Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

.matiello

[Resolvido!] Análise de Log

Recommended Posts

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

 

device: opened successfully

user: MBR read successfully

kernel: MBR read successfully

user & kernel MBR OK

copy of MBR has been found in sector 1 !

 

 

 

ComboFix 10-05-23.07 - Marcus 27/05/2010 10:56:50.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2045.1573 [GMT -3:00]

Executando de: c:\documents and settings\Marcus\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Marcus\Desktop\CFScript.txt

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: ESET Smart Security 3.0 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Firewall pessoal do ESET *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

FW: Outpost Firewall *disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}

* AV residente está ativo

 

 

FILE ::

"c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll"

"c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll"

"c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe"

"c:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll"

"c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe"

"c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe"

"c:\windows\NiwradSoft Shell Pack\Backup\user32.dll"

"c:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe"

"c:\windows\ServicePackFiles\i386\comctl32.dll"

"c:\windows\ServicePackFiles\i386\ctfmon.exe"

"c:\windows\ServicePackFiles\i386\explorer.exe"

"c:\windows\ServicePackFiles\i386\user32.dll"

"c:\windows\ServicePackFiles\i386\winlogon.exe"

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\Marcus\mbr.exe

c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll

c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll

c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

c:\windows\NiwradSoft Shell Pack\Backup

c:\windows\NiwradSoft Shell Pack\Backup\access.cpl

c:\windows\NiwradSoft Shell Pack\Backup\acctres.dll

c:\windows\NiwradSoft Shell Pack\Backup\accwiz.exe

c:\windows\NiwradSoft Shell Pack\Backup\admparse.dll

c:\windows\NiwradSoft Shell Pack\Backup\ahui.exe

c:\windows\NiwradSoft Shell Pack\Backup\appmgr.dll

c:\windows\NiwradSoft Shell Pack\Backup\asctrls.ocx

c:\windows\NiwradSoft Shell Pack\Backup\Audiodev.dll

c:\windows\NiwradSoft Shell Pack\Backup\avtapi.dll

c:\windows\NiwradSoft Shell Pack\Backup\batmeter.dll

c:\windows\NiwradSoft Shell Pack\Backup\batt.dll

c:\windows\NiwradSoft Shell Pack\Backup\browseui.dll

c:\windows\NiwradSoft Shell Pack\Backup\bthci.dll

c:\windows\NiwradSoft Shell Pack\Backup\cabview.dll

c:\windows\NiwradSoft Shell Pack\Backup\capesnpn.dll

c:\windows\NiwradSoft Shell Pack\Backup\cards.dll

c:\windows\NiwradSoft Shell Pack\Backup\cdfview.dll

c:\windows\NiwradSoft Shell Pack\Backup\certmgr.dll

c:\windows\NiwradSoft Shell Pack\Backup\charmap.exe

c:\windows\NiwradSoft Shell Pack\Backup\ciadmin.dll

c:\windows\NiwradSoft Shell Pack\Backup\cleanmgr.exe

c:\windows\NiwradSoft Shell Pack\Backup\cliconfg.exe

c:\windows\NiwradSoft Shell Pack\Backup\cliconfg.rll

c:\windows\NiwradSoft Shell Pack\Backup\clipbrd.exe

c:\windows\NiwradSoft Shell Pack\Backup\clipsrv.exe

c:\windows\NiwradSoft Shell Pack\Backup\cmd.exe

c:\windows\NiwradSoft Shell Pack\Backup\cmdial32.dll

c:\windows\NiwradSoft Shell Pack\Backup\cmdl32.exe

c:\windows\NiwradSoft Shell Pack\Backup\cmmon32.exe

c:\windows\NiwradSoft Shell Pack\Backup\cmprops.dll

c:\windows\NiwradSoft Shell Pack\Backup\cmstp.exe

c:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll

c:\windows\NiwradSoft Shell Pack\Backup\comdlg32.dll

c:\windows\NiwradSoft Shell Pack\Backup\compatUI.dll

c:\windows\NiwradSoft Shell Pack\Backup\compstui.dll

c:\windows\NiwradSoft Shell Pack\Backup\comres.dll

c:\windows\NiwradSoft Shell Pack\Backup\conime.exe

c:\windows\NiwradSoft Shell Pack\Backup\console.dll

c:\windows\NiwradSoft Shell Pack\Backup\credui.dll

c:\windows\NiwradSoft Shell Pack\Backup\cryptui.dll

c:\windows\NiwradSoft Shell Pack\Backup\cscdll.dll

c:\windows\NiwradSoft Shell Pack\Backup\cscript.exe

c:\windows\NiwradSoft Shell Pack\Backup\cscui.dll

c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe

c:\windows\NiwradSoft Shell Pack\Backup\dataclen.dll

c:\windows\NiwradSoft Shell Pack\Backup\ddeshare.exe

c:\windows\NiwradSoft Shell Pack\Backup\desk.cpl

c:\windows\NiwradSoft Shell Pack\Backup\deskadp.dll

c:\windows\NiwradSoft Shell Pack\Backup\deskmon.dll

c:\windows\NiwradSoft Shell Pack\Backup\deskperf.dll

c:\windows\NiwradSoft Shell Pack\Backup\devmgr.dll

c:\windows\NiwradSoft Shell Pack\Backup\dfrgres.dll

c:\windows\NiwradSoft Shell Pack\Backup\dfrgui.dll

c:\windows\NiwradSoft Shell Pack\Backup\dfshim.dll

c:\windows\NiwradSoft Shell Pack\Backup\digest.dll

c:\windows\NiwradSoft Shell Pack\Backup\diskcopy.dll

c:\windows\NiwradSoft Shell Pack\Backup\dmdlgs.dll

c:\windows\NiwradSoft Shell Pack\Backup\dmdskres.dll

c:\windows\NiwradSoft Shell Pack\Backup\dpmodemx.dll

c:\windows\NiwradSoft Shell Pack\Backup\dpvoice.dll

c:\windows\NiwradSoft Shell Pack\Backup\drwtsn32.exe

c:\windows\NiwradSoft Shell Pack\Backup\dsprop.dll

c:\windows\NiwradSoft Shell Pack\Backup\dsquery.dll

c:\windows\NiwradSoft Shell Pack\Backup\dsuiext.dll

c:\windows\NiwradSoft Shell Pack\Backup\dvdplay.exe

c:\windows\NiwradSoft Shell Pack\Backup\els.dll

c:\windows\NiwradSoft Shell Pack\Backup\eqnclass.dll

c:\windows\NiwradSoft Shell Pack\Backup\eventvwr.exe

c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe

c:\windows\NiwradSoft Shell Pack\Backup\fde.dll

c:\windows\NiwradSoft Shell Pack\Backup\filemgmt.dll

c:\windows\NiwradSoft Shell Pack\Backup\fldrclnr.dll

c:\windows\NiwradSoft Shell Pack\Backup\fontext.dll

c:\windows\NiwradSoft Shell Pack\Backup\fsusd.dll

c:\windows\NiwradSoft Shell Pack\Backup\gcdef.dll

c:\windows\NiwradSoft Shell Pack\Backup\gpedit.dll

c:\windows\NiwradSoft Shell Pack\Backup\gptext.dll

c:\windows\NiwradSoft Shell Pack\Backup\grpconv.exe

c:\windows\NiwradSoft Shell Pack\Backup\hdwwiz.cpl

c:\windows\NiwradSoft Shell Pack\Backup\helpctr.exe

c:\windows\NiwradSoft Shell Pack\Backup\hnetcfg.dll

c:\windows\NiwradSoft Shell Pack\Backup\hnetwiz.dll

c:\windows\NiwradSoft Shell Pack\Backup\hotplug.dll

c:\windows\NiwradSoft Shell Pack\Backup\hticons.dll

c:\windows\NiwradSoft Shell Pack\Backup\hypertrm.exe

c:\windows\NiwradSoft Shell Pack\Backup\icmui.dll

c:\windows\NiwradSoft Shell Pack\Backup\icwdial.dll

c:\windows\NiwradSoft Shell Pack\Backup\ieaksie.dll

c:\windows\NiwradSoft Shell Pack\Backup\ieakui.dll

c:\windows\NiwradSoft Shell Pack\Backup\iepeers.dll

c:\windows\NiwradSoft Shell Pack\Backup\iernonce.dll

c:\windows\NiwradSoft Shell Pack\Backup\iesetup.dll

c:\windows\NiwradSoft Shell Pack\Backup\iexplore.exe

c:\windows\NiwradSoft Shell Pack\Backup\inetcpl.cpl

c:\windows\NiwradSoft Shell Pack\Backup\inetcplc.dll

c:\windows\NiwradSoft Shell Pack\Backup\inetppui.dll

c:\windows\NiwradSoft Shell Pack\Backup\inetres.dll

c:\windows\NiwradSoft Shell Pack\Backup\input.dll

c:\windows\NiwradSoft Shell Pack\Backup\intl.cpl

c:\windows\NiwradSoft Shell Pack\Backup\ipsecsnp.dll

c:\windows\NiwradSoft Shell Pack\Backup\ipsmsnap.dll

c:\windows\NiwradSoft Shell Pack\Backup\irclass.dll

c:\windows\NiwradSoft Shell Pack\Backup\irprops.cpl

c:\windows\NiwradSoft Shell Pack\Backup\isign32.dll

c:\windows\NiwradSoft Shell Pack\Backup\itss.dll

c:\windows\NiwradSoft Shell Pack\Backup\ivfsrc.ax

c:\windows\NiwradSoft Shell Pack\Backup\jobexec.dll

c:\windows\NiwradSoft Shell Pack\Backup\joy.cpl

c:\windows\NiwradSoft Shell Pack\Backup\keymgr.dll

c:\windows\NiwradSoft Shell Pack\Backup\localsec.dll

c:\windows\NiwradSoft Shell Pack\Backup\logonui.exe

c:\windows\NiwradSoft Shell Pack\Backup\magnify.exe

c:\windows\NiwradSoft Shell Pack\Backup\main.cpl

c:\windows\NiwradSoft Shell Pack\Backup\mapi32.dll

c:\windows\NiwradSoft Shell Pack\Backup\mapistub.dll

c:\windows\NiwradSoft Shell Pack\Backup\mdminst.dll

c:\windows\NiwradSoft Shell Pack\Backup\mdwmdmsp.dll

c:\windows\NiwradSoft Shell Pack\Backup\midimap.dll

c:\windows\NiwradSoft Shell Pack\Backup\migpwd.exe

c:\windows\NiwradSoft Shell Pack\Backup\migwiz.exe

c:\windows\NiwradSoft Shell Pack\Backup\mmc.exe

c:\windows\NiwradSoft Shell Pack\Backup\mmcbase.dll

c:\windows\NiwradSoft Shell Pack\Backup\mmcndmgr.dll

c:\windows\NiwradSoft Shell Pack\Backup\mmcshext.dll

c:\windows\NiwradSoft Shell Pack\Backup\mmsys.cpl

c:\windows\NiwradSoft Shell Pack\Backup\mnmsrvc.exe

c:\windows\NiwradSoft Shell Pack\Backup\mobsync.dll

c:\windows\NiwradSoft Shell Pack\Backup\mobsync.exe

c:\windows\NiwradSoft Shell Pack\Backup\modemui.dll

c:\windows\NiwradSoft Shell Pack\Backup\moricons.dll

c:\windows\NiwradSoft Shell Pack\Backup\moviemk.exe

c:\windows\NiwradSoft Shell Pack\Backup\mplay32.exe

c:\windows\NiwradSoft Shell Pack\Backup\mprui.dll

c:\windows\NiwradSoft Shell Pack\Backup\mqsnap.dll

c:\windows\NiwradSoft Shell Pack\Backup\mqutil.dll

c:\windows\NiwradSoft Shell Pack\Backup\msconf.dll

c:\windows\NiwradSoft Shell Pack\Backup\msconfig.exe

c:\windows\NiwradSoft Shell Pack\Backup\mscorier.dll

c:\windows\NiwradSoft Shell Pack\Backup\msdxm.ocx

c:\windows\NiwradSoft Shell Pack\Backup\msgina.dll

c:\windows\NiwradSoft Shell Pack\Backup\mshearts.exe

c:\windows\NiwradSoft Shell Pack\Backup\mshta.exe

c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll

c:\windows\NiwradSoft Shell Pack\Backup\msi.dll

c:\windows\NiwradSoft Shell Pack\Backup\msident.dll

c:\windows\NiwradSoft Shell Pack\Backup\msidntld.dll

c:\windows\NiwradSoft Shell Pack\Backup\msieftp.dll

c:\windows\NiwradSoft Shell Pack\Backup\msiexec.exe

c:\windows\NiwradSoft Shell Pack\Backup\msihnd.dll

c:\windows\NiwradSoft Shell Pack\Backup\msimn.exe

c:\windows\NiwradSoft Shell Pack\Backup\msinfo32.exe

c:\windows\NiwradSoft Shell Pack\Backup\msoeres.dll

c:\windows\NiwradSoft Shell Pack\Backup\mspaint.exe

c:\windows\NiwradSoft Shell Pack\Backup\msratelc.dll

c:\windows\NiwradSoft Shell Pack\Backup\msrating.dll

c:\windows\NiwradSoft Shell Pack\Backup\msshavmsg.dll

c:\windows\NiwradSoft Shell Pack\Backup\mstask.dll

c:\windows\NiwradSoft Shell Pack\Backup\mstsc.exe

c:\windows\NiwradSoft Shell Pack\Backup\mstscax.dll

c:\windows\NiwradSoft Shell Pack\Backup\msutb.dll

c:\windows\NiwradSoft Shell Pack\Backup\msvfw32.dll

c:\windows\NiwradSoft Shell Pack\Backup\msxml.dll

c:\windows\NiwradSoft Shell Pack\Backup\msxml2.dll

c:\windows\NiwradSoft Shell Pack\Backup\msxml3.dll

c:\windows\NiwradSoft Shell Pack\Backup\mycomput.dll

