 02:03 . 2001-10-28 14:07 98700 ----a-w- c:\windows\system32\perfc016.dat

2010-01-25 02:03 . 2001-10-28 14:07 520636 ----a-w- c:\windows\system32\perfh016.dat

2010-01-24 19:51 . 2009-12-10 01:11 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\FileZilla

2010-01-22 02:40 . 2009-12-28 05:17 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\uTorrent

2010-01-20 22:44 . 2009-12-03 04:39 -------- d-----w- c:\arquivos de programas\Orbitdownloader

2010-01-16 21:29 . 2009-12-03 18:17 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2010-01-16 20:55 . 2009-12-03 13:01 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2010-01-08 18:01 . 2009-12-09 17:22 -------- d-----w- c:\arquivos de programas\Google

2010-01-08 17:56 . 2009-12-19 05:29 -------- d-----w- c:\arquivos de programas\ss

2010-01-07 20:41 . 2010-01-07 20:41 1329717 ----a-w- c:\arquivos de programas\richeia.PNG

2010-01-07 19:07 . 2010-02-01 11:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-07 19:07 . 2010-02-01 11:28 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-06 18:02 . 2009-12-05 19:36 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\FLEXnet

2010-01-03 05:24 . 2009-12-21 17:48 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Skype

2010-01-03 03:30 . 2009-12-21 17:49 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\skypePM

2010-01-01 19:06 . 2010-01-01 19:05 1407955 ----atw- c:\arquivos de programas\DSC01087.JPG

2010-01-01 18:39 . 2010-01-01 18:35 1497477 ----atw- c:\arquivos de programas\DSC01067.JPG

2010-01-01 18:39 . 2010-01-01 18:35 1368014 ----atw- c:\arquivos de programas\DSC01069.JPG

2010-01-01 18:39 . 2010-01-01 18:35 1413153 ----atw- c:\arquivos de programas\DSC01068.JPG

2010-01-01 18:38 . 2010-01-01 18:35 959701 ----atw- c:\arquivos de programas\DSC01069 cópia.jpg

2010-01-01 00:43 . 2010-01-01 00:43 -------- d-----w- c:\arquivos de programas\ZaraSoft

2009-12-30 02:33 . 2009-12-30 02:33 -------- d-----w- c:\arquivos de programas\SpacialAudio

2009-12-30 02:33 . 2009-12-30 02:33 -------- d-----w- c:\arquivos de programas\Firebird

2009-12-30 02:17 . 2009-12-30 02:17 -------- d-----w- c:\arquivos de programas\SHOUTcast Radio Toolbar

2009-12-30 02:17 . 2009-12-30 02:17 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SHOUTcast Radio Toolbar

2009-12-30 02:16 . 2009-12-30 02:16 -------- d-----w- c:\arquivos de programas\Winamp Detect

2009-12-29 19:13 . 2009-12-29 18:15 5 ----a-w- c:\windows\system32\SySMP3CutJoin.dat

2009-12-29 18:15 . 2009-12-29 18:15 -------- d-----w- c:\arquivos de programas\AudioToolsFactory

2009-12-29 18:11 . 2009-12-29 18:11 -------- d-----w- c:\arquivos de programas\MP3JOINER

2009-12-29 17:09 . 2009-12-29 17:09 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\HP

2009-12-28 05:19 . 2009-12-28 05:19 -------- d-----w- c:\arquivos de programas\uTorrent

2009-12-24 16:02 . 2009-12-24 15:27 -------- d-----w- c:\arquivos de programas\Your Freedom

2009-12-24 15:58 . 2009-12-24 15:58 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\ProxyCap

2009-12-24 15:31 . 2009-12-24 15:31 -------- d-----w- c:\arquivos de programas\Proxy Labs

2009-12-24 15:14 . 2009-12-24 14:50 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NexonUS

2009-12-24 15:14 . 2009-12-24 15:14 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Nexon

2009-12-24 14:50 . 2009-12-24 14:50 90112 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\npNxGameUS.dll

2009-12-24 14:50 . 2009-12-24 14:50 561152 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\NGMDll.dll

2009-12-24 14:50 . 2009-12-24 14:50 393216 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\NGMResource.dll

2009-12-24 14:50 . 2009-12-24 14:50 258352 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\unicows.dll

2009-12-24 14:50 . 2009-12-24 14:50 118784 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\nxgameus.dll

2009-12-24 14:50 . 2009-12-24 14:50 167936 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\NGM.exe

2009-12-23 23:39 . 2009-12-23 23:39 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Nseries

2009-12-23 23:18 . 2009-12-22 15:12 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\PC Suite

2009-12-23 23:17 . 2009-12-23 23:17 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf

2009-12-23 22:56 . 2009-12-23 22:56 -------- d-----w- c:\arquivos de programas\PC Connectivity Solution

2009-12-23 22:55 . 2009-12-23 22:55 95232 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe

2009-12-23 22:55 . 2009-12-23 22:55 8192 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe

2009-12-23 22:55 . 2009-12-23 22:55 61440 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe

