Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

lippxd

[Resolvido] &nbspPC ficou mais lento de uma hora para a outra.

Recommended Posts

Boa tarde!

Nesses últimos dois meses o meu PC ficou mais lento. Um dia eu liguei e notei que ele estava lento quando eu tentei fazer coisas que eu faço normalmente. Eu cheguei a achar que fosse problema da minha NET, mas o problema persiste até hoje.

Gostaria de saber se é um vírus que está causando isso.

Caso nao fosse, gostaria que me ajudassem a resolver o problema

 

Aqui vai o log do HijackThis:

 

-----------------------------------

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 17:38:39, on 17/12/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\ZSSnp211.exe

C:\WINDOWS\Domino.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe

C:\Arquivos de programas\Real\RealPlayer\update\realsched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ArcCon.ac

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Philip\Desktop\Log's\HijackThis.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Philip\Meus documentos\Downloads\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\ARQUIV~1\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe

O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACDaemon.exe

O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Real\RealPlayer\update\realsched.exe" -osboot

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] C:\Arquivos de programas\NVIDIA Corporation\nView\nwiz.exe /installquiet

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 10.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - Startup: BrOffice.org 3.1.lnk = C:\Arquivos de programas\BrOffice.org 3\program\quickstart.exe

O4 - Startup: Ferramenta de Verificação de Mídia do Picture Motion Browser.lnk = C:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

O4 - Global Startup: McAfee Security Scan Plus.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Philips GoGear SA1VBExx Device Manager.lnk = ?

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: http://combatarms.nexon.net

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Arquivos de programas\McAfee Security Scan\2.0.181\McCHSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 9748 bytes

 

 

------------------------------------------

 

Obs: Desculpem-me se eu postei na "área errada".

 

Obrigado! :)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá lippxd

 

 

1.

*Baixe o ATF Cleaner e salve-o no desktop

*Execute o ATF-Cleaner

*Selecione:

[X] Select All

*Clique em [Empty Selected]

=>Caso use Firefox ou Opera:

*Clique na aba "Firefox" ou em "Opera"

*Selecione:

[X] Select All

*Se deseja manter suas passwords clique em [Não]

*Clique [Empty selected], se deseja manter suas passwords clique em [Não]

*Clique em [Exit] ou no [X] para sair do programa

 

2.

*Baixe o MV RegClean e instale-o

*Execute o MV RegClean. Uma página da internet será aberta. Feche-a.

*Clique [iniciar] e aguarde

*Ao finalizar, clique [Remover] > [sim] > [OK]

*Feche o MV RegClean

 

3.

*Baixe o OTS e salve-o no desktop

*Execute o OTS

*Selecione a opção:

[x] Scan All Users

*Clique [Quick Scan] e aguarde o término

*Cole o relatório OTS.txt apresentado

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde!

 

1) Baixei e executei o ATF-CLEANER sem problemas.

 

2) Baixei e executei o MV RegClean sem problemas.

 

3) Baixei e executei conforme as instruções o OTS.

 

Aqui vai o Log:

 

----------------------

 

OTS logfile created on: 18/12/2010 16:02:24 - Run 1
OTS by OldTimer - Version 3.1.40.1     Folder = C:\Documents and Settings\Philip\Meus documentos\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 65,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas
Drive C: | 298,08 Gb Total Space | 260,55 Gb Free Space | 87,41% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PHILIP-83306733
Current User Name: Philip
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 30 Days
Quick Scan

[Processes - Safe List]
ots.exe -> C:\Documents and Settings\Philip\Meus documentos\Downloads\OTS.exe -> [2010/12/18 16:01:34 | 000,642,048 | ---- | M] (OldTimer Tools)
firefox.exe -> C:\Arquivos de programas\Mozilla Firefox\firefox.exe -> [2010/12/10 19:19:18 | 000,912,344 | ---- | M] (Mozilla Corporation)
realsched.exe -> C:\Arquivos de programas\Real\RealPlayer\Update\realsched.exe -> [2010/11/20 16:01:02 | 000,274,608 | ---- | M] (RealNetworks, Inc.)
acdaemon.exe -> C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACDaemon.exe -> [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.)
arccon.ac -> C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ArcCon.ac -> [2010/08/25 12:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.)
applemobiledeviceservice.exe -> C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe -> [2010/03/19 11:49:20 | 000,144,672 | ---- | M] (Apple Inc.)
acservice.exe -> C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe -> [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.)
ssscheduler.exe -> C:\Arquivos de programas\McAfee Security Scan\2.0.181\SSScheduler.exe -> [2010/01/15 10:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.)
a2service.exe -> C:\Arquivos de programas\a-squared Free\a2service.exe -> [2009/10/01 18:03:14 | 001,858,144 | ---- | M] (Emsi Software GmbH)
ekrn.exe -> C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe -> [2008/02/20 12:08:46 | 000,472,320 | ---- | M] (ESET)
egui.exe -> C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe -> [2008/02/20 12:06:58 | 001,443,072 | ---- | M] (ESET)
zssnp211.exe -> C:\WINDOWS\ZSSnp211.exe -> [2007/04/06 12:06:58 | 000,057,344 | ---- | M] (ZSMCSNAP)
spuvolumewatcher.exe -> C:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe -> [2006/12/06 05:09:30 | 000,344,064 | ---- | M] (Sony Corporation)
domino.exe -> C:\WINDOWS\Domino.exe -> [2006/08/18 17:58:14 | 000,049,152 | ---- | M] ()
explorer.exe -> C:\WINDOWS\explorer.exe -> [2004/08/04 01:45:34 | 001,034,240 | ---- | M] (Microsoft Corporation)
mdm.exe -> C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe -> [2001/02/23 08:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation)

[Modules - Safe List]
ots.exe -> C:\Documents and Settings\Philip\Meus documentos\Downloads\OTS.exe -> [2010/12/18 16:01:34 | 000,642,048 | ---- | M] (OldTimer Tools)
rpchromebrowserrecordhelper.dll -> C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll -> [2010/11/20 16:01:24 | 000,040,448 | ---- | M] (RealNetworks, Inc.)
msvcr90.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll -> [2008/07/29 09:05:08 | 000,655,872 | ---- | M] (Microsoft Corporation)
msvcp90.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll -> [2008/07/29 09:05:08 | 000,572,928 | ---- | M] (Microsoft Corporation)
comctl32.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll -> [2004/08/04 01:44:04 | 001,050,624 | R--- | M] (Microsoft Corporation)

[Win32 Services - Safe List]
(Apple Mobile Device) Dispositivo Celular da Apple [Auto | Running] -> C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe -> [2010/03/19 11:49:20 | 000,144,672 | ---- | M] (Apple Inc.)
(ACDaemon) ArcSoft Connect Daemon [Auto | Running] -> C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe -> [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.)
(McComponentHostService) McAfee Security Scan Component Host Service [On_Demand | Stopped] -> C:\Arquivos de programas\McAfee Security Scan\2.0.181\McCHSvc.exe -> [2010/01/15 10:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.)
(a2free) a-squared Free Service [Auto | Running] -> C:\Arquivos de programas\a-squared Free\a2service.exe -> [2009/10/01 18:03:14 | 001,858,144 | ---- | M] (Emsi Software GmbH)
(EhttpSrv) Eset HTTP Server [On_Demand | Stopped] -> C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -> [2008/02/20 12:14:52 | 000,019,200 | ---- | M] (ESET)
(ekrn) Eset Service [Auto | Running] -> C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe -> [2008/02/20 12:08:46 | 000,472,320 | ---- | M] (ESET)
(NOD32FiXTemDono) Eset Nod32 Boot [Auto | Stopped] -> C:\WINDOWS\System32\regedt32.exe -> [2002/09/19 18:20:38 | 000,003,584 | ---- | M] (Microsoft Corporation)
(MDM) Machine Debug Manager [Auto | Running] -> C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe -> [2001/02/23 08:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation)