c:\windows\NiwradSoft Shell Pack\Backup\mydocs.dll

c:\windows\NiwradSoft Shell Pack\Backup\ncpa.cpl

c:\windows\NiwradSoft Shell Pack\Backup\netid.dll

c:\windows\NiwradSoft Shell Pack\Backup\netplwiz.dll

c:\windows\NiwradSoft Shell Pack\Backup\netsetup.exe

c:\windows\NiwradSoft Shell Pack\Backup\netshell.dll

c:\windows\NiwradSoft Shell Pack\Backup\newdev.dll

c:\windows\NiwradSoft Shell Pack\Backup\notepad.exe

c:\windows\NiwradSoft Shell Pack\Backup\nslookup.exe

c:\windows\NiwradSoft Shell Pack\Backup\ntbackup.exe

c:\windows\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe

c:\windows\NiwradSoft Shell Pack\Backup\ntlanui2.dll

c:\windows\NiwradSoft Shell Pack\Backup\ntoskrnl.exe

c:\windows\NiwradSoft Shell Pack\Backup\ntsd.exe

c:\windows\NiwradSoft Shell Pack\Backup\ntshrui.dll

c:\windows\NiwradSoft Shell Pack\Backup\nusrmgr.cpl

c:\windows\NiwradSoft Shell Pack\Backup\objsel.dll

c:\windows\NiwradSoft Shell Pack\Backup\occache.dll

c:\windows\NiwradSoft Shell Pack\Backup\odbcad32.exe

c:\windows\NiwradSoft Shell Pack\Backup\odbccp32.cpl

c:\windows\NiwradSoft Shell Pack\Backup\odbcint.dll

c:\windows\NiwradSoft Shell Pack\Backup\ole32.dll

c:\windows\NiwradSoft Shell Pack\Backup\osk.exe

c:\windows\NiwradSoft Shell Pack\Backup\osuninst.dll

c:\windows\NiwradSoft Shell Pack\Backup\osuninst.exe

c:\windows\NiwradSoft Shell Pack\Backup\packager.exe

c:\windows\NiwradSoft Shell Pack\Backup\pautoenr.dll

c:\windows\NiwradSoft Shell Pack\Backup\perfmon.exe

c:\windows\NiwradSoft Shell Pack\Backup\photowiz.dll

c:\windows\NiwradSoft Shell Pack\Backup\pifmgr.dll

c:\windows\NiwradSoft Shell Pack\Backup\powercfg.cpl

c:\windows\NiwradSoft Shell Pack\Backup\printui.dll

c:\windows\NiwradSoft Shell Pack\Backup\progman.exe

c:\windows\NiwradSoft Shell Pack\Backup\proquota.exe

c:\windows\NiwradSoft Shell Pack\Backup\psbase.dll

c:\windows\NiwradSoft Shell Pack\Backup\quartz.dll

c:\windows\NiwradSoft Shell Pack\Backup\rasdlg.dll

c:\windows\NiwradSoft Shell Pack\Backup\rasphone.exe

c:\windows\NiwradSoft Shell Pack\Backup\rcimlby.exe

c:\windows\NiwradSoft Shell Pack\Backup\regedit.exe

c:\windows\NiwradSoft Shell Pack\Backup\regwizc.dll

c:\windows\NiwradSoft Shell Pack\Backup\remotepg.dll

c:\windows\NiwradSoft Shell Pack\Backup\rstrui.exe

c:\windows\NiwradSoft Shell Pack\Backup\rtcshare.exe

c:\windows\NiwradSoft Shell Pack\Backup\rundll32.exe

c:\windows\NiwradSoft Shell Pack\Backup\sapi.cpl

c:\windows\NiwradSoft Shell Pack\Backup\scrobj.dll

c:\windows\NiwradSoft Shell Pack\Backup\sendmail.dll

c:\windows\NiwradSoft Shell Pack\Backup\servdeps.dll

c:\windows\NiwradSoft Shell Pack\Backup\setup.exe

c:\windows\NiwradSoft Shell Pack\Backup\setup_wm.exe

c:\windows\NiwradSoft Shell Pack\Backup\setupapi.dll

c:\windows\NiwradSoft Shell Pack\Backup\sfc_os.dll

c:\windows\NiwradSoft Shell Pack\Backup\shdoclc.dll

c:\windows\NiwradSoft Shell Pack\Backup\shdocvw.dll

c:\windows\NiwradSoft Shell Pack\Backup\shell32.dll

c:\windows\NiwradSoft Shell Pack\Backup\shimgvw.dll

c:\windows\NiwradSoft Shell Pack\Backup\shrpubw.exe

c:\windows\NiwradSoft Shell Pack\Backup\shscrap.dll

c:\windows\NiwradSoft Shell Pack\Backup\sigverif.exe

c:\windows\NiwradSoft Shell Pack\Backup\sndrec32.exe

c:\windows\NiwradSoft Shell Pack\Backup\sndvol32.exe

c:\windows\NiwradSoft Shell Pack\Backup\sol.exe

c:\windows\NiwradSoft Shell Pack\Backup\spider.exe

c:\windows\NiwradSoft Shell Pack\Backup\srchui.dll

c:\windows\NiwradSoft Shell Pack\Backup\srclient.dll

c:\windows\NiwradSoft Shell Pack\Backup\srrstr.dll

c:\windows\NiwradSoft Shell Pack\Backup\sti.dll

c:\windows\NiwradSoft Shell Pack\Backup\sti_ci.dll

c:\windows\NiwradSoft Shell Pack\Backup\stimon.exe

c:\windows\NiwradSoft Shell Pack\Backup\stobject.dll

c:\windows\NiwradSoft Shell Pack\Backup\storprop.dll

c:\windows\NiwradSoft Shell Pack\Backup\sxs.dll

c:\windows\NiwradSoft Shell Pack\Backup\syncapp.exe

c:\windows\NiwradSoft Shell Pack\Backup\syncui.dll

c:\windows\NiwradSoft Shell Pack\Backup\sysdm.cpl

c:\windows\NiwradSoft Shell Pack\Backup\syskey.exe

c:\windows\NiwradSoft Shell Pack\Backup\sysmon.ocx

c:\windows\NiwradSoft Shell Pack\Backup\sysocmgr.exe

c:\windows\NiwradSoft Shell Pack\Backup\syssetup.dll

c:\windows\NiwradSoft Shell Pack\Backup\tapiui.dll

c:\windows\NiwradSoft Shell Pack\Backup\taskmgr.exe

c:\windows\NiwradSoft Shell Pack\Backup\tcpmonui.dll

c:\windows\NiwradSoft Shell Pack\Backup\telephon.cpl

c:\windows\NiwradSoft Shell Pack\Backup\telnet.exe

c:\windows\NiwradSoft Shell Pack\Backup\themeui.dll

c:\windows\NiwradSoft Shell Pack\Backup\timedate.cpl

c:\windows\NiwradSoft Shell Pack\Backup\tourstart.exe

c:\windows\NiwradSoft Shell Pack\Backup\unimdm.tsp

c:\windows\NiwradSoft Shell Pack\Backup\upnpui.dll

c:\windows\NiwradSoft Shell Pack\Backup\url.dll

c:\windows\NiwradSoft Shell Pack\Backup\urlmon.dll

c:\windows\NiwradSoft Shell Pack\Backup\usbui.dll

c:\windows\NiwradSoft Shell Pack\Backup\user32.dll

c:\windows\NiwradSoft Shell Pack\Backup\userenv.dll

c:\windows\NiwradSoft Shell Pack\Backup\utilman.exe

c:\windows\NiwradSoft Shell Pack\Backup\verifier.exe

c:\windows\NiwradSoft Shell Pack\Backup\wab.exe

c:\windows\NiwradSoft Shell Pack\Backup\wab32.dll

c:\windows\NiwradSoft Shell Pack\Backup\wab32res.dll

c:\windows\NiwradSoft Shell Pack\Backup\wabfind.dll

c:\windows\NiwradSoft Shell Pack\Backup\wabimp.dll

c:\windows\NiwradSoft Shell Pack\Backup\webcheck.dll

c:\windows\NiwradSoft Shell Pack\Backup\wextract.exe

c:\windows\NiwradSoft Shell Pack\Backup\wiaacmgr.exe

c:\windows\NiwradSoft Shell Pack\Backup\wiadefui.dll

c:\windows\NiwradSoft Shell Pack\Backup\wiashext.dll

c:\windows\NiwradSoft Shell Pack\Backup\winbrand.dll

c:\windows\NiwradSoft Shell Pack\Backup\winchat.exe

c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll

c:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe

c:\windows\NiwradSoft Shell Pack\Backup\winmine.exe

c:\windows\NiwradSoft Shell Pack\Backup\winntbbu.dll

c:\windows\NiwradSoft Shell Pack\Backup\winsrv.dll

c:\windows\NiwradSoft Shell Pack\Backup\wintrust.dll

c:\windows\NiwradSoft Shell Pack\Backup\wmplayer.exe

c:\windows\NiwradSoft Shell Pack\Backup\wpabaln.exe

c:\windows\NiwradSoft Shell Pack\Backup\WpdShext.dll

c:\windows\NiwradSoft Shell Pack\Backup\write.exe

c:\windows\NiwradSoft Shell Pack\Backup\wscui.cpl

c:\windows\NiwradSoft Shell Pack\Backup\wsecedit.dll

c:\windows\NiwradSoft Shell Pack\Backup\wuapi.dll

c:\windows\NiwradSoft Shell Pack\Backup\wuauclt.exe

c:\windows\NiwradSoft Shell Pack\Backup\wuaucpl.cpl

c:\windows\NiwradSoft Shell Pack\Backup\wuaueng1.dll

c:\windows\NiwradSoft Shell Pack\Backup\wucltui.dll

c:\windows\NiwradSoft Shell Pack\Backup\wupdmgr.exe

c:\windows\NiwradSoft Shell Pack\Backup\wuweb.dll

c:\windows\NiwradSoft Shell Pack\Backup\xpsp1res.dll

c:\windows\NiwradSoft Shell Pack\Backup\xpsp2res.dll

c:\windows\NiwradSoft Shell Pack\Backup\xpsp3res.dll

c:\windows\NiwradSoft Shell Pack\Backup\zipfldr.dll

c:\windows\ServicePackFiles\i386\comctl32.dll

c:\windows\ServicePackFiles\i386\ctfmon.exe

c:\windows\ServicePackFiles\i386\explorer.exe

c:\windows\ServicePackFiles\i386\user32.dll

c:\windows\ServicePackFiles\i386\winlogon.exe

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-04-27 to 2010-05-27 ))))))))))))))))))))))))))))

.

 

2010-05-27 13:39 . 2010-05-27 13:39 2266718 ----a-w- C:\TS.zip

2010-05-26 00:38 . 2010-05-26 00:45 -------- d-----w- c:\arquivos de programas\cFosSpeed

2010-05-26 00:38 . 2009-10-30 15:25 288472 ------w- c:\windows\system32\cfosspeed.dll

2010-05-24 14:34 . 2010-05-24 14:36 -------- d-----w- C:\ToolBar SD

2010-05-24 14:26 . 2010-05-24 14:26 -------- d-----w- C:\toolb

2010-05-23 23:05 . 2010-05-23 23:05 -------- d-----w- C:\_OTL

2010-05-23 17:48 . 2008-04-13 14:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys

2010-05-23 17:39 . 2010-05-23 17:39 -------- d-----w- c:\arquivos de programas\TD74 Corporation

2010-05-23 17:39 . 2006-09-19 17:26 212992 ----a-w- c:\windows\VMSnap23.exe

2010-05-23 17:39 . 2006-06-28 05:54 49152 ----a-w- c:\windows\Domino.exe

2010-05-23 17:39 . 2006-03-30 23:24 81920 ----a-w- c:\windows\VMCap323.exe

2010-05-23 17:39 . 2010-05-23 17:39 -------- d-----w- c:\windows\CatRoot

2010-05-23 17:39 . 2007-04-24 14:56 257408 ----a-w- c:\windows\system32\drivers\usbvm323.sys

2010-05-23 16:58 . 2010-05-23 16:58 61440 ----a-w- c:\documents and settings\Marcus\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6b8c2a79-n\decora-sse.dll

2010-05-23 16:58 . 2010-05-23 16:58 12800 ----a-w- c:\documents and settings\Marcus\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6b8c2a79-n\decora-d3d.dll

2010-05-23 16:58 . 2010-05-23 16:58 503808 ----a-w- c:\documents and settings\Marcus\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2b79a7b3-n\msvcp71.dll

2010-05-23 16:58 . 2010-05-23 16:58 499712 ----a-w- c:\documents and settings\Marcus\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2b79a7b3-n\jmc.dll

2010-05-23 16:58 . 2010-05-23 16:58 348160 ----a-w- c:\documents and settings\Marcus\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2b79a7b3-n\msvcr71.dll

2010-05-22 12:46 . 2010-05-22 12:46 -------- d-----w- c:\windows\system32\wbem\Repository

2010-05-22 01:49 . 2010-05-22 12:45 -------- d-----w- c:\arquivos de programas\Pryme

2010-05-22 01:47 . 2010-05-22 12:45 -------- d-----w- C:\cmos

2010-05-22 01:25 . 2010-05-22 01:25 -------- d-----w- c:\arquivos de programas\STV

2010-05-09 14:32 . 2010-05-09 22:25 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NCH Swift Sound

2010-05-09 14:32 . 2010-05-09 14:32 -------- d-----w- c:\arquivos de programas\NCH Software

2010-05-09 14:31 . 2010-05-09 22:26 -------- d-----w- c:\documents and settings\Marcus\Dados de aplicativos\NCH Swift Sound

2010-05-09 14:28 . 2010-05-09 14:28 -------- d-----w- c:\arquivos de programas\MIKSOFT

2010-05-07 16:58 . 2010-05-07 16:58 152064 ----a-w- c:\windows\snap.dat

2010-05-07 16:55 . 2010-04-12 20:29 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-05-01 04:10 . 2010-05-01 05:43 -------- d-----w- c:\documents and settings\Marcus\Dados de aplicativos\TS3Client

2010-05-01 04:09 . 2010-05-01 04:09 -------- d-----w- c:\arquivos de programas\TeamSpeak 3 Client

2010-04-28 01:05 . 2010-04-28 01:05 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Nokia

2010-04-28 01:01 . 2010-04-28 01:01 -------- d-----w- c:\arquivos de programas\Arquivos comuns\PCSuite

2010-04-28 01:00 . 2010-04-28 01:00 -------- d-----w- c:\arquivos de programas\PC Connectivity Solution

