lippxd 0 Denunciar post Postado Dezembro 17, 2010 Boa tarde! Nesses últimos dois meses o meu PC ficou mais lento. Um dia eu liguei e notei que ele estava lento quando eu tentei fazer coisas que eu faço normalmente. Eu cheguei a achar que fosse problema da minha NET, mas o problema persiste até hoje. Gostaria de saber se é um vírus que está causando isso. Caso nao fosse, gostaria que me ajudassem a resolver o problema Aqui vai o log do HijackThis: ----------------------------------- Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:38:39, on 17/12/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\a-squared Free\a2service.exe C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\ZSSnp211.exe C:\WINDOWS\Domino.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\Arquivos de programas\iTunes\iTunesHelper.exe C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe C:\Arquivos de programas\Real\RealPlayer\update\realsched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ArcCon.ac C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\Arquivos de programas\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Philip\Desktop\Log's\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Philip\Meus documentos\Downloads\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\ARQUIV~1\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Real\RealPlayer\update\realsched.exe" -osboot O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] C:\Arquivos de programas\NVIDIA Corporation\nView\nwiz.exe /installquiet O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 10.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Startup: BrOffice.org 3.1.lnk = C:\Arquivos de programas\BrOffice.org 3\program\quickstart.exe O4 - Startup: Ferramenta de Verificação de Mídia do Picture Motion Browser.lnk = C:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Global Startup: McAfee Security Scan Plus.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Philips GoGear SA1VBExx Device Manager.lnk = ? O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O15 - Trusted Zone: http://combatarms.nexon.net O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Arquivos de programas\McAfee Security Scan\2.0.181\McCHSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 9748 bytes ------------------------------------------ Obs: Desculpem-me se eu postei na "área errada". Obrigado! :) Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Dezembro 18, 2010 Olá lippxd 1. *Baixe o ATF Cleaner e salve-o no desktop *Execute o ATF-Cleaner *Selecione: [X] Select All *Clique em [Empty Selected] =>Caso use Firefox ou Opera: *Clique na aba "Firefox" ou em "Opera" *Selecione: [X] Select All *Se deseja manter suas passwords clique em [Não] *Clique [Empty selected], se deseja manter suas passwords clique em [Não] *Clique em [Exit] ou no [X] para sair do programa 2. *Baixe o MV RegClean e instale-o *Execute o MV RegClean. Uma página da internet será aberta. Feche-a. *Clique [iniciar] e aguarde *Ao finalizar, clique [Remover] > [sim] > [OK] *Feche o MV RegClean 3. *Baixe o OTS e salve-o no desktop *Execute o OTS *Selecione a opção: [x] Scan All Users *Clique [Quick Scan] e aguarde o término *Cole o relatório OTS.txt apresentado Compartilhar este post Link para o post Compartilhar em outros sites
lippxd 0 Denunciar post Postado Dezembro 18, 2010 Boa tarde! 1) Baixei e executei o ATF-CLEANER sem problemas. 2) Baixei e executei o MV RegClean sem problemas. 3) Baixei e executei conforme as instruções o OTS. Aqui vai o Log: ---------------------- OTS logfile created on: 18/12/2010 16:02:24 - Run 1 OTS by OldTimer - Version 3.1.40.1 Folder = C:\Documents and Settings\Philip\Meus documentos\Downloads Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy 1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 65,00% Memory free 3,00 Gb Paging File | 3,00 Gb Available in Paging File | 89,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas Drive C: | 298,08 Gb Total Space | 260,55 Gb Free Space | 87,41% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PHILIP-83306733 Current User Name: Philip Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 30 Days Quick Scan [Processes - Safe List] ots.exe -> C:\Documents and Settings\Philip\Meus documentos\Downloads\OTS.exe -> [2010/12/18 16:01:34 | 000,642,048 | ---- | M] (OldTimer Tools) firefox.exe -> C:\Arquivos de programas\Mozilla Firefox\firefox.exe -> [2010/12/10 19:19:18 | 000,912,344 | ---- | M] (Mozilla Corporation) realsched.exe -> C:\Arquivos de programas\Real\RealPlayer\Update\realsched.exe -> [2010/11/20 16:01:02 | 000,274,608 | ---- | M] (RealNetworks, Inc.) acdaemon.exe -> C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACDaemon.exe -> [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) arccon.ac -> C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ArcCon.ac -> [2010/08/25 12:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) applemobiledeviceservice.exe -> C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe -> [2010/03/19 11:49:20 | 000,144,672 | ---- | M] (Apple Inc.) acservice.exe -> C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe -> [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) ssscheduler.exe -> C:\Arquivos de programas\McAfee Security Scan\2.0.181\SSScheduler.exe -> [2010/01/15 10:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) a2service.exe -> C:\Arquivos de programas\a-squared Free\a2service.exe -> [2009/10/01 18:03:14 | 001,858,144 | ---- | M] (Emsi Software GmbH) ekrn.exe -> C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe -> [2008/02/20 12:08:46 | 000,472,320 | ---- | M] (ESET) egui.exe -> C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe -> [2008/02/20 12:06:58 | 001,443,072 | ---- | M] (ESET) zssnp211.exe -> C:\WINDOWS\ZSSnp211.exe -> [2007/04/06 12:06:58 | 000,057,344 | ---- | M] (ZSMCSNAP) spuvolumewatcher.exe -> C:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe -> [2006/12/06 05:09:30 | 000,344,064 | ---- | M] (Sony Corporation) domino.exe -> C:\WINDOWS\Domino.exe -> [2006/08/18 17:58:14 | 000,049,152 | ---- | M] () explorer.exe -> C:\WINDOWS\explorer.exe -> [2004/08/04 01:45:34 | 001,034,240 | ---- | M] (Microsoft Corporation) mdm.exe -> C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe -> [2001/02/23 08:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) [Modules - Safe List] ots.exe -> C:\Documents and Settings\Philip\Meus documentos\Downloads\OTS.exe -> [2010/12/18 16:01:34 | 000,642,048 | ---- | M] (OldTimer Tools) rpchromebrowserrecordhelper.dll -> C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll -> [2010/11/20 16:01:24 | 000,040,448 | ---- | M] (RealNetworks, Inc.) msvcr90.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll -> [2008/07/29 09:05:08 | 000,655,872 | ---- | M] (Microsoft Corporation) msvcp90.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll -> [2008/07/29 09:05:08 | 000,572,928 | ---- | M] (Microsoft Corporation) comctl32.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll -> [2004/08/04 01:44:04 | 001,050,624 | R--- | M] (Microsoft Corporation) [Win32 Services - Safe List] (Apple Mobile Device) Dispositivo Celular da Apple [Auto | Running] -> C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe -> [2010/03/19 11:49:20 | 000,144,672 | ---- | M] (Apple Inc.) (ACDaemon) ArcSoft Connect Daemon [Auto | Running] -> C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe -> [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) (McComponentHostService) McAfee Security Scan Component Host Service [On_Demand | Stopped] -> C:\Arquivos de programas\McAfee Security Scan\2.0.181\McCHSvc.exe -> [2010/01/15 10:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) (a2free) a-squared Free Service [Auto | Running] -> C:\Arquivos de programas\a-squared Free\a2service.exe -> [2009/10/01 18:03:14 | 001,858,144 | ---- | M] (Emsi Software GmbH) (EhttpSrv) Eset HTTP Server [On_Demand | Stopped] -> C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -> [2008/02/20 12:14:52 | 000,019,200 | ---- | M] (ESET) (ekrn) Eset Service [Auto | Running] -> C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe -> [2008/02/20 12:08:46 | 000,472,320 | ---- | M] (ESET) (NOD32FiXTemDono) Eset Nod32 Boot [Auto | Stopped] -> C:\WINDOWS\System32\regedt32.exe -> [2002/09/19 18:20:38 | 000,003,584 | ---- | M] (Microsoft Corporation) (MDM) Machine Debug Manager [Auto | Running] -> C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe -> [2001/02/23 08:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) [Driver Services - Safe List] (PciCon) PciCon [Kernel | On_Demand | Stopped] -> D:\PciCon.sys -> File not found (nv) nv [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\nv4_mini.sys -> [2010/10/22 04:23:22 | 009,623,680 | ---- | M] (NVIDIA Corporation) (ddsxeiservice) ddsxeiservice2 [Kernel | On_Demand | Stopped] -> C:\Arquivos de programas\sXe Injected\ddsxei.sys -> [2010/10/08 00:34:11 | 000,091,904 | ---- | M] () (oreans32) oreans32 [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\oreans32.sys -> [2010/04/24 18:42:09 | 000,033,824 | ---- | M] () (npf) NetGroup Packet Filter Driver [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\npf.sys -> [2010/01/27 00:09:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) (sptd) sptd [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\sptd.sys -> [2009/11/15 01:42:13 | 000,691,696 | ---- | M] () (SCDEmu) SCDEmu [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\scdemu.sys -> [2009/11/09 01:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) (pavboot) pavboot [File_System | Boot | Running] -> C:\WINDOWS\system32\drivers\pavboot.sys -> [2008/06/19 18:24:30 | 000,028,544 | ---- | M] (Panda Security, S.L.) (epfwtdir) epfwtdir [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\epfwtdir.sys -> [2008/02/20 12:11:16 | 000,033,800 | ---- | M] () (easdrv) easdrv [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\easdrv.sys -> [2008/02/20 12:02:22 | 000,029,704 | ---- | M] (ESET) (eamon) eamon [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\eamon.sys -> [2008/02/20 12:01:30 | 000,039,944 | ---- | M] (ESET) (ZSMC211) ZSMC USB PC Camera (ZS211) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ZS211.sys -> [2007/06/08 17:18:18 | 001,534,464 | ---- | M] (ZSMC.Corporation) (AVG Anti-Rootkit) AVG Anti-Rootkit [Kernel | Boot | Running] -> C:\WINDOWS\System32\DRIVERS\avgarkt.sys -> [2007/01/31 11:33:46 | 000,005,632 | ---- | M] (GRISOFT, s.r.o.) (AvgArCln) Avg Anti-Rootkit Clean Driver [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\AvgArCln.sys -> [2007/01/18 10:00:28 | 000,003,968 | ---- | M] (GRISOFT, s.r.o.) (IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\RtkHDAud.Sys -> [2006/06/28 06:25:24 | 004,304,384 | R--- | M] (Realtek Semiconductor Corp.) (HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\Hdaudbus.sys -> [2005/01/07 18:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) (rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\RTL8139.sys -> [2004/08/03 20:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Registry - Safe List] < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-776561741-1682526488-682003330-1003\] > -> -> HKEY_USERS\S-1-5-21-776561741-1682526488-682003330-1003\: SearchURL\\"" -> http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR -> HKEY_USERS\S-1-5-21-776561741-1682526488-682003330-1003\: SearchURL\\"provider" -> MSN -> HKEY_USERS\S-1-5-21-776561741-1682526488-682003330-1003\: "ProxyEnable" -> 0 -> HKEY_USERS\S-1-5-21-776561741-1682526488-682003330-1003\: "ProxyOverride" -> local -> < FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Philip\Dados de aplicativos\Mozilla\FireFox\Profiles\8eswv4zm.default\prefs.js -> extensions.enabledItems -> jqs@sun.com:1.0 -> extensions.enabledItems -> {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2 -> extensions.enabledItems -> {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1 -> network.proxy.http -> "localhost" -> network.proxy.http_port -> 9666 -> network.proxy.socks -> "localhost" -> network.proxy.socks_port -> 9050 -> network.proxy.socks_remote_dns -> true -> network.proxy.ssl -> "localhost" -> network.proxy.ssl_port -> 9666 -> < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla HKLM\software\mozilla\Firefox\extensions -> -> HKLM\software\mozilla\Firefox\extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0} -> C:\Arquivos de programas\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox [C:\ARQUIVOS DE PROGRAMAS\ARCSOFT\MEDIA CONVERTER FOR PHILIPS\INTERNET VIDEO DOWNLOADER\PLUGIN_FIREFOX] -> [2010/05/21 13:21:51 | 000,000,000 | ---D | M] HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758} -> C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [C:\DOCUMENTS AND SETTINGS\ALL USERS\DADOS DE APLICATIVOS\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT] -> [2010/11/20 16:01:26 | 000,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions -> -> HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components -> C:\Arquivos de programas\Mozilla Firefox\components [C:\ARQUIVOS DE PROGRAMAS\MOZILLA FIREFOX\COMPONENTS] -> [2010/12/10 19:19:28 | 000,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins -> C:\Arquivos de programas\Mozilla Firefox\plugins [C:\ARQUIVOS DE PROGRAMAS\MOZILLA FIREFOX\PLUGINS] -> [2010/12/13 23:12:31 | 000,000,000 | ---D | M] < FireFox Extensions [user Folders] > -> -> C:\Documents and Settings\Philip\Dados de aplicativos\Mozilla\Extensions -> [2004/07/02 21:02:39 | 000,000,000 | ---D | M] -> C:\Documents and Settings\Philip\Dados de aplicativos\Mozilla\Firefox\Profiles\8eswv4zm.default\extensions -> [2010/12/17 17:39:44 | 000,000,000 | ---D | M] Flashblock -> C:\Documents and Settings\Philip\Dados de aplicativos\Mozilla\Firefox\Profiles\8eswv4zm.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} -> [2010/11/14 22:49:30 | 000,000,000 | ---D | M] No name found -> C:\Documents and Settings\Philip\Dados de aplicativos\Mozilla\Firefox\Profiles\8eswv4zm.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA} -> [2009/10/25 19:07:17 | 000,000,000 | ---D | M] Easy Youtube Video Downloader -> C:\Documents and Settings\Philip\Dados de aplicativos\Mozilla\Firefox\Profiles\8eswv4zm.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} -> [2010/12/11 00:47:36 | 000,000,000 | ---D | M] < FireFox Extensions [Program Folders] > -> -> C:\Arquivos de programas\Mozilla Firefox\extensions -> [2010/12/17 17:39:44 | 000,000,000 | ---D | M] < HOSTS File > ([2002/09/19 18:19:52 | 000,000,776 | ---- | M] - 19 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> Reset Hosts 127.0.0.1 localhost < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {11222041-111B-46E3-BD29-EFB2449479B1} [HKLM] -> C:\Arquivos de programas\ArcSoft\Media Converter for Philips\Internet Video Downloader\ArcURLRecord.dll [iEPlugin Class] -> [2008/12/24 18:38:20 | 000,145,920 | ---- | M] (ArcSoft, Inc.) {18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> [2010/11/10 12:49:36 | 000,062,376 | ---- | M] (Adobe Systems Incorporated) {3049C3E9-B461-4BC5-8870-4C09146192CA} [HKLM] -> C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] -> [2010/11/20 16:01:23 | 000,382,720 | ---- | M] (RealPlayer) {9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Windows Live Sign-in Helper] -> [2009/01/22 16:41:30 | 000,408,448 | ---- | M] (Microsoft Corporation) {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} [HKLM] -> C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [skype Plug-In] -> [2010/09/27 14:42:44 | 001,250,696 | ---- | M] (Skype Technologies S.A.) < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-776561741-1682526488-682003330-1003\] > -> HKEY_USERS\S-1-5-21-776561741-1682526488-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\"{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Adobe ARM" -> C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe ["C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"] -> [2010/11/10 12:49:34 | 000,932,288 | ---- | M] (Adobe Systems Incorporated) "Adobe Reader Speed Launcher" -> C:\Arquivos de programas\Adobe\Reader 10.0\Reader\Reader_sl.exe ["C:\Arquivos de programas\Adobe\Reader 10.0\Reader\Reader_sl.exe"] -> [2010/11/10 12:49:36 | 000,035,736 | ---- | M] (Adobe Systems Incorporated) "ArcSoft Connection Service" -> C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACDaemon.exe [C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACDaemon.exe] -> [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) "Domino" -> C:\WINDOWS\Domino.exe [C:\WINDOWS\Domino.exe] -> [2006/08/18 17:58:14 | 000,049,152 | ---- | M] () "egui" -> C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe ["C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice] -> [2008/02/20 12:06:58 | 001,443,072 | ---- | M] (ESET) "NeroFilterCheck" -> C:\WINDOWS\system32\NeroCheck.exe [C:\WINDOWS\system32\NeroCheck.exe] -> [2001/07/09 11:50:42 | 000,155,648 | ---- | M] (Ahead Software Gmbh) "NvCplDaemon" -> C:\WINDOWS\System32\NvCpl.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2010/10/16 12:05:52 | 013,851,752 | ---- | M] (NVIDIA Corporation) "NvMediaCenter" -> C:\WINDOWS\System32\NvMcTray.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> [2010/10/16 12:05:52 | 000,110,696 | ---- | M] (NVIDIA Corporation) "nwiz" -> C:\Arquivos de programas\NVIDIA Corporation\nView\nwiz.exe [C:\Arquivos de programas\NVIDIA Corporation\nView\nwiz.exe /installquiet] -> [2010/08/26 00:12:22 | 001,753,192 | ---- | M] () "SkyTel" -> C:\WINDOWS\SkyTel.exe [skyTel.EXE] -> [2006/05/16 08:04:26 | 002,879,488 | R--- | M] (Realtek Semiconductor Corp.) "TkBellExe" -> C:\Arquivos de programas\Real\RealPlayer\update\realsched.exe ["C:\Arquivos de programas\Real\RealPlayer\update\realsched.exe" -osboot] -> [2010/11/20 16:01:02 | 000,274,608 | ---- | M] (RealNetworks, Inc.) "ZSSnp211" -> C:\WINDOWS\ZSSnp211.exe [C:\WINDOWS\ZSSnp211.exe] -> [2007/04/06 12:06:58 | 000,057,344 | ---- | M] (ZSMCSNAP) < Run [HKEY_USERS\S-1-5-21-776561741-1682526488-682003330-1003\] > -> HKEY_USERS\S-1-5-21-776561741-1682526488-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "DAEMON Tools Lite" -> C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe ["C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe" -autorun] -> [2009/10/30 09:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) < All Users Startup Folder > -> C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar -> C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\McAfee Security Scan Plus.lnk -> C:\Arquivos de programas\McAfee Security Scan\2.0.181\SSScheduler.exe -> [2010/01/15 10:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Philips GoGear SA1VBExx Device Manager.lnk -> C:\Arquivos de programas\Philips\GoGear SA1VBExx Device Manager\GoGear_SA1VBExx_DeviceManager.exe -> [2009/06/02 15:57:48 | 001,611,120 | ---- | M] (Philips) < amanda Startup Folder > -> C:\Documents and Settings\amanda\Menu Iniciar\Programas\Inicializar -> C:\Documents and Settings\amanda\Menu Iniciar\Programas\Inicializar\BrOffice.org 3.1.lnk -> C:\Arquivos de programas\BrOffice.org 3\program\quickstart.exe -> [2009/04/16 14:14:14 | 000,384,000 | ---- | M] () < Convidado Startup Folder > -> C:\Documents and Settings\Convidado\Menu Iniciar\Programas\Inicializar -> < Default User Startup Folder > -> C:\Documents and Settings\Default User\Menu Iniciar\Programas\Inicializar -> < Philip Startup Folder > -> C:\Documents and Settings\Philip\Menu Iniciar\Programas\Inicializar -> C:\Documents and Settings\Philip\Menu Iniciar\Programas\Inicializar\BrOffice.org 3.1.lnk -> C:\Arquivos de programas\BrOffice.org 3\program\quickstart.exe -> [2009/04/16 14:14:14 | 000,384,000 | ---- | M] () C:\Documents and Settings\Philip\Menu Iniciar\Programas\Inicializar\Ferramenta de Verificação de Mídia do Picture Motion Browser.lnk -> C:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe -> [2006/12/06 05:09:30 | 000,344,064 | ---- | M] (Sony Corporation) < Software Policy Settings [HKEY_USERS\S-1-5-21-776561741-1682526488-682003330-1003] > -> HKEY_USERS\S-1-5-21-776561741-1682526488-682003330-1003\SOFTWARE\Policies\Microsoft\Internet Explorer -> < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveAutoRun" -> [67108863] -> File not found \\"NoDriveTypeAutoRun" -> [323] -> File not found \\"NoDrives" -> [0] -> File not found < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [323] -> File not found \\"NoDriveAutoRun" -> [67108863] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [323] -> File not found \\"NoDriveAutoRun" -> [67108863] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-776561741-1682526488-682003330-1003] > -> HKEY_USERS\S-1-5-21-776561741-1682526488-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-21-776561741-1682526488-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [323] -> File not found \\"NoDriveAutoRun" -> [67108863] -> File not found \\"NoDrives" -> [0] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-776561741-1682526488-682003330-1003] > -> HKEY_USERS\S-1-5-21-776561741-1682526488-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_USERS\S-1-5-21-776561741-1682526488-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\ -> Add to Google Photos Screensa&ver -> C:\WINDOWS\System32\GPhotos.scr [res://C:\WINDOWS\system32\GPhotos.scr/200] -> [2009/05/01 16:30:36 | 003,366,912 | ---- | M] (Google Inc.) < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\ -> Add to Google Photos Screensa&ver -> C:\WINDOWS\System32\GPhotos.scr [res://C:\WINDOWS\system32\GPhotos.scr/200] -> [2009/05/01 16:30:36 | 003,366,912 | ---- | M] (Google Inc.) < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-776561741-1682526488-682003330-1003\] > -> HKEY_USERS\S-1-5-21-776561741-1682526488-682003330-1003\Software\Microsoft\Internet Explorer\MenuExt\ -> Add to Google Photos Screensa&ver -> C:\WINDOWS\System32\GPhotos.scr [res://C:\WINDOWS\system32\GPhotos.scr/200] -> [2009/05/01 16:30:36 | 003,366,912 | ---- | M] (Google Inc.) < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {898EA8C8-E7FF-479B-8935-AEC46303B9E5}:{898EA8C8-E7FF-479B-8935-AEC46303B9E5} [HKLM] -> C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [button: Skype Plug-In] -> [2010/09/27 14:42:44 | 001,250,696 | ---- | M] (Skype Technologies S.A.) {898EA8C8-E7FF-479B-8935-AEC46303B9E5}:{898EA8C8-E7FF-479B-8935-AEC46303B9E5} [HKLM] -> C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Menu: Skype Plug-In] -> [2010/09/27 14:42:44 | 001,250,696 | ---- | M] (Skype Technologies S.A.) < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-776561741-1682526488-682003330-1003\] > -> HKEY_USERS\S-1-5-21-776561741-1682526488-682003330-1003\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{5067A26B-1337-4436-8AFE-EE169C2DA79F}" [HKLM] -> [Reg Error: Key error.] -> File not found CmdMapping\\"{77BF5300-1474-4EC7-9980-D32B190E9B07}" [HKLM] -> [Reg Error: Key error.] -> File not found CmdMapping\\"{898EA8C8-E7FF-479B-8935-AEC46303B9E5}" [HKLM] -> C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [skype Browser Helper] -> [2010/09/27 14:42:44 | 001,250,696 | ---- | M] (Skype Technologies S.A.) < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Galeria Microsoft ActiveX -> PluginsPage -> http://activex.