[Driver Services - Safe List]
(PciCon) PciCon [Kernel | On_Demand | Stopped] -> D:\PciCon.sys -> File not found
(nv) nv [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\nv4_mini.sys -> [2010/10/22 04:23:22 | 009,623,680 | ---- | M] (NVIDIA Corporation)
(ddsxeiservice) ddsxeiservice2 [Kernel | On_Demand | Stopped] -> C:\Arquivos de programas\sXe Injected\ddsxei.sys -> [2010/10/08 00:34:11 | 000,091,904 | ---- | M] ()
(oreans32) oreans32 [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\oreans32.sys -> [2010/04/24 18:42:09 | 000,033,824 | ---- | M] ()
(npf) NetGroup Packet Filter Driver [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\npf.sys -> [2010/01/27 00:09:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.)
(sptd) sptd [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\sptd.sys -> [2009/11/15 01:42:13 | 000,691,696 | ---- | M] ()
(SCDEmu) SCDEmu [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\scdemu.sys -> [2009/11/09 01:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.)
(pavboot) pavboot [File_System | Boot | Running] -> C:\WINDOWS\system32\drivers\pavboot.sys -> [2008/06/19 18:24:30 | 000,028,544 | ---- | M] (Panda Security, S.L.)
(epfwtdir) epfwtdir [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\epfwtdir.sys -> [2008/02/20 12:11:16 | 000,033,800 | ---- | M] ()
(easdrv) easdrv [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\easdrv.sys -> [2008/02/20 12:02:22 | 000,029,704 | ---- | M] (ESET)
(eamon) eamon [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\eamon.sys -> [2008/02/20 12:01:30 | 000,039,944 | ---- | M] (ESET)
(ZSMC211) ZSMC USB PC Camera (ZS211) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ZS211.sys -> [2007/06/08 17:18:18 | 001,534,464 | ---- | M] (ZSMC.Corporation)
(AVG Anti-Rootkit) AVG Anti-Rootkit [Kernel | Boot | Running] -> C:\WINDOWS\System32\DRIVERS\avgarkt.sys -> [2007/01/31 11:33:46 | 000,005,632 | ---- | M] (GRISOFT, s.r.o.)
(AvgArCln) Avg Anti-Rootkit Clean Driver [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\AvgArCln.sys -> [2007/01/18 10:00:28 | 000,003,968 | ---- | M] (GRISOFT, s.r.o.)
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\RtkHDAud.Sys -> [2006/06/28 06:25:24 | 004,304,384 | R--- | M] (Realtek Semiconductor Corp.)
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\Hdaudbus.sys -> [2005/01/07 18:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider)
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\RTL8139.sys -> [2004/08/03 20:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-776561741-1682526488-682003330-1003\] > -> -> 
HKEY_USERS\S-1-5-21-776561741-1682526488-682003330-1003\: SearchURL\\"" -> http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR -> 
HKEY_USERS\S-1-5-21-776561741-1682526488-682003330-1003\: SearchURL\\"provider" -> MSN -> 
HKEY_USERS\S-1-5-21-776561741-1682526488-682003330-1003\: "ProxyEnable" -> 0 -> 
HKEY_USERS\S-1-5-21-776561741-1682526488-682003330-1003\: "ProxyOverride" -> local -> 
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Philip\Dados de aplicativos\Mozilla\FireFox\Profiles\8eswv4zm.default\prefs.js -> 
extensions.enabledItems -> jqs@sun.com:1.0 ->
extensions.enabledItems -> {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2 ->
extensions.enabledItems -> {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1 ->
network.proxy.http -> "localhost" ->
network.proxy.http_port -> 9666 ->
network.proxy.socks -> "localhost" ->
network.proxy.socks_port -> 9050 ->
network.proxy.socks_remote_dns -> true ->
network.proxy.ssl -> "localhost" ->
network.proxy.ssl_port -> 9666 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\extensions ->  -> 
HKLM\software\mozilla\Firefox\extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0} -> C:\Arquivos de programas\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox [C:\ARQUIVOS DE PROGRAMAS\ARCSOFT\MEDIA CONVERTER FOR PHILIPS\INTERNET VIDEO DOWNLOADER\PLUGIN_FIREFOX] -> [2010/05/21 13:21:51 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758} -> C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [C:\DOCUMENTS AND SETTINGS\ALL USERS\DADOS DE APLICATIVOS\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT] -> [2010/11/20 16:01:26 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components -> C:\Arquivos de programas\Mozilla Firefox\components [C:\ARQUIVOS DE PROGRAMAS\MOZILLA FIREFOX\COMPONENTS] -> [2010/12/10 19:19:28 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins -> C:\Arquivos de programas\Mozilla Firefox\plugins [C:\ARQUIVOS DE PROGRAMAS\MOZILLA FIREFOX\PLUGINS] -> [2010/12/13 23:12:31 | 000,000,000 | ---D | M]
< FireFox Extensions [user Folders] > -> 
 -> C:\Documents and Settings\Philip\Dados de aplicativos\Mozilla\Extensions -> [2004/07/02 21:02:39 | 000,000,000 | ---D | M]
 -> C:\Documents and Settings\Philip\Dados de aplicativos\Mozilla\Firefox\Profiles\8eswv4zm.default\extensions -> [2010/12/17 17:39:44 | 000,000,000 | ---D | M]
Flashblock   -> C:\Documents and Settings\Philip\Dados de aplicativos\Mozilla\Firefox\Profiles\8eswv4zm.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} -> [2010/11/14 22:49:30 | 000,000,000 | ---D | M]
No name found   -> C:\Documents and Settings\Philip\Dados de aplicativos\Mozilla\Firefox\Profiles\8eswv4zm.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA} -> [2009/10/25 19:07:17 | 000,000,000 | ---D | M]
Easy Youtube Video Downloader   -> C:\Documents and Settings\Philip\Dados de aplicativos\Mozilla\Firefox\Profiles\8eswv4zm.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} -> [2010/12/11 00:47:36 | 000,000,000 | ---D | M]
< FireFox Extensions [Program Folders] > -> 
 -> C:\Arquivos de programas\Mozilla Firefox\extensions -> [2010/12/17 17:39:44 | 000,000,000 | ---D | M]
< HOSTS File > ([2002/09/19 18:19:52 | 000,000,776 | ---- | M] - 19 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> 
Reset Hosts
127.0.0.1       localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{11222041-111B-46E3-BD29-EFB2449479B1} [HKLM] -> C:\Arquivos de programas\ArcSoft\Media Converter for Philips\Internet Video Downloader\ArcURLRecord.dll [iEPlugin Class] -> [2008/12/24 18:38:20 | 000,145,920 | ---- | M] (ArcSoft, Inc.)
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> [2010/11/10 12:49:36 | 000,062,376 | ---- | M] (Adobe Systems Incorporated)
{3049C3E9-B461-4BC5-8870-4C09146192CA} [HKLM] -> C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] -> [2010/11/20 16:01:23 | 000,382,720 | ---- | M] (RealPlayer)
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Windows Live Sign-in Helper] -> [2009/01/22 16:41:30 | 000,408,448 | ---- | M] (Microsoft Corporation)
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} [HKLM] -> C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [skype Plug-In] -> [2010/09/27 14:42:44 | 001,250,696 | ---- | M] (Skype Technologies S.A.)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-776561741-1682526488-682003330-1003\] > -> HKEY_USERS\S-1-5-21-776561741-1682526488-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Adobe ARM" -> C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe ["C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"] -> [2010/11/10 12:49:34 | 000,932,288 | ---- | M] (Adobe Systems Incorporated)
"Adobe Reader Speed Launcher" -> C:\Arquivos de programas\Adobe\Reader 10.0\Reader\Reader_sl.exe ["C:\Arquivos de programas\Adobe\Reader 10.0\Reader\Reader_sl.exe"] -> [2010/11/10 12:49:36 | 000,035,736 | ---- | M] (Adobe Systems Incorporated)
"ArcSoft Connection Service" -> C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACDaemon.exe [C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACDaemon.exe] -> [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.)
"Domino" -> C:\WINDOWS\Domino.exe [C:\WINDOWS\Domino.exe] -> [2006/08/18 17:58:14 | 000,049,152 | ---- | M] ()
"egui" -> C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe ["C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice] -> [2008/02/20 12:06:58 | 001,443,072 | ---- | M] (ESET)
"NeroFilterCheck" -> C:\WINDOWS\system32\NeroCheck.exe [C:\WINDOWS\system32\NeroCheck.exe] -> [2001/07/09 11:50:42 | 000,155,648 | ---- | M] (Ahead Software Gmbh)
"NvCplDaemon" -> C:\WINDOWS\System32\NvCpl.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2010/10/16 12:05:52 | 013,851,752 | ---- | M] (NVIDIA Corporation)
"NvMediaCenter" -> C:\WINDOWS\System32\NvMcTray.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> [2010/10/16 12:05:52 | 000,110,696 | ---- | M] (NVIDIA Corporation)
"nwiz" -> C:\Arquivos de programas\NVIDIA Corporation\nView\nwiz.exe [C:\Arquivos de programas\NVIDIA Corporation\nView\nwiz.exe /installquiet] -> [2010/08/26 00:12:22 | 001,753,192 | ---- | M] ()
"SkyTel" -> C:\WINDOWS\SkyTel.exe [skyTel.EXE] -> [2006/05/16 08:04:26 | 002,879,488 | R--- | M] (Realtek Semiconductor Corp.)
"TkBellExe" -> C:\Arquivos de programas\Real\RealPlayer\update\realsched.exe ["C:\Arquivos de programas\Real\RealPlayer\update\realsched.exe"  -osboot] -> [2010/11/20 16:01:02 | 000,274,608 | ---- | M] (RealNetworks, Inc.)
"ZSSnp211" -> C:\WINDOWS\ZSSnp211.exe [C:\WINDOWS\ZSSnp211.exe] -> [2007/04/06 12:06:58 | 000,057,344 | ---- | M] (ZSMCSNAP)
< Run [HKEY_USERS\S-1-5-21-776561741-1682526488-682003330-1003\] > -> HKEY_USERS\S-1-5-21-776561741-1682526488-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"DAEMON Tools Lite" -> C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe ["C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe" -autorun] -> [2009/10/30 09:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar -> 
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\McAfee Security Scan Plus.lnk -> C:\Arquivos de programas\McAfee Security Scan\2.0.181\SSScheduler.exe -> [2010/01/15 10:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.)
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Philips GoGear SA1VBExx Device Manager.lnk -> C:\Arquivos de programas\Philips\GoGear SA1VBExx Device Manager\GoGear_SA1VBExx_DeviceManager.exe -> [2009/06/02 15:57:48 | 001,611,120 | ---- | M] (Philips)
< amanda Startup Folder > -> C:\Documents and Settings\amanda\Menu Iniciar\Programas\Inicializar -> 
C:\Documents and Settings\amanda\Menu Iniciar\Programas\Inicializar\BrOffice.org 3.1.lnk -> C:\Arquivos de programas\BrOffice.org 3\program\quickstart.exe -> [2009/04/16 14:14:14 | 000,384,000 | ---- | M] ()
< Convidado Startup Folder > -> C:\Documents and Settings\Convidado\Menu Iniciar\Programas\Inicializar -> 
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Menu Iniciar\Programas\Inicializar -> 
< Philip Startup Folder > -> C:\Documents and Settings\Philip\Menu Iniciar\Programas\Inicializar -> 
C:\Documents and Settings\Philip\Menu Iniciar\Programas\Inicializar\BrOffice.org 3.1.lnk -> C:\Arquivos de programas\BrOffice.org 3\program\quickstart.exe -> [2009/04/16 14:14:14 | 000,384,000 | ---- | M] ()
C:\Documents and Settings\Philip\Menu Iniciar\Programas\Inicializar\Ferramenta de Verificação de Mídia do Picture Motion Browser.lnk -> C:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe -> [2006/12/06 05:09:30 | 000,344,064 | ---- | M] (Sony Corporation)
< Software Policy Settings [HKEY_USERS\S-1-5-21-776561741-1682526488-682003330-1003] > -> HKEY_USERS\S-1-5-21-776561741-1682526488-682003330-1003\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-776561741-1682526488-682003330-1003] > -> HKEY_USERS\S-1-5-21-776561741-1682526488-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-21-776561741-1682526488-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-776561741-1682526488-682003330-1003] > -> HKEY_USERS\S-1-5-21-776561741-1682526488-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_USERS\S-1-5-21-776561741-1682526488-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Add to Google Photos Screensa&ver -> C:\WINDOWS\System32\GPhotos.scr [res://C:\WINDOWS\system32\GPhotos.scr/200] -> [2009/05/01 16:30:36 | 003,366,912 | ---- | M] (Google Inc.)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Add to Google Photos Screensa&ver -> C:\WINDOWS\System32\GPhotos.scr [res://C:\WINDOWS\system32\GPhotos.scr/200] -> [2009/05/01 16:30:36 | 003,366,912 | ---- | M] (Google Inc.)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-776561741-1682526488-682003330-1003\] > -> HKEY_USERS\S-1-5-21-776561741-1682526488-682003330-1003\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Add to Google Photos Screensa&ver -> C:\WINDOWS\System32\GPhotos.scr [res://C:\WINDOWS\system32\GPhotos.scr/200] -> [2009/05/01 16:30:36 | 003,366,912 | ---- | M] (Google Inc.)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{898EA8C8-E7FF-479B-8935-AEC46303B9E5}:{898EA8C8-E7FF-479B-8935-AEC46303B9E5} [HKLM] -> C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [button: Skype Plug-In] -> [2010/09/27 14:42:44 | 001,250,696 | ---- | M] (Skype Technologies S.A.)
{898EA8C8-E7FF-479B-8935-AEC46303B9E5}:{898EA8C8-E7FF-479B-8935-AEC46303B9E5} [HKLM] -> C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Menu: Skype Plug-In] -> [2010/09/27 14:42:44 | 001,250,696 | ---- | M] (Skype Technologies S.A.)
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-776561741-1682526488-682003330-1003\] > -> HKEY_USERS\S-1-5-21-776561741-1682526488-682003330-1003\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{5067A26B-1337-4436-8AFE-EE169C2DA79F}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{77BF5300-1474-4EC7-9980-D32B190E9B07}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{898EA8C8-E7FF-479B-8935-AEC46303B9E5}" [HKLM] -> C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [skype Browser Helper] -> [2010/09/27 14:42:44 | 001,250,696 | ---- | M] (Skype Technologies S.A.)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Galeria Microsoft ActiveX -> 
PluginsPage -> http://activex.&microsoft.com/controls/find.asp?ext=%smime=%s -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-776561741-1682526488-682003330-1003\] > -> HKEY_USERS\S-1-5-21-776561741-1682526488-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-776561741-1682526488-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
combatarms_nexon.net [http] -> Sites confiáveis -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-776561741-1682526488-682003330-1003\] > -> HKEY_USERS\S-1-5-21-776561741-1682526488-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-776561741-1682526488-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{20A60F0D-9AFA-4515-A0FD-83BD84642501} [HKLM] -> http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab [Checkers Class] -> 
{5C051655-FCD5-4969-9182-770EA5AA5565} [HKLM] -> http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab [solitaire Showdown Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] -> 
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} [HKLM] -> http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab [MessengerStatsClient Class] -> 
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] -> 
{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} [HKLM] -> http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab [Minesweeper Flags Class] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.0.1 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{5751FE15-550E-446B-96B3-9E26BC6F3A8B}\\DhcpNameServer -> 192.168.0.1   (Realtek RTL8139 Family PCI Fast Ethernet NIC) -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2004/08/04 01:45:34 | 001,034,240 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
"C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe" -> C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe [C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster] -> [2010/10/03 17:21:02 | 002,953,112 | ---- | M] ()
"C:\Level Up! Games\Combat Arms\CombatArms.exe" -> C:\Level Up! Games\Combat Arms\CombatArms.exe [C:\Level Up! Games\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe] -> [2010/10/13 19:47:56 | 001,718,784 | ---- | M] (Nexon)
"C:\Level Up! Games\Combat Arms\Engine.exe" -> C:\Level Up! Games\Combat Arms\Engine.exe [C:\Level Up! Games\Combat Arms\Engine.exe:*Enabled:Engine.exe] -> [2010/10/14 01:14:00 | 002,641,928 | ---- | M] (Nexon)
"C:\Nexon\Combat Arms\CombatArms.exe" -> C:\Nexon\Combat Arms\CombatArms.exe [C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe] -> [2010/10/19 10:06:00 | 001,718,784 | ---- | M] (Nexon)
"C:\Nexon\Combat Arms\Engine.exe" -> C:\Nexon\Combat Arms\Engine.exe [C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe] -> [2010/10/19 10:29:51 | 002,650,584 | ---- | M] (Nexon)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"C:\Arquivos de programas\eMule\emule.exe" -> C:\Arquivos de programas\eMule\emule.exe [C:\Arquivos de programas\eMule\emule.exe:*:Enabled:eMule] -> [2009/02/22 17:15:14 | 005,668,864 | ---- | M] (http://www.emule-project.net)
"C:\Arquivos de programas\iTunes\iTunes.exe" -> C:\Arquivos de programas\iTunes\iTunes.exe [C:\Arquivos de programas\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2010/03/26 02:09:58 | 010,358,568 | ---- | M] (Apple Inc.)
"C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe" -> C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe [C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster] -> [2010/10/03 17:21:02 | 002,953,112 | ---- | M] ()
"C:\Arquivos de programas\Team17\Worms Armageddon\wa.exe" -> C:\Arquivos de programas\Team17\Worms Armageddon\wa.exe [C:\Arquivos de programas\Team17\Worms Armageddon\wa.exe:*:Enabled:Worms Armageddon] -> File not found
"C:\Arquivos de programas\Teamspeak2_RC2\server_windows.exe" -> C:\Arquivos de programas\Teamspeak2_RC2\server_windows.exe [C:\Arquivos de programas\Teamspeak2_RC2\server_windows.exe:*:Enabled:Server] -> [2004/03/09 09:11:41 | 001,263,104 | ---- | M] ()
"C:\Arquivos de programas\Valve\hl.exe" -> C:\Arquivos de programas\Valve\hl.exe [C:\Arquivos de programas\Valve\hl.exe:*:Enabled:Half-Life Launcher] -> [2005/09/29 23:42:57 | 000,081,920 | ---- | M] (Valve)
"C:\Arquivos de programas\VDOWNLOADER\VDownloader.exe" -> C:\Arquivos de programas\VDOWNLOADER\VDownloader.exe [C:\Arquivos de programas\VDOWNLOADER\VDownloader.exe:*:Enabled:VDownloader] -> [2009/11/16 10:59:24 | 002,654,216 | ---- | M] ()
"C:\Documents and Settings\All Users\Dados de aplicativos\NexonUS\NGM\NGM.exe" -> C:\Documents and Settings\All Users\Dados de aplicativos\NexonUS\NGM\NGM.exe [C:\Documents and Settings\All Users\Dados de aplicativos\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager] -> [2010/10/03 18:24:54 | 000,172,032 | ---- | M] (Nexon)
"C:\Level Up! Games\Combat Arms\CombatArms.exe" -> C:\Level Up! Games\Combat Arms\CombatArms.exe [C:\Level Up! Games\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe] -> [2010/10/13 19:47:56 | 001,718,784 | ---- | M] (Nexon)
"C:\Level Up! Games\Combat Arms\Engine.exe" -> C:\Level Up! Games\Combat Arms\Engine.exe [C:\Level Up! Games\Combat Arms\Engine.exe:*Enabled:Engine.exe] -> [2010/10/14 01:14:00 | 002,641,928 | ---- | M] (Nexon)
"C:\Level Up! Games\Combat Arms\NMService.exe" -> C:\Level Up! Games\Combat Arms\NMService.exe [C:\Level Up! Games\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core] -> [2010/08/28 15:59:46 | 001,851,392 | ---- | M] (Nexon Corp.)
"C:\Nexon\Combat Arms\CombatArms.exe" -> C:\Nexon\Combat Arms\CombatArms.exe [C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe] -> [2010/10/19 10:06:00 | 001,718,784 | ---- | M] (Nexon)
"C:\Nexon\Combat Arms\Engine.exe" -> C:\Nexon\Combat Arms\Engine.exe [C:\Nexon\Combat Arms\Engine.exe:*:Enabled:Combat Arms] -> [2010/10/19 10:29:51 | 002,650,584 | ---- | M] (Nexon)
"C:\Nexon\Combat Arms\NMService.exe" -> C:\Nexon\Combat Arms\NMService.exe [C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core] -> [2009/09/25 21:34:38 | 001,740,800 | R--- | M] (Nexon Corp.)
"C:\NGM\NGM.exe" -> C:\NGM\NGM.exe [C:\NGM\NGM.exe:*:Enabled:Nexon Game Manager] -> [2010/10/03 13:02:38 | 000,172,032 | ---- | M] (Nexon)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> Driver de CD-ROM -> 
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2004/07/02 18:20:42 | 000,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = comfile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 