2010-04-28 01:00 . 2007-02-22 13:15 12288 ----a-w- c:\windows\system32\drivers\nmwcdcj.sys

2010-04-28 01:00 . 2007-02-22 13:15 12288 ----a-w- c:\windows\system32\drivers\nmwcdcm.sys

2010-04-28 01:00 . 2007-02-22 13:15 8320 ----a-w- c:\windows\system32\drivers\nmwcdc.sys

2010-04-28 01:00 . 2007-02-22 13:15 137216 ----a-w- c:\windows\system32\drivers\nmwcd.sys

2010-04-28 01:00 . 2007-02-22 13:15 65536 ----a-w- c:\windows\system32\nmwcdcocls.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-05-27 03:02 . 2008-11-15 14:03 -------- d-----w- c:\documents and settings\Marcus\Dados de aplicativos\uTorrent

2010-05-25 23:37 . 2007-05-21 21:11 -------- d-----w- c:\arquivos de programas\Serviços on-line

2010-05-25 12:11 . 2008-11-15 14:03 -------- d-----w- c:\arquivos de programas\uTorrent

2010-05-25 01:55 . 2007-05-21 22:36 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield

2010-05-24 14:30 . 2007-06-07 11:06 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2010-05-22 12:46 . 2008-11-05 21:01 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NexonUS

2010-05-22 10:51 . 2009-09-02 12:01 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2010-05-22 01:25 . 2007-05-21 22:37 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2010-05-19 18:57 . 2010-03-07 03:52 -------- d-----w- c:\arquivos de programas\Full Tilt Poker

2010-05-12 20:51 . 2007-05-23 22:24 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2010-05-12 01:42 . 2008-11-27 23:07 -------- d-----w- c:\documents and settings\Marcus\Dados de aplicativos\LimeWire

2010-05-11 03:09 . 2009-09-22 01:36 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2010-05-07 16:55 . 2008-03-08 17:38 -------- d-----w- c:\arquivos de programas\Java

2010-05-01 02:20 . 2007-05-23 22:37 -------- d-----w- c:\arquivos de programas\CCleaner

2010-04-28 14:33 . 2008-10-11 12:19 -------- d-----w- c:\documents and settings\Marcus\Dados de aplicativos\Nokia Multimedia Player

2010-04-28 01:28 . 2008-11-28 00:03 -------- d-----w- c:\arquivos de programas\LG PC Suite II

2010-04-28 01:05 . 2008-10-11 11:01 -------- d-----w- c:\arquivos de programas\Nokia

2010-04-23 00:57 . 2010-02-25 16:01 26112 ----a-w- c:\windows\system32\drivers\tap0901.sys

2010-04-19 19:50 . 2009-11-04 15:12 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack

2010-04-16 18:00 . 2010-04-19 19:50 85504 ----a-w- c:\windows\system32\ff_vfw.dll

2010-04-03 19:22 . 2010-04-03 19:22 2336 ----a-w- C:\boot.bat

2010-03-15 09:31 . 2002-10-15 22:54 165376 ----a-w- c:\windows\system32\unrar.dll

2010-03-12 15:05 . 2010-03-12 15:05 503808 ----a-w- c:\documents and settings\Marcus\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-43823346-n\msvcp71.dll

2010-03-12 15:05 . 2010-03-12 15:05 499712 ----a-w- c:\documents and settings\Marcus\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-43823346-n\jmc.dll

2010-03-12 15:05 . 2010-03-12 15:05 348160 ----a-w- c:\documents and settings\Marcus\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-43823346-n\msvcr71.dll

2010-03-12 15:05 . 2010-03-12 15:05 61440 ----a-w- c:\documents and settings\Marcus\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3ec352b1-n\decora-sse.dll

2010-03-12 15:05 . 2010-03-12 15:05 12800 ----a-w- c:\documents and settings\Marcus\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3ec352b1-n\decora-d3d.dll

2010-03-12 15:04 . 2004-08-04 12:00 79832 ----a-w- c:\windows\system32\perfc016.dat

2010-03-12 15:04 . 2004-08-04 12:00 470730 ----a-w- c:\windows\system32\perfh016.dat

2010-03-10 06:16 . 2004-08-04 07:45 420352 ----a-w- c:\windows\system32\vbscript.dll

2010-02-26 15:05 . 2010-02-26 15:05 72488 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe

2009-09-04 21:00 . 2009-09-04 21:00 916430 ----a-w- c:\arquivos de programas\Apr2006_MDX1_x86.cab

2008-08-12 00:07 . 2008-07-17 22:49 29806 ----a-w- c:\arquivos de programas\megacubo_log.log

2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\libdivx.dll

2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\ssldivx.dll

.

 

------- Sigcheck -------

 

[-] 2008-04-14 . B0C0BF2504B830BFC1E93CA39F3C75FE . 549376 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

 

[-] 2008-04-14 . 302CD5BE4CA48200F9AC1C6074D71805 . 643072 . . [5.82] . . c:\windows\system32\comctl32.dll

 

[-] 2008-04-14 . A9B36030497E98C29210E4544700649D . 579072 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll

 

[-] 2008-04-14 . 54701D40A8E060872E666D48FDA27A19 . 1542656 . . [6.00.2900.5512] . . c:\windows\explorer.exe

 

[-] 2008-04-14 . 584450C5B2439571755D40444589C63D . 40448 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe

.

((((((((((((((((((((((((((((( SnapShot_2010-05-26_13.51.01 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-05-27 13:53 . 2010-05-27 13:53 16384 c:\windows\Temp\Perflib_Perfdata_7cc.dat

+ 2010-05-27 13:53 . 2010-05-27 13:53 16384 c:\windows\Temp\Perflib_Perfdata_1a4.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-31 468408]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ipTray.exe"="c:\arquivos de programas\Intel\IDU\iptray.exe" [2006-12-28 2242328]

"nwiz"="c:\arquivos de programas\NVIDIA Corporation\nView\nwiz.exe" [2009-07-09 1657376]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016]

"OutpostMonitor"="c:\arquiv~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-28 2374464]

"OutpostFeedBack"="c:\arquivos de programas\Agnitum\Outpost Firewall\feedback.exe" [2009-04-28 428032]

"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"QuickTime Task"="c:\arquivos de programas\QuickTime\QTTask.exe" [2009-11-11 417792]

"AppleSyncNotifier"="c:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]

"iTunesHelper"="c:\arquivos de programas\iTunes\iTunesHelper.exe" [2010-02-15 141608]

"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-02-18 248040]

"NSLauncher"="c:\arquivos de programas\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-08-02 3096576]

"SigmatelSysTrayApp"="sttray.exe" [2006-05-26 282624]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 40448]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"HonorAutoRunSetting"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMBalloonTip"= 1 (0x1)

"HonorAutoRunSetting"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

@=""

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Microsoft Office.lnk]

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Orbit.lnk]

backup=c:\windows\pss\Orbit.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Marcus^Menu Iniciar^Programas^Inicializar^hamachi.lnk]

backup=c:\windows\pss\hamachi.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Marcus^Menu Iniciar^Programas^Inicializar^Recorte de tela e Iniciador do OneNote 2007.lnk]

backup=c:\windows\pss\Recorte de tela e Iniciador do OneNote 2007.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]

2010-03-29 17:54 2343120 ----a-w- c:\arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2009-08-13 17:51 177440 ----a-w- c:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 02:20 40448 ----a-w- c:\windows\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2008-07-24 15:02 490952 ----a-w- c:\arquivos de programas\DAEMON Tools Lite\daemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 13:44 31072 ----a-w- c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]

2006-07-07 23:15 600896 ----a-w- c:\arquivos de programas\Microsoft IntelliPoint\ipoint.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

2005-08-12 08:30 81920 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-02-15 21:07 141608 ----a-w- c:\arquivos de programas\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]

2006-07-07 23:14 576320 ----a-w- c:\arquivos de programas\Microsoft IntelliType Pro\itype.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2009-07-26 18:44 3883840 ----a-w- c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2009-07-14 16:34 13877248 ----a-w- c:\windows\system32\nvcpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Openwares LiveUpdate]

2003-12-13 17:17 61440 ----a-w- c:\program files\LIVEUPDATE\LiveUpdate.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-11-11 01:08 417792 ----a-w- c:\arquivos de programas\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"QuickTime Task"="c:\arquivos de programas\QuickTime\QTTask.exe" -atboottime

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"=

"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe

"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe

"c:\\Nexon\\Combat Arms\\NMService.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Arquivos de programas\\MegaJogos\\jre\\jre\\bin\\javaw.exe"=

"c:\\Arquivos de programas\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\TeamViewer\\Version5\\TeamViewer.exe"=

"c:\\Arquivos de programas\\iTunes\\iTunes.exe"=

"c:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"56458:TCP"= 56458:TCP:Pando Media Booster

"56458:UDP"= 56458:UDP:Pando Media Booster

"56911:TCP"= 56911:TCP:Pando Media Booster

"56911:UDP"= 56911:UDP:Pando Media Booster

 

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [19/01/2010 11:23 130936]

R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [03/11/2009 20:52 704384]

R2 acssrv;Agnitum Client Security Service;c:\arquiv~1\Agnitum\OUTPOS~1\acs.exe [03/11/2009 20:49 1195008]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [12/01/2010 13:31 108289]

R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [03/11/2009 20:49 31128]

R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [03/11/2009 20:52 257432]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [10/06/2002 00:09 31232]

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20/11/2008 11:26 717296]

S2 gupdate1ca7415f53b919c;Google Update Service (gupdate1ca7415f53b919c);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [03/12/2009 09:41 133104]

S3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys --> c:\windows\system32\DRIVERS\3xHybrid.sys [?]

S3 exdisk;Express Disk Service;c:\windows\system32\drivers\exdisk.sys [21/05/2007 19:50 14074]

S3 GarenaPEngine;GarenaPEngine; [x]

S3 hid8101;hid8101;c:\windows\system32\drivers\hid8101.sys [22/10/2009 10:45 31908]

S3 lgmcbus;LGE Mobile driver (WDM);c:\windows\system32\drivers\lgmcbus.sys [27/11/2008 21:05 83584]

S3 lgmcmdfl;LGE Mobile USB WMC Modem Filter;c:\windows\system32\drivers\lgmcmdfl.sys [27/11/2008 21:05 14976]

S3 lgmcmdm;LGE Mobile USB WMC Modem Driver;c:\windows\system32\drivers\lgmcmdm.sys [27/11/2008 21:05 110464]

S3 lgmcobex;LGE Mobile USB WMC OBEX Interface;c:\windows\system32\drivers\lgmcobex.sys [27/11/2008 21:05 100480]

S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]

S3 PhTVTune;ENCORE TV Tuner Pro PCI Adapter;c:\windows\system32\drivers\PhTVTune.sys [18/08/2007 15:24 28480]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [11/01/2010 08:28 27064]

S3 sdAuxService;PC Tools Auxiliary Service;c:\arquivos de programas\Spyware Doctor\pctsAuxs.exe [19/01/2010 11:23 348752]

S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [25/01/2008 06:12 25088]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-04-02 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34]

 

2010-05-27 c:\windows\Tasks\AWC AutoSweep.job

- c:\arquivos de programas\IObit\Advanced SystemCare 3\AutoSweep.exe [2009-09-02 17:11]

 

2010-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-12-03 12:41]

 

2010-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-12-03 12:41]

 

2010-05-27 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 18:07]

.

.

------- Scan Suplementar -------

.

mWindow Title =

uInternet Settings,ProxyOverride = local

IE: &Clean Traces

IE: &Download with &DAP

IE: Download &all with DAP

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

FF - ProfilePath - c:\documents and settings\Marcus\Dados de aplicativos\Mozilla\Firefox\Profiles\mnctdmk7.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://thefreevpn.com/home.php

FF - prefs.js: keyword.URL - hxxp://br.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_br&p=

FF - prefs.js: network.proxy.http - localhost

FF - prefs.js: network.proxy.http_port - 9666

FF - prefs.js: network.proxy.socks - localhost

FF - prefs.js: network.proxy.socks_port - 9050

FF - prefs.js: network.proxy.ssl - localhost

FF - prefs.js: network.proxy.ssl_port - 9666

FF - prefs.js: network.proxy.type - 1

FF - component: c:\documents and settings\Marcus\Dados de aplicativos\Mozilla\Firefox\Profiles\mnctdmk7.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 0

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-05-27 11:06

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Bars\Settings-Bar0]

"BarID"=dword:0000e81b

"Bars"=dword:00000003

"Bar#0"=dword:00000000

"Bar#1"=dword:0000e800

"Bar#2"=dword:00000000

 

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Bars\Settings-Bar1]

"BarID"=dword:0000e81c

"Bars"=dword:00000004

"Bar#0"=dword:00000000

"Bar#1"=dword:0000e807

"Bar#2"=dword:0000e806

"Bar#3"=dword:00000000

 

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Bars\Settings-Bar2]

"BarID"=dword:0000e800

"XPos"=dword:fffffffe

"YPos"=dword:fffffffe

"Docking"=dword:00000001

"MRUDockID"=dword:00000000

"MRUDockLeftPos"=dword:fffffffe

"MRUDockTopPos"=dword:fffffffe

"MRUDockRightPos"=dword:000001f5

"MRUDockBottomPos"=dword:00000036

"MRUFloatStyle"=dword:00002000

"MRUFloatXPos"=dword:80000000

"MRUFloatYPos"=dword:cdcdcdcd

 

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Bars\Settings-Bar3]

"BarID"=dword:0000e806

"XPos"=dword:fffffffe

"YPos"=dword:00000141

"Docking"=dword:00000001

"MRUDockID"=dword:0000e81c

"MRUDockLeftPos"=dword:fffffffe

"MRUDockTopPos"=dword:00000141

"MRUDockRightPos"=dword:000000c6

"MRUDockBottomPos"=dword:00000287

"MRUFloatStyle"=dword:00002004

"MRUFloatXPos"=dword:80000000

"MRUFloatYPos"=dword:cdcdcdcd

 

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Bars\Settings-Bar4]

"BarID"=dword:0000e807

"XPos"=dword:fffffffe

"YPos"=dword:fffffffe

"Docking"=dword:00000001

"MRUDockID"=dword:00000000

"MRUDockLeftPos"=dword:fffffffe

"MRUDockTopPos"=dword:fffffffe

"MRUDockRightPos"=dword:000000c6

"MRUDockBottomPos"=dword:00000143

"MRUFloatStyle"=dword:00002004

"MRUFloatXPos"=dword:80000000

"MRUFloatYPos"=dword:cdcdcdcd

 

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Bars\Settings-Summary]

"Bars"=dword:00000005

"ScreenCX"=dword:00000400

"ScreenCY"=dword:00000300

 

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Settings]

"FirstRun"=dword:00000000

"xScreen"=dword:00000400

"yScreen"=dword:000002c4

"floats"="1.000000 0.500000 0.500000 120 120"

"skin"="ISR_10Moons.dll"

 

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\WNDSTATUS]

"FLAG"=dword:00000000

"SHOWCMD"=dword:00000001

"LEFT"=dword:fffffffc

"TOP"=dword:fffffffc

"RIGHT"=dword:00000404

"BOTTOM"=dword:000002e2

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(980)

c:\windows\system32\SETUPAPI.dll

c:\windows\system32\sfc_os.dll

c:\windows\system32\cscui.dll

 

- - - - - - - > 'lsass.exe'(1036)

c:\windows\system32\setupapi.dll

.