µsoft.com/controls/find.asp?ext=%smime=%s -> < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-776561741-1682526488-682003330-1003\] > -> HKEY_USERS\S-1-5-21-776561741-1682526488-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-776561741-1682526488-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> combatarms_nexon.net [http] -> Sites confiáveis -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-776561741-1682526488-682003330-1003\] > -> HKEY_USERS\S-1-5-21-776561741-1682526488-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-776561741-1682526488-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {20A60F0D-9AFA-4515-A0FD-83BD84642501} [HKLM] -> http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab [Checkers Class] -> {5C051655-FCD5-4969-9182-770EA5AA5565} [HKLM] -> http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab [solitaire Showdown Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] -> {C3F79A2B-B9B4-4A66-B012-3EE46475B072} [HKLM] -> http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab [MessengerStatsClient Class] -> {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] -> {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} [HKLM] -> http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab [Minesweeper Flags Class] -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> DhcpNameServer -> 192.168.0.1 -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {5751FE15-550E-446B-96B3-9E26BC6F3A8B}\\DhcpNameServer -> 192.168.0.1 (Realtek RTL8139 Family PCI Fast Ethernet NIC) -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> C:\WINDOWS\explorer.exe -> [2004/08/04 01:45:34 | 001,034,240 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> < Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> "C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe" -> C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe [C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster] -> [2010/10/03 17:21:02 | 002,953,112 | ---- | M] () "C:\Level Up! Games\Combat Arms\CombatArms.exe" -> C:\Level Up! Games\Combat Arms\CombatArms.exe [C:\Level Up! Games\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe] -> [2010/10/13 19:47:56 | 001,718,784 | ---- | M] (Nexon) "C:\Level Up! Games\Combat Arms\Engine.exe" -> C:\Level Up! Games\Combat Arms\Engine.exe [C:\Level Up! Games\Combat Arms\Engine.exe:*Enabled:Engine.exe] -> [2010/10/14 01:14:00 | 002,641,928 | ---- | M] (Nexon) "C:\Nexon\Combat Arms\CombatArms.exe" -> C:\Nexon\Combat Arms\CombatArms.exe [C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe] -> [2010/10/19 10:06:00 | 001,718,784 | ---- | M] (Nexon) "C:\Nexon\Combat Arms\Engine.exe" -> C:\Nexon\Combat Arms\Engine.exe [C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe] -> [2010/10/19 10:29:51 | 002,650,584 | ---- | M] (Nexon) < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> "C:\Arquivos de programas\eMule\emule.exe" -> C:\Arquivos de programas\eMule\emule.exe [C:\Arquivos de programas\eMule\emule.exe:*:Enabled:eMule] -> [2009/02/22 17:15:14 | 005,668,864 | ---- | M] (http://www.emule-project.net) "C:\Arquivos de programas\iTunes\iTunes.exe" -> C:\Arquivos de programas\iTunes\iTunes.exe [C:\Arquivos de programas\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2010/03/26 02:09:58 | 010,358,568 | ---- | M] (Apple Inc.) "C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe" -> C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe [C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster] -> [2010/10/03 17:21:02 | 002,953,112 | ---- | M] () "C:\Arquivos de programas\Team17\Worms Armageddon\wa.exe" -> C:\Arquivos de programas\Team17\Worms Armageddon\wa.exe [C:\Arquivos de programas\Team17\Worms Armageddon\wa.exe:*:Enabled:Worms Armageddon] -> File not found "C:\Arquivos de programas\Teamspeak2_RC2\server_windows.exe" -> C:\Arquivos de programas\Teamspeak2_RC2\server_windows.exe [C:\Arquivos de programas\Teamspeak2_RC2\server_windows.exe:*:Enabled:Server] -> [2004/03/09 09:11:41 | 001,263,104 | ---- | M] () "C:\Arquivos de programas\Valve\hl.exe" -> C:\Arquivos de programas\Valve\hl.exe [C:\Arquivos de programas\Valve\hl.exe:*:Enabled:Half-Life Launcher] -> [2005/09/29 23:42:57 | 000,081,920 | ---- | M] (Valve) "C:\Arquivos de programas\VDOWNLOADER\VDownloader.exe" -> C:\Arquivos de programas\VDOWNLOADER\VDownloader.exe [C:\Arquivos de programas\VDOWNLOADER\VDownloader.exe:*:Enabled:VDownloader] -> [2009/11/16 10:59:24 | 002,654,216 | ---- | M] () "C:\Documents and Settings\All Users\Dados de aplicativos\NexonUS\NGM\NGM.exe" -> C:\Documents and Settings\All Users\Dados de aplicativos\NexonUS\NGM\NGM.exe [C:\Documents and Settings\All Users\Dados de aplicativos\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager] -> [2010/10/03 18:24:54 | 000,172,032 | ---- | M] (Nexon) "C:\Level Up! Games\Combat Arms\CombatArms.exe" -> C:\Level Up! Games\Combat Arms\CombatArms.exe [C:\Level Up! Games\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe] -> [2010/10/13 19:47:56 | 001,718,784 | ---- | M] (Nexon) "C:\Level Up! Games\Combat Arms\Engine.exe" -> C:\Level Up! Games\Combat Arms\Engine.exe [C:\Level Up! Games\Combat Arms\Engine.exe:*Enabled:Engine.exe] -> [2010/10/14 01:14:00 | 002,641,928 | ---- | M] (Nexon) "C:\Level Up! Games\Combat Arms\NMService.exe" -> C:\Level Up! Games\Combat Arms\NMService.exe [C:\Level Up! Games\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core] -> [2010/08/28 15:59:46 | 001,851,392 | ---- | M] (Nexon Corp.) "C:\Nexon\Combat Arms\CombatArms.exe" -> C:\Nexon\Combat Arms\CombatArms.exe [C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe] -> [2010/10/19 10:06:00 | 001,718,784 | ---- | M] (Nexon) "C:\Nexon\Combat Arms\Engine.exe" -> C:\Nexon\Combat Arms\Engine.exe [C:\Nexon\Combat Arms\Engine.exe:*:Enabled:Combat Arms] -> [2010/10/19 10:29:51 | 002,650,584 | ---- | M] (Nexon) "C:\Nexon\Combat Arms\NMService.exe" -> C:\Nexon\Combat Arms\NMService.exe [C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core] -> [2009/09/25 21:34:38 | 001,740,800 | R--- | M] (Nexon Corp.) "C:\NGM\NGM.exe" -> C:\NGM\NGM.exe [C:\NGM\NGM.exe:*:Enabled:Nexon Game Manager] -> [2010/10/03 13:02:38 | 000,172,032 | ---- | M] (Nexon) < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> Driver de CD-ROM -> "ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found < Drives with AutoRun files > -> -> C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2004/07/02 18:20:42 | 000,000,000 | ---- | M] () < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> comfile [open] -> "%1" %* -> exefile [open] -> "%1" %* -> < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> .com [@ = comfile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> [Files/Folders - Created Within 30 Days] Marcos Velasco Security -> C:\Arquivos de programas\Marcos Velasco Security -> [2010/12/18 15:40:13 | 000,000,000 | ---D | C] ime -> C:\Documents and Settings\Philip\Desktop\ime -> [2010/12/13 23:30:15 | 000,000,000 | ---D | C] Adobe -> C:\Documents and Settings\Philip\Configurações locais\Dados de aplicativos\Adobe -> [2010/12/13 23:14:46 | 000,000,000 | ---D | C] Adobe -> C:\Arquivos de programas\Arquivos comuns\Adobe -> [2010/12/13 23:12:03 | 000,000,000 | ---D | C] Adobe -> C:\Arquivos de programas\Adobe -> [2010/12/13 23:12:03 | 000,000,000 | ---D | C] Adobe -> C:\Documents and Settings\All Users\Dados de aplicativos\Adobe -> [2010/12/13 23:11:02 | 000,000,000 | ---D | C] Foxit Software -> C:\Documents and Settings\Philip\Dados de aplicativos\Foxit Software -> [2010/12/13 22:59:10 | 000,000,000 | ---D | C] Foxit Software -> C:\Documents and Settings\LocalService\Dados de aplicativos\Foxit Software -> [2010/12/13 22:59:08 | 000,000,000 | ---D | C] Google -> C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Google -> [2010/12/07 21:40:00 | 000,000,000 | ---D | C] Temp -> C:\Documents and Settings\Philip\Configurações locais\Dados de aplicativos\Temp -> [2010/12/07 21:35:49 | 000,000,000 | ---D | C] Google -> C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Google -> [2010/12/07 21:35:48 | 000,000,000 | ---D | C] NVIDIA Corporation -> C:\Documents and Settings\All Users\Dados de aplicativos\NVIDIA Corporation -> [2010/11/27 16:14:01 | 000,000,000 | ---D | C] ReinstallBackups -> C:\WINDOWS\System32\ReinstallBackups -> [2010/11/27 16:11:41 | 000,000,000 | ---D | C] OpenCL.dll -> C:\WINDOWS\System32\OpenCL.dll -> [2010/11/27 16:11:37 | 000,061,440 | ---- | C] (Khronos Group) NVIDIA Corporation -> C:\Arquivos de programas\NVIDIA Corporation -> [2010/11/27 16:11:14 | 000,000,000 | ---D | C] NVIDIA -> C:\NVIDIA -> [2010/11/27 16:10:35 | 000,000,000 | ---D | C] Mimicas -> C:\Documents and Settings\Philip\Desktop\Mimicas -> [2010/11/25 23:49:28 | 000,000,000 | ---D | C] Media Player Classic -> C:\Documents and Settings\Philip\Dados de aplicativos\Media Player Classic -> [2010/11/21 22:14:56 | 000,000,000 | ---D | C] MPC HomeCinema -> C:\Arquivos de programas\MPC HomeCinema -> [2010/11/21 22:13:46 | 000,000,000 | ---D | C] xing shared -> C:\Arquivos de programas\Arquivos comuns\xing shared -> [2010/11/20 16:01:30 | 000,000,000 | ---D | C] pncrt.dll -> C:\WINDOWS\System32\pncrt.dll -> [2010/11/20 16:01:03 | 000,272,896 | ---- | C] (Progressive Networks) Real -> C:\Documents and Settings\All Users\Dados de aplicativos\Real -> [2010/11/20 16:00:57 | 000,000,000 | ---D | C] Real -> C:\Arquivos de programas\Real -> [2010/11/20 16:00:57 | 000,000,000 | ---D | C] Real -> C:\Documents and Settings\Philip\Dados de aplicativos\Real -> [2010/11/20 16:00:56 | 000,000,000 | ---D | C] ProgramData -> C:\ProgramData -> [2010/11/20 15:52:26 | 000,000,000 | ---D | C] 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> [Files/Folders - Modified Within 30 Days] RealUpgradeLogonTaskS-1-5-21-776561741-1682526488-682003330-1003.job -> C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-776561741-1682526488-682003330-1003.job -> [2010/12/18 16:00:41 | 000,000,296 | ---- | M] () RealUpgradeScheduledTaskS-1-5-21-776561741-1682526488-682003330-1003.job -> C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-776561741-1682526488-682003330-1003.job -> [2010/12/18 16:00:40 | 000,000,304 | ---- | M] () MV RegClean 5.9.lnk -> C:\Documents and Settings\All Users\Desktop\MV RegClean 5.9.lnk -> [2010/12/18 15:40:51 | 000,001,013 | ---- | M] () GoogleUpdateTaskMachineUA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job -> [2010/12/18 15:40:00 | 000,000,902 | ---- | M] () GoogleUpdateTaskMachineCore.