[Files/Folders - Created Within 30 Days]
Marcos Velasco Security -> C:\Arquivos de programas\Marcos Velasco Security -> [2010/12/18 15:40:13 | 000,000,000 | ---D | C]
ime -> C:\Documents and Settings\Philip\Desktop\ime -> [2010/12/13 23:30:15 | 000,000,000 | ---D | C]
Adobe -> C:\Documents and Settings\Philip\Configurações locais\Dados de aplicativos\Adobe -> [2010/12/13 23:14:46 | 000,000,000 | ---D | C]
Adobe -> C:\Arquivos de programas\Arquivos comuns\Adobe -> [2010/12/13 23:12:03 | 000,000,000 | ---D | C]
Adobe -> C:\Arquivos de programas\Adobe -> [2010/12/13 23:12:03 | 000,000,000 | ---D | C]
Adobe -> C:\Documents and Settings\All Users\Dados de aplicativos\Adobe -> [2010/12/13 23:11:02 | 000,000,000 | ---D | C]
Foxit Software -> C:\Documents and Settings\Philip\Dados de aplicativos\Foxit Software -> [2010/12/13 22:59:10 | 000,000,000 | ---D | C]
Foxit Software -> C:\Documents and Settings\LocalService\Dados de aplicativos\Foxit Software -> [2010/12/13 22:59:08 | 000,000,000 | ---D | C]
Google -> C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Google -> [2010/12/07 21:40:00 | 000,000,000 | ---D | C]
Temp -> C:\Documents and Settings\Philip\Configurações locais\Dados de aplicativos\Temp -> [2010/12/07 21:35:49 | 000,000,000 | ---D | C]
Google -> C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Google -> [2010/12/07 21:35:48 | 000,000,000 | ---D | C]
NVIDIA Corporation -> C:\Documents and Settings\All Users\Dados de aplicativos\NVIDIA Corporation -> [2010/11/27 16:14:01 | 000,000,000 | ---D | C]
ReinstallBackups -> C:\WINDOWS\System32\ReinstallBackups -> [2010/11/27 16:11:41 | 000,000,000 | ---D | C]
OpenCL.dll -> C:\WINDOWS\System32\OpenCL.dll -> [2010/11/27 16:11:37 | 000,061,440 | ---- | C] (Khronos Group)
NVIDIA Corporation -> C:\Arquivos de programas\NVIDIA Corporation -> [2010/11/27 16:11:14 | 000,000,000 | ---D | C]
NVIDIA -> C:\NVIDIA -> [2010/11/27 16:10:35 | 000,000,000 | ---D | C]
Mimicas -> C:\Documents and Settings\Philip\Desktop\Mimicas -> [2010/11/25 23:49:28 | 000,000,000 | ---D | C]
Media Player Classic -> C:\Documents and Settings\Philip\Dados de aplicativos\Media Player Classic -> [2010/11/21 22:14:56 | 000,000,000 | ---D | C]
MPC HomeCinema -> C:\Arquivos de programas\MPC HomeCinema -> [2010/11/21 22:13:46 | 000,000,000 | ---D | C]
xing shared -> C:\Arquivos de programas\Arquivos comuns\xing shared -> [2010/11/20 16:01:30 | 000,000,000 | ---D | C]
pncrt.dll -> C:\WINDOWS\System32\pncrt.dll -> [2010/11/20 16:01:03 | 000,272,896 | ---- | C] (Progressive Networks)
Real -> C:\Documents and Settings\All Users\Dados de aplicativos\Real -> [2010/11/20 16:00:57 | 000,000,000 | ---D | C]
Real -> C:\Arquivos de programas\Real -> [2010/11/20 16:00:57 | 000,000,000 | ---D | C]
Real -> C:\Documents and Settings\Philip\Dados de aplicativos\Real -> [2010/11/20 16:00:56 | 000,000,000 | ---D | C]
ProgramData -> C:\ProgramData -> [2010/11/20 15:52:26 | 000,000,000 | ---D | C]
3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 