Tempo para conclusão: 2010-05-27 11:08:28

ComboFix-quarantined-files.txt 2010-05-27 14:08

ComboFix2.txt 2010-05-26 13:56

ComboFix3.txt 2010-05-24 14:59

 

Pré-execução: 51 pasta(s) 46.605.873.152 bytes disponíveis

Pós execução: 52 pasta(s) 46.427.955.200 bytes disponíveis

 

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4

- - End Of File - - 3150294D939DC180B7B71FA535965522

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! .martiello

 

<!> Siga,na ordem estas instruções!

0000000000000000000000

oooooooooooooooooooooo

<@> Baixe: < ATF.gif > ( ...by Atribune )

<@> Salve-o no Desktop!

<@> Reinicie o computador,em Modo de Segurança!

<@> Clique em ATF-Cleaner.exe

<@> Em "Select Files To Delete",marque Select All.

<@> Clique em Empty Selected.

<@> Na janela Done Cleaning,dê o OK --> Exit

 

<@> Atenção: Se utiliza o Firefox:

 

* No topo,clique em Firefox e escolha: Select All --> Clique em Empty Selected.

 

<@> Atenção: Se utiliza o Opera:

 

* No topo,clique em Opera e escolha: Select All --> Clique em Empty Selected.

 

<@> Reinicie,normalmente,o computador.

0000000000000000000000

oooooooooooooooooooooo

<@> Descompacte TS.zip,para a pasta: c:\windows\ServicePackFiles\i386 <--

<@> Portanto.passaremos a ter o seguinte caminho: c:\windows\ServicePackFiles\i386\TS

0000000000000000000000

oooooooooooooooooooooo

<@> Selecione e copie,todo o conteúdo que está na área do QUOTE,para o Bloco de Notas.

<@> Salve-o,no Desktop,com o nome: CFScript.txt

 

RESTORE::

c:\windows\system32\comctl32.dll

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\setupapi.dll

C:\WINDOWS\system32\syssetup.dll

c:\windows\system32\user32.dll

c:\windows\system32\ctfmon.exe

c:\windows\explorer.exe

<@> Ps: É recomendável que esteja desconectado,ao rodar o script.

<@> Ps: Desabilite,temporariamente,seu antivírus.

<@> Ps: Não utilizem este script em outra máquina!

<@> Arraste,o CFScript.txt para o ícone/interior do ComboFix.

<@> Veja a demonstração!

 

2872959479_997d4500c4_o.gif

 

<@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix.

<@> Ps: Faça o arraste,até surgir essa solicitação! ( janela )

<@> Terminando,poste: C:\ComboFix.txt

0000000000000000000000

oooooooooooooooooooooo

<!> Ps: Caso esteja tudo Ok,e sem incidentes de percurso,baixe esta ferramenta: The Comedian

0000000000000000000000

oooooooooooooooooooooo

<@> Baixe: < The_Comedian > ( ...by Rorschach112 )

<@> Salve-o no desktop,renomeado como: komedian.exe

<@> Execute komedian.exe,com um duplo-clique.

<@> Siga as várias etapas ( Steps 1,2,3,4.. ),sempre apertando Enter.

 

Step 1 --> Turning off wordwrap..

Step 2 --> Fixing file associations

Step 3 --> Creating an ERUNT registry backup..

 

<@> Permita a instalação de ERUNT,que estabelecerá backup ao registro.

<@> Conclua a etapa 4 ( Step 4 ),que irá criar um novo Ponto de restauração do sistema.

<@> Confirme a finalização dessa etapa,que terminará automaticamente.

<@> Por default,o backup estará em: C:\WINDOWS\ERUNT\d-m-2010

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 10-05-23.07 - Marcus 27/05/2010 20:50:29.4.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2045.1563 [GMT -3:00]

Executando de: c:\documents and settings\Marcus\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Marcus\Desktop\CFScript.txt

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: ESET Smart Security 3.0 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Firewall pessoal do ESET *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

FW: Outpost Firewall *disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}

* AV residente está ativo

 

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

A cópia de c:\windows\explorer.exe foi encontrada e desinfectada

Cópia restaurada de - c:\windows\ServicePackFiles\i386\TS\explorer.exe

 

A cópia de c:\windows\system32\comctl32.dll foi encontrada e desinfectada

Cópia restaurada de - c:\windows\ServicePackFiles\i386\TS\comctl32.dll

 

A cópia de c:\windows\system32\ctfmon.exe foi encontrada e desinfectada

Cópia restaurada de - c:\system volume information\_restore{9722A98C-9BBF-474D-B81F-F14975B21EDA}\RP212\A0067368.exe

 

A cópia de c:\windows\system32\setupapi.dll foi encontrada e desinfectada

Cópia restaurada de - c:\windows\ServicePackFiles\i386\TS\setupapi.dll

 

A cópia de c:\windows\system32\syssetup.dll foi encontrada e desinfectada

Cópia restaurada de - c:\windows\ServicePackFiles\i386\TS\syssetup.dll

 

A cópia de c:\windows\system32\user32.dll foi encontrada e desinfectada

Cópia restaurada de - c:\windows\ServicePackFiles\i386\TS\user32.dll

 

A cópia de c:\windows\system32\winlogon.exe foi encontrada e desinfectada

Cópia restaurada de - c:\windows\ServicePackFiles\i386\TS\winlogon.exe

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-04-27 to 2010-05-27 ))))))))))))))))))))))))))))

.

 

2010-05-27 13:39 . 2010-05-27 13:39 2266718 ----a-w- C:\TS.zip

2010-05-26 00:38 . 2010-05-26 00:45 -------- d-----w- c:\arquivos de programas\cFosSpeed

2010-05-26 00:38 . 2009-10-30 15:25 288472 ------w- c:\windows\system32\cfosspeed.dll

2010-05-24 14:34 . 2010-05-24 14:36 -------- d-----w- C:\ToolBar SD

2010-05-24 14:26 . 2010-05-24 14:26 -------- d-----w- C:\toolb

2010-05-23 23:05 . 2010-05-23 23:05 -------- d-----w- C:\_OTL

2010-05-23 17:48 . 2008-04-13 14:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys

2010-05-23 17:39 . 2010-05-23 17:39 -------- d-----w- c:\arquivos de programas\TD74 Corporation

2010-05-23 17:39 . 2006-09-19 17:26 212992 ----a-w- c:\windows\VMSnap23.exe

2010-05-23 17:39 . 2006-06-28 05:54 49152 ----a-w- c:\windows\Domino.exe

2010-05-23 17:39 . 2006-03-30 23:24 81920 ----a-w- c:\windows\VMCap323.exe

2010-05-23 17:39 . 2010-05-23 17:39 -------- d-----w- c:\windows\CatRoot

2010-05-23 17:39 . 2007-04-24 14:56 257408 ----a-w- c:\windows\system32\drivers\usbvm323.sys

2010-05-22 12:46 . 2010-05-22 12:46 -------- d-----w- c:\windows\system32\wbem\Repository

2010-05-22 01:49 . 2010-05-22 12:45 -------- d-----w- c:\arquivos de programas\Pryme

2010-05-22 01:47 . 2010-05-22 12:45 -------- d-----w- C:\cmos

2010-05-22 01:25 . 2010-05-22 01:25 -------- d-----w- c:\arquivos de programas\STV

2010-05-09 14:32 . 2010-05-09 22:25 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NCH Swift Sound

2010-05-09 14:32 . 2010-05-09 14:32 -------- d-----w- c:\arquivos de programas\NCH Software

2010-05-09 14:31 . 2010-05-09 22:26 -------- d-----w- c:\documents and settings\Marcus\Dados de aplicativos\NCH Swift Sound

2010-05-09 14:28 . 2010-05-09 14:28 -------- d-----w- c:\arquivos de programas\MIKSOFT

2010-05-07 16:58 . 2010-05-07 16:58 152064 ----a-w- c:\windows\snap.dat

2010-05-07 16:55 . 2010-04-12 20:29 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-05-01 04:10 . 2010-05-01 05:43 -------- d-----w- c:\documents and settings\Marcus\Dados de aplicativos\TS3Client

2010-05-01 04:09 . 2010-05-01 04:09 -------- d-----w- c:\arquivos de programas\TeamSpeak 3 Client

2010-04-28 01:05 . 2010-04-28 01:05 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Nokia

2010-04-28 01:01 . 2010-04-28 01:01 -------- d-----w- c:\arquivos de programas\Arquivos comuns\PCSuite

2010-04-28 01:00 . 2010-04-28 01:00 -------- d-----w- c:\arquivos de programas\PC Connectivity Solution

2010-04-28 01:00 . 2007-02-22 13:15 12288 ----a-w- c:\windows\system32\drivers\nmwcdcj.sys

2010-04-28 01:00 . 2007-02-22 13:15 12288 ----a-w- c:\windows\system32\drivers\nmwcdcm.sys

2010-04-28 01:00 . 2007-02-22 13:15 8320 ----a-w- c:\windows\system32\drivers\nmwcdc.sys

2010-04-28 01:00 . 2007-02-22 13:15 137216 ----a-w- c:\windows\system32\drivers\nmwcd.sys

2010-04-28 01:00 . 2007-02-22 13:15 65536 ----a-w- c:\windows\system32\nmwcdcocls.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-05-27 23:35 . 2007-06-07 11:06 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2010-05-27 17:32 . 2008-11-15 14:03 -------- d-----w- c:\documents and settings\Marcus\Dados de aplicativos\uTorrent

2010-05-25 23:37 . 2007-05-21 21:11 -------- d-----w- c:\arquivos de programas\Serviços on-line

2010-05-25 12:11 . 2008-11-15 14:03 -------- d-----w- c:\arquivos de programas\uTorrent

2010-05-25 01:55 . 2007-05-21 22:36 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield

2010-05-23 16:58 . 2010-05-23 16:58 61440 ----a-w- c:\documents and settings\Marcus\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6b8c2a79-n\decora-sse.dll

2010-05-23 16:58 . 2010-05-23 16:58 12800 ----a-w- c:\documents and settings\Marcus\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6b8c2a79-n\decora-d3d.dll

2010-05-23 16:58 . 2010-05-23 16:58 503808 ----a-w- c:\documents and settings\Marcus\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2b79a7b3-n\msvcp71.dll

2010-05-23 16:58 . 2010-05-23 16:58 499712 ----a-w- c:\documents and settings\Marcus\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2b79a7b3-n\jmc.dll

2010-05-23 16:58 . 2010-05-23 16:58 348160 ----a-w- c:\documents and settings\Marcus\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2b79a7b3-n\msvcr71.dll

2010-05-22 12:46 . 2008-11-05 21:01 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NexonUS

2010-05-22 10:51 . 2009-09-02 12:01 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2010-05-22 01:25 . 2007-05-21 22:37 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2010-05-19 18:57 . 2010-03-07 03:52 -------- d-----w- c:\arquivos de programas\Full Tilt Poker

2010-05-12 20:51 . 2007-05-23 22:24 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2010-05-12 01:42 . 2008-11-27 23:07 -------- d-----w- c:\documents and settings\Marcus\Dados de aplicativos\LimeWire

2010-05-11 03:09 . 2009-09-22 01:36 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2010-05-07 16:55 . 2008-03-08 17:38 -------- d-----w- c:\arquivos de programas\Java

2010-05-01 02:20 . 2007-05-23 22:37 -------- d-----w- c:\arquivos de programas\CCleaner

2010-04-28 14:33 . 2008-10-11 12:19 -------- d-----w- c:\documents and settings\Marcus\Dados de aplicativos\Nokia Multimedia Player

2010-04-28 01:28 . 2008-11-28 00:03 -------- d-----w- c:\arquivos de programas\LG PC Suite II

2010-04-28 01:05 . 2008-10-11 11:01 -------- d-----w- c:\arquivos de programas\Nokia

2010-04-23 00:57 . 2010-02-25 16:01 26112 ----a-w- c:\windows\system32\drivers\tap0901.sys

2010-04-19 19:50 . 2009-11-04 15:12 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack

2010-04-16 18:00 . 2010-04-19 19:50 85504 ----a-w- c:\windows\system32\ff_vfw.dll

2010-04-03 19:22 . 2010-04-03 19:22 2336 ----a-w- C:\boot.bat

2010-03-15 09:31 . 2002-10-15 22:54 165376 ----a-w- c:\windows\system32\unrar.dll

2010-03-12 15:05 . 2010-03-12 15:05 503808 ----a-w- c:\documents and settings\Marcus\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-43823346-n\msvcp71.dll

2010-03-12 15:05 . 2010-03-12 15:05 499712 ----a-w- c:\documents and settings\Marcus\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-43823346-n\jmc.dll

2010-03-12 15:05 . 2010-03-12 15:05 348160 ----a-w- c:\documents and settings\Marcus\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-43823346-n\msvcr71.dll

2010-03-12 15:05 . 2010-03-12 15:05 61440 ----a-w- c:\documents and settings\Marcus\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3ec352b1-n\decora-sse.dll

2010-03-12 15:05 . 2010-03-12 15:05 12800 ----a-w- c:\documents and settings\Marcus\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3ec352b1-n\decora-d3d.dll