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job -> [2010/12/18 12:05:29 | 000,000,898 | ---- | M] () bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/12/18 12:04:48 | 000,002,048 | --S- | M] () Matrizes.doc -> C:\Documents and Settings\Philip\Desktop\Matrizes.doc -> [2010/12/15 22:09:44 | 000,914,432 | ---- | M] () AppleSoftwareUpdate.job -> C:\WINDOWS\tasks\AppleSoftwareUpdate.job -> [2010/12/14 19:55:00 | 000,000,300 | ---- | M] () DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Philip\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010/12/13 23:36:28 | 000,006,656 | ---- | M] () iTunes.lnk -> C:\Documents and Settings\All Users\Desktop\iTunes.lnk -> [2010/12/10 19:58:22 | 000,002,169 | ---- | M] () wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2010/12/06 22:17:16 | 000,002,206 | ---- | M] () NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2010/12/04 19:50:50 | 000,000,116 | ---- | M] () Skype.lnk -> C:\Documents and Settings\All Users\Desktop\Skype.lnk -> [2010/12/04 15:12:53 | 000,002,315 | ---- | M] () nvdrsdb0.bin -> C:\WINDOWS\System32\nvdrsdb0.bin -> [2010/11/27 16:12:05 | 000,240,592 | ---- | M] () nvdrssel.bin -> C:\WINDOWS\System32\nvdrssel.bin -> [2010/11/27 16:12:05 | 000,000,001 | ---- | M] () nvdrsdb1.bin -> C:\WINDOWS\System32\nvdrsdb1.bin -> [2010/11/27 16:12:00 | 000,240,592 | ---- | M] () nvdrswr.lk -> C:\WINDOWS\System32\nvdrswr.lk -> [2010/11/27 16:12:00 | 000,000,000 | ---- | M] () nvapps.xml -> C:\WINDOWS\System32\nvapps.xml -> [2010/11/27 13:26:50 | 000,063,804 | ---- | M] () Media Player Classic - Home Cinema.lnk -> C:\Documents and Settings\All Users\Desktop\Media Player Classic - Home Cinema.lnk -> [2010/11/21 22:13:51 | 000,000,688 | ---- | M] () RealPlayer.lnk -> C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk -> [2010/11/20 16:01:39 | 000,001,001 | ---- | M] () pncrt.dll -> C:\WINDOWS\System32\pncrt.dll -> [2010/11/20 16:01:03 | 000,272,896 | ---- | M] (Progressive Networks) perfh016.dat -> C:\WINDOWS\System32\perfh016.dat -> [2010/11/20 11:41:15 | 000,425,426 | ---- | M] () perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2010/11/20 11:41:15 | 000,392,432 | ---- | M] () perfc016.dat -> C:\WINDOWS\System32\perfc016.dat -> [2010/11/20 11:41:15 | 000,067,450 | ---- | M] () perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2010/11/20 11:41:15 | 000,058,732 | ---- | M] () 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> [Files - No Company Name] MV RegClean 5.9.lnk -> C:\Documents and Settings\All Users\Desktop\MV RegClean 5.9.lnk -> [2010/12/18 15:40:51 | 000,001,013 | ---- | C] () Matrizes.doc -> C:\Documents and Settings\Philip\Desktop\Matrizes.doc -> [2010/12/15 22:09:43 | 000,914,432 | ---- | C] () GoogleUpdateTaskMachineUA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job -> [2010/12/07 21:35:44 | 000,000,902 | ---- | C] () GoogleUpdateTaskMachineCore.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job -> [2010/12/07 21:35:44 | 000,000,898 | ---- | C] () nvdrsdb0.bin -> C:\WINDOWS\System32\nvdrsdb0.bin -> [2010/11/27 16:12:05 | 000,240,592 | ---- | C] () nvdrsdb1.bin -> C:\WINDOWS\System32\nvdrsdb1.bin -> [2010/11/27 16:12:00 | 000,240,592 | ---- | C] () nvdrssel.bin -> C:\WINDOWS\System32\nvdrssel.bin -> [2010/11/27 16:12:00 | 000,000,001 | ---- | C] () nvdrswr.lk -> C:\WINDOWS\System32\nvdrswr.lk -> [2010/11/27 16:12:00 | 000,000,000 | ---- | C] () nvdata.bin -> C:\WINDOWS\System32\nvdata.bin -> [2010/11/27 16:11:37 | 002,293,194 | ---- | C] () nvinfo.pb -> C:\WINDOWS\System32\nvinfo.pb -> [2010/11/27 16:11:36 | 000,003,739 | ---- | C] () RealUpgradeLogonTaskS-1-5-21-776561741-1682526488-682003330-1003.job -> C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-776561741-1682526488-682003330-1003.job -> [2010/11/27 02:36:26 | 000,000,296 | ---- | C] () Media Player Classic - Home Cinema.lnk -> C:\Documents and Settings\All Users\Desktop\Media Player Classic - Home Cinema.lnk -> [2010/11/21 22:13:51 | 000,000,688 | ---- | C] () RealUpgradeScheduledTaskS-1-5-21-776561741-1682526488-682003330-1003.job -> C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-776561741-1682526488-682003330-1003.job -> [2010/11/20 16:01:53 | 000,000,304 | ---- | C] () RealPlayer.lnk -> C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk -> [2010/11/20 16:01:39 | 000,001,001 | ---- | C] () WinPcapNmap.exe -> C:\Arquivos de programas\Arquivos comuns\WinPcapNmap.exe -> [2010/11/14 22:44:51 | 000,444,283 | ---- | C] () oreans32.sys -> C:\WINDOWS\System32\drivers\oreans32.sys -> [2010/04/24 18:42:09 | 000,033,824 | ---- | C] () pthreadVC.dll -> C:\WINDOWS\System32\pthreadVC.dll -> [2010/01/27 00:09:02 | 000,053,299 | ---- | C] () DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Philip\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/12/25 13:48:08 | 000,006,656 | ---- | C] () sptd.sys -> C:\WINDOWS\System32\drivers\sptd.sys -> [2009/11/15 01:42:13 | 000,691,696 | ---- | C] () MSJCE.dll -> C:\WINDOWS\System32\MSJCE.dll -> [2009/09/21 19:24:32 | 000,069,632 | ---- | C] () NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2009/09/17 20:08:11 | 000,000,116 | ---- | C] () iyvu9_32.dll -> C:\WINDOWS\System32\iyvu9_32.dll -> [2009/09/11 19:01:12 | 000,056,832 | ---- | C] () KMVIDC32.DLL -> C:\WINDOWS\System32\KMVIDC32.DLL -> [2009/09/11 17:25:44 | 000,047,104 | ---- | C] () dump_wmimmc.sys -> C:\WINDOWS\System32\drivers\dump_wmimmc.sys -> [2009/07/31 23:44:14 | 000,141,612 | ---- | C] () epfwtdir.sys -> C:\WINDOWS\System32\drivers\epfwtdir.sys -> [2008/02/20 12:11:16 | 000,033,800 | ---- | C] () nvnt4cpl.dll -> C:\WINDOWS\System32\nvnt4cpl.dll -> [2006/08/07 23:26:30 | 000,286,720 | ---- | C] () nvhwvid.dll -> C:\WINDOWS\System32\nvhwvid.dll -> [2006/08/07 23:26:28 | 000,581,632 | ---- | C] () ieencode.dll -> C:\WINDOWS\System32\ieencode.dll -> [2004/08/04 01:45:24 | 000,081,920 | ---- | C] () secdrv.sys -> C:\WINDOWS\System32\drivers\secdrv.sys -> [2004/07/17 12:36:38 | 000,027,440 | ---- | C] () ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2004/07/02 19:08:10 | 000,000,421 | ---- | C] () RtlCPAPI.dll -> C:\WINDOWS\System32\RtlCPAPI.dll -> [2004/07/02 18:32:45 | 000,135,168 | R--- | C] () ODBCINST.INI -> C:\WINDOWS\ODBCINST.INI -> [2004/07/02 15:08:26 | 000,004,205 | ---- | C] () [File - Lop Check] DAEMON Tools Lite -> C:\Documents and Settings\All Users\Dados de aplicativos\DAEMON Tools Lite -> [2009/11/15 01:41:35 | 000,000,000 | ---D | M] ESET -> C:\Documents and Settings\All Users\Dados de aplicativos\ESET -> [2010/07/01 01:17:06 | 000,000,000 | ---D | M] Messenger Plus! -> C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus! -> [2009/09/21 21:32:56 | 000,000,000 | ---D | M] Nexon -> C:\Documents and Settings\All Users\Dados de aplicativos\Nexon -> [2010/04/24 18:44:46 | 000,000,000 | ---D | M] NexonUS -> C:\Documents and Settings\All Users\Dados de aplicativos\NexonUS -> [2010/04/24 18:44:48 | 000,000,000 | ---D | M] PACE Anti-Piracy -> C:\Documents and Settings\All Users\Dados de aplicativos\PACE Anti-Piracy -> [2010/10/02 01:43:05 | 000,000,000 | ---D | M] PMB Files -> C:\Documents and Settings\All Users\Dados de aplicativos\PMB Files -> [2010/10/03 17:21:25 | 000,000,000 | ---D | M] TEMP -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP -> [2010/12/17 18:50:32 | 000,000,000 | ---D | M] {429CAD59-35B1-4DBC-BB6D-1DB246563521} -> C:\Documents and Settings\All Users\Dados de aplicativos\{429CAD59-35B1-4DBC-BB6D-1DB246563521} -> [2010/04/06 21:37:08 | 000,000,000 | ---D | M] {755AC846-7372-4AC8-8550-C52491DAA8BD} -> C:\Documents and Settings\All Users\Dados de aplicativos\{755AC846-7372-4AC8-8550-C52491DAA8BD} -> [2009/11/02 13:24:17 | 000,000,000 | ---D | M] BrOffice.org -> C:\Documents and Settings\amanda\Dados de aplicativos\BrOffice.org -> [2010/04/26 18:53:18 | 000,000,000 | ---D | M] PhotoFiltre Studio X -> C:\Documents and Settings\amanda\Dados de aplicativos\PhotoFiltre Studio X -> [2010/04/12 16:31:24 | 000,000,000 | ---D | M] BrOffice.org -> C:\Documents and Settings\Convidado\Dados de aplicativos\BrOffice.org -> [2010/06/26 15:09:43 | 000,000,000 | ---D | M] Foxit Software -> C:\Documents and Settings\LocalService\Dados de aplicativos\Foxit Software -> [2010/12/13 22:59:08 | 000,000,000 | ---D | M] BrOffice.org -> C:\Documents and Settings\Philip\Dados de aplicativos\BrOffice.org -> [2009/12/12 18:50:11 | 000,000,000 | ---D | M] DAEMON Tools Lite -> C:\Documents and Settings\Philip\Dados de aplicativos\DAEMON Tools Lite -> [2009/11/16 00:59:56 | 000,000,000 | ---D | M] Foxit -> C:\Documents and Settings\Philip\Dados de aplicativos\Foxit -> [2009/09/21 20:47:50 | 000,000,000 | ---D | M] Foxit Software -> C:\Documents and Settings\Philip\Dados de aplicativos\Foxit Software -> [2010/12/13 22:59:10 | 000,000,000 | ---D | M] PACE Anti-Piracy -> C:\Documents and Settings\Philip\Dados de aplicativos\PACE Anti-Piracy -> [2010/10/02 01:43:04 | 000,000,000 | ---D | M] PhotoFiltre Studio X -> C:\Documents and Settings\Philip\Dados de aplicativos\PhotoFiltre Studio X -> [2010/01/10 23:01:35 | 000,000,000 | ---D | M] Tibia -> C:\Documents and Settings\Philip\Dados de aplicativos\Tibia -> [2010/12/17 18:50:40 | 000,000,000 | ---D | M] [File - Purity Scan] [Files/Folders - Unicode - All] C:\Documents and Settings\Philip\Meus documentos\?? ??? -> C:\Documents and Settings\Philip\Meus documentos\넥슨 플러그 -> [2010/10/23 15:55:10 | 000,000,000 | ---D | C] C:\Documents and Settings\Philip\Meus documentos\?? ??? -> C:\Documents and Settings\Philip\Meus documentos\넥슨 플러그 -> [2010/10/23 15:55:10 | 000,000,000 | ---D | M] [Alternate Data Streams] @Alternate Data Stream - 1048 bytes -> C:\Arquivos de programas\Arquivos comuns\Microsoft Shared:i7OwP5SLh0HRd0wBsvxpo @Alternate Data Stream - 1088 bytes -> C:\Arquivos de programas\Outlook Express:gIEZm2thoLz1jYRndVPzm @Alternate Data Stream - 1207 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft:O154quoGeHJTG1xaJyXbM9Iy65U @Alternate Data Stream - 1267 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft:QPiqqlMn3mPrv37YiMptKazGi3n @Alternate Data Stream - 1295 bytes -> C:\Documents and Settings\Philip\Cookies:x3jyrEOwuqEsdoqnq @Alternate Data Stream - 255 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:6BE50C2B < End of report > ------------------------------------ Obrigado :) Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Dezembro 18, 2010 1. *Selecione e copie o código abaixo: [unregister Dlls] [Registry - Safe List] < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-776561741-1682526488-682003330-1003\] > -> HKEY_USERS\S-1-5-21-776561741-1682526488-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\ YN -> WebBrowser\\"{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [Alternate Data Streams] NY -> @Alternate Data Stream - 255 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:6BE50C2B [Empty Temp Folders] [Reboot] *Execute o OTS *Clique no espaço abaixo de "Paste Fix Here", e cole o código *Clique [Run Fix] *O PC será reiniciado *Cole o relatório apresentado após a reinicialização (C:\_OTS\MovedFiles\MDA_HMS.txt onde MDA é mês dia ano e HMS é hora minuto segundo) 2. *Desative temporariamente seu antivírus Clique com o botão direito do mouse no ícone do NOD32 ao lado do relógio > Centro de Controle > AMON > Desmarque "Módulo Residente (AMON)" *Baixe o ComboFix e salve-o no desktop *Execute-o e aceite o contrato *Se o "Console de Recuperação do Microsoft Windows" não estiver instalado, clique [Yes] > [Yes]. *Aguarde a conclusão de todas as etapas *Não use o mouse nem o teclado durante a execução das etapas!! *Para interromper o procedimento tecle [N] > [ENTER] *Cole o relatório C:\combofix.txt Compartilhar este post Link para o post Compartilhar em outros sites