[Files/Folders - Modified Within 30 Days]
RealUpgradeLogonTaskS-1-5-21-776561741-1682526488-682003330-1003.job -> C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-776561741-1682526488-682003330-1003.job -> [2010/12/18 16:00:41 | 000,000,296 | ---- | M] ()
RealUpgradeScheduledTaskS-1-5-21-776561741-1682526488-682003330-1003.job -> C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-776561741-1682526488-682003330-1003.job -> [2010/12/18 16:00:40 | 000,000,304 | ---- | M] ()
MV RegClean 5.9.lnk -> C:\Documents and Settings\All Users\Desktop\MV RegClean 5.9.lnk -> [2010/12/18 15:40:51 | 000,001,013 | ---- | M] ()
GoogleUpdateTaskMachineUA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job -> [2010/12/18 15:40:00 | 000,000,902 | ---- | M] ()
GoogleUpdateTaskMachineCore.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job -> [2010/12/18 12:05:29 | 000,000,898 | ---- | M] ()
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/12/18 12:04:48 | 000,002,048 | --S- | M] ()
Matrizes.doc -> C:\Documents and Settings\Philip\Desktop\Matrizes.doc -> [2010/12/15 22:09:44 | 000,914,432 | ---- | M] ()
AppleSoftwareUpdate.job -> C:\WINDOWS\tasks\AppleSoftwareUpdate.job -> [2010/12/14 19:55:00 | 000,000,300 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Philip\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010/12/13 23:36:28 | 000,006,656 | ---- | M] ()
iTunes.lnk -> C:\Documents and Settings\All Users\Desktop\iTunes.lnk -> [2010/12/10 19:58:22 | 000,002,169 | ---- | M] ()
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2010/12/06 22:17:16 | 000,002,206 | ---- | M] ()
NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2010/12/04 19:50:50 | 000,000,116 | ---- | M] ()
Skype.lnk -> C:\Documents and Settings\All Users\Desktop\Skype.lnk -> [2010/12/04 15:12:53 | 000,002,315 | ---- | M] ()
nvdrsdb0.bin -> C:\WINDOWS\System32\nvdrsdb0.bin -> [2010/11/27 16:12:05 | 000,240,592 | ---- | M] ()
nvdrssel.bin -> C:\WINDOWS\System32\nvdrssel.bin -> [2010/11/27 16:12:05 | 000,000,001 | ---- | M] ()
nvdrsdb1.bin -> C:\WINDOWS\System32\nvdrsdb1.bin -> [2010/11/27 16:12:00 | 000,240,592 | ---- | M] ()
nvdrswr.lk -> C:\WINDOWS\System32\nvdrswr.lk -> [2010/11/27 16:12:00 | 000,000,000 | ---- | M] ()
nvapps.xml -> C:\WINDOWS\System32\nvapps.xml -> [2010/11/27 13:26:50 | 000,063,804 | ---- | M] ()
Media Player Classic - Home Cinema.lnk -> C:\Documents and Settings\All Users\Desktop\Media Player Classic - Home Cinema.lnk -> [2010/11/21 22:13:51 | 000,000,688 | ---- | M] ()
RealPlayer.lnk -> C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk -> [2010/11/20 16:01:39 | 000,001,001 | ---- | M] ()
pncrt.dll -> C:\WINDOWS\System32\pncrt.dll -> [2010/11/20 16:01:03 | 000,272,896 | ---- | M] (Progressive Networks)
perfh016.dat -> C:\WINDOWS\System32\perfh016.dat -> [2010/11/20 11:41:15 | 000,425,426 | ---- | M] ()
perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2010/11/20 11:41:15 | 000,392,432 | ---- | M] ()
perfc016.dat -> C:\WINDOWS\System32\perfc016.dat -> [2010/11/20 11:41:15 | 000,067,450 | ---- | M] ()
perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2010/11/20 11:41:15 | 000,058,732 | ---- | M] ()
3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 

[Files - No Company Name]
MV RegClean 5.9.lnk -> C:\Documents and Settings\All Users\Desktop\MV RegClean 5.9.lnk -> [2010/12/18 15:40:51 | 000,001,013 | ---- | C] ()
Matrizes.doc -> C:\Documents and Settings\Philip\Desktop\Matrizes.doc -> [2010/12/15 22:09:43 | 000,914,432 | ---- | C] ()
GoogleUpdateTaskMachineUA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job -> [2010/12/07 21:35:44 | 000,000,902 | ---- | C] ()
GoogleUpdateTaskMachineCore.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job -> [2010/12/07 21:35:44 | 000,000,898 | ---- | C] ()
nvdrsdb0.bin -> C:\WINDOWS\System32\nvdrsdb0.bin -> [2010/11/27 16:12:05 | 000,240,592 | ---- | C] ()
nvdrsdb1.bin -> C:\WINDOWS\System32\nvdrsdb1.bin -> [2010/11/27 16:12:00 | 000,240,592 | ---- | C] ()
nvdrssel.bin -> C:\WINDOWS\System32\nvdrssel.bin -> [2010/11/27 16:12:00 | 000,000,001 | ---- | C] ()
nvdrswr.lk -> C:\WINDOWS\System32\nvdrswr.lk -> [2010/11/27 16:12:00 | 000,000,000 | ---- | C] ()
nvdata.bin -> C:\WINDOWS\System32\nvdata.bin -> [2010/11/27 16:11:37 | 002,293,194 | ---- | C] ()
nvinfo.pb -> C:\WINDOWS\System32\nvinfo.pb -> [2010/11/27 16:11:36 | 000,003,739 | ---- | C] ()
RealUpgradeLogonTaskS-1-5-21-776561741-1682526488-682003330-1003.job -> C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-776561741-1682526488-682003330-1003.job -> [2010/11/27 02:36:26 | 000,000,296 | ---- | C] ()
Media Player Classic - Home Cinema.lnk -> C:\Documents and Settings\All Users\Desktop\Media Player Classic - Home Cinema.lnk -> [2010/11/21 22:13:51 | 000,000,688 | ---- | C] ()
RealUpgradeScheduledTaskS-1-5-21-776561741-1682526488-682003330-1003.job -> C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-776561741-1682526488-682003330-1003.job -> [2010/11/20 16:01:53 | 000,000,304 | ---- | C] ()
RealPlayer.lnk -> C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk -> [2010/11/20 16:01:39 | 000,001,001 | ---- | C] ()
WinPcapNmap.exe -> C:\Arquivos de programas\Arquivos comuns\WinPcapNmap.exe -> [2010/11/14 22:44:51 | 000,444,283 | ---- | C] ()
oreans32.sys -> C:\WINDOWS\System32\drivers\oreans32.sys -> [2010/04/24 18:42:09 | 000,033,824 | ---- | C] ()
pthreadVC.dll -> C:\WINDOWS\System32\pthreadVC.dll -> [2010/01/27 00:09:02 | 000,053,299 | ---- | C] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Philip\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/12/25 13:48:08 | 000,006,656 | ---- | C] ()
sptd.sys -> C:\WINDOWS\System32\drivers\sptd.sys -> [2009/11/15 01:42:13 | 000,691,696 | ---- | C] ()
MSJCE.dll -> C:\WINDOWS\System32\MSJCE.dll -> [2009/09/21 19:24:32 | 000,069,632 | ---- | C] ()
NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2009/09/17 20:08:11 | 000,000,116 | ---- | C] ()
iyvu9_32.dll -> C:\WINDOWS\System32\iyvu9_32.dll -> [2009/09/11 19:01:12 | 000,056,832 | ---- | C] ()
KMVIDC32.DLL -> C:\WINDOWS\System32\KMVIDC32.DLL -> [2009/09/11 17:25:44 | 000,047,104 | ---- | C] ()
dump_wmimmc.sys -> C:\WINDOWS\System32\drivers\dump_wmimmc.sys -> [2009/07/31 23:44:14 | 000,141,612 | ---- | C] ()
epfwtdir.sys -> C:\WINDOWS\System32\drivers\epfwtdir.sys -> [2008/02/20 12:11:16 | 000,033,800 | ---- | C] ()
nvnt4cpl.dll -> C:\WINDOWS\System32\nvnt4cpl.dll -> [2006/08/07 23:26:30 | 000,286,720 | ---- | C] ()
nvhwvid.dll -> C:\WINDOWS\System32\nvhwvid.dll -> [2006/08/07 23:26:28 | 000,581,632 | ---- | C] ()
ieencode.dll -> C:\WINDOWS\System32\ieencode.dll -> [2004/08/04 01:45:24 | 000,081,920 | ---- | C] ()
secdrv.sys -> C:\WINDOWS\System32\drivers\secdrv.sys -> [2004/07/17 12:36:38 | 000,027,440 | ---- | C] ()
ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2004/07/02 19:08:10 | 000,000,421 | ---- | C] ()
RtlCPAPI.dll -> C:\WINDOWS\System32\RtlCPAPI.dll -> [2004/07/02 18:32:45 | 000,135,168 | R--- | C] ()
ODBCINST.INI -> C:\WINDOWS\ODBCINST.INI -> [2004/07/02 15:08:26 | 000,004,205 | ---- | C] ()

[File - Lop Check]
DAEMON Tools Lite -> C:\Documents and Settings\All Users\Dados de aplicativos\DAEMON Tools Lite -> [2009/11/15 01:41:35 | 000,000,000 | ---D | M]
ESET -> C:\Documents and Settings\All Users\Dados de aplicativos\ESET -> [2010/07/01 01:17:06 | 000,000,000 | ---D | M]
Messenger Plus! -> C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus! -> [2009/09/21 21:32:56 | 000,000,000 | ---D | M]
Nexon -> C:\Documents and Settings\All Users\Dados de aplicativos\Nexon -> [2010/04/24 18:44:46 | 000,000,000 | ---D | M]
NexonUS -> C:\Documents and Settings\All Users\Dados de aplicativos\NexonUS -> [2010/04/24 18:44:48 | 000,000,000 | ---D | M]
PACE Anti-Piracy -> C:\Documents and Settings\All Users\Dados de aplicativos\PACE Anti-Piracy -> [2010/10/02 01:43:05 | 000,000,000 | ---D | M]
PMB Files -> C:\Documents and Settings\All Users\Dados de aplicativos\PMB Files -> [2010/10/03 17:21:25 | 000,000,000 | ---D | M]
TEMP -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP -> [2010/12/17 18:50:32 | 000,000,000 | ---D | M]
{429CAD59-35B1-4DBC-BB6D-1DB246563521} -> C:\Documents and Settings\All Users\Dados de aplicativos\{429CAD59-35B1-4DBC-BB6D-1DB246563521} -> [2010/04/06 21:37:08 | 000,000,000 | ---D | M]
{755AC846-7372-4AC8-8550-C52491DAA8BD} -> C:\Documents and Settings\All Users\Dados de aplicativos\{755AC846-7372-4AC8-8550-C52491DAA8BD} -> [2009/11/02 13:24:17 | 000,000,000 | ---D | M]
BrOffice.org -> C:\Documents and Settings\amanda\Dados de aplicativos\BrOffice.org -> [2010/04/26 18:53:18 | 000,000,000 | ---D | M]
PhotoFiltre Studio X -> C:\Documents and Settings\amanda\Dados de aplicativos\PhotoFiltre Studio X -> [2010/04/12 16:31:24 | 000,000,000 | ---D | M]
BrOffice.org -> C:\Documents and Settings\Convidado\Dados de aplicativos\BrOffice.org -> [2010/06/26 15:09:43 | 000,000,000 | ---D | M]
Foxit Software -> C:\Documents and Settings\LocalService\Dados de aplicativos\Foxit Software -> [2010/12/13 22:59:08 | 000,000,000 | ---D | M]
BrOffice.org -> C:\Documents and Settings\Philip\Dados de aplicativos\BrOffice.org -> [2009/12/12 18:50:11 | 000,000,000 | ---D | M]
DAEMON Tools Lite -> C:\Documents and Settings\Philip\Dados de aplicativos\DAEMON Tools Lite -> [2009/11/16 00:59:56 | 000,000,000 | ---D | M]
Foxit -> C:\Documents and Settings\Philip\Dados de aplicativos\Foxit -> [2009/09/21 20:47:50 | 000,000,000 | ---D | M]
Foxit Software -> C:\Documents and Settings\Philip\Dados de aplicativos\Foxit Software -> [2010/12/13 22:59:10 | 000,000,000 | ---D | M]
PACE Anti-Piracy -> C:\Documents and Settings\Philip\Dados de aplicativos\PACE Anti-Piracy -> [2010/10/02 01:43:04 | 000,000,000 | ---D | M]
PhotoFiltre Studio X -> C:\Documents and Settings\Philip\Dados de aplicativos\PhotoFiltre Studio X -> [2010/01/10 23:01:35 | 000,000,000 | ---D | M]
Tibia -> C:\Documents and Settings\Philip\Dados de aplicativos\Tibia -> [2010/12/17 18:50:40 | 000,000,000 | ---D | M]

[File - Purity Scan]


[Files/Folders - Unicode - All]
C:\Documents and Settings\Philip\Meus documentos\?? ??? -> C:\Documents and Settings\Philip\Meus documentos\넥슨 플러그 -> [2010/10/23 15:55:10 | 000,000,000 | ---D | C]
C:\Documents and Settings\Philip\Meus documentos\?? ??? -> C:\Documents and Settings\Philip\Meus documentos\넥슨 플러그 -> [2010/10/23 15:55:10 | 000,000,000 | ---D | M]

[Alternate Data Streams]
@Alternate Data Stream - 1048 bytes -> C:\Arquivos de programas\Arquivos comuns\Microsoft Shared:i7OwP5SLh0HRd0wBsvxpo
@Alternate Data Stream - 1088 bytes -> C:\Arquivos de programas\Outlook Express:gIEZm2thoLz1jYRndVPzm
@Alternate Data Stream - 1207 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft:O154quoGeHJTG1xaJyXbM9Iy65U
@Alternate Data Stream - 1267 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft:QPiqqlMn3mPrv37YiMptKazGi3n
@Alternate Data Stream - 1295 bytes -> C:\Documents and Settings\Philip\Cookies:x3jyrEOwuqEsdoqnq
@Alternate Data Stream - 255 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:6BE50C2B
< End of report >

 

------------------------------------

 

Obrigado :)

Compartilhar este post


Link para o post
Compartilhar em outros sites

1.