2010-03-12 15:04 . 2004-08-04 12:00 79832 ----a-w- c:\windows\system32\perfc016.dat

2010-03-12 15:04 . 2004-08-04 12:00 470730 ----a-w- c:\windows\system32\perfh016.dat

2010-03-10 06:16 . 2004-08-04 07:45 420352 ----a-w- c:\windows\system32\vbscript.dll

2009-09-04 21:00 . 2009-09-04 21:00 916430 ----a-w- c:\arquivos de programas\Apr2006_MDX1_x86.cab

2008-08-12 00:07 . 2008-07-17 22:49 29806 ----a-w- c:\arquivos de programas\megacubo_log.log

2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\libdivx.dll

2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\ssldivx.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-31 468408]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ipTray.exe"="c:\arquivos de programas\Intel\IDU\iptray.exe" [2006-12-28 2242328]

"nwiz"="c:\arquivos de programas\NVIDIA Corporation\nView\nwiz.exe" [2009-07-09 1657376]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016]

"OutpostMonitor"="c:\arquiv~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-28 2374464]

"OutpostFeedBack"="c:\arquivos de programas\Agnitum\Outpost Firewall\feedback.exe" [2009-04-28 428032]

"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"QuickTime Task"="c:\arquivos de programas\QuickTime\QTTask.exe" [2009-11-11 417792]

"AppleSyncNotifier"="c:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]

"iTunesHelper"="c:\arquivos de programas\iTunes\iTunesHelper.exe" [2010-02-15 141608]

"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-02-18 248040]

"NSLauncher"="c:\arquivos de programas\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-08-02 3096576]

"SigmatelSysTrayApp"="sttray.exe" [2006-05-26 282624]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"HonorAutoRunSetting"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMBalloonTip"= 1 (0x1)

"HonorAutoRunSetting"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

@=""

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Microsoft Office.lnk]

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Orbit.lnk]

backup=c:\windows\pss\Orbit.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Marcus^Menu Iniciar^Programas^Inicializar^hamachi.lnk]

backup=c:\windows\pss\hamachi.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Marcus^Menu Iniciar^Programas^Inicializar^Recorte de tela e Iniciador do OneNote 2007.lnk]

backup=c:\windows\pss\Recorte de tela e Iniciador do OneNote 2007.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]

2010-03-29 17:54 2343120 ----a-w- c:\arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2009-08-13 17:51 177440 ----a-w- c:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 02:20 15360 ----a-w- c:\windows\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2008-07-24 15:02 490952 ----a-w- c:\arquivos de programas\DAEMON Tools Lite\daemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 13:44 31072 ----a-w- c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]

2006-07-07 23:15 600896 ----a-w- c:\arquivos de programas\Microsoft IntelliPoint\ipoint.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

2005-08-12 08:30 81920 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-02-15 21:07 141608 ----a-w- c:\arquivos de programas\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]

2006-07-07 23:14 576320 ----a-w- c:\arquivos de programas\Microsoft IntelliType Pro\itype.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2009-07-26 18:44 3883840 ----a-w- c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2009-07-14 16:34 13877248 ----a-w- c:\windows\system32\nvcpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Openwares LiveUpdate]

2003-12-13 17:17 61440 ----a-w- c:\program files\LIVEUPDATE\LiveUpdate.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-11-11 01:08 417792 ----a-w- c:\arquivos de programas\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"QuickTime Task"="c:\arquivos de programas\QuickTime\QTTask.exe" -atboottime

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"=

"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe

"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe

"c:\\Nexon\\Combat Arms\\NMService.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Arquivos de programas\\MegaJogos\\jre\\jre\\bin\\javaw.exe"=

"c:\\Arquivos de programas\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\TeamViewer\\Version5\\TeamViewer.exe"=

"c:\\Arquivos de programas\\iTunes\\iTunes.exe"=

"c:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"56458:TCP"= 56458:TCP:Pando Media Booster

"56458:UDP"= 56458:UDP:Pando Media Booster

"56911:TCP"= 56911:TCP:Pando Media Booster

"56911:UDP"= 56911:UDP:Pando Media Booster

 

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [19/01/2010 11:23 130936]

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20/11/2008 11:26 717296]

R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [03/11/2009 20:52 704384]

R2 acssrv;Agnitum Client Security Service;c:\arquiv~1\Agnitum\OUTPOS~1\acs.exe [03/11/2009 20:49 1195008]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [12/01/2010 13:31 108289]

R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [03/11/2009 20:49 31128]

R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [03/11/2009 20:52 257432]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [10/06/2002 00:09 31232]

S2 gupdate1ca7415f53b919c;Google Update Service (gupdate1ca7415f53b919c);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [03/12/2009 09:41 133104]

S3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys --> c:\windows\system32\DRIVERS\3xHybrid.sys [?]

S3 exdisk;Express Disk Service;c:\windows\system32\drivers\exdisk.sys [21/05/2007 19:50 14074]

S3 GarenaPEngine;GarenaPEngine; [x]

S3 hid8101;hid8101;c:\windows\system32\drivers\hid8101.sys [22/10/2009 10:45 31908]

S3 lgmcbus;LGE Mobile driver (WDM);c:\windows\system32\drivers\lgmcbus.sys [27/11/2008 21:05 83584]

S3 lgmcmdfl;LGE Mobile USB WMC Modem Filter;c:\windows\system32\drivers\lgmcmdfl.sys [27/11/2008 21:05 14976]

S3 lgmcmdm;LGE Mobile USB WMC Modem Driver;c:\windows\system32\drivers\lgmcmdm.sys [27/11/2008 21:05 110464]

S3 lgmcobex;LGE Mobile USB WMC OBEX Interface;c:\windows\system32\drivers\lgmcobex.sys [27/11/2008 21:05 100480]

S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]

S3 PhTVTune;ENCORE TV Tuner Pro PCI Adapter;c:\windows\system32\drivers\PhTVTune.sys [18/08/2007 15:24 28480]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [11/01/2010 08:28 27064]

S3 sdAuxService;PC Tools Auxiliary Service;c:\arquivos de programas\Spyware Doctor\pctsAuxs.exe [19/01/2010 11:23 348752]

S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [25/01/2008 06:12 25088]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-04-02 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34]

 

2010-05-27 c:\windows\Tasks\AWC AutoSweep.job

- c:\arquivos de programas\IObit\Advanced SystemCare 3\AutoSweep.exe [2009-09-02 17:11]

 

2010-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-12-03 12:41]

 

2010-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-12-03 12:41]

 

2010-05-27 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 18:07]

.

.

------- Scan Suplementar -------

.

mWindow Title =

uInternet Settings,ProxyOverride = local

IE: &Clean Traces

IE: &Download with &DAP

IE: Download &all with DAP

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

FF - ProfilePath - c:\documents and settings\Marcus\Dados de aplicativos\Mozilla\Firefox\Profiles\mnctdmk7.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://thefreevpn.com/home.php

FF - prefs.js: keyword.URL - hxxp://br.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_br&p=

FF - prefs.js: network.proxy.http - localhost

FF - prefs.js: network.proxy.http_port - 9666

FF - prefs.js: network.proxy.socks - localhost

FF - prefs.js: network.proxy.socks_port - 9050

FF - prefs.js: network.proxy.ssl - localhost

FF - prefs.js: network.proxy.ssl_port - 9666

FF - prefs.js: network.proxy.type - 1

FF - component: c:\documents and settings\Marcus\Dados de aplicativos\Mozilla\Firefox\Profiles\mnctdmk7.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 0

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-05-27 20:59

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

 

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spus.sys >>UNKNOWN [0x8A643938]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xb80ecf28

\Driver\ACPI -> ACPI.sys @ 0xb7e67cb8

\Driver\atapi -> atapi.sys @ 0xb7dfcb40

IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8

ParseProcedure -> ntkrnlpa.exe @ 0x805827e8

\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8

ParseProcedure -> ntkrnlpa.exe @ 0x805827e8

NDIS: Intel® PRO/100 VE Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xb7ccfbb0

PacketIndicateHandler -> NDIS.sys @ 0xb7cdca21

SendHandler -> NDIS.sys @ 0xb7cba87b

user & kernel MBR OK

copy of MBR has been found in sector 1 !

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Bars\Settings-Bar0]

"BarID"=dword:0000e81b

"Bars"=dword:00000003

"Bar#0"=dword:00000000

"Bar#1"=dword:0000e800

"Bar#2"=dword:00000000

 

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Bars\Settings-Bar1]

"BarID"=dword:0000e81c

"Bars"=dword:00000004

"Bar#0"=dword:00000000

"Bar#1"=dword:0000e807

"Bar#2"=dword:0000e806

"Bar#3"=dword:00000000

 

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Bars\Settings-Bar2]

"BarID"=dword:0000e800

"XPos"=dword:fffffffe

"YPos"=dword:fffffffe

"Docking"=dword:00000001

"MRUDockID"=dword:00000000

"MRUDockLeftPos"=dword:fffffffe

"MRUDockTopPos"=dword:fffffffe

"MRUDockRightPos"=dword:000001f5

"MRUDockBottomPos"=dword:00000036

"MRUFloatStyle"=dword:00002000

"MRUFloatXPos"=dword:80000000

"MRUFloatYPos"=dword:cdcdcdcd

 

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Bars\Settings-Bar3]

"BarID"=dword:0000e806

"XPos"=dword:fffffffe

"YPos"=dword:00000141

"Docking"=dword:00000001

"MRUDockID"=dword:0000e81c

"MRUDockLeftPos"=dword:fffffffe

"MRUDockTopPos"=dword:00000141

"MRUDockRightPos"=dword:000000c6

"MRUDockBottomPos"=dword:00000287

"MRUFloatStyle"=dword:00002004

"MRUFloatXPos"=dword:80000000

"MRUFloatYPos"=dword:cdcdcdcd

 

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Bars\Settings-Bar4]

"BarID"=dword:0000e807

"XPos"=dword:fffffffe

"YPos"=dword:fffffffe

"Docking"=dword:00000001

"MRUDockID"=dword:00000000

"MRUDockLeftPos"=dword:fffffffe

"MRUDockTopPos"=dword:fffffffe

"MRUDockRightPos"=dword:000000c6

"MRUDockBottomPos"=dword:00000143

"MRUFloatStyle"=dword:00002004

"MRUFloatXPos"=dword:80000000

"MRUFloatYPos"=dword:cdcdcdcd

 

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Bars\Settings-Summary]

"Bars"=dword:00000005

"ScreenCX"=dword:00000400

"ScreenCY"=dword:00000300

 

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Settings]

"FirstRun"=dword:00000000

"xScreen"=dword:00000400

"yScreen"=dword:000002c4

"floats"="1.000000 0.500000 0.500000 120 120"

"skin"="ISR_10Moons.dll"

 

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\WNDSTATUS]

"FLAG"=dword:00000000

"SHOWCMD"=dword:00000001

"LEFT"=dword:fffffffc

"TOP"=dword:fffffffc

"RIGHT"=dword:00000404

"BOTTOM"=dword:000002e2

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(968)

c:\windows\system32\sfc_os.dll

c:\windows\system32\cscui.dll

 

- - - - - - - > 'explorer.exe'(940)

c:\windows\system32\WININET.dll

c:\windows\system32\COMRes.dll

c:\windows\System32\cscui.dll

c:\windows\system32\LINKINFO.dll

c:\windows\system32\ntshrui.dll

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\arquivos de programas\Scpad\scpLIB.dll

c:\arquivos de programas\Scpad\scpMIB.dll

c:\arquivos de programas\Scpad\sshib.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\NETSHELL.dll

c:\windows\system32\credui.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\system32\nvsvc32.exe

c:\arquivos de programas\Avira\AntiVir Desktop\avguard.exe

c:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\arquivos de programas\Intel\IDU\awServ.exe

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\windows\System32\snmp.exe

c:\arquivos de programas\SigmaTel\C-Major Audio\WDM\STacSV.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\windows\system32\RUNDLL32.EXE

c:\windows\sttray.exe

.

**************************************************************************

.

Tempo para conclusão: 2010-05-27 21:05:32 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-05-28 00:05

ComboFix2.txt 2010-05-27 14:08

ComboFix3.txt 2010-05-26 13:56

ComboFix4.txt 2010-05-24 14:59

 

Pré-execução: 51 pasta(s) 46.147.018.752 bytes disponíveis

Pós execução: 52 pasta(s) 46.084.259.840 bytes disponíveis

 

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4

- - End Of File - - 07ED081BA1C4F577902603E34A7BFA3C

 

Após finalizar a etapa 4 do komedian.exe o que deve fazer?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Após finalizar a etapa 4 do komedian.exe o que deve fazer?

///////////////\\\\\\\\\\\\\\

Boa Noite! .matiello

 

<!> Nada! Pois essa etapa estabeleceu novo ponto de "Restauração do sistema".

<!> Ps: Seus problemas de validação de assinaturas,foram resolvidos!

<!> Repita,novamente,o procedimento com a ferramenta Gmer_MBR :seta: Poste o relatório!

0000000000000000000

ooooooooooooooooooo

<@> Baixe: < rootRepealDesktopIcon.png >

 

<!> Link-2 < RootRepeal.zip >

<!> Link-3 < RootRepeal.zip >

 

<@> Descompacte-o para o desktop.

<@> Abra a o programa,e clique em "Report" --> "Scan" < btnScan.png >

 

checkBoxes2.png

 

<@> Marque,àcima,as 7 caixinhas. --> Clique OK.

<@> Escolha,à seguir,seu drive. ( C:\ ou D:\ ) --> OK.

<@> Dê início ao scan e,ao terminar,clique em "Save Report" < saveReport.png >

<@> Salve-o com o nome: "RootRepeal.txt" <-- Relatório!

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desculpe, ferramenta Gmer_MBR ??? Já baixei ela no processo?

/////////////\\\\\\\\\\\\\\\

Bom Dia! .matiello

 

<!> Sim! Mas...em todo caso,vai aqui sua repetição.

0000000000000000

oooooooooooooooo

<@> Baixe: < mbr.exe v.0.3.7 > ( by Gmer )

<@> Salve-o em C:\ ou C:\Documents and Settings\[userName]\,dando preferência ao diretório em que abre o prompt de comando.

<@> Vá em Iniciar --> Executar --> Digite: cmd --> OK.