2009-12-23 22:55 . 2009-12-23 22:55 10240 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe

2009-12-23 22:45 . 2009-12-23 22:45 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Nokia

2009-12-23 18:02 . 2009-12-23 18:02 -------- d-----w- c:\arquivos de programas\LogMeIn Hamachi

2009-12-23 14:21 . 2009-12-23 14:21 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf

2009-12-23 14:21 . 2009-12-23 14:21 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf

2009-12-22 15:35 . 2009-12-22 14:59 -------- d-----w- c:\arquivos de programas\DIFX

2009-12-22 15:20 . 2009-12-22 15:19 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\PC Suite

2009-12-22 15:19 . 2009-12-22 15:19 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf

2009-12-22 15:19 . 2009-12-22 15:19 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf

2009-12-22 15:03 . 2009-12-22 15:03 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NokiaMusic

2009-12-22 15:03 . 2009-12-22 15:02 -------- d-----w- c:\arquivos de programas\Arquivos comuns\muvee Technologies

2009-12-22 14:53 . 2009-12-22 14:53 -------- d-----w- c:\arquivos de programas\MSBuild

2009-12-22 14:53 . 2009-12-22 14:53 -------- d-----w- c:\arquivos de programas\Reference Assemblies

2009-12-22 14:50 . 2009-12-22 14:50 -------- d-----w- c:\arquivos de programas\MSXML 6.0

2009-12-21 19:08 . 2004-08-04 02:45 916480 ------w- c:\windows\system32\wininet.dll

2009-12-21 17:48 . 2009-12-21 17:47 -------- d-----r- c:\arquivos de programas\Skype

2009-12-21 17:47 . 2009-12-21 17:47 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Skype

2009-12-21 17:47 . 2009-12-21 17:47 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Skype

2009-12-20 12:20 . 2009-12-05 10:05 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2009-12-19 18:36 . 2009-12-19 18:36 33824 ----a-w- c:\windows\system32\drivers\oreans32.sys

2009-12-19 18:23 . 2009-12-19 18:23 -------- d-----w- c:\arquivos de programas\MU Season 4

2009-12-19 05:10 . 2009-12-18 03:06 -------- d-----w- c:\arquivos de programas\KYE

2009-12-19 05:10 . 2009-12-19 05:10 -------- d-----w- c:\arquivos de programas\Arquivos comuns\snpstd2

2009-12-19 05:09 . 2009-12-03 03:19 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-12-17 03:09 . 2009-12-17 03:08 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack

2009-12-17 02:56 . 2009-12-17 02:56 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Media Player Classic

2009-12-17 01:55 . 2009-12-17 01:55 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Megaupload

2009-12-17 01:51 . 2009-12-17 01:51 -------- d-----w- c:\arquivos de programas\Megaupload

2009-12-17 01:51 . 2009-12-17 01:51 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\InstallShield

2009-12-13 21:57 . 2009-12-13 21:57 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2009-12-13 21:54 . 2009-12-09 14:52 -------- d-----w- c:\arquivos de programas\Microsoft.NET

2009-12-13 21:54 . 2009-12-13 21:52 -------- d-----w- c:\arquivos de programas\Microsoft SQL Server

2009-12-13 05:38 . 2009-12-12 23:10 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple

.

 

((((((((((((((((((((((((((((( SnapShot@2010-02-01_23.46.39 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-12-03 04:38 . 2010-02-02 00:21 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe

- 2010-01-26 16:29 . 2010-02-01 19:19 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2010-02-02 00:18 . 2010-02-02 00:18 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat

- 2010-01-25 02:13 . 2010-02-01 19:19 16384 c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat

+ 2010-01-25 02:13 . 2010-02-02 00:18 16384 c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat

+ 2009-10-28 03:40 . 2009-10-28 03:40 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

- 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

+ 2009-10-28 03:40 . 2009-10-28 03:40 3885984 c:\windows\system32\Macromed\Flash\NPSWF32.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{14f0d511-36a2-41ca-ae01-ba4f87282c97}"= "c:\arquivos de programas\SHOUTcast Radio Toolbar\shoutcasttb.dll" [2008-09-17 1275176]

 

[HKEY_CLASSES_ROOT\clsid\{14f0d511-36a2-41ca-ae01-ba4f87282c97}]

[HKEY_CLASSES_ROOT\SHOUTcastTb.AOLTBSearch.1]

[HKEY_CLASSES_ROOT\TypeLib\{8613efdf-b530-4b1d-b970-b09f99977813}]

[HKEY_CLASSES_ROOT\SHOUTcastTb.AOLTBSearch]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" [2008-04-14 1695232]

"PC Suite Tray"="c:\arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NokiaMServer"="c:\arquivos de programas\Arquivos comuns\Nokia\MPlatform\NokiaMServer" [X]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-20 110184]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-20 12669544]

"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]

"AdobeCS4ServiceManager"="c:\arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"QuickTime Task"="c:\arquivos de programas\QuickTime\QTTask.exe" [2009-09-05 417792]