*Selecione e copie o código abaixo:

[unregister Dlls]

[Registry - Safe List]

< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-776561741-1682526488-682003330-1003\] > -> HKEY_USERS\S-1-5-21-776561741-1682526488-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\

YN -> WebBrowser\\"{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]

< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

[Alternate Data Streams]

NY -> @Alternate Data Stream - 255 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:6BE50C2B

[Empty Temp Folders]

[Reboot]

*Execute o OTS

*Clique no espaço abaixo de "Paste Fix Here", e cole o código

*Clique [Run Fix]

*O PC será reiniciado

*Cole o relatório apresentado após a reinicialização (C:\_OTS\MovedFiles\MDA_HMS.txt onde MDA é mês dia ano e HMS é hora minuto segundo)

 

2.

*Desative temporariamente seu antivírus

Clique com o botão direito do mouse no ícone do NOD32 ao lado do relógio > Centro de Controle > AMON > Desmarque "Módulo Residente (AMON)"

*Baixe o ComboFix e salve-o no desktop

 

*Execute-o e aceite o contrato

 

*Se o "Console de Recuperação do Microsoft Windows" não estiver instalado, clique [Yes] > [Yes].

 

191d6c44ae.jpg

 

dd8ae98175.jpg

 

*Aguarde a conclusão de todas as etapas

 

etapas.jpg

 

*Não use o mouse nem o teclado durante a execução das etapas!!

 

*Para interromper o procedimento tecle [N] > [ENTER]

 

*Cole o relatório C:\combofix.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde!

 

1) Executei o OTS sem problemas e eis o relatório:

 

Relatório do OTS

 

------------------------------

 

All Processes Killed

[Registry - Safe List]

Registry value HKEY_USERS\S-1-5-21-776561741-1682526488-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}\ not found.

[Alternate Data Streams]

ADS C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:6BE50C2B deleted successfully.

[Empty Temp Folders]

 

 

User: Administrador

 

User: All Users

 

User: amanda

->Temp folder emptied: 33176 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Java cache emptied: 5656816 bytes

->FireFox cache emptied: 104271362 bytes

->Flash cache emptied: 7423 bytes

 

User: Convidado

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->FireFox cache emptied: 89486642 bytes

->Flash cache emptied: 1603 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

 

User: Philip

->Temp folder emptied: 9317097 bytes

->Temporary Internet Files folder emptied: 43886 bytes

->Java cache emptied: 79615219 bytes

->FireFox cache emptied: 13523939 bytes

->Google Chrome cache emptied: 120367689 bytes

->Flash cache emptied: 618228 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2114593 bytes

%systemroot%\System32 .tmp files removed: 2969 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 405,00 mb

 

< End of fix log >

OTS by OldTimer - Version 3.1.40.1 fix logfile created on 12182010_184705

 

Files\Folders moved on Reboot...

 

Registry entries deleted on Reboot...

 

-----------------------------------------

 

 

 

2) O combofix foi instalado e executado com sucesso; as ordens de não mexer no teclado/mouse foram obedecidas; o NOD32 foi pausado com sucesso durante a realização das etapas.

 

Eis aqui o relatório COMBOFIX:

 

 

------------------------------

 

ComboFix 10-12-18.01 - Philip 18/12/2010 19:02:07.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1534.1012 [GMT -2:00]

Executando de: c:\documents and settings\Philip\Meus documentos\Downloads\ComboFix.exe

AV: ESET NOD32 Antivirus 3.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

* Criado um novo ponto de restauração

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

A cópia de c:\windows\system32\kernel32.dll foi encontrada e desinfectada

Cópia restaurada de - c:\windows\ERDNT\cache\kernel32.dll

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-11-18 to 2010-12-18 ))))))))))))))))))))))))))))

.

 

2010-12-18 20:47 . 2010-12-18 20:47 -------- d-----w- C:\_OTS

2010-12-18 17:40 . 2010-12-18 17:40 -------- d-----w- c:\arquivos de programas\Marcos Velasco Security

2010-12-14 16:50 . 2010-12-14 16:50 -------- d-----w- c:\windows\system32\config\systemprofile\Dados de aplicativos\Foxit Software

2010-12-14 01:14 . 2010-12-14 01:14 -------- d-----w- c:\documents and settings\Philip\Configurações locais\Dados de aplicativos\Adobe

2010-12-14 01:12 . 2010-12-14 01:12 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2010-12-14 00:59 . 2010-12-14 00:59 -------- d-----w- c:\documents and settings\Philip\Dados de aplicativos\Foxit Software

2010-12-14 00:59 . 2010-12-14 00:59 -------- d-----w- c:\documents and settings\LocalService\Dados de aplicativos\Foxit Software

2010-12-07 23:40 . 2010-12-07 23:40 -------- d-----w- c:\documents and settings\NetworkService\Configurações locais\Dados de aplicativos\Google

2010-12-07 23:35 . 2010-12-14 01:14 -------- d-----w- c:\documents and settings\Philip\Configurações locais\Dados de aplicativos\Temp

2010-12-07 23:35 . 2010-12-07 23:35 -------- d-----w- c:\documents and settings\LocalService\Configurações locais\Dados de aplicativos\Google

2010-11-27 18:14 . 2010-11-27 18:14 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NVIDIA Corporation

2010-11-27 18:12 . 2010-11-27 18:12 240592 ----a-w- c:\windows\system32\nvdrsdb0.bin

2010-11-27 18:12 . 2010-11-27 18:12 1 ----a-w- c:\windows\system32\nvdrssel.bin

2010-11-27 18:12 . 2010-11-27 18:12 240592 ----a-w- c:\windows\system32\nvdrsdb1.bin

2010-11-27 18:11 . 2010-10-22 06:23 61440 ----a-w- c:\windows\system32\OpenCL.dll

2010-11-27 18:11 . 2010-10-22 06:23 888424 ----a-w- c:\windows\system32\nvdispco32.dll

2010-11-27 18:11 . 2010-10-22 06:23 813672 ----a-w- c:\windows\system32\nvgenco32.dll

2010-11-27 18:11 . 2010-10-22 06:23 4882432 ----a-w- c:\windows\system32\nvcuda.dll

2010-11-27 18:11 . 2010-10-22 06:23 2932840 ----a-w- c:\windows\system32\nvcuvid.dll

2010-11-27 18:11 . 2010-10-22 06:23 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll

2010-11-27 18:11 . 2010-10-22 06:23 2293194 ----a-w- c:\windows\system32\nvdata.bin

2010-11-27 18:11 . 2010-10-22 06:23 13012992 ----a-w- c:\windows\system32\nvcompiler.dll

2010-11-27 18:11 . 2010-11-27 18:13 -------- d-----w- c:\arquivos de programas\NVIDIA Corporation

2010-11-27 18:10 . 2010-11-27 18:10 -------- d-----w- C:\NVIDIA

2010-11-22 00:14 . 2010-11-22 00:14 -------- d-----w- c:\documents and settings\Philip\Dados de aplicativos\Media Player Classic

2010-11-22 00:13 . 2010-11-22 00:13 -------- d-----w- c:\arquivos de programas\MPC HomeCinema

2010-11-20 18:01 . 2010-11-20 18:01 11776 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugins\nprjplug.dll

2010-11-20 18:01 . 2010-11-20 18:01 -------- d-----w- c:\arquivos de programas\Arquivos comuns\xing shared

2010-11-20 18:01 . 2010-11-20 18:01 151776 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugins\nppl3260.dll

2010-11-20 18:01 . 2010-11-20 18:01 100352 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugins\nprpjplug.dll

2010-11-20 18:00 . 2010-11-20 18:01 -------- d-----w- c:\arquivos de programas\Real

2010-11-20 17:52 . 2010-11-20 17:52 -------- d-----w- C:\ProgramData

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-20 18:01 . 2004-07-02 20:51 499712 ----a-w- c:\windows\system32\msvcp71.dll

2010-11-20 18:01 . 2004-07-02 20:51 348160 ----a-w- c:\windows\system32\msvcr71.dll

2010-10-22 06:23 . 2006-08-08 01:26 14532608 ----a-w- c:\windows\system32\nvoglnt.dll

2010-10-22 06:23 . 2006-08-08 01:26 9623680 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2010-10-22 06:23 . 2006-08-08 01:26 6359552 ----a-w- c:\windows\system32\nv4_disp.dll

2010-10-22 06:23 . 2006-08-08 01:26 1462272 ----a-w- c:\windows\system32\nvapi.dll

2010-10-16 21:21 . 2009-08-01 01:44 141612 ----a-w- c:\windows\system32\drivers\dump_wmimmc.sys

2010-10-16 14:05 . 2010-10-16 14:05 81920 ----a-w- c:\windows\system32\nvwddi.dll

2010-10-16 14:05 . 2010-10-16 14:05 335872 ----a-w- c:\windows\system32\nvrsar.dll

2010-10-16 14:05 . 2010-10-16 14:05 331776 ----a-w- c:\windows\system32\nvrshe.dll

2010-10-16 14:05 . 2010-10-16 14:05 286720 ----a-w- c:\windows\system32\nvrsfr.dll

2010-10-16 14:05 . 2010-10-16 14:05 282624 ----a-w- c:\windows\system32\nvrses.dll

2010-10-16 14:05 . 2010-10-16 14:05 282624 ----a-w- c:\windows\system32\nvrsel.dll

2010-10-16 14:05 . 2010-10-16 14:05 278528 ----a-w- c:\windows\system32\nvrsde.dll

2010-10-16 14:05 . 2010-10-16 14:05 274432 ----a-w- c:\windows\system32\nvrsnl.dll

2010-10-16 14:05 . 2010-10-16 14:05 274432 ----a-w- c:\windows\system32\nvrsesm.dll

2010-10-16 14:05 . 2010-10-16 14:05 270336 ----a-w- c:\windows\system32\nvrsru.dll

2010-10-16 14:05 . 2010-10-16 14:05 270336 ----a-w- c:\windows\system32\nvrsptb.dll