<@> No prompt,digite: cd \ --> Aperte Enter.

 

<@> Digite: C:\>mbr.exe -f ou C:\Documents and Settings\[userName]\>mbr.exe -f

 

<@> Aperte Enter.

<@> Ps: Uma outra opção seria baixar mbr.exe,para o seu desktop.

<@> Vá em Iniciar --> Executar --> Digite ou cole: "%userprofile%\desktop\mbr.exe" -f

<@> Clique OK.

<@> Poste: C:\mbr.txt ou C:\Documents and Settings\[userName]\mbr.txt

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

 

device: opened successfully

user: MBR read successfully

kernel: MBR read successfully

user & kernel MBR OK

copy of MBR has been found in sector 1 !

 

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2010/05/28 19:01

Program Version: Version 1.3.5.0

Windows Version: Windows XP SP3

==================================================

 

Drivers

-------------------

Name: mbr.sys

Image Path: C:\DOCUME~1\Marcus\CONFIG~1\Temp\mbr.sys

Address: 0xB8440000 Size: 20864 File Visible: No Signed: -

Status: -

 

Name: PCI_PNP2960

Image Path: \Driver\PCI_PNP2960

Address: 0x00000000 Size: 0 File Visible: No Signed: -

Status: -

 

Name: rootrepeal.sys

Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys

Address: 0xB3102000 Size: 49152 File Visible: No Signed: -

Status: -

 

Name: sptd

Image Path: \Driver\sptd

Address: 0x00000000 Size: 0 File Visible: No Signed: -

Status: -

 

Name: spvt.sys

Image Path: spvt.sys

Address: 0xB7EA7000 Size: 1048576 File Visible: No Signed: -

Status: -

 

Hidden/Locked Files

-------------------

Path: C:\Documents and Settings\Marcus\Configurações locais\Apps\2.0\138HJ9W4.9GX\5WEWYVOJ.TKB\manifests\Scrim Spot Anti-Cheat.exe.cdf-ms

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Marcus\Configurações locais\Apps\2.0\138HJ9W4.9GX\5WEWYVOJ.TKB\manifests\Scrim Spot Anti-Cheat.exe.manifest

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Marcus\Configurações locais\Apps\2.0\EAB11K66.DQK\3CZ4QMQY.EJR\manifests\Scrim Spot Anti-Cheat.exe.cdf-ms

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Marcus\Configurações locais\Apps\2.0\EAB11K66.DQK\3CZ4QMQY.EJR\manifests\Scrim Spot Anti-Cheat.exe.manifest

Status: Locked to the Windows API!

 

Processes

-------------------

Path: C:\ARQUIV~1\Agnitum\OUTPOS~1\acs.exe

PID: 572 Status: Locked to the Windows API!

 

Path: C:\ARQUIV~1\Agnitum\OUTPOS~1\op_mon.exe

PID: 1456 Status: Locked to the Windows API!

 

SSDT

-------------------

#: 019 Function Name: NtAssignProcessToJobObject

Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xb3ffea60

 

#: 025 Function Name: NtClose

Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xb3fe3bf0

 

#: 031 Function Name: NtConnectPort

Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xb4000920

 

#: 037 Function Name: NtCreateFile

Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xb3fdff60

 

#: 041 Function Name: NtCreateKey

Status: Hooked by "PCTCore.sys" at address 0xb7db6514

 

#: 047 Function Name: NtCreateProcess

Status: Hooked by "PCTCore.sys" at address 0xb7da5282

 

#: 048 Function Name: NtCreateProcessEx

Status: Hooked by "PCTCore.sys" at address 0xb7da5474

 

#: 050 Function Name: NtCreateSection

Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xb3fded10

 

#: 052 Function Name: NtCreateSymbolicLinkObject

Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xb3feae40

 

#: 053 Function Name: NtCreateThread

Status: Hooked by "<unknown>" at address 0xb8716e04

 

#: 057 Function Name: NtDebugActiveProcess

Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xb4003f30

 

#: 062 Function Name: NtDeleteFile

Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xb3fe9b20

 

#: 063 Function Name: NtDeleteKey

Status: Hooked by "PCTCore.sys" at address 0xb7db6d00

 

#: 065 Function Name: NtDeleteValueKey

Status: Hooked by "PCTCore.sys" at address 0xb7db6fb8

 

#: 071 Function Name: NtEnumerateKey

Status: Hooked by "spvt.sys" at address 0xb7ec6ca2

 

#: 073 Function Name: NtEnumerateValueKey

Status: Hooked by "spvt.sys" at address 0xb7ec7030

 

#: 097 Function Name: NtLoadDriver

Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xb3ff4bb0

 

#: 098 Function Name: NtLoadKey

Status: Hooked by "<unknown>" at address 0xb8716e22

 

#: 105 Function Name: NtMakeTemporaryObject

Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xb3fea6b0

 

#: 116 Function Name: NtOpenFile

Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xb3fe2c10

 

#: 119 Function Name: NtOpenKey

Status: Hooked by "PCTCore.sys" at address 0xb7db53fa

 

#: 122 Function Name: NtOpenProcess

Status: Hooked by "<unknown>" at address 0xb8716df0

 

#: 125 Function Name: NtOpenSection

Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xb3fdf580

 

#: 128 Function Name: NtOpenThread

Status: Hooked by "<unknown>" at address 0xb8716df5

 

#: 137 Function Name: NtProtectVirtualMemory

Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xb3fffda0

 

#: 145 Function Name: NtQueryDirectoryFile

Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xb3fe48a0

 

#: 160 Function Name: NtQueryKey

Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xb3fee750

 

#: 177 Function Name: NtQueryValueKey

Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xb3feefa0

 

#: 180 Function Name: NtQueueApcThread

Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xb3ffded0

 

#: 192 Function Name: NtRenameKey

Status: Hooked by "PCTCore.sys" at address 0xb7db7422

 

#: 193 Function Name: NtReplaceKey

Status: Hooked by "<unknown>" at address 0xb8716e2c

 

#: 199 Function Name: NtRequestPort

Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xb4002a50

 

#: 200 Function Name: NtRequestWaitReplyPort

Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xb4002d70

 

#: 204 Function Name: NtRestoreKey

Status: Hooked by "<unknown>" at address 0xb8716e27

 

#: 207 Function Name: NtSaveKey

Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xb3ff0c80

 

#: 208 Function Name: NtSaveKeyEx

Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xb3ff14d0

 

#: 210 Function Name: NtSecureConnectPort

Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xb4001480

 

#: 213 Function Name: NtSetContextThread

Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xb3ffd440

 

#: 223 Function Name: NtSetInformationDebugObject

Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xb4004520

 

#: 224 Function Name: NtSetInformationFile

Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xb3fe5bf0

 

#: 240 Function Name: NtSetSystemInformation

Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xb3ff41c0

 

#: 247 Function Name: NtSetValueKey

Status: Hooked by "PCTCore.sys" at address 0xb7db67d8

 

#: 253 Function Name: NtSuspendProcess

Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xb3ffc190

 

#: 254 Function Name: NtSuspendThread

Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xb3ffcac0

 

#: 255 Function Name: NtSystemDebugControl

Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xb4003770

 

#: 257 Function Name: NtTerminateProcess

Status: Hooked by "PCTCore.sys" at address 0xb7da4f32

 

#: 258 Function Name: NtTerminateThread

Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xb3ffb620

 

#: 262 Function Name: NtUnloadDriver

Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xb3ff5530

 

#: 277 Function Name: NtWriteVirtualMemory

Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xb3fff2b0

 

Stealth Objects

-------------------

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]

Process: System Address: 0x8a6931f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]

Process: System Address: 0x8a6931f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]

Process: System Address: 0x8a6931f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]

Process: System Address: 0x8a6931f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0x8a6931f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]

Process: System Address: 0x8a6931f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]

Process: System Address: 0x8a6931f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]

Process: System Address: 0x8a6931f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x8a6931f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0x8a6931f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]

Process: System Address: 0x8a6931f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x8a6931f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System Address: 0x8a6931f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8a6931f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]

Process: System Address: 0x8a6931f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]

Process: System Address: 0x8a6931f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]

Process: System Address: 0x8a6931f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]

Process: System Address: 0x8a6931f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]

Process: System Address: 0x8a6931f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]

Process: System Address: 0x8a6931f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]

Process: System Address: 0x8a6931f8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]

Process: System Address: 0x8a6931f8 Size: 121

 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]

Process: System Address: 0x8a3ac1f8 Size: 121

 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]

Process: System Address: 0x8a3ac1f8 Size: 121

 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]

Process: System Address: 0x8a3ac1f8 Size: 121

 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]

Process: System Address: 0x8a3ac1f8 Size: 121

 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x8a3ac1f8 Size: 121

 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8a3ac1f8 Size: 121

 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x8a3ac1f8 Size: 121

 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]

Process: System Address: 0x8a3ac1f8 Size: 121

 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]

Process: System Address: 0x8a3ac1f8 Size: 121

 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x8a3ac1f8 Size: 121

 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]

Process: System Address: 0x8a3ac1f8 Size: 121

 

Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]

Process: System Address: 0x8a6231f8 Size: 121

 

Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]

Process: System Address: 0x8a6231f8 Size: 121

 

Object: Hidden Code [Driver: dmio, IRP_MJ_READ]

Process: System Address: 0x8a6231f8 Size: 121

 

Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]

Process: System Address: 0x8a6231f8 Size: 121

 

Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x8a6231f8 Size: 121

 

Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8a6231f8 Size: 121

 

Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x8a6231f8 Size: 121

 

Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]

Process: System Address: 0x8a6231f8 Size: 121

 

Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]

Process: System Address: 0x8a6231f8 Size: 121

 

Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x8a6231f8 Size: 121

 

Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]

Process: System Address: 0x8a6231f8 Size: 121

 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]

Process: System Address: 0x8a3f81f8 Size: 121

 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]

Process: System Address: 0x8a3f81f8 Size: 121

 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8a3f81f8 Size: 121

 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x8a3f81f8 Size: 121

 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]

Process: System Address: 0x8a3f81f8 Size: 121

 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x8a3f81f8 Size: 121

 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]

Process: System Address: 0x8a3f81f8 Size: 121

 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]

Process: System Address: 0x8a6951f8 Size: 121

 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]

Process: System Address: 0x8a6951f8 Size: 121

 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]

Process: System Address: 0x8a6951f8 Size: 121

 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x8a6951f8 Size: 121

 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8a6951f8 Size: 121

 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x8a6951f8 Size: 121

 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]

Process: System Address: 0x8a6951f8 Size: 121

 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]

Process: System Address: 0x8a6951f8 Size: 121

 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]

Process: System Address: 0x8a6951f8 Size: 121

 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x8a6951f8 Size: 121

 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]

Process: System Address: 0x8a6951f8 Size: 121

 

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]

Process: System Address: 0x8a2f9500 Size: 121

 

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]

Process: System Address: 0x8a2f9500 Size: 121

 

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8a2f9500 Size: 121

 

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x8a2f9500 Size: 121

 

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]

Process: System Address: 0x8a2f9500 Size: 121

 

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]

Process: System Address: 0x8a2f9500 Size: 121

 

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]

Process: System Address: 0x8a3c31f8 Size: 121

 

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]

Process: System Address: 0x8a3c31f8 Size: 121

 

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8a3c31f8 Size: 121

 

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x8a3c31f8 Size: 121

 

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]

Process: System Address: 0x8a3c31f8 Size: 121

 

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x8a3c31f8 Size: 121

 

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]

Process: System Address: 0x8a3c31f8 Size: 121

 

Object: Hidden Code [Driver: a61bhmce؅䵆湦؁ం扏楄섰슨؂浍浓, IRP_MJ_CREATE]

Process: System Address: 0x8a3841f8 Size: 121

 

Object: Hidden Code [Driver: a61bhmce؅䵆湦؁ం扏楄섰슨؂浍浓, IRP_MJ_CLOSE]

Process: System Address: 0x8a3841f8 Size: 121

 

Object: Hidden Code [Driver: a61bhmce؅䵆湦؁ం扏楄섰슨؂浍浓, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8a3841f8 Size: 121

 

Object: Hidden Code [Driver: a61bhmce؅䵆湦؁ం扏楄섰슨؂浍浓, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x8a3841f8 Size: 121

 

Object: Hidden Code [Driver: a61bhmce؅䵆湦؁ం扏楄섰슨؂浍浓, IRP_MJ_POWER]

Process: System Address: 0x8a3841f8 Size: 121

 

Object: Hidden Code [Driver: a61bhmce؅䵆湦؁ం扏楄섰슨؂浍浓, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x8a3841f8 Size: 121

 

Object: Hidden Code [Driver: a61bhmce؅䵆湦؁ం扏楄섰슨؂浍浓, IRP_MJ_PNP]

Process: System Address: 0x8a3841f8 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]

Process: System Address: 0x891fc1f8 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]

Process: System Address: 0x891fc1f8 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]

Process: System Address: 0x891fc1f8 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]

Process: System Address: 0x891fc1f8 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]

Process: System Address: 0x891fc1f8 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0x891fc1f8 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]

Process: System Address: 0x891fc1f8 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]

Process: System Address: 0x891fc1f8 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]

Process: System Address: 0x891fc1f8 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x891fc1f8 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0x891fc1f8 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]

Process: System Address: 0x891fc1f8 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x891fc1f8 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System Address: 0x891fc1f8 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x891fc1f8 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x891fc1f8 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]

Process: System Address: 0x891fc1f8 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]

Process: System Address: 0x891fc1f8 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]

Process: System Address: 0x891fc1f8 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]

Process: System Address: 0x891fc1f8 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]

Process: System Address: 0x891fc1f8 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]

Process: System Address: 0x891fc1f8 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]

Process: System Address: 0x891fc1f8 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x891fc1f8 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]

Process: System Address: 0x891fc1f8 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]

Process: System Address: 0x891fc1f8 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]

Process: System Address: 0x891fc1f8 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]

Process: System Address: 0x891fc1f8 Size: 121

 

Object: Hidden Code [Driver: Cdfsࠅఈ䵃慖, IRP_MJ_CREATE]

Process: System Address: 0x891ea500 Size: 121

 

Object: Hidden Code [Driver: Cdfsࠅఈ䵃慖, IRP_MJ_CLOSE]

Process: System Address: 0x891ea500 Size: 121

 

Object: Hidden Code [Driver: Cdfsࠅఈ䵃慖, IRP_MJ_READ]