lippxd 0 Denunciar post Postado Dezembro 18, 2010 Boa tarde! 1) Executei o OTS sem problemas e eis o relatório: Relatório do OTS ------------------------------ All Processes Killed [Registry - Safe List] Registry value HKEY_USERS\S-1-5-21-776561741-1682526488-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}\ not found. [Alternate Data Streams] ADS C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:6BE50C2B deleted successfully. [Empty Temp Folders] User: Administrador User: All Users User: amanda ->Temp folder emptied: 33176 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Java cache emptied: 5656816 bytes ->FireFox cache emptied: 104271362 bytes ->Flash cache emptied: 7423 bytes User: Convidado ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->FireFox cache emptied: 89486642 bytes ->Flash cache emptied: 1603 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Philip ->Temp folder emptied: 9317097 bytes ->Temporary Internet Files folder emptied: 43886 bytes ->Java cache emptied: 79615219 bytes ->FireFox cache emptied: 13523939 bytes ->Google Chrome cache emptied: 120367689 bytes ->Flash cache emptied: 618228 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2114593 bytes %systemroot%\System32 .tmp files removed: 2969 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 405,00 mb < End of fix log > OTS by OldTimer - Version 3.1.40.1 fix logfile created on 12182010_184705 Files\Folders moved on Reboot... Registry entries deleted on Reboot... ----------------------------------------- 2) O combofix foi instalado e executado com sucesso; as ordens de não mexer no teclado/mouse foram obedecidas; o NOD32 foi pausado com sucesso durante a realização das etapas. Eis aqui o relatório COMBOFIX: ------------------------------ ComboFix 10-12-18.01 - Philip 18/12/2010 19:02:07.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1534.1012 [GMT -2:00] Executando de: c:\documents and settings\Philip\Meus documentos\Downloads\ComboFix.exe AV: ESET NOD32 Antivirus 3.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} * Criado um novo ponto de restauração . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . A cópia de c:\windows\system32\kernel32.dll foi encontrada e desinfectada Cópia restaurada de - c:\windows\ERDNT\cache\kernel32.dll . (((((((((((((((( Arquivos/Ficheiros criados de 2010-11-18 to 2010-12-18 )))))))))))))))))))))))))))) . 2010-12-18 20:47 . 2010-12-18 20:47 -------- d-----w- C:\_OTS 2010-12-18 17:40 . 2010-12-18 17:40 -------- d-----w- c:\arquivos de programas\Marcos Velasco Security 2010-12-14 16:50 . 2010-12-14 16:50 -------- d-----w- c:\windows\system32\config\systemprofile\Dados de aplicativos\Foxit Software 2010-12-14 01:14 . 2010-12-14 01:14 -------- d-----w- c:\documents and settings\Philip\Configurações locais\Dados de aplicativos\Adobe 2010-12-14 01:12 . 2010-12-14 01:12 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe 2010-12-14 00:59 . 2010-12-14 00:59 -------- d-----w- c:\documents and settings\Philip\Dados de aplicativos\Foxit Software 2010-12-14 00:59 . 2010-12-14 00:59 -------- d-----w- c:\documents and settings\LocalService\Dados de aplicativos\Foxit Software 2010-12-07 23:40 . 2010-12-07 23:40 -------- d-----w- c:\documents and settings\NetworkService\Configurações locais\Dados de aplicativos\Google 2010-12-07 23:35 . 2010-12-14 01:14 -------- d-----w- c:\documents and settings\Philip\Configurações locais\Dados de aplicativos\Temp 2010-12-07 23:35 . 2010-12-07 23:35 -------- d-----w- c:\documents and settings\LocalService\Configurações locais\Dados de aplicativos\Google 2010-11-27 18:14 . 2010-11-27 18:14 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NVIDIA Corporation 2010-11-27 18:12 . 2010-11-27 18:12 240592 ----a-w- c:\windows\system32\nvdrsdb0.bin 2010-11-27 18:12 . 2010-11-27 18:12 1 ----a-w- c:\windows\system32\nvdrssel.bin 2010-11-27 18:12 . 2010-11-27 18:12 240592 ----a-w- c:\windows\system32\nvdrsdb1.bin 2010-11-27 18:11 . 2010-10-22 06:23 61440 ----a-w- c:\windows\system32\OpenCL.dll 2010-11-27 18:11 . 2010-10-22 06:23 888424 ----a-w- c:\windows\system32\nvdispco32.dll 2010-11-27 18:11 . 2010-10-22 06:23 813672 ----a-w- c:\windows\system32\nvgenco32.dll 2010-11-27 18:11 . 2010-10-22 06:23 4882432 ----a-w- c:\windows\system32\nvcuda.dll 2010-11-27 18:11 . 2010-10-22 06:23 2932840 ----a-w- c:\windows\system32\nvcuvid.dll 2010-11-27 18:11 . 2010-10-22 06:23 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll 2010-11-27 18:11 . 2010-10-22 06:23 2293194 ----a-w- c:\windows\system32\nvdata.bin 2010-11-27 18:11 . 2010-10-22 06:23 13012992 ----a-w- c:\windows\system32\nvcompiler.dll 2010-11-27 18:11 . 2010-11-27 18:13 -------- d-----w- c:\arquivos de programas\NVIDIA Corporation 2010-11-27 18:10 . 2010-11-27 18:10 -------- d-----w- C:\NVIDIA 2010-11-22 00:14 . 2010-11-22 00:14 -------- d-----w- c:\documents and settings\Philip\Dados de aplicativos\Media Player Classic 2010-11-22 00:13 . 2010-11-22 00:13 -------- d-----w- c:\arquivos de programas\MPC HomeCinema 2010-11-20 18:01 . 2010-11-20 18:01 11776 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugins\nprjplug.dll 2010-11-20 18:01 . 2010-11-20 18:01 -------- d-----w- c:\arquivos de programas\Arquivos comuns\xing shared 2010-11-20 18:01 . 2010-11-20 18:01 151776 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugins\nppl3260.dll 2010-11-20 18:01 . 2010-11-20 18:01 100352 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugins\nprpjplug.dll 2010-11-20 18:00 . 2010-11-20 18:01 -------- d-----w- c:\arquivos de programas\Real 2010-11-20 17:52 . 2010-11-20 17:52 -------- d-----w- C:\ProgramData . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-20 18:01 . 2004-07-02 20:51 499712 ----a-w- c:\windows\system32\msvcp71.dll 2010-11-20 18:01 . 2004-07-02 20:51 348160 ----a-w- c:\windows\system32\msvcr71.dll 2010-10-22 06:23 . 2006-08-08 01:26 14532608 ----a-w- c:\windows\system32\nvoglnt.dll 2010-10-22 06:23 . 2006-08-08 01:26 9623680 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2010-10-22 06:23 . 2006-08-08 01:26 6359552 ----a-w- c:\windows\system32\nv4_disp.dll 2010-10-22 06:23 . 2006-08-08 01:26 1462272 ----a-w- c:\windows\system32\nvapi.dll 2010-10-16 21:21 . 2009-08-01 01:44 141612 ----a-w- c:\windows\system32\drivers\dump_wmimmc.sys 2010-10-16 14:05 . 2010-10-16 14:05 81920 ----a-w- c:\windows\system32\nvwddi.dll 2010-10-16 14:05 . 2010-10-16 14:05 335872 ----a-w- c:\windows\system32\nvrsar.dll 2010-10-16 14:05 . 2010-10-16 14:05 331776 ----a-w- c:\windows\system32\nvrshe.dll 2010-10-16 14:05 . 2010-10-16 14:05 286720 ----a-w- c:\windows\system32\nvrsfr.dll 2010-10-16 14:05 . 2010-10-16 14:05 282624 ----a-w- c:\windows\system32\nvrses.dll 2010-10-16 14:05 . 2010-10-16 14:05 282624 ----a-w- c:\windows\system32\nvrsel.dll 2010-10-16 14:05 . 2010-10-16 14:05 278528 ----a-w- c:\windows\system32\nvrsde.dll 2010-10-16 14:05 . 2010-10-16 14:05 274432 ----a-w- c:\windows\system32\nvrsnl.dll 2010-10-16 14:05 . 2010-10-16 14:05 274432 ----a-w- c:\windows\system32\nvrsesm.dll 2010-10-16 14:05 . 2010-10-16 14:05 270336 ----a-w- c:\windows\system32\nvrsru.dll 2010-10-16 14:05 . 2010-10-16 14:05 270336 ----a-w- c:\windows\system32\nvrsptb.dll 2010-10-16 14:05 . 2010-10-16 14:05 266240 ----a-w- c:\windows\system32\nvrsko.dll 2010-10-16 14:05 . 2010-10-16 14:05 262144 ----a-w- c:\windows\system32\nvrshu.dll 2010-10-16 14:05 . 2010-10-16 14:05 258048 ----a-w- c:\windows\system32\nvrstr.dll 2010-10-16 14:05 . 2010-10-16 14:05 258048 ----a-w- c:\windows\system32\nvrssl.dll 2010-10-16 14:05 . 2010-10-16 14:05 258048 ----a-w- c:\windows\system32\nvrssk.dll 2010-10-16 14:05 . 2010-10-16 14:05 253952 ----a-w- c:\windows\system32\nvrsth.dll 2010-10-16 14:05 . 2010-10-16 14:05 253952 ----a-w- c:\windows\system32\nvrssv.dll 2010-10-16 14:05 . 2010-10-16 14:05 253952 ----a-w- c:\windows\system32\nvrsda.dll 2010-10-16 14:05 . 2010-10-16 14:05 249856 ----a-w- c:\windows\system32\nvrsfi.dll 2010-10-16 14:05 . 2010-10-16 14:05 249856 ----a-w- c:\windows\system32\nvrseng.dll 2010-10-16 14:05 . 2010-10-16 14:05 249856 ----a-w- c:\windows\system32\nvrscs.dll 2010-10-16 14:05 . 2010-10-16 14:05 229376 ----a-w- c:\windows\system32\nvrszhc.dll 2010-10-16 14:05 . 2010-10-16 14:05 126976 ----a-w- c:\windows\system32\nvrszht.dll 2010-10-16 14:05 . 2010-10-16 14:05 282624 ----a-w- c:\windows\system32\nvrsit.dll 2010-10-16 14:05 . 2010-10-16 14:05 277608 ----a-w- c:\windows\system32\nvmccs.dll 2010-10-16 14:05 . 2010-10-16 14:05 274432 ----a-w- c:\windows\system32\nvrspt.dll 2010-10-16 14:05 . 2010-10-16 14:05 270336 ----a-w- c:\windows\system32\nvrsja.dll 2010-10-16 14:05 . 2010-10-16 14:05 258048 ----a-w- c:\windows\system32\nvrspl.dll 2010-10-16 14:05 . 2010-10-16 14:05 253952 ----a-w- c:\windows\system32\nvrsno.dll 2010-10-16 14:05 . 2010-10-16 14:05 156776 ----a-w- c:\windows\system32\nvsvc32.exe 2010-10-16 14:05 . 2010-10-16 14:05 145000 ----a-w- c:\windows\system32\nvcolor.exe 2010-10-16 14:05 . 2010-10-16 14:05 13851752 ----a-w- c:\windows\system32\nvcpl.dll 2010-10-16 14:05 . 2010-10-16 14:05 110696 ----a-w- c:\windows\system32\nvmctray.dll 2010-01-26 12:11 . 2010-11-15 00:44 444283 ----a-w- c:\arquivos de programas\Arquivos comuns\WinPcapNmap.exe . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "DAEMON Tools Lite"="c:\arquivos de programas\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200] "Skype"="c:\arquivos de programas\Skype\Phone\Skype.exe" [2010-10-11 14940040] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2006-06-28 16248320] "SkyTel"="SkyTel.EXE" [2006-05-16 2879488] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "ZSSnp211"="c:\windows\ZSSnp211.exe" [2007-04-06 57344] "Domino"="c:\windows\Domino.exe" [2006-08-18 49152] "SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "QuickTime Task"="c:\arquivos de programas\QuickTime\QTTask.exe" [2010-03-18 421888] "iTunesHelper"="c:\arquivos de programas\iTunes\iTunesHelper.exe" [2010-03-26 142120] "ArcSoft Connection Service"="c:\arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424] "egui"="c:\arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072] "TkBellExe"="c:\arquivos de programas\Real\RealPlayer\update\realsched.exe" [2010-11-20 274608] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752] "nwiz"="c:\arquivos de programas\NVIDIA Corporation\nView\nwiz.exe" [2010-08-26 1753192] "Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736] "Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288] c:\documents and settings\amanda\Menu Iniciar\Programas\Inicializar\ BrOffice.org 3.1.lnk - c:\arquivos de programas\BrOffice.org 3\program\quickstart.exe [2009-4-16 384000] c:\documents and settings\Philip\Menu Iniciar\Programas\Inicializar\ BrOffice.org 3.1.lnk - c:\arquivos de programas\BrOffice.org 3\program\quickstart.exe [2009-4-16 384000] Ferramenta de Verifica‡Æo de M¡dia do Picture Motion Browser.lnk - c:\arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2009-8-11 344064] c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\ McAfee Security Scan Plus.lnk - c:\arquivos de programas\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] Microsoft Office.lnk - c:\arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] Philips GoGear SA1VBExx Device Manager.lnk - c:\arquivos de programas\Philips\GoGear SA1VBExx Device Manager\GoGear_SA1VBExx_DeviceManager.exe [2010-5-24 1611120] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\Messenger\\msmsgs.exe"= "c:\\Arquivos de programas\\Teamspeak2_RC2\\server_windows.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Arquivos de programas\\eMule\\emule.exe"= "c:\\Arquivos de programas\\VDOWNLOADER\\VDownloader.