2010-10-16 14:05 . 2010-10-16 14:05 266240 ----a-w- c:\windows\system32\nvrsko.dll

2010-10-16 14:05 . 2010-10-16 14:05 262144 ----a-w- c:\windows\system32\nvrshu.dll

2010-10-16 14:05 . 2010-10-16 14:05 258048 ----a-w- c:\windows\system32\nvrstr.dll

2010-10-16 14:05 . 2010-10-16 14:05 258048 ----a-w- c:\windows\system32\nvrssl.dll

2010-10-16 14:05 . 2010-10-16 14:05 258048 ----a-w- c:\windows\system32\nvrssk.dll

2010-10-16 14:05 . 2010-10-16 14:05 253952 ----a-w- c:\windows\system32\nvrsth.dll

2010-10-16 14:05 . 2010-10-16 14:05 253952 ----a-w- c:\windows\system32\nvrssv.dll

2010-10-16 14:05 . 2010-10-16 14:05 253952 ----a-w- c:\windows\system32\nvrsda.dll

2010-10-16 14:05 . 2010-10-16 14:05 249856 ----a-w- c:\windows\system32\nvrsfi.dll

2010-10-16 14:05 . 2010-10-16 14:05 249856 ----a-w- c:\windows\system32\nvrseng.dll

2010-10-16 14:05 . 2010-10-16 14:05 249856 ----a-w- c:\windows\system32\nvrscs.dll

2010-10-16 14:05 . 2010-10-16 14:05 229376 ----a-w- c:\windows\system32\nvrszhc.dll

2010-10-16 14:05 . 2010-10-16 14:05 126976 ----a-w- c:\windows\system32\nvrszht.dll

2010-10-16 14:05 . 2010-10-16 14:05 282624 ----a-w- c:\windows\system32\nvrsit.dll

2010-10-16 14:05 . 2010-10-16 14:05 277608 ----a-w- c:\windows\system32\nvmccs.dll

2010-10-16 14:05 . 2010-10-16 14:05 274432 ----a-w- c:\windows\system32\nvrspt.dll

2010-10-16 14:05 . 2010-10-16 14:05 270336 ----a-w- c:\windows\system32\nvrsja.dll

2010-10-16 14:05 . 2010-10-16 14:05 258048 ----a-w- c:\windows\system32\nvrspl.dll

2010-10-16 14:05 . 2010-10-16 14:05 253952 ----a-w- c:\windows\system32\nvrsno.dll

2010-10-16 14:05 . 2010-10-16 14:05 156776 ----a-w- c:\windows\system32\nvsvc32.exe

2010-10-16 14:05 . 2010-10-16 14:05 145000 ----a-w- c:\windows\system32\nvcolor.exe

2010-10-16 14:05 . 2010-10-16 14:05 13851752 ----a-w- c:\windows\system32\nvcpl.dll

2010-10-16 14:05 . 2010-10-16 14:05 110696 ----a-w- c:\windows\system32\nvmctray.dll

2010-01-26 12:11 . 2010-11-15 00:44 444283 ----a-w- c:\arquivos de programas\Arquivos comuns\WinPcapNmap.exe

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

"DAEMON Tools Lite"="c:\arquivos de programas\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

"Skype"="c:\arquivos de programas\Skype\Phone\Skype.exe" [2010-10-11 14940040]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 16248320]

"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"ZSSnp211"="c:\windows\ZSSnp211.exe" [2007-04-06 57344]

"Domino"="c:\windows\Domino.exe" [2006-08-18 49152]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

"QuickTime Task"="c:\arquivos de programas\QuickTime\QTTask.exe" [2010-03-18 421888]

"iTunesHelper"="c:\arquivos de programas\iTunes\iTunesHelper.exe" [2010-03-26 142120]

"ArcSoft Connection Service"="c:\arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]

"egui"="c:\arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]

"TkBellExe"="c:\arquivos de programas\Real\RealPlayer\update\realsched.exe" [2010-11-20 274608]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]

"nwiz"="c:\arquivos de programas\NVIDIA Corporation\nView\nwiz.exe" [2010-08-26 1753192]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]

"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

 

c:\documents and settings\amanda\Menu Iniciar\Programas\Inicializar\

BrOffice.org 3.1.lnk - c:\arquivos de programas\BrOffice.org 3\program\quickstart.exe [2009-4-16 384000]

 

c:\documents and settings\Philip\Menu Iniciar\Programas\Inicializar\

BrOffice.org 3.1.lnk - c:\arquivos de programas\BrOffice.org 3\program\quickstart.exe [2009-4-16 384000]

Ferramenta de Verifica‡Æo de M¡dia do Picture Motion Browser.lnk - c:\arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2009-8-11 344064]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

McAfee Security Scan Plus.lnk - c:\arquivos de programas\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

Microsoft Office.lnk - c:\arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

Philips GoGear SA1VBExx Device Manager.lnk - c:\arquivos de programas\Philips\GoGear SA1VBExx Device Manager\GoGear_SA1VBExx_DeviceManager.exe [2010-5-24 1611120]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\Teamspeak2_RC2\\server_windows.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"c:\\Arquivos de programas\\VDOWNLOADER\\VDownloader.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\iTunes\\iTunes.exe"=

"c:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"=

"c:\\Nexon\\Combat Arms\\NMService.exe"=

"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe

"c:\\Arquivos de programas\\Valve\\hl.exe"=

"c:\\NGM\\NGM.exe"=

"c:\\Arquivos de programas\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"c:\\Nexon\\Combat Arms\\Engine.exe"=

"c:\\Level Up! Games\\Combat Arms\\NMService.exe"=

"c:\level up! games\Combat Arms\Engine.exe"= c:\level up! games\Combat Arms\Engine.exe:*Enabled:Engine.exe

"c:\level up! games\Combat Arms\CombatArms.exe"= c:\level up! games\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"56142:TCP"= 56142:TCP:Pando Media Booster

"56142:UDP"= 56142:UDP:Pando Media Booster

"57076:TCP"= 57076:TCP:Pando Media Booster

"57076:UDP"= 57076:UDP:Pando Media Booster

 

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [6/10/2009 23:20 28544]

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15/11/2009 01:42 691696]

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [20/2/2008 12:11 33800]

R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [24/4/2010 18:42 33824]

R2 a2free;a-squared Free Service;c:\arquivos de programas\a-squared Free\a2service.exe [11/10/2009 23:53 1858144]

R2 ekrn;Eset Service;c:\arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe [20/2/2008 12:08 472320]

R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [27/1/2010 00:09 50704]

S2 duuhfkc;Shell Config;c:\windows\system32\svchost.exe -k netsvcs [4/8/2004 01:45 14336]

S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [7/12/2010 21:35 136176]

S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [19/9/2002 18:20 3584]

S3 ddsxeiservice;ddsxeiservice2;c:\arquivos de programas\sXe Injected\ddsxei.sys [8/10/2010 00:34 91904]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\arquivos de programas\McAfee Security Scan\2.0.181\McCHSvc.exe [15/1/2010 10:49 227232]

S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

kcgfmb

duuhfkc

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-12-14 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 14:34]

 

2010-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-12-07 23:35]

 

2010-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-12-07 23:35]

 

2010-12-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-776561741-1682526488-682003330-1003.job

- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-11-05 13:33]

 

2010-12-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-776561741-1682526488-682003330-1003.job

- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-11-05 13:33]

.

.

------- Scan Suplementar -------

.

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = local

uSearchURL,(Default) = hxxp://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office10\EXCEL.EXE/3000

Trusted Zone: nexon.net\combatarms

FF - ProfilePath - c:\documents and settings\Philip\Dados de aplicativos\Mozilla\Firefox\Profiles\8eswv4zm.default\

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\arquivos de programas\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\arquivos de programas\Java\jre6\lib\deploy\jqs\ff

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-12-18 19:14

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\system32\nvsvc32.exe

c:\arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe

c:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\arquivos de programas\Bonjour\mDNSResponder.exe

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\windows\system32\wscntfy.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\RUNDLL32.EXE

c:\arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ArcCon.ac

c:\arquivos de programas\BrOffice.org 3\program\soffice.exe

c:\arquivos de programas\BrOffice.org 3\program\soffice.bin

c:\arquivos de programas\iPod\bin\iPodService.exe

.

**************************************************************************

.

Tempo para conclusão: 2010-12-18 19:19:43 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-12-18 21:19

ComboFix2.txt 2009-10-08 20:05

 

Pré-execução: 19 pasta(s) 280.085.614.592 bytes disponíveis

Pós execução: 20 pasta(s) 280.070.426.624 bytes disponíveis

 

- - End Of File - - D9DCF4793044121CDC5BB9499CDF4DDC

 

-------------------------------------------------------

 

 

Aguardo novas instruções.

 

Obrigado :)

Compartilhar este post


Link para o post
Compartilhar em outros sites

*Abra o bloco de notas e cole nele o código abaixo:

NetSvc::

kcgfmb

duuhfkc

*Salve o arquivo no desktop como CFScript.txt

*Arraste o arquivo para o Combofix conforme ilustração abaixo:

 

b2ea2c6367.gif

 

*Não use o mouse e o teclado enquanto o combofix estiver em execução!!

 

*Cole o relatório C:\combofix.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite!

 

Os procedimentos de criar o texto e arrastar para o ComboFix foram realizados com sucesso.

O NOD32 foi pausado durante a execução do ComboFix.

Nem o mouse nem o teclado foram usados durante a execução.

 

Aqui vai o log do ComboFix:

 

---------------------------------

 

ComboFix 10-12-18.01 - Philip 18/12/2010 19:56:45.3.1 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1534.1066 [GMT -2:00]

Executando de: c:\documents and settings\Philip\Meus documentos\Downloads\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Philip\Meus documentos\Downloads\CFScript.txt

AV: ESET NOD32 Antivirus 3.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2010-11-18 to 2010-12-18 ))))))))))))))))))))))))))))

.