Process: System Address: 0x891ea500 Size: 121

 

Object: Hidden Code [Driver: Cdfsࠅఈ䵃慖, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0x891ea500 Size: 121

 

Object: Hidden Code [Driver: Cdfsࠅఈ䵃慖, IRP_MJ_SET_INFORMATION]

Process: System Address: 0x891ea500 Size: 121

 

Object: Hidden Code [Driver: Cdfsࠅఈ䵃慖, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0x891ea500 Size: 121

 

Object: Hidden Code [Driver: Cdfsࠅఈ䵃慖, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x891ea500 Size: 121

 

Object: Hidden Code [Driver: Cdfsࠅఈ䵃慖, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System Address: 0x891ea500 Size: 121

 

Object: Hidden Code [Driver: Cdfsࠅఈ䵃慖, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x891ea500 Size: 121

 

Object: Hidden Code [Driver: Cdfsࠅఈ䵃慖, IRP_MJ_SHUTDOWN]

Process: System Address: 0x891ea500 Size: 121

 

Object: Hidden Code [Driver: Cdfsࠅఈ䵃慖, IRP_MJ_LOCK_CONTROL]

Process: System Address: 0x891ea500 Size: 121

 

Object: Hidden Code [Driver: Cdfsࠅఈ䵃慖, IRP_MJ_CLEANUP]

Process: System Address: 0x891ea500 Size: 121

 

Object: Hidden Code [Driver: Cdfsࠅఈ䵃慖, IRP_MJ_PNP]

Process: System Address: 0x891ea500 Size: 121

 

Shadow SSDT

-------------------

#: 307 Function Name: NtUserAttachThreadInput

Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xb40081a0

 

#: 383 Function Name: NtUserGetAsyncKeyState

Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xb4007db0

 

#: 416 Function Name: NtUserGetKeyState

Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xb40076b0

 

#: 460 Function Name: NtUserMessageCall

Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xb4005ed0

 

#: 475 Function Name: NtUserPostMessage

Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xb40053d0

 

#: 476 Function Name: NtUserPostThreadMessage

Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xb4005760

 

#: 491 Function Name: NtUserRegisterRawInputDevices

Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xb4008600

 

#: 502 Function Name: NtUserSendInput

Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xb4007380

 

#: 549 Function Name: NtUserSetWindowsHookEx

Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xb4006290

 

#: 552 Function Name: NtUserSetWinEventHook

Status: Hooked by "C:\WINDOWS\system32\drivers\SandBox.sys" at address 0xb4006a60

 

==EOF==

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! .matiello

 

<@> Selecione e copie,todo o conteúdo que está na área do Quote,para o Bloco de Notas.

<@> Salve-o,no Desktop,com o nome: CFScript.txt

 

RegLock::

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Bars\Settings-Bar0]

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Bars\Settings-Bar1]

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Bars\Settings-Bar2]

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Bars\Settings-Bar3]

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Bars\Settings-Bar4]

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Bars\Settings-Summary]

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Settings]

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\WNDSTATUS]

Registry::

[-HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Bars\Settings-Bar0]

[-HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Bars\Settings-Bar1]

[-HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Bars\Settings-Bar2]

[-HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Bars\Settings-Bar3]

[-HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Bars\Settings-Bar4]

[-HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Bars\Settings-Summary]

[-HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Settings]

[-HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\WNDSTATUS]

<@> Ps: É recomendável que esteja desconectado,ao rodar o script.

<@> Ps: Desabilite,temporariamente,seu antivírus.

<@> Ps: Não utilizem este script em outra máquina!

<@> Arraste,o CFScript.txt para o ícone/interior do ComboFix.

<@> Veja a demonstração!

 

2872959479_997d4500c4_o.gif

 

<@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix.

<@> Ps: Faça o arraste,até surgir essa solicitação! ( janela )

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 10-05-23.07 - Marcus 29/05/2010 11:00:18.5.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2045.1571 [GMT -3:00]

Executando de: c:\documents and settings\Marcus\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Marcus\Desktop\CFScript.txt

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: ESET Smart Security 3.0 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Firewall pessoal do ESET *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

FW: Outpost Firewall *disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}

* AV residente está ativo

 

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2010-04-28 to 2010-05-29 ))))))))))))))))))))))))))))

.

 

2010-05-28 00:10 . 2010-05-28 00:10 -------- d-----w- c:\arquivos de programas\ERUNT

2010-05-27 13:39 . 2010-05-27 13:39 2266718 ----a-w- C:\TS.zip

2010-05-26 00:38 . 2010-05-26 00:45 -------- d-----w- c:\arquivos de programas\cFosSpeed

2010-05-26 00:38 . 2009-10-30 15:25 288472 ------w- c:\windows\system32\cfosspeed.dll

2010-05-24 14:34 . 2010-05-24 14:36 -------- d-----w- C:\ToolBar SD

2010-05-24 14:26 . 2010-05-24 14:26 -------- d-----w- C:\toolb

2010-05-23 23:05 . 2010-05-23 23:05 -------- d-----w- C:\_OTL

2010-05-23 17:48 . 2008-04-13 14:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys

2010-05-23 17:39 . 2010-05-23 17:39 -------- d-----w- c:\arquivos de programas\TD74 Corporation

2010-05-23 17:39 . 2006-09-19 17:26 212992 ----a-w- c:\windows\VMSnap23.exe

2010-05-23 17:39 . 2006-06-28 05:54 49152 ----a-w- c:\windows\Domino.exe

2010-05-23 17:39 . 2006-03-30 23:24 81920 ----a-w- c:\windows\VMCap323.exe

2010-05-23 17:39 . 2010-05-23 17:39 -------- d-----w- c:\windows\CatRoot

2010-05-23 17:39 . 2007-04-24 14:56 257408 ----a-w- c:\windows\system32\drivers\usbvm323.sys

2010-05-23 16:58 . 2010-05-23 16:58 61440 ----a-w- c:\documents and settings\Marcus\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6b8c2a79-n\decora-sse.dll

2010-05-23 16:58 . 2010-05-23 16:58 12800 ----a-w- c:\documents and settings\Marcus\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6b8c2a79-n\decora-d3d.dll

2010-05-23 16:58 . 2010-05-23 16:58 503808 ----a-w- c:\documents and settings\Marcus\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2b79a7b3-n\msvcp71.dll

2010-05-23 16:58 . 2010-05-23 16:58 499712 ----a-w- c:\documents and settings\Marcus\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2b79a7b3-n\jmc.dll

2010-05-23 16:58 . 2010-05-23 16:58 348160 ----a-w- c:\documents and settings\Marcus\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2b79a7b3-n\msvcr71.dll

2010-05-22 12:46 . 2010-05-22 12:46 -------- d-----w- c:\windows\system32\wbem\Repository

2010-05-22 01:49 . 2010-05-22 12:45 -------- d-----w- c:\arquivos de programas\Pryme

2010-05-22 01:47 . 2010-05-22 12:45 -------- d-----w- C:\cmos

2010-05-22 01:25 . 2010-05-22 01:25 -------- d-----w- c:\arquivos de programas\STV

2010-05-09 14:32 . 2010-05-09 22:25 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NCH Swift Sound

2010-05-09 14:32 . 2010-05-09 14:32 -------- d-----w- c:\arquivos de programas\NCH Software

2010-05-09 14:31 . 2010-05-09 22:26 -------- d-----w- c:\documents and settings\Marcus\Dados de aplicativos\NCH Swift Sound

2010-05-09 14:28 . 2010-05-09 14:28 -------- d-----w- c:\arquivos de programas\MIKSOFT

2010-05-07 16:58 . 2010-05-07 16:58 152064 ----a-w- c:\windows\snap.dat

2010-05-07 16:55 . 2010-04-12 20:29 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-05-01 04:10 . 2010-05-01 05:43 -------- d-----w- c:\documents and settings\Marcus\Dados de aplicativos\TS3Client

2010-05-01 04:09 . 2010-05-01 04:09 -------- d-----w- c:\arquivos de programas\TeamSpeak 3 Client

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-05-29 01:14 . 2008-11-15 14:03 -------- d-----w- c:\documents and settings\Marcus\Dados de aplicativos\uTorrent

2010-05-27 23:35 . 2007-06-07 11:06 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2010-05-25 23:37 . 2007-05-21 21:11 -------- d-----w- c:\arquivos de programas\Serviços on-line

2010-05-25 12:11 . 2008-11-15 14:03 -------- d-----w- c:\arquivos de programas\uTorrent

2010-05-25 01:55 . 2007-05-21 22:36 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield

2010-05-22 12:46 . 2008-11-05 21:01 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NexonUS

2010-05-22 10:51 . 2009-09-02 12:01 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2010-05-22 01:25 . 2007-05-21 22:37 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2010-05-19 18:57 . 2010-03-07 03:52 -------- d-----w- c:\arquivos de programas\Full Tilt Poker

2010-05-12 20:51 . 2007-05-23 22:24 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2010-05-12 01:42 . 2008-11-27 23:07 -------- d-----w- c:\documents and settings\Marcus\Dados de aplicativos\LimeWire

2010-05-11 03:09 . 2009-09-22 01:36 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2010-05-07 16:55 . 2008-03-08 17:38 -------- d-----w- c:\arquivos de programas\Java

2010-05-01 02:20 . 2007-05-23 22:37 -------- d-----w- c:\arquivos de programas\CCleaner

2010-04-28 14:33 . 2008-10-11 12:19 -------- d-----w- c:\documents and settings\Marcus\Dados de aplicativos\Nokia Multimedia Player

2010-04-28 01:28 . 2008-11-28 00:03 -------- d-----w- c:\arquivos de programas\LG PC Suite II

2010-04-28 01:05 . 2010-04-28 01:05 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Nokia

2010-04-28 01:05 . 2008-10-11 11:01 -------- d-----w- c:\arquivos de programas\Nokia

2010-04-28 01:01 . 2010-04-28 01:01 -------- d-----w- c:\arquivos de programas\Arquivos comuns\PCSuite

2010-04-28 01:00 . 2010-04-28 01:00 -------- d-----w- c:\arquivos de programas\PC Connectivity Solution

2010-04-23 00:57 . 2010-02-25 16:01 26112 ----a-w- c:\windows\system32\drivers\tap0901.sys

2010-04-19 19:50 . 2009-11-04 15:12 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack

2010-04-16 18:00 . 2010-04-19 19:50 85504 ----a-w- c:\windows\system32\ff_vfw.dll

2010-04-03 19:22 . 2010-04-03 19:22 2336 ----a-w- C:\boot.bat

2010-03-15 09:31 . 2002-10-15 22:54 165376 ----a-w- c:\windows\system32\unrar.dll

2010-03-12 15:05 . 2010-03-12 15:05 503808 ----a-w- c:\documents and settings\Marcus\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-43823346-n\msvcp71.dll

2010-03-12 15:05 . 2010-03-12 15:05 499712 ----a-w- c:\documents and settings\Marcus\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-43823346-n\jmc.dll

2010-03-12 15:05 . 2010-03-12 15:05 348160 ----a-w- c:\documents and settings\Marcus\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-43823346-n\msvcr71.dll

2010-03-12 15:05 . 2010-03-12 15:05 61440 ----a-w- c:\documents and settings\Marcus\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3ec352b1-n\decora-sse.dll

2010-03-12 15:05 . 2010-03-12 15:05 12800 ----a-w- c:\documents and settings\Marcus\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3ec352b1-n\decora-d3d.dll

2010-03-12 15:04 . 2004-08-04 12:00 79832 ----a-w- c:\windows\system32\perfc016.dat

2010-03-12 15:04 . 2004-08-04 12:00 470730 ----a-w- c:\windows\system32\perfh016.dat

2010-03-10 06:16 . 2004-08-04 07:45 420352 ----a-w- c:\windows\system32\vbscript.dll

2009-09-04 21:00 . 2009-09-04 21:00 916430 ----a-w- c:\arquivos de programas\Apr2006_MDX1_x86.cab

2008-08-12 00:07 . 2008-07-17 22:49 29806 ----a-w- c:\arquivos de programas\megacubo_log.log

2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\libdivx.dll

2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\ssldivx.dll

.

 

((((((((((((((((((((((((((((( SnapShot_2010-05-26_13.51.01 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-05-29 13:58 . 2010-05-29 13:58 16384 c:\windows\Temp\Perflib_Perfdata_378.dat

+ 2010-05-29 13:58 . 2010-05-29 13:58 16384 c:\windows\Temp\Perflib_Perfdata_1a4.dat

+ 2004-08-04 07:45 . 2008-04-14 02:20 15360 c:\windows\system32\ctfmon.exe

+ 2004-08-04 07:45 . 2008-04-14 12:00 509952 c:\windows\system32\winlogon.exe

- 2004-08-04 07:45 . 2008-04-14 02:20 579072 c:\windows\system32\user32.dll

+ 2004-08-04 07:45 . 2008-04-14 12:00 579072 c:\windows\system32\user32.dll

+ 2004-08-04 07:45 . 2008-04-14 12:00 995328 c:\windows\system32\setupapi.dll

+ 2004-08-04 07:45 . 2008-04-14 12:00 617472 c:\windows\system32\comctl32.dll

+ 2010-05-27 23:43 . 2008-04-14 12:00 509952 c:\windows\ServicePackFiles\i386\TS\winlogon.exe

+ 2010-05-27 23:43 . 2008-04-14 12:00 579072 c:\windows\ServicePackFiles\i386\TS\user32.dll

+ 2010-05-27 23:43 . 2008-04-14 12:00 995328 c:\windows\ServicePackFiles\i386\TS\setupapi.dll

+ 2010-05-27 23:43 . 2008-04-14 12:00 617472 c:\windows\ServicePackFiles\i386\TS\comctl32.dll

+ 2010-05-29 13:52 . 2010-05-29 13:52 442368 c:\windows\ERDNT\AutoBackup\29-05-2010\Users\00000002\UsrClass.dat

+ 2010-05-29 13:52 . 2005-10-20 15:02 163328 c:\windows\ERDNT\AutoBackup\29-05-2010\ERDNT.EXE

+ 2010-05-28 13:15 . 2010-05-28 13:15 442368 c:\windows\ERDNT\AutoBackup\28-05-2010\Users\00000002\UsrClass.dat