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"= "c:\\Arquivos de programas\\iTunes\\iTunes.exe"= "c:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"= "c:\\Nexon\\Combat Arms\\NMService.exe"= "c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe "c:\\Arquivos de programas\\Valve\\hl.exe"= "c:\\NGM\\NGM.exe"= "c:\\Arquivos de programas\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"= "c:\\Nexon\\Combat Arms\\Engine.exe"= "c:\\Level Up! Games\\Combat Arms\\NMService.exe"= "c:\level up! games\Combat Arms\Engine.exe"= c:\level up! games\Combat Arms\Engine.exe:*Enabled:Engine.exe "c:\level up! games\Combat Arms\CombatArms.exe"= c:\level up! games\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "56142:TCP"= 56142:TCP:Pando Media Booster "56142:UDP"= 56142:UDP:Pando Media Booster "57076:TCP"= 57076:TCP:Pando Media Booster "57076:UDP"= 57076:UDP:Pando Media Booster R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [6/10/2009 23:20 28544] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15/11/2009 01:42 691696] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [20/2/2008 12:11 33800] R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [24/4/2010 18:42 33824] R2 a2free;a-squared Free Service;c:\arquivos de programas\a-squared Free\a2service.exe [11/10/2009 23:53 1858144] R2 ekrn;Eset Service;c:\arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe [20/2/2008 12:08 472320] R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [27/1/2010 00:09 50704] S2 duuhfkc;Shell Config;c:\windows\system32\svchost.exe -k netsvcs [4/8/2004 01:45 14336] S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [7/12/2010 21:35 136176] S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [19/9/2002 18:20 3584] S3 ddsxeiservice;ddsxeiservice2;c:\arquivos de programas\sXe Injected\ddsxei.sys [8/10/2010 00:34 91904] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\arquivos de programas\McAfee Security Scan\2.0.181\McCHSvc.exe [15/1/2010 10:49 227232] S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs kcgfmb duuhfkc . Conteúdo da pasta 'Tarefas Agendadas' 2010-12-14 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 14:34] 2010-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-12-07 23:35] 2010-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-12-07 23:35] 2010-12-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-776561741-1682526488-682003330-1003.job - c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-11-05 13:33] 2010-12-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-776561741-1682526488-682003330-1003.job - c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-11-05 13:33] . . ------- Scan Suplementar ------- . uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = local uSearchURL,(Default) = hxxp://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office10\EXCEL.EXE/3000 Trusted Zone: nexon.net\combatarms FF - ProfilePath - c:\documents and settings\Philip\Dados de aplicativos\Mozilla\Firefox\Profiles\8eswv4zm.default\ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\arquivos de programas\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} FF - Ext: Java Quick Starter: jqs@sun.com - c:\arquivos de programas\Java\jre6\lib\deploy\jqs\ff FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-18 19:14 Windows 5.1.2600 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . ------------------------ Outros Processos em Execução ------------------------ . c:\windows\system32\nvsvc32.exe c:\arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe c:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\arquivos de programas\Bonjour\mDNSResponder.exe c:\arquivos de programas\Java\jre6\bin\jqs.exe c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\wscntfy.exe c:\windows\RTHDCPL.EXE c:\windows\system32\RUNDLL32.EXE c:\arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ArcCon.ac c:\arquivos de programas\BrOffice.org 3\program\soffice.exe c:\arquivos de programas\BrOffice.org 3\program\soffice.bin c:\arquivos de programas\iPod\bin\iPodService.exe . ************************************************************************** . Tempo para conclusão: 2010-12-18 19:19:43 - Máquina reiniciou ComboFix-quarantined-files.txt 2010-12-18 21:19 ComboFix2.txt 2009-10-08 20:05 Pré-execução: 19 pasta(s) 280.085.614.592 bytes disponíveis Pós execução: 20 pasta(s) 280.070.426.624 bytes disponíveis - - End Of File - - D9DCF4793044121CDC5BB9499CDF4DDC ------------------------------------------------------- Aguardo novas instruções. Obrigado :) Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Dezembro 18, 2010 *Abra o bloco de notas e cole nele o código abaixo: NetSvc:: kcgfmb duuhfkc *Salve o arquivo no desktop como CFScript.txt *Arraste o arquivo para o Combofix conforme ilustração abaixo: *Não use o mouse e o teclado enquanto o combofix estiver em execução!! *Cole o relatório C:\combofix.txt Compartilhar este post Link para o post Compartilhar em outros sites
lippxd 0 Denunciar post Postado Dezembro 18, 2010 Boa noite! Os procedimentos de criar o texto e arrastar para o ComboFix foram realizados com sucesso. O NOD32 foi pausado durante a execução do ComboFix. Nem o mouse nem o teclado foram usados durante a execução. Aqui vai o log do ComboFix: --------------------------------- ComboFix 10-12-18.01 - Philip 18/12/2010 19:56:45.3.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1534.1066 [GMT -2:00] Executando de: c:\documents and settings\Philip\Meus documentos\Downloads\ComboFix.exe Comandos utilizados :: c:\documents and settings\Philip\Meus documentos\Downloads\CFScript.txt AV: ESET NOD32 Antivirus 3.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . (((((((((((((((( Arquivos/Ficheiros criados de 2010-11-18 to 2010-12-18 )))))))))))))))))))))))))))) . 2010-12-18 20:47 . 2010-12-18 20:47 -------- d-----w- C:\_OTS 2010-12-18 17:40 . 2010-12-18 17:40 -------- d-----w- c:\arquivos de programas\Marcos Velasco Security 2010-12-14 16:50 . 2010-12-14 16:50 -------- d-----w- c:\windows\system32\config\systemprofile\Dados de aplicativos\Foxit Software 2010-12-14 01:14 . 2010-12-14 01:14 -------- d-----w- c:\documents and settings\Philip\Configurações locais\Dados de aplicativos\Adobe 2010-12-14 01:12 . 2010-12-14 01:12 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe 2010-12-14 00:59 . 2010-12-14 00:59 -------- d-----w- c:\documents and settings\Philip\Dados de aplicativos\Foxit Software 2010-12-14 00:59 . 2010-12-14 00:59 -------- d-----w- c:\documents and settings\LocalService\Dados de aplicativos\Foxit Software 2010-12-07 23:40 . 2010-12-07 23:40 -------- d-----w- c:\documents and settings\NetworkService\Configurações locais\Dados de aplicativos\Google 2010-12-07 23:35 . 2010-12-14 01:14 -------- d-----w- c:\documents and settings\Philip\Configurações locais\Dados de aplicativos\Temp 2010-12-07 23:35 . 2010-12-07 23:35 -------- d-----w- c:\documents and settings\LocalService\Configurações locais\Dados de aplicativos\Google 2010-11-27 18:14 . 2010-11-27 18:14 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NVIDIA Corporation 2010-11-27 18:12 . 2010-11-27 18:12 240592 ----a-w- c:\windows\system32\nvdrsdb0.bin 2010-11-27 18:12 . 2010-11-27 18:12 1 ----a-w- c:\windows\system32\nvdrssel.bin 2010-11-27 18:12 . 2010-11-27 18:12 240592 ----a-w- c:\windows\system32\nvdrsdb1.bin 2010-11-27 18:11 . 2010-10-22 06:23 61440 ----a-w- c:\windows\system32\OpenCL.dll 2010-11-27 18:11 . 2010-10-22 06:23 888424 ----a-w- c:\windows\system32\nvdispco32.dll 2010-11-27 18:11 . 2010-10-22 06:23 813672 ----a-w- c:\windows\system32\nvgenco32.dll 2010-11-27 18:11 . 2010-10-22 06:23 4882432 ----a-w- c:\windows\system32\nvcuda.dll 2010-11-27 18:11 . 2010-10-22 06:23 2932840 ----a-w- c:\windows\system32\nvcuvid.dll 2010-11-27 18:11 . 2010-10-22 06:23 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll 2010-11-27 18:11 . 2010-10-22 06:23 2293194 ----a-w- c:\windows\system32\nvdata.bin 2010-11-27 18:11 . 2010-10-22 06:23 13012992 ----a-w- c:\windows\system32\nvcompiler.dll 2010-11-27 18:11 . 2010-11-27 18:13 -------- d-----w- c:\arquivos de programas\NVIDIA Corporation 2010-11-27 18:10 . 2010-11-27 18:10 -------- d-----w- C:\NVIDIA 2010-11-22 00:14 . 2010-11-22 00:14 -------- d-----w- c:\documents and settings\Philip\Dados de aplicativos\Media Player Classic 2010-11-22 00:13 . 2010-11-22 00:13 -------- d-----w- c:\arquivos de programas\MPC HomeCinema 2010-11-20 18:01 . 2010-11-20 18:01 11776 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugins\nprjplug.dll 2010-11-20 18:01 . 2010-11-20 18:01 -------- d-----w- c:\arquivos de programas\Arquivos comuns\xing shared 2010-11-20 18:01 . 2010-11-20 18:01 151776 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugins\nppl3260.dll 2010-11-20 18:01 . 2010-11-20 18:01 100352 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugins\nprpjplug.dll 2010-11-20 18:00 . 2010-11-20 18:01 -------- d-----w- c:\arquivos de programas\Real 2010-11-20 17:52 . 2010-11-20 17:52 -------- d-----w- C:\ProgramData . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-20 18:01 . 2004-07-02 20:51 499712 ----a-w- c:\windows\system32\msvcp71.dll 2010-11-20 18:01 . 2004-07-02 20:51 348160 ----a-w- c:\windows\system32\msvcr71.dll 2010-10-22 06:23 . 2006-08-08 01:26 14532608 ----a-w- c:\windows\system32\nvoglnt.dll 2010-10-22 06:23 . 2006-08-08 01:26 9623680 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2010-10-22 06:23 . 2006-08-08 01:26 6359552 ----a-w- c:\windows\system32\nv4_disp.dll 2010-10-22 06:23 . 2006-08-08 01:26 1462272 ----a-w- c:\windows\system32\nvapi.dll 2010-10-16 21:21 . 2009-08-01 01:44 141612 ----a-w- c:\windows\system32\drivers\dump_wmimmc.sys 2010-10-16 14:05 . 2010-10-16 14:05 81920 ----a-w- c:\windows\system32\nvwddi.dll 2010-10-16 14:05 . 2010-10-16 14:05 335872 ----a-w- c:\windows\system32\nvrsar.dll 2010-10-16 14:05 . 2010-10-16 14:05 331776 ----a-w- c:\windows\system32\nvrshe.dll 2010-10-16 14:05 . 2010-10-16 14:05 286720 ----a-w- c:\windows\system32\nvrsfr.dll 2010-10-16 14:05 . 2010-10-16 14:05 282624 ----a-w- c:\windows\system32\nvrses.dll 2010-10-16 14:05 . 2010-10-16 14:05 282624 ----a-w- c:\windows\system32\nvrsel.dll 2010-10-16 14:05 . 2010-10-16 14:05 278528 ----a-w- c:\windows\system32\nvrsde.dll 2010-10-16 14:05 . 2010-10-16 14:05 274432 ----a-w- c:\windows\system32\nvrsnl.dll 2010-10-16 14:05 . 2010-10-16 14:05 274432 ----a-w- c:\windows\system32\nvrsesm.dll 2010-10-16 14:05 . 2010-10-16 14:05 270336 ----a-w- c:\windows\system32\nvrsru.dll 2010-10-16 14:05 . 2010-10-16 14:05 270336 ----a-w- c:\windows\system32\nvrsptb.dll 2010-10-16 14:05 . 2010-10-16 14:05 266240 ----a-w- c:\windows\system32\nvrsko.dll 2010-10-16 14:05 . 2010-10-16 14:05 262144 ----a-w- c:\windows\system32\nvrshu.dll 2010-10-16 14:05 . 2010-10-16 14:05 258048 ----a-w- c:\windows\system32\nvrstr.dll 2010-10-16 14:05 . 2010-10-16 14:05 258048 ----a-w- c:\windows\system32\nvrssl.dll 2010-10-16 14:05 . 2010-10-16 14:05 258048 ----a-w- c:\windows\system32\nvrssk.dll 2010-10-16 14:05 . 2010-10-16 14:05 253952 ----a-w- c:\windows\system32\nvrsth.dll 2010-10-16 14:05 . 2010-10-16 14:05 253952 ----a-w- c:\windows\system32\nvrssv.dll 2010-10-16 14:05 . 2010-10-16 14:05 253952 ----a-w- c:\windows\system32\nvrsda.dll 2010-10-16 14:05 . 2010-10-16 14:05 249856 ----a-w- c:\windows\system32\nvrsfi.dll 2010-10-16 14:05 . 2010-10-16 14:05 249856 ----a-w- c:\windows\system32\nvrseng.dll 2010-10-16 14:05 . 2010-10-16 14:05 249856 ----a-w- c:\windows\system32\nvrscs.dll 2010-10-16 14:05 . 2010-10-16 14:05 229376 ----a-w- c:\windows\system32\nvrszhc.dll 2010-10-16 14:05 . 2010-10-16 14:05 126976 ----a-w- c:\windows\system32\nvrszht.dll 2010-10-16 14:05 . 2010-10-16 14:05 282624 ----a-w- c:\windows\system32\nvrsit.dll 2010-10-16 14:05 . 2010-10-16 14:05 277608 ----a-w- c:\windows\system32\nvmccs.dll 2010-10-16 14:05 . 2010-10-16 14:05 274432 ----a-w- c:\windows\system32\nvrspt.dll 2010-10-16 14:05 . 2010-10-16 14:05 270336 ----a-w- c:\windows\system32\nvrsja.dll 2010-10-16 14:05 . 2010-10-16 14:05 258048 ----a-w- c:\windows\system32\nvrspl.dll 2010-10-16 14:05 . 2010-10-16 14:05 253952 ----a-w- c:\windows\system32\nvrsno.dll 2010-10-16 14:05 . 2010-10-16 14:05 156776 ----a-w- c:\windows\system32\nvsvc32.exe 2010-10-16 14:05 . 