 

2010-12-18 20:47 . 2010-12-18 20:47 -------- d-----w- C:\_OTS

2010-12-18 17:40 . 2010-12-18 17:40 -------- d-----w- c:\arquivos de programas\Marcos Velasco Security

2010-12-14 16:50 . 2010-12-14 16:50 -------- d-----w- c:\windows\system32\config\systemprofile\Dados de aplicativos\Foxit Software

2010-12-14 01:14 . 2010-12-14 01:14 -------- d-----w- c:\documents and settings\Philip\Configurações locais\Dados de aplicativos\Adobe

2010-12-14 01:12 . 2010-12-14 01:12 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2010-12-14 00:59 . 2010-12-14 00:59 -------- d-----w- c:\documents and settings\Philip\Dados de aplicativos\Foxit Software

2010-12-14 00:59 . 2010-12-14 00:59 -------- d-----w- c:\documents and settings\LocalService\Dados de aplicativos\Foxit Software

2010-12-07 23:40 . 2010-12-07 23:40 -------- d-----w- c:\documents and settings\NetworkService\Configurações locais\Dados de aplicativos\Google

2010-12-07 23:35 . 2010-12-14 01:14 -------- d-----w- c:\documents and settings\Philip\Configurações locais\Dados de aplicativos\Temp

2010-12-07 23:35 . 2010-12-07 23:35 -------- d-----w- c:\documents and settings\LocalService\Configurações locais\Dados de aplicativos\Google

2010-11-27 18:14 . 2010-11-27 18:14 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NVIDIA Corporation

2010-11-27 18:12 . 2010-11-27 18:12 240592 ----a-w- c:\windows\system32\nvdrsdb0.bin

2010-11-27 18:12 . 2010-11-27 18:12 1 ----a-w- c:\windows\system32\nvdrssel.bin

2010-11-27 18:12 . 2010-11-27 18:12 240592 ----a-w- c:\windows\system32\nvdrsdb1.bin

2010-11-27 18:11 . 2010-10-22 06:23 61440 ----a-w- c:\windows\system32\OpenCL.dll

2010-11-27 18:11 . 2010-10-22 06:23 888424 ----a-w- c:\windows\system32\nvdispco32.dll

2010-11-27 18:11 . 2010-10-22 06:23 813672 ----a-w- c:\windows\system32\nvgenco32.dll

2010-11-27 18:11 . 2010-10-22 06:23 4882432 ----a-w- c:\windows\system32\nvcuda.dll

2010-11-27 18:11 . 2010-10-22 06:23 2932840 ----a-w- c:\windows\system32\nvcuvid.dll

2010-11-27 18:11 . 2010-10-22 06:23 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll

2010-11-27 18:11 . 2010-10-22 06:23 2293194 ----a-w- c:\windows\system32\nvdata.bin

2010-11-27 18:11 . 2010-10-22 06:23 13012992 ----a-w- c:\windows\system32\nvcompiler.dll

2010-11-27 18:11 . 2010-11-27 18:13 -------- d-----w- c:\arquivos de programas\NVIDIA Corporation

2010-11-27 18:10 . 2010-11-27 18:10 -------- d-----w- C:\NVIDIA

2010-11-22 00:14 . 2010-11-22 00:14 -------- d-----w- c:\documents and settings\Philip\Dados de aplicativos\Media Player Classic

2010-11-22 00:13 . 2010-11-22 00:13 -------- d-----w- c:\arquivos de programas\MPC HomeCinema

2010-11-20 18:01 . 2010-11-20 18:01 11776 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugins\nprjplug.dll

2010-11-20 18:01 . 2010-11-20 18:01 -------- d-----w- c:\arquivos de programas\Arquivos comuns\xing shared

2010-11-20 18:01 . 2010-11-20 18:01 151776 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugins\nppl3260.dll

2010-11-20 18:01 . 2010-11-20 18:01 100352 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugins\nprpjplug.dll

2010-11-20 18:00 . 2010-11-20 18:01 -------- d-----w- c:\arquivos de programas\Real

2010-11-20 17:52 . 2010-11-20 17:52 -------- d-----w- C:\ProgramData

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-20 18:01 . 2004-07-02 20:51 499712 ----a-w- c:\windows\system32\msvcp71.dll

2010-11-20 18:01 . 2004-07-02 20:51 348160 ----a-w- c:\windows\system32\msvcr71.dll

2010-10-22 06:23 . 2006-08-08 01:26 14532608 ----a-w- c:\windows\system32\nvoglnt.dll

2010-10-22 06:23 . 2006-08-08 01:26 9623680 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2010-10-22 06:23 . 2006-08-08 01:26 6359552 ----a-w- c:\windows\system32\nv4_disp.dll

2010-10-22 06:23 . 2006-08-08 01:26 1462272 ----a-w- c:\windows\system32\nvapi.dll

2010-10-16 21:21 . 2009-08-01 01:44 141612 ----a-w- c:\windows\system32\drivers\dump_wmimmc.sys

2010-10-16 14:05 . 2010-10-16 14:05 81920 ----a-w- c:\windows\system32\nvwddi.dll

2010-10-16 14:05 . 2010-10-16 14:05 335872 ----a-w- c:\windows\system32\nvrsar.dll

2010-10-16 14:05 . 2010-10-16 14:05 331776 ----a-w- c:\windows\system32\nvrshe.dll

2010-10-16 14:05 . 2010-10-16 14:05 286720 ----a-w- c:\windows\system32\nvrsfr.dll

2010-10-16 14:05 . 2010-10-16 14:05 282624 ----a-w- c:\windows\system32\nvrses.dll

2010-10-16 14:05 . 2010-10-16 14:05 282624 ----a-w- c:\windows\system32\nvrsel.dll

2010-10-16 14:05 . 2010-10-16 14:05 278528 ----a-w- c:\windows\system32\nvrsde.dll

2010-10-16 14:05 . 2010-10-16 14:05 274432 ----a-w- c:\windows\system32\nvrsnl.dll

2010-10-16 14:05 . 2010-10-16 14:05 274432 ----a-w- c:\windows\system32\nvrsesm.dll

2010-10-16 14:05 . 2010-10-16 14:05 270336 ----a-w- c:\windows\system32\nvrsru.dll

2010-10-16 14:05 . 2010-10-16 14:05 270336 ----a-w- c:\windows\system32\nvrsptb.dll

2010-10-16 14:05 . 2010-10-16 14:05 266240 ----a-w- c:\windows\system32\nvrsko.dll

2010-10-16 14:05 . 2010-10-16 14:05 262144 ----a-w- c:\windows\system32\nvrshu.dll

2010-10-16 14:05 . 2010-10-16 14:05 258048 ----a-w- c:\windows\system32\nvrstr.dll

2010-10-16 14:05 . 2010-10-16 14:05 258048 ----a-w- c:\windows\system32\nvrssl.dll

2010-10-16 14:05 . 2010-10-16 14:05 258048 ----a-w- c:\windows\system32\nvrssk.dll

2010-10-16 14:05 . 2010-10-16 14:05 253952 ----a-w- c:\windows\system32\nvrsth.dll

2010-10-16 14:05 . 2010-10-16 14:05 253952 ----a-w- c:\windows\system32\nvrssv.dll

2010-10-16 14:05 . 2010-10-16 14:05 253952 ----a-w- c:\windows\system32\nvrsda.dll

2010-10-16 14:05 . 2010-10-16 14:05 249856 ----a-w- c:\windows\system32\nvrsfi.dll

2010-10-16 14:05 . 2010-10-16 14:05 249856 ----a-w- c:\windows\system32\nvrseng.dll

2010-10-16 14:05 . 2010-10-16 14:05 249856 ----a-w- c:\windows\system32\nvrscs.dll

2010-10-16 14:05 . 2010-10-16 14:05 229376 ----a-w- c:\windows\system32\nvrszhc.dll

2010-10-16 14:05 . 2010-10-16 14:05 126976 ----a-w- c:\windows\system32\nvrszht.dll

2010-10-16 14:05 . 2010-10-16 14:05 282624 ----a-w- c:\windows\system32\nvrsit.dll

2010-10-16 14:05 . 2010-10-16 14:05 277608 ----a-w- c:\windows\system32\nvmccs.dll

2010-10-16 14:05 . 2010-10-16 14:05 274432 ----a-w- c:\windows\system32\nvrspt.dll

2010-10-16 14:05 . 2010-10-16 14:05 270336 ----a-w- c:\windows\system32\nvrsja.dll

2010-10-16 14:05 . 2010-10-16 14:05 258048 ----a-w- c:\windows\system32\nvrspl.dll

2010-10-16 14:05 . 2010-10-16 14:05 253952 ----a-w- c:\windows\system32\nvrsno.dll

2010-10-16 14:05 . 2010-10-16 14:05 156776 ----a-w- c:\windows\system32\nvsvc32.exe

2010-10-16 14:05 . 2010-10-16 14:05 145000 ----a-w- c:\windows\system32\nvcolor.exe

2010-10-16 14:05 . 2010-10-16 14:05 13851752 ----a-w- c:\windows\system32\nvcpl.dll

2010-10-16 14:05 . 2010-10-16 14:05 110696 ----a-w- c:\windows\system32\nvmctray.dll

2010-01-26 12:11 . 2010-11-15 00:44 444283 ----a-w- c:\arquivos de programas\Arquivos comuns\WinPcapNmap.exe

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

"DAEMON Tools Lite"="c:\arquivos de programas\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

"Skype"="c:\arquivos de programas\Skype\Phone\Skype.exe" [2010-10-11 14940040]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 16248320]

"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"ZSSnp211"="c:\windows\ZSSnp211.exe" [2007-04-06 57344]

"Domino"="c:\windows\Domino.exe" [2006-08-18 49152]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

"QuickTime Task"="c:\arquivos de programas\QuickTime\QTTask.exe" [2010-03-18 421888]

"iTunesHelper"="c:\arquivos de programas\iTunes\iTunesHelper.exe" [2010-03-26 142120]

"ArcSoft Connection Service"="c:\arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]

"egui"="c:\arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]

"TkBellExe"="c:\arquivos de programas\Real\RealPlayer\update\realsched.exe" [2010-11-20 274608]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]

"nwiz"="c:\arquivos de programas\NVIDIA Corporation\nView\nwiz.exe" [2010-08-26 1753192]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]

"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

 

c:\documents and settings\amanda\Menu Iniciar\Programas\Inicializar\

BrOffice.org 3.1.lnk - c:\arquivos de programas\BrOffice.org 3\program\quickstart.exe [2009-4-16 384000]

 

c:\documents and settings\Philip\Menu Iniciar\Programas\Inicializar\

BrOffice.org 3.1.lnk - c:\arquivos de programas\BrOffice.org 3\program\quickstart.exe [2009-4-16 384000]

Ferramenta de Verifica‡Æo de M¡dia do Picture Motion Browser.lnk - c:\arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2009-8-11 344064]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

McAfee Security Scan Plus.lnk - c:\arquivos de programas\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

Microsoft Office.lnk - c:\arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

Philips GoGear SA1VBExx Device Manager.lnk - c:\arquivos de programas\Philips\GoGear SA1VBExx Device Manager\GoGear_SA1VBExx_DeviceManager.exe [2010-5-24 1611120]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\Teamspeak2_RC2\\server_windows.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"c:\\Arquivos de programas\\VDOWNLOADER\\VDownloader.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\iTunes\\iTunes.exe"=

"c:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"=

"c:\\Nexon\\Combat Arms\\NMService.exe"=

"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe

"c:\\Arquivos de programas\\Valve\\hl.exe"=

"c:\\NGM\\NGM.exe"=

"c:\\Arquivos de programas\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"c:\\Nexon\\Combat Arms\\Engine.exe"=

"c:\\Level Up! Games\\Combat Arms\\NMService.exe"=

"c:\level up! games\Combat Arms\Engine.exe"= c:\level up! games\Combat Arms\Engine.exe:*Enabled:Engine.exe

"c:\level up! games\Combat Arms\CombatArms.exe"= c:\level up! games\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"56142:TCP"= 56142:TCP:Pando Media Booster

"56142:UDP"= 56142:UDP:Pando Media Booster

"57076:TCP"= 57076:TCP:Pando Media Booster

"57076:UDP"= 57076:UDP:Pando Media Booster

 

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [6/10/2009 23:20 28544]

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15/11/2009 01:42 691696]

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [20/2/2008 12:11 33800]

R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [24/4/2010 18:42 33824]

R2 a2free;a-squared Free Service;c:\arquivos de programas\a-squared Free\a2service.exe [11/10/2009 23:53 1858144]

R2 ekrn;Eset Service;c:\arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe [20/2/2008 12:08 472320]

R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [27/1/2010 00:09 50704]

S2 duuhfkc;Shell Config;c:\windows\system32\svchost.exe -k netsvcs [4/8/2004 01:45 14336]

S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [7/12/2010 21:35 136176]

S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [19/9/2002 18:20 3584]

S3 ddsxeiservice;ddsxeiservice2;c:\arquivos de programas\sXe Injected\ddsxei.sys [8/10/2010 00:34 91904]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\arquivos de programas\McAfee Security Scan\2.0.181\McCHSvc.exe [15/1/2010 10:49 227232]

S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

kcgfmb

duuhfkc

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-12-14 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 14:34]

 

2010-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-12-07 23:35]

 

2010-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-12-07 23:35]

 

2010-12-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-776561741-1682526488-682003330-1003.job

- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-11-05 13:33]

 

2010-12-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-776561741-1682526488-682003330-1003.job

- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-11-05 13:33]

.