"iTunesHelper"="c:\arquivos de programas\iTunes\iTunesHelper.exe" [2009-10-28 141600]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

"SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-06-10 286720]

"NokiaMusic FastStart"="c:\arquivos de programas\Nokia\Ovi Player\NokiaOviPlayer.exe" [2009-11-06 2090272]

"mcagent_exe"="c:\arquivos de programas\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]

"McENUI"="c:\arquiv~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"WIAWizardMenu"="c:\windows\system32\sti_ci.dll" [2008-04-14 137216]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" [2009-03-08 128512]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

Orbit.lnk - c:\arquivos de programas\Orbitdownloader\orbitdm.exe [2009-12-3 1785104]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^SQLBACKUPZIP.lnk]

path=c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\SQLBACKUPZIP.lnk

backup=c:\windows\pss\SQLBACKUPZIP.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\xampp\\apache\\bin\\httpd.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\Arquivos de programas\\TeamViewer\\Version5\\TeamViewer.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\iTunes\\iTunes.exe"=

"c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\xampp\\mysql\\bin\\mysqld.exe"=

"c:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"=

"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe

"c:\\Nexon\\Combat Arms\\NMService.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Server\\servidorpt.exe"=

"c:\\Server\\Serverteste.exe"=

"c:\\Nexon\\Combat Arms\\Engine.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\SpacialAudio\\SAMBC\\SAMBC.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"c:\\Server\\Server Radix PT.exe"=

"c:\\Server\\Itens sem replace.exe"=

"c:\\Arquivos de programas\\LiveZilla\\LiveZilla Server Admin.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\McAfee\\MNA\\McNASvc.exe"=

"c:\\Arquivos de programas\\Steam\\Steam.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4

 

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [3/8/2004 23:45 14336]

R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [9/12/2008 20:10 24636]

R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\arquivos de programas\LogMeIn Hamachi\hamachi-2.exe [29/10/2009 12:27 1074568]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\arquivos de programas\McAfee\SiteAdvisor\McSACore.exe [24/1/2010 22:37 93320]

S2 0238081264507318mcinstcleanup;McAfee Application Installer Cleanup (0238081264507318);c:\windows\TEMP\023808~1.EXE c:\arquiv~1\ARQUIV~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\023808~1.EXE c:\arquiv~1\ARQUIV~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]

S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe -s DefaultInstance --> c:\arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe -s DefaultInstance [?]

S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance --> c:\arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance [?]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [23/12/2009 19:56 136704]

S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [23/12/2009 19:56 8320]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

Akamai REG_MULTI_SZ Akamai

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-01-22 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34]

 

2010-01-25 c:\windows\Tasks\McDefragTask.job

- c:\arquiv~1\mcafee\mqc\QcConsol.exe [2010-01-25 15:22]

 

2010-01-25 c:\windows\Tasks\McQcTask.job

- c:\arquiv~1\mcafee\mqc\QcConsol.exe [2010-01-25 15:22]

 

2010-02-01 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2010-01-25 01:18]

.

.

------- Scan Suplementar -------

.

uStart Page = about:blank

uInternet Connection Wizard,ShellNext = hxxp://www.baixaki.com.br/

uInternet Settings,ProxyOverride = local

IE: &Download by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204

IE: &SHOUTcast Search - c:\documents and settings\All Users\Dados de aplicativos\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html

IE: Baixar Link Utiizando Gerenciador Mega... - c:\arquivos de programas\Megaupload\Mega Manager\mm_file.htm

IE: Do&wnload selected by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: {55B9FC3D-8E0D-4E23-9BB8-72A77C722F2B} = 200.165.132.155,200.165.132.148

FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\x0ye2gvo.default\

FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-chromesbox-en-us&query=

FF - prefs.js: browser.search.selectedEngine - Winamp Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br

FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-ab-en-us&query=

FF - component: c:\arquivos de programas\McAfee\SiteAdvisor\components\McFFPlg.dll

FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

FF - component: c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\x0ye2gvo.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npwachk.dll

FF - plugin: c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\npNxGameUS.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-02-01 22:25

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'explorer.exe'(5348)

c:\windows\system32\WININET.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Tempo para conclusão: 2010-02-01 22:30:36

ComboFix-quarantined-files.txt 2010-02-02 01:30

ComboFix2.txt 2010-02-01 23:48

ComboFix3.txt 2010-01-26 13:23

 

Pré-execução: 22 pasta(s) 93.008.572.416 bytes disponíveis

Pós execução: 23 pasta(s) 93.000.261.632 bytes disponíveis

 

- - End Of File - - B42DB7534F92B3C77AFAD5B3EF2AF2C5

[Sam Spade 2]

Sabe o que é isso?

 

2010-01-01 19:06 . 2010-01-01 19:05 1407955 ----atw- c:\arquivos de programas\DSC01087.JPG

2010-01-01 18:39 . 2010-01-01 18:35 1497477 ----atw- c:\arquivos de programas\DSC01067.JPG

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.