2010-10-16 14:05 145000 ----a-w- c:\windows\system32\nvcolor.exe 2010-10-16 14:05 . 2010-10-16 14:05 13851752 ----a-w- c:\windows\system32\nvcpl.dll 2010-10-16 14:05 . 2010-10-16 14:05 110696 ----a-w- c:\windows\system32\nvmctray.dll 2010-01-26 12:11 . 2010-11-15 00:44 444283 ----a-w- c:\arquivos de programas\Arquivos comuns\WinPcapNmap.exe . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "DAEMON Tools Lite"="c:\arquivos de programas\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200] "Skype"="c:\arquivos de programas\Skype\Phone\Skype.exe" [2010-10-11 14940040] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2006-06-28 16248320] "SkyTel"="SkyTel.EXE" [2006-05-16 2879488] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "ZSSnp211"="c:\windows\ZSSnp211.exe" [2007-04-06 57344] "Domino"="c:\windows\Domino.exe" [2006-08-18 49152] "SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "QuickTime Task"="c:\arquivos de programas\QuickTime\QTTask.exe" [2010-03-18 421888] "iTunesHelper"="c:\arquivos de programas\iTunes\iTunesHelper.exe" [2010-03-26 142120] "ArcSoft Connection Service"="c:\arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424] "egui"="c:\arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072] "TkBellExe"="c:\arquivos de programas\Real\RealPlayer\update\realsched.exe" [2010-11-20 274608] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752] "nwiz"="c:\arquivos de programas\NVIDIA Corporation\nView\nwiz.exe" [2010-08-26 1753192] "Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736] "Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288] c:\documents and settings\amanda\Menu Iniciar\Programas\Inicializar\ BrOffice.org 3.1.lnk - c:\arquivos de programas\BrOffice.org 3\program\quickstart.exe [2009-4-16 384000] c:\documents and settings\Philip\Menu Iniciar\Programas\Inicializar\ BrOffice.org 3.1.lnk - c:\arquivos de programas\BrOffice.org 3\program\quickstart.exe [2009-4-16 384000] Ferramenta de Verifica‡Æo de M¡dia do Picture Motion Browser.lnk - c:\arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2009-8-11 344064] c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\ McAfee Security Scan Plus.lnk - c:\arquivos de programas\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] Microsoft Office.lnk - c:\arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] Philips GoGear SA1VBExx Device Manager.lnk - c:\arquivos de programas\Philips\GoGear SA1VBExx Device Manager\GoGear_SA1VBExx_DeviceManager.exe [2010-5-24 1611120] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\Messenger\\msmsgs.exe"= "c:\\Arquivos de programas\\Teamspeak2_RC2\\server_windows.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Arquivos de programas\\eMule\\emule.exe"= "c:\\Arquivos de programas\\VDOWNLOADER\\VDownloader.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"= "c:\\Arquivos de programas\\iTunes\\iTunes.exe"= "c:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"= "c:\\Nexon\\Combat Arms\\NMService.exe"= "c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe "c:\\Arquivos de programas\\Valve\\hl.exe"= "c:\\NGM\\NGM.exe"= "c:\\Arquivos de programas\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"= "c:\\Nexon\\Combat Arms\\Engine.exe"= "c:\\Level Up! Games\\Combat Arms\\NMService.exe"= "c:\level up! games\Combat Arms\Engine.exe"= c:\level up! games\Combat Arms\Engine.exe:*Enabled:Engine.exe "c:\level up! games\Combat Arms\CombatArms.exe"= c:\level up! games\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "56142:TCP"= 56142:TCP:Pando Media Booster "56142:UDP"= 56142:UDP:Pando Media Booster "57076:TCP"= 57076:TCP:Pando Media Booster "57076:UDP"= 57076:UDP:Pando Media Booster R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [6/10/2009 23:20 28544] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15/11/2009 01:42 691696] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [20/2/2008 12:11 33800] R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [24/4/2010 18:42 33824] R2 a2free;a-squared Free Service;c:\arquivos de programas\a-squared Free\a2service.exe [11/10/2009 23:53 1858144] R2 ekrn;Eset Service;c:\arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe [20/2/2008 12:08 472320] R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [27/1/2010 00:09 50704] S2 duuhfkc;Shell Config;c:\windows\system32\svchost.exe -k netsvcs [4/8/2004 01:45 14336] S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [7/12/2010 21:35 136176] S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [19/9/2002 18:20 3584] S3 ddsxeiservice;ddsxeiservice2;c:\arquivos de programas\sXe Injected\ddsxei.sys [8/10/2010 00:34 91904] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\arquivos de programas\McAfee Security Scan\2.0.181\McCHSvc.exe [15/1/2010 10:49 227232] S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs kcgfmb duuhfkc . Conteúdo da pasta 'Tarefas Agendadas' 2010-12-14 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 14:34] 2010-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-12-07 23:35] 2010-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-12-07 23:35] 2010-12-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-776561741-1682526488-682003330-1003.job - c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-11-05 13:33] 2010-12-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-776561741-1682526488-682003330-1003.job - c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-11-05 13:33] . . ------- Scan Suplementar ------- . uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = local uSearchURL,(Default) = hxxp://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office10\EXCEL.EXE/3000 Trusted Zone: nexon.net\combatarms FF - ProfilePath - c:\documents and settings\Philip\Dados de aplicativos\Mozilla\Firefox\Profiles\8eswv4zm.default\ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\arquivos de programas\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} FF - Ext: Java Quick Starter: jqs@sun.com - c:\arquivos de programas\Java\jre6\lib\deploy\jqs\ff FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-18 20:06 Windows 5.1.2600 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . Tempo para conclusão: 2010-12-18 20:15:53 ComboFix-quarantined-files.txt 2010-12-18 22:15 ComboFix2.txt 2010-12-18 21:19 ComboFix3.txt 2009-10-08 20:05 Pré-execução: 19 pasta(s) 280.069.345.280 bytes disponíveis Pós execução: 20 pasta(s) 280.060.424.192 bytes disponíveis - - End Of File - - 4D7D59740185C464259BE03C6C78A230 ----------------------------- Aguardo novas instruções. Obrigado :) Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Dezembro 18, 2010 *Acesse o site ConfickerWorkingGroup *No site, observe as figuras no quadro abaixo da frase "Conficker Eye Chart" *No site, compare com o resultado da tabela abaixo da frase "How to interpret:" *Informe o resultado. Compartilhar este post Link para o post Compartilhar em outros sites
lippxd 0 Denunciar post Postado Dezembro 18, 2010 Boa noite! Entrei no site e todas as imagens apareceram. Assim, a alternativa foi: " = Normal/Not Infected by Conficker (or using proxy) " Aguardo novas instruções. Obrigado :) Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Dezembro 18, 2010 OK... *Abra o bloco de notas e cole nele o código abaixo: Driver:: kcgfmb duuhfkc NetSvc:: kcgfmb duuhfkc *Salve o arquivo no desktop como CFScript.txt *Arraste o arquivo para o Combofix conforme ilustração abaixo: *Não use o mouse e o teclado enquanto o combofix estiver em execução!! *Cole o relatório C:\combofix.txt Compartilhar este post Link para o post Compartilhar em outros sites
lippxd 0 Denunciar post Postado Dezembro 19, 2010 Boa noite! Desculpem, mas ontem houve um imprevisto e depois de usar o ComboFix eu não pude postar aqui o relatório. Por isso, vou postar agora. Caso seja necessário, avisem-me para que eu refaça a operação. obs: O ComboFix e o Script foram executados com sucesso. Log ComboFix: ----------------------------------- ComboFix 10-12-18.01 - Philip 18/12/2010 22:47:51.4.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1534.985 [GMT -2:00] Executando de: c:\documents and settings\Philip\Meus documentos\Downloads\ComboFix.exe Comandos utilizados :: c:\documents and settings\Philip\Meus documentos\Downloads\CFScript.txt AV: ESET NOD32 Antivirus 3.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Serviços ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_DUUHFKC -------\Legacy_KCGFMB -------\Service_duuhfkc (((((((((((((((( Arquivos/Ficheiros criados de 2010-11-19 to 2010-12-19 )))))))))))))))))))))))))))) . 2010-12-18 20:47 . 2010-12-18 20:47 -------- d-----w- C:\_OTS 2010-12-18 17:40 . 2010-12-18 17:40 -------- d-----w- c:\arquivos de programas\Marcos Velasco Security 2010-12-14 16:50 . 2010-12-14 16:50 -------- d-----w- c:\windows\system32\config\systemprofile\Dados de aplicativos\Foxit Software 2010-12-14 01:14 . 2010-12-14 01:14 -------- d-----w- c:\documents and settings\Philip\Configurações locais\Dados de aplicativos\Adobe 2010-12-14 01:12 . 2010-12-14 01:12 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe 2010-12-14 00:59 . 2010-12-14 00:59 -------- d-----w- c:\documents and settings\Philip\Dados de aplicativos\Foxit Software 2010-12-14 00:59 . 2010-12-14 00:59 -------- d-----w- c:\documents and settings\LocalService\Dados de aplicativos\Foxit Software 2010-12-07 23:40 . 2010-12-07 23:40 -------- d-----w- c:\documents and settings\NetworkService\Configurações locais\Dados de aplicativos\Google 2010-12-07 23:35 . 2010-12-14 01:14 -------- d-----w- c:\documents and settings\Philip\Configurações locais\Dados de aplicativos\Temp 2010-12-07 23:35 . 2010-12-07 23:35 -------- d-----w- c:\documents and settings\LocalService\Configurações locais\Dados de aplicativos\Google 2010-11-27 18:14 . 2010-11-27 18:14 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NVIDIA Corporation 2010-11-27 18:12 . 2010-11-27 18:12 240592 ----a-w- c:\windows\system32\nvdrsdb0.bin 2010-11-27 18:12 . 2010-11-27 18:12 1 ----a-w- c:\windows\system32\nvdrssel.bin 2010-11-27 18:12 . 2010-11-27 18:12 240592 ----a-w- c:\windows\system32\nvdrsdb1.bin 2010-11-27 18:11 . 2010-10-22 06:23 61440 ----a-w- c:\windows\system32\OpenCL.dll 2010-11-27 18:11 . 2010-10-22 06:23 888424 ----a-w- c:\windows\system32\nvdispco32.dll 2010-11-27 18:11 . 2010-10-22 06:23 813672 ----a-w- c:\windows\system32\nvgenco32.dll 2010-11-27 18:11 . 2010-10-22 06:23 4882432 ----a-w- c:\windows\system32\nvcuda.dll 2010-11-27 18:11 . 2010-10-22 06:23 2932840 ----a-w- c:\windows\system32\nvcuvid.dll 2010-11-27 18:11 . 2010-10-22 06:23 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll 2010-11-27 18:11 . 2010-10-22 06:23 2293194 ----a-w- c:\windows\system32\nvdata.bin 2010-11-27 18:11 . 2010-10-22 06:23 13012992 ----a-w- c:\windows\system32\nvcompiler.dll 2010-11-27 18:11 . 2010-11-27 18:13 -------- d-----w- c:\arquivos de programas\NVIDIA Corporation 2010-11-27 18:10 . 2010-11-27 18:10 -------- d-----w- C:\NVIDIA 2010-11-22 00:14 . 2010-11-22 00:14 -------- d-----w- c:\documents and settings\Philip\Dados de aplicativos\Media Player Classic 2010-11-22 00:13 . 2010-11-22 00:13 -------- d-----w- c:\arquivos de programas\MPC HomeCinema 2010-11-20 18:01 . 2010-11-20 18:01 11776 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugins\nprjplug.dll 2010-11-20 18:01 . 2010-11-20 18:01 -------- d-----w- c:\arquivos de programas\Arquivos comuns\xing shared 2010-11-20 18:01 . 2010-11-20 18:01 151776 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugins\nppl3260.dll 2010-11-20 18:01 . 