+ 2010-05-28 13:15 . 2005-10-20 15:02 163328 c:\windows\ERDNT\AutoBackup\28-05-2010\ERDNT.EXE

+ 2004-08-04 07:45 . 2008-04-14 12:00 1003008 c:\windows\system32\syssetup.dll

+ 2010-05-27 23:43 . 2008-04-14 12:00 1003008 c:\windows\ServicePackFiles\i386\TS\syssetup.dll

+ 2010-05-27 23:43 . 2008-04-14 12:00 1035776 c:\windows\ServicePackFiles\i386\TS\explorer.exe

+ 2004-08-04 07:45 . 2008-04-14 12:00 1035776 c:\windows\explorer.exe

+ 2010-05-29 13:52 . 2010-05-29 13:52 9531392 c:\windows\ERDNT\AutoBackup\29-05-2010\Users\00000001\ntuser.dat

+ 2010-05-28 13:15 . 2010-05-28 13:15 9523200 c:\windows\ERDNT\AutoBackup\28-05-2010\Users\00000001\ntuser.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-31 468408]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ipTray.exe"="c:\arquivos de programas\Intel\IDU\iptray.exe" [2006-12-28 2242328]

"nwiz"="c:\arquivos de programas\NVIDIA Corporation\nView\nwiz.exe" [2009-07-09 1657376]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016]

"OutpostMonitor"="c:\arquiv~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-28 2374464]

"OutpostFeedBack"="c:\arquivos de programas\Agnitum\Outpost Firewall\feedback.exe" [2009-04-28 428032]

"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"QuickTime Task"="c:\arquivos de programas\QuickTime\QTTask.exe" [2009-11-11 417792]

"AppleSyncNotifier"="c:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]

"iTunesHelper"="c:\arquivos de programas\iTunes\iTunesHelper.exe" [2010-02-15 141608]

"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-02-18 248040]

"NSLauncher"="c:\arquivos de programas\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-08-02 3096576]

"SigmatelSysTrayApp"="sttray.exe" [2006-05-26 282624]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\Marcus\Menu Iniciar\Programas\Inicializar\

ERUNT AutoBackup.lnk - c:\arquivos de programas\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"HonorAutoRunSetting"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMBalloonTip"= 1 (0x1)

"HonorAutoRunSetting"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

@=""

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Microsoft Office.lnk]

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Orbit.lnk]

backup=c:\windows\pss\Orbit.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Marcus^Menu Iniciar^Programas^Inicializar^hamachi.lnk]

backup=c:\windows\pss\hamachi.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Marcus^Menu Iniciar^Programas^Inicializar^Recorte de tela e Iniciador do OneNote 2007.lnk]

backup=c:\windows\pss\Recorte de tela e Iniciador do OneNote 2007.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]

2010-03-29 17:54 2343120 ----a-w- c:\arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2009-08-13 17:51 177440 ----a-w- c:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 02:20 15360 ----a-w- c:\windows\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2008-07-24 15:02 490952 ----a-w- c:\arquivos de programas\DAEMON Tools Lite\daemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 13:44 31072 ----a-w- c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]

2006-07-07 23:15 600896 ----a-w- c:\arquivos de programas\Microsoft IntelliPoint\ipoint.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

2005-08-12 08:30 81920 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-02-15 21:07 141608 ----a-w- c:\arquivos de programas\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]

2006-07-07 23:14 576320 ----a-w- c:\arquivos de programas\Microsoft IntelliType Pro\itype.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2009-07-26 18:44 3883840 ----a-w- c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2009-07-14 16:34 13877248 ----a-w- c:\windows\system32\nvcpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Openwares LiveUpdate]

2003-12-13 17:17 61440 ----a-w- c:\program files\LIVEUPDATE\LiveUpdate.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-11-11 01:08 417792 ----a-w- c:\arquivos de programas\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"QuickTime Task"="c:\arquivos de programas\QuickTime\QTTask.exe" -atboottime

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"=

"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe

"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe

"c:\\Nexon\\Combat Arms\\NMService.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Arquivos de programas\\MegaJogos\\jre\\jre\\bin\\javaw.exe"=

"c:\\Arquivos de programas\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\TeamViewer\\Version5\\TeamViewer.exe"=

"c:\\Arquivos de programas\\iTunes\\iTunes.exe"=

"c:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"56458:TCP"= 56458:TCP:Pando Media Booster

"56458:UDP"= 56458:UDP:Pando Media Booster

"56911:TCP"= 56911:TCP:Pando Media Booster

"56911:UDP"= 56911:UDP:Pando Media Booster

 

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [19/01/2010 11:23 130936]

R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [03/11/2009 20:52 704384]

R2 acssrv;Agnitum Client Security Service;c:\arquiv~1\Agnitum\OUTPOS~1\acs.exe [03/11/2009 20:49 1195008]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [12/01/2010 13:31 108289]

R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [03/11/2009 20:49 31128]

R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [03/11/2009 20:52 257432]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [10/06/2002 00:09 31232]

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20/11/2008 11:26 717296]

S2 gupdate1ca7415f53b919c;Google Update Service (gupdate1ca7415f53b919c);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [03/12/2009 09:41 133104]

S3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys --> c:\windows\system32\DRIVERS\3xHybrid.sys [?]

S3 exdisk;Express Disk Service;c:\windows\system32\drivers\exdisk.sys [21/05/2007 19:50 14074]

S3 GarenaPEngine;GarenaPEngine; [x]

S3 hid8101;hid8101;c:\windows\system32\drivers\hid8101.sys [22/10/2009 10:45 31908]

S3 lgmcbus;LGE Mobile driver (WDM);c:\windows\system32\drivers\lgmcbus.sys [27/11/2008 21:05 83584]

S3 lgmcmdfl;LGE Mobile USB WMC Modem Filter;c:\windows\system32\drivers\lgmcmdfl.sys [27/11/2008 21:05 14976]

S3 lgmcmdm;LGE Mobile USB WMC Modem Driver;c:\windows\system32\drivers\lgmcmdm.sys [27/11/2008 21:05 110464]

S3 lgmcobex;LGE Mobile USB WMC OBEX Interface;c:\windows\system32\drivers\lgmcobex.sys [27/11/2008 21:05 100480]

S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]

S3 PhTVTune;ENCORE TV Tuner Pro PCI Adapter;c:\windows\system32\drivers\PhTVTune.sys [18/08/2007 15:24 28480]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [11/01/2010 08:28 27064]

S3 sdAuxService;PC Tools Auxiliary Service;c:\arquivos de programas\Spyware Doctor\pctsAuxs.exe [19/01/2010 11:23 348752]

S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [25/01/2008 06:12 25088]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-04-02 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34]

 

2010-05-29 c:\windows\Tasks\AWC AutoSweep.job

- c:\arquivos de programas\IObit\Advanced SystemCare 3\AutoSweep.exe [2009-09-02 17:11]

 

2010-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-12-03 12:41]

 

2010-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-12-03 12:41]

 

2010-05-29 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 18:07]

.

.

------- Scan Suplementar -------

.

mWindow Title =

uInternet Settings,ProxyOverride = local

IE: &Clean Traces

IE: &Download with &DAP

IE: Download &all with DAP

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

FF - ProfilePath - c:\documents and settings\Marcus\Dados de aplicativos\Mozilla\Firefox\Profiles\mnctdmk7.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://thefreevpn.com/home.php

FF - prefs.js: keyword.URL - hxxp://br.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_br&p=

FF - prefs.js: network.proxy.http - localhost

FF - prefs.js: network.proxy.http_port - 9666

FF - prefs.js: network.proxy.socks - localhost

FF - prefs.js: network.proxy.socks_port - 9050

FF - prefs.js: network.proxy.ssl - localhost

FF - prefs.js: network.proxy.ssl_port - 9666

FF - prefs.js: network.proxy.type - 1

FF - component: c:\documents and settings\Marcus\Dados de aplicativos\Mozilla\Firefox\Profiles\mnctdmk7.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 0

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-05-29 11:07

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Bars\Settings-Bar0]

"BarID"=dword:0000e81b

"Bars"=dword:00000003

"Bar#0"=dword:00000000

"Bar#1"=dword:0000e800

"Bar#2"=dword:00000000

 

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Bars\Settings-Bar1]

"BarID"=dword:0000e81c

"Bars"=dword:00000004

"Bar#0"=dword:00000000

"Bar#1"=dword:0000e807

"Bar#2"=dword:0000e806

"Bar#3"=dword:00000000

 

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Bars\Settings-Bar2]

"BarID"=dword:0000e800

"XPos"=dword:fffffffe

"YPos"=dword:fffffffe

"Docking"=dword:00000001

"MRUDockID"=dword:00000000

"MRUDockLeftPos"=dword:fffffffe

"MRUDockTopPos"=dword:fffffffe

"MRUDockRightPos"=dword:000001f5

"MRUDockBottomPos"=dword:00000036

"MRUFloatStyle"=dword:00002000

"MRUFloatXPos"=dword:80000000

"MRUFloatYPos"=dword:cdcdcdcd

 

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Bars\Settings-Bar3]

"BarID"=dword:0000e806

"XPos"=dword:fffffffe

"YPos"=dword:00000141

"Docking"=dword:00000001

"MRUDockID"=dword:0000e81c

"MRUDockLeftPos"=dword:fffffffe

"MRUDockTopPos"=dword:00000141

"MRUDockRightPos"=dword:000000c6

"MRUDockBottomPos"=dword:00000287

"MRUFloatStyle"=dword:00002004

"MRUFloatXPos"=dword:80000000

"MRUFloatYPos"=dword:cdcdcdcd

 

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Bars\Settings-Bar4]

"BarID"=dword:0000e807

"XPos"=dword:fffffffe

"YPos"=dword:fffffffe

"Docking"=dword:00000001

"MRUDockID"=dword:00000000

"MRUDockLeftPos"=dword:fffffffe

"MRUDockTopPos"=dword:fffffffe

"MRUDockRightPos"=dword:000000c6

"MRUDockBottomPos"=dword:00000143

"MRUFloatStyle"=dword:00002004

"MRUFloatXPos"=dword:80000000

"MRUFloatYPos"=dword:cdcdcdcd

 

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Bars\Settings-Summary]

"Bars"=dword:00000005

"ScreenCX"=dword:00000400

"ScreenCY"=dword:00000300

 

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Settings]

"FirstRun"=dword:00000000

"xScreen"=dword:00000400

"yScreen"=dword:000002c4

"floats"="1.000000 0.500000 0.500000 120 120"

"skin"="ISR_10Moons.dll"

 

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\WNDSTATUS]

"FLAG"=dword:00000000

"SHOWCMD"=dword:00000001

"LEFT"=dword:fffffffc

"TOP"=dword:fffffffc

"RIGHT"=dword:00000404

"BOTTOM"=dword:000002e2

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(956)

c:\windows\system32\sfc_os.dll

c:\windows\system32\cscui.dll

.

Tempo para conclusão: 2010-05-29 11:10:06

ComboFix-quarantined-files.txt 2010-05-29 14:10

ComboFix2.txt 2010-05-28 00:05

ComboFix3.txt 2010-05-27 14:08

ComboFix4.txt 2010-05-26 13:56

ComboFix5.txt 2010-05-29 13:58

 

Pré-execução: 51 pasta(s) 45.565.140.992 bytes disponíveis

Pós execução: 52 pasta(s) 45.520.199.680 bytes disponíveis

 

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4

- - End Of File - - 2283AB42D901567B9F0DB6ACA91F8F3B

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:10:39, on 29/05/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Intel\IDU\awServ.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\System32\snmp.exe

C:\Arquivos de programas\SigmaTel\C-Major Audio\WDM\STacSV.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\System32\svchost.exe

C:\Hijack\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: ssh2 Class - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [ipTray.exe] "C:\Arquivos de programas\Intel\IDU\iptray.exe"

O4 - HKLM\..\Run: [nwiz] C:\Arquivos de programas\NVIDIA Corporation\nView\nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [OutpostMonitor] C:\ARQUIV~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice

O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Arquivos de programas\Agnitum\Outpost Firewall\feedback.exe" /dump:os_startup

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [NSLauncher] C:\Arquivos de programas\Nokia\Nokia Software Launcher\NSLauncher.exe /startup

O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\RunOnce: [shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0_(Windows;_U;_Windows_NT_5.1;_en-US)_AppleWebKit/532.5_(KHTML,_like_Gecko)_Chrome/4.1.249.1045_Safari/532.5" -"http://www.miniclip.com/games/celebrity-table-tennis/br/content_iframe.php"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: ERUNT AutoBackup.lnk = C:\Arquivos de programas\ERUNT\AUTOBACK.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Arquivos de programas\Yahoo!\Common\Yinsthelper200711281.dll

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\ARQUIV~1\Agnitum\OUTPOS~1\acs.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Admin Works Agent X8 (AWService) - OSA Technologies Inc., An Avocent Company - C:\Arquivos de programas\Intel\IDU\awServ.exe

O23 - Service: Google Update Service (gupdate1ca7415f53b919c) (gupdate1ca7415f53b919c) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Arquivos de programas\SigmaTel\C-Major Audio\WDM\STacSV.exe

 

--

End of file - 9803 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! .matiello

 

<!> Você,ainda possui algum produto/software desta empresa? ( 10moons )

 

<!> < 10moons Technology Development Co.,Ltd >

 

<!> Pelo visto,sua presença no PC avança,também,para ação maliciosa. Provavelmente,Hijacker.

000000000000000000

<!> No mais,o seu log está limpo!

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Não conheço essa 10moons.

///////////\\\\\\\\\\\

Opa! .matiello

 

<!> Como está o computador? Tudo Ok?

0000000000000000000

ooooooooooooooooooo

<@> Vá em Iniciar --> Executar --> Digite ou cole: combofix.exe /uninstall --> Clique OK.

 

< 92674490.jpg >

 

<@> Abrir-se-á,a seguinte janela: ( Abrir arquivo - Aviso de Segurança )

<@> Clique em Executar --> Aguarde!

<@> Surgirá,finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK.

<@> Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório!

<@> Ou,vá em Iniciar --> Executar --> Digite ou cole:

 

"%userprofile%\desktop\combofix" /uninstall

 

<@> Clique OK.

0000000000000000000

ooooooooooooooooooo

<!> Bom trabalho! :)

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.