2010-11-20 18:01 100352 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugins\nprpjplug.dll 2010-11-20 18:00 . 2010-11-20 18:01 -------- d-----w- c:\arquivos de programas\Real 2010-11-20 17:52 . 2010-11-20 17:52 -------- d-----w- C:\ProgramData . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-20 18:01 . 2004-07-02 20:51 499712 ----a-w- c:\windows\system32\msvcp71.dll 2010-11-20 18:01 . 2004-07-02 20:51 348160 ----a-w- c:\windows\system32\msvcr71.dll 2010-10-22 06:23 . 2006-08-08 01:26 14532608 ----a-w- c:\windows\system32\nvoglnt.dll 2010-10-22 06:23 . 2006-08-08 01:26 9623680 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2010-10-22 06:23 . 2006-08-08 01:26 6359552 ----a-w- c:\windows\system32\nv4_disp.dll 2010-10-22 06:23 . 2006-08-08 01:26 1462272 ----a-w- c:\windows\system32\nvapi.dll 2010-10-16 21:21 . 2009-08-01 01:44 141612 ----a-w- c:\windows\system32\drivers\dump_wmimmc.sys 2010-10-16 14:05 . 2010-10-16 14:05 81920 ----a-w- c:\windows\system32\nvwddi.dll 2010-10-16 14:05 . 2010-10-16 14:05 335872 ----a-w- c:\windows\system32\nvrsar.dll 2010-10-16 14:05 . 2010-10-16 14:05 331776 ----a-w- c:\windows\system32\nvrshe.dll 2010-10-16 14:05 . 2010-10-16 14:05 286720 ----a-w- c:\windows\system32\nvrsfr.dll 2010-10-16 14:05 . 2010-10-16 14:05 282624 ----a-w- c:\windows\system32\nvrses.dll 2010-10-16 14:05 . 2010-10-16 14:05 282624 ----a-w- c:\windows\system32\nvrsel.dll 2010-10-16 14:05 . 2010-10-16 14:05 278528 ----a-w- c:\windows\system32\nvrsde.dll 2010-10-16 14:05 . 2010-10-16 14:05 274432 ----a-w- c:\windows\system32\nvrsnl.dll 2010-10-16 14:05 . 2010-10-16 14:05 274432 ----a-w- c:\windows\system32\nvrsesm.dll 2010-10-16 14:05 . 2010-10-16 14:05 270336 ----a-w- c:\windows\system32\nvrsru.dll 2010-10-16 14:05 . 2010-10-16 14:05 270336 ----a-w- c:\windows\system32\nvrsptb.dll 2010-10-16 14:05 . 2010-10-16 14:05 266240 ----a-w- c:\windows\system32\nvrsko.dll 2010-10-16 14:05 . 2010-10-16 14:05 262144 ----a-w- c:\windows\system32\nvrshu.dll 2010-10-16 14:05 . 2010-10-16 14:05 258048 ----a-w- c:\windows\system32\nvrstr.dll 2010-10-16 14:05 . 2010-10-16 14:05 258048 ----a-w- c:\windows\system32\nvrssl.dll 2010-10-16 14:05 . 2010-10-16 14:05 258048 ----a-w- c:\windows\system32\nvrssk.dll 2010-10-16 14:05 . 2010-10-16 14:05 253952 ----a-w- c:\windows\system32\nvrsth.dll 2010-10-16 14:05 . 2010-10-16 14:05 253952 ----a-w- c:\windows\system32\nvrssv.dll 2010-10-16 14:05 . 2010-10-16 14:05 253952 ----a-w- c:\windows\system32\nvrsda.dll 2010-10-16 14:05 . 2010-10-16 14:05 249856 ----a-w- c:\windows\system32\nvrsfi.dll 2010-10-16 14:05 . 2010-10-16 14:05 249856 ----a-w- c:\windows\system32\nvrseng.dll 2010-10-16 14:05 . 2010-10-16 14:05 249856 ----a-w- c:\windows\system32\nvrscs.dll 2010-10-16 14:05 . 2010-10-16 14:05 229376 ----a-w- c:\windows\system32\nvrszhc.dll 2010-10-16 14:05 . 2010-10-16 14:05 126976 ----a-w- c:\windows\system32\nvrszht.dll 2010-10-16 14:05 . 2010-10-16 14:05 282624 ----a-w- c:\windows\system32\nvrsit.dll 2010-10-16 14:05 . 2010-10-16 14:05 277608 ----a-w- c:\windows\system32\nvmccs.dll 2010-10-16 14:05 . 2010-10-16 14:05 274432 ----a-w- c:\windows\system32\nvrspt.dll 2010-10-16 14:05 . 2010-10-16 14:05 270336 ----a-w- c:\windows\system32\nvrsja.dll 2010-10-16 14:05 . 2010-10-16 14:05 258048 ----a-w- c:\windows\system32\nvrspl.dll 2010-10-16 14:05 . 2010-10-16 14:05 253952 ----a-w- c:\windows\system32\nvrsno.dll 2010-10-16 14:05 . 2010-10-16 14:05 156776 ----a-w- c:\windows\system32\nvsvc32.exe 2010-10-16 14:05 . 2010-10-16 14:05 145000 ----a-w- c:\windows\system32\nvcolor.exe 2010-10-16 14:05 . 2010-10-16 14:05 13851752 ----a-w- c:\windows\system32\nvcpl.dll 2010-10-16 14:05 . 2010-10-16 14:05 110696 ----a-w- c:\windows\system32\nvmctray.dll 2010-01-26 12:11 . 2010-11-15 00:44 444283 ----a-w- c:\arquivos de programas\Arquivos comuns\WinPcapNmap.exe . ((((((((((((((((((((((((((((( SnapShot@2010-12-18_21.14.17 ))))))))))))))))))))))))))))))))))))))))) . + 2010-12-19 01:00 . 2010-12-19 01:00 16384 c:\windows\Temp\Perflib_Perfdata_634.dat . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "DAEMON Tools Lite"="c:\arquivos de programas\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200] "Skype"="c:\arquivos de programas\Skype\Phone\Skype.exe" [2010-10-11 14940040] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2006-06-28 16248320] "SkyTel"="SkyTel.EXE" [2006-05-16 2879488] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "ZSSnp211"="c:\windows\ZSSnp211.exe" [2007-04-06 57344] "Domino"="c:\windows\Domino.exe" [2006-08-18 49152] "SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "QuickTime Task"="c:\arquivos de programas\QuickTime\QTTask.exe" [2010-03-18 421888] "iTunesHelper"="c:\arquivos de programas\iTunes\iTunesHelper.exe" [2010-03-26 142120] "ArcSoft Connection Service"="c:\arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424] "egui"="c:\arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072] "TkBellExe"="c:\arquivos de programas\Real\RealPlayer\update\realsched.exe" [2010-11-20 274608] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752] "nwiz"="c:\arquivos de programas\NVIDIA Corporation\nView\nwiz.exe" [2010-08-26 1753192] "Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736] "Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288] c:\documents and settings\amanda\Menu Iniciar\Programas\Inicializar\ BrOffice.org 3.1.lnk - c:\arquivos de programas\BrOffice.org 3\program\quickstart.exe [2009-4-16 384000] c:\documents and settings\Philip\Menu Iniciar\Programas\Inicializar\ BrOffice.org 3.1.lnk - c:\arquivos de programas\BrOffice.org 3\program\quickstart.exe [2009-4-16 384000] Ferramenta de Verifica‡Æo de M¡dia do Picture Motion Browser.lnk - c:\arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2009-8-11 344064] c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\ McAfee Security Scan Plus.lnk - c:\arquivos de programas\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] Microsoft Office.lnk - c:\arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] Philips GoGear SA1VBExx Device Manager.lnk - c:\arquivos de programas\Philips\GoGear SA1VBExx Device Manager\GoGear_SA1VBExx_DeviceManager.exe [2010-5-24 1611120] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\Messenger\\msmsgs.exe"= "c:\\Arquivos de programas\\Teamspeak2_RC2\\server_windows.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Arquivos de programas\\eMule\\emule.exe"= "c:\\Arquivos de programas\\VDOWNLOADER\\VDownloader.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"= "c:\\Arquivos de programas\\iTunes\\iTunes.exe"= "c:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"= "c:\\Nexon\\Combat Arms\\NMService.exe"= "c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe "c:\\Arquivos de programas\\Valve\\hl.exe"= "c:\\NGM\\NGM.exe"= "c:\\Arquivos de programas\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"= "c:\\Nexon\\Combat Arms\\Engine.exe"= "c:\\Level Up! Games\\Combat Arms\\NMService.exe"= "c:\level up! games\Combat Arms\Engine.exe"= c:\level up! games\Combat Arms\Engine.exe:*Enabled:Engine.exe "c:\level up! games\Combat Arms\CombatArms.exe"= c:\level up! games\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "56142:TCP"= 56142:TCP:Pando Media Booster "56142:UDP"= 56142:UDP:Pando Media Booster "57076:TCP"= 57076:TCP:Pando Media Booster "57076:UDP"= 57076:UDP:Pando Media Booster R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [6/10/2009 23:20 28544] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15/11/2009 01:42 691696] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [20/2/2008 12:11 33800] R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [24/4/2010 18:42 33824] R2 a2free;a-squared Free Service;c:\arquivos de programas\a-squared Free\a2service.exe [11/10/2009 23:53 1858144] R2 ekrn;Eset Service;c:\arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe [20/2/2008 12:08 472320] R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [27/1/2010 00:09 50704] S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [7/12/2010 21:35 136176] S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [19/9/2002 18:20 3584] S3 ddsxeiservice;ddsxeiservice2;c:\arquivos de programas\sXe Injected\ddsxei.sys [8/10/2010 00:34 91904] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\arquivos de programas\McAfee Security Scan\2.0.181\McCHSvc.exe [15/1/2010 10:49 227232] S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?] . Conteúdo da pasta 'Tarefas Agendadas' 2010-12-14 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 14:34] 2010-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-12-07 23:35] 2010-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-12-07 23:35] 2010-12-19 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-776561741-1682526488-682003330-1003.job - c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-11-05 13:33] 2010-12-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-776561741-1682526488-682003330-1003.job - c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-11-05 13:33] . . ------- Scan Suplementar ------- . uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = local uSearchURL,(Default) = hxxp://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office10\EXCEL.EXE/3000 Trusted Zone: nexon.net\combatarms FF - ProfilePath - c:\documents and settings\Philip\Dados de aplicativos\Mozilla\Firefox\Profiles\8eswv4zm.default\ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\arquivos de programas\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} FF - Ext: Java Quick Starter: jqs@sun.com - c:\arquivos de programas\Java\jre6\lib\deploy\jqs\ff FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-18 23:01 Windows 5.1.2600 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . ------------------------ Outros Processos em Execução ------------------------ . c:\windows\system32\nvsvc32.exe c:\arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe c:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\arquivos de programas\Bonjour\mDNSResponder.exe c:\arquivos de programas\Java\jre6\bin\jqs.exe c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe c:\windows\system32\wscntfy.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\RTHDCPL.EXE c:\windows\system32\RUNDLL32.EXE c:\arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ArcCon.ac c:\arquivos de programas\BrOffice.org 3\program\soffice.exe c:\arquivos de programas\BrOffice.org 3\program\soffice.bin c:\arquivos de programas\iPod\bin\iPodService.exe . ************************************************************************** . Tempo para conclusão: 2010-12-18 23:13:33 - Máquina reiniciou ComboFix-quarantined-files.txt 2010-12-19 01:13 ComboFix2.txt 2010-12-18 22:15 ComboFix3.txt 2010-12-18 21:19 ComboFix4.txt 2009-10-08 20:05 Pré-execução: 19 pasta(s) 280.056.713.216 bytes disponíveis Pós execução: 20 pasta(s) 279.986.671.616 bytes disponíveis - - End Of File - - C35B87FD9FC9888BDE8820773E50F814 ------------------------------------------------ Obrigado :) Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Dezembro 19, 2010 OK...o PC está limpo. 1. *Clique [iniciar] > [Executar] > copie e cole: Combofix /uninstall *Clique [OK] > [Executar] *Aguarde surgir a mensagem: "ComboFix está desinstalado" *Clique [OK] 2. *Execute o OTS *Clique [CleanUp] > [Yes] *O PC será reiniciado Um abraço e Boas Festas. Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Janeiro 3, 2011 PROBLEMA RESOLVIDO Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico. Compartilhar este post Link para o post Compartilhar em outros sites