.

------- Scan Suplementar -------

.

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = local

uSearchURL,(Default) = hxxp://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office10\EXCEL.EXE/3000

Trusted Zone: nexon.net\combatarms

FF - ProfilePath - c:\documents and settings\Philip\Dados de aplicativos\Mozilla\Firefox\Profiles\8eswv4zm.default\

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\arquivos de programas\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\arquivos de programas\Java\jre6\lib\deploy\jqs\ff

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-12-18 20:06

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2010-12-18 20:15:53

ComboFix-quarantined-files.txt 2010-12-18 22:15

ComboFix2.txt 2010-12-18 21:19

ComboFix3.txt 2009-10-08 20:05

 

Pré-execução: 19 pasta(s) 280.069.345.280 bytes disponíveis

Pós execução: 20 pasta(s) 280.060.424.192 bytes disponíveis

 

- - End Of File - - 4D7D59740185C464259BE03C6C78A230

 

 

-----------------------------

 

Aguardo novas instruções.

 

Obrigado :)

Compartilhar este post


Link para o post
Compartilhar em outros sites

*Acesse o site ConfickerWorkingGroup

 

*No site, observe as figuras no quadro abaixo da frase "Conficker Eye Chart"

 

6da8ec4865.png

 

*No site, compare com o resultado da tabela abaixo da frase "How to interpret:"

 

ab384b90ed.png

 

*Informe o resultado.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite!

 

Entrei no site e todas as imagens apareceram.

 

Assim, a alternativa foi: " = Normal/Not Infected by Conficker (or using proxy) "

 

Aguardo novas instruções.

 

Obrigado :)

Compartilhar este post


Link para o post
Compartilhar em outros sites

OK...

 

*Abra o bloco de notas e cole nele o código abaixo:

Driver::

kcgfmb

duuhfkc

NetSvc::

kcgfmb

duuhfkc

*Salve o arquivo no desktop como CFScript.txt

*Arraste o arquivo para o Combofix conforme ilustração abaixo:

 

b2ea2c6367.gif

 

*Não use o mouse e o teclado enquanto o combofix estiver em execução!!

 

*Cole o relatório C:\combofix.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite!

 

Desculpem, mas ontem houve um imprevisto e depois de usar o ComboFix eu não pude postar aqui o relatório.

Por isso, vou postar agora.

Caso seja necessário, avisem-me para que eu refaça a operação.

obs: O ComboFix e o Script foram executados com sucesso.

 

Log ComboFix:

 

-----------------------------------

 

 

ComboFix 10-12-18.01 - Philip 18/12/2010 22:47:51.4.1 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1534.985 [GMT -2:00]

Executando de: c:\documents and settings\Philip\Meus documentos\Downloads\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Philip\Meus documentos\Downloads\CFScript.txt

AV: ESET NOD32 Antivirus 3.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_DUUHFKC

-------\Legacy_KCGFMB

-------\Service_duuhfkc

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2010-11-19 to 2010-12-19 ))))))))))))))))))))))))))))

.

 

2010-12-18 20:47 . 2010-12-18 20:47 -------- d-----w- C:\_OTS

2010-12-18 17:40 . 2010-12-18 17:40 -------- d-----w- c:\arquivos de programas\Marcos Velasco Security

2010-12-14 16:50 . 2010-12-14 16:50 -------- d-----w- c:\windows\system32\config\systemprofile\Dados de aplicativos\Foxit Software

2010-12-14 01:14 . 2010-12-14 01:14 -------- d-----w- c:\documents and settings\Philip\Configurações locais\Dados de aplicativos\Adobe

2010-12-14 01:12 . 2010-12-14 01:12 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2010-12-14 00:59 . 2010-12-14 00:59 -------- d-----w- c:\documents and settings\Philip\Dados de aplicativos\Foxit Software

2010-12-14 00:59 . 2010-12-14 00:59 -------- d-----w- c:\documents and settings\LocalService\Dados de aplicativos\Foxit Software

2010-12-07 23:40 . 2010-12-07 23:40 -------- d-----w- c:\documents and settings\NetworkService\Configurações locais\Dados de aplicativos\Google

2010-12-07 23:35 . 2010-12-14 01:14 -------- d-----w- c:\documents and settings\Philip\Configurações locais\Dados de aplicativos\Temp

2010-12-07 23:35 . 2010-12-07 23:35 -------- d-----w- c:\documents and settings\LocalService\Configurações locais\Dados de aplicativos\Google

2010-11-27 18:14 . 2010-11-27 18:14 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NVIDIA Corporation

2010-11-27 18:12 . 2010-11-27 18:12 240592 ----a-w- c:\windows\system32\nvdrsdb0.bin

2010-11-27 18:12 . 2010-11-27 18:12 1 ----a-w- c:\windows\system32\nvdrssel.bin

2010-11-27 18:12 . 2010-11-27 18:12 240592 ----a-w- c:\windows\system32\nvdrsdb1.bin

2010-11-27 18:11 . 2010-10-22 06:23 61440 ----a-w- c:\windows\system32\OpenCL.dll

2010-11-27 18:11 . 2010-10-22 06:23 888424 ----a-w- c:\windows\system32\nvdispco32.dll

2010-11-27 18:11 . 2010-10-22 06:23 813672 ----a-w- c:\windows\system32\nvgenco32.dll

2010-11-27 18:11 . 2010-10-22 06:23 4882432 ----a-w- c:\windows\system32\nvcuda.dll

2010-11-27 18:11 . 2010-10-22 06:23 2932840 ----a-w- c:\windows\system32\nvcuvid.dll

2010-11-27 18:11 . 2010-10-22 06:23 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll

2010-11-27 18:11 . 2010-10-22 06:23 2293194 ----a-w- c:\windows\system32\nvdata.bin

2010-11-27 18:11 . 2010-10-22 06:23 13012992 ----a-w- c:\windows\system32\nvcompiler.dll

2010-11-27 18:11 . 2010-11-27 18:13 -------- d-----w- c:\arquivos de programas\NVIDIA Corporation

2010-11-27 18:10 . 2010-11-27 18:10 -------- d-----w- C:\NVIDIA

2010-11-22 00:14 . 2010-11-22 00:14 -------- d-----w- c:\documents and settings\Philip\Dados de aplicativos\Media Player Classic

2010-11-22 00:13 . 2010-11-22 00:13 -------- d-----w- c:\arquivos de programas\MPC HomeCinema

2010-11-20 18:01 . 2010-11-20 18:01 11776 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugins\nprjplug.dll

2010-11-20 18:01 . 2010-11-20 18:01 -------- d-----w- c:\arquivos de programas\Arquivos comuns\xing shared

2010-11-20 18:01 . 2010-11-20 18:01 151776 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugins\nppl3260.dll

2010-11-20 18:01 . 2010-11-20 18:01 100352 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugins\nprpjplug.dll

2010-11-20 18:00 . 2010-11-20 18:01 -------- d-----w- c:\arquivos de programas\Real

2010-11-20 17:52 . 2010-11-20 17:52 -------- d-----w- C:\ProgramData

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-20 18:01 . 2004-07-02 20:51 499712 ----a-w- c:\windows\system32\msvcp71.dll

2010-11-20 18:01 . 2004-07-02 20:51 348160 ----a-w- c:\windows\system32\msvcr71.dll

2010-10-22 06:23 . 2006-08-08 01:26 14532608 ----a-w- c:\windows\system32\nvoglnt.dll

2010-10-22 06:23 . 2006-08-08 01:26 9623680 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2010-10-22 06:23 . 2006-08-08 01:26 6359552 ----a-w- c:\windows\system32\nv4_disp.dll

2010-10-22 06:23 . 2006-08-08 01:26 1462272 ----a-w- c:\windows\system32\nvapi.dll

2010-10-16 21:21 . 2009-08-01 01:44 141612 ----a-w- c:\windows\system32\drivers\dump_wmimmc.sys

2010-10-16 14:05 . 2010-10-16 14:05 81920 ----a-w- c:\windows\system32\nvwddi.dll

2010-10-16 14:05 . 2010-10-16 14:05 335872 ----a-w- c:\windows\system32\nvrsar.dll

2010-10-16 14:05 . 2010-10-16 14:05 331776 ----a-w- c:\windows\system32\nvrshe.dll

2010-10-16 14:05 . 2010-10-16 14:05 286720 ----a-w- c:\windows\system32\nvrsfr.dll

2010-10-16 14:05 . 2010-10-16 14:05 282624 ----a-w- c:\windows\system32\nvrses.dll

2010-10-16 14:05 . 2010-10-16 14:05 282624 ----a-w- c:\windows\system32\nvrsel.dll

2010-10-16 14:05 . 2010-10-16 14:05 278528 ----a-w- c:\windows\system32\nvrsde.dll

2010-10-16 14:05 . 2010-10-16 14:05 274432 ----a-w- c:\windows\system32\nvrsnl.dll

2010-10-16 14:05 . 2010-10-16 14:05 274432 ----a-w- c:\windows\system32\nvrsesm.dll

2010-10-16 14:05 . 2010-10-16 14:05 270336 ----a-w- c:\windows\system32\nvrsru.dll

2010-10-16 14:05 . 2010-10-16 14:05 270336 ----a-w- c:\windows\system32\nvrsptb.dll

2010-10-16 14:05 . 2010-10-16 14:05 266240 ----a-w- c:\windows\system32\nvrsko.dll

2010-10-16 14:05 . 2010-10-16 14:05 262144 ----a-w- c:\windows\system32\nvrshu.dll

2010-10-16 14:05 . 2010-10-16 14:05 258048 ----a-w- c:\windows\system32\nvrstr.dll

2010-10-16 14:05 . 2010-10-16 14:05 258048 ----a-w- c:\windows\system32\nvrssl.dll

2010-10-16 14:05 . 2010-10-16 14:05 258048 ----a-w- c:\windows\system32\nvrssk.dll

2010-10-16 14:05 . 2010-10-16 14:05 253952 ----a-w- c:\windows\system32\nvrsth.dll

2010-10-16 14:05 . 2010-10-16 14:05 253952 ----a-w- c:\windows\system32\nvrssv.dll

2010-10-16 14:05 . 2010-10-16 14:05 253952 ----a-w- c:\windows\system32\nvrsda.dll

2010-10-16 14:05 . 2010-10-16 14:05 249856 ----a-w- c:\windows\system32\nvrsfi.dll

2010-10-16 14:05 . 2010-10-16 14:05 249856 ----a-w- c:\windows\system32\nvrseng.dll

2010-10-16 14:05 . 2010-10-16 14:05 249856 ----a-w- c:\windows\system32\nvrscs.dll

2010-10-16 14:05 . 2010-10-16 14:05 229376 ----a-w- c:\windows\system32\nvrszhc.dll

2010-10-16 14:05 . 2010-10-16 14:05 126976 ----a-w- c:\windows\system32\nvrszht.dll

2010-10-16 14:05 . 2010-10-16 14:05 282624 ----a-w- c:\windows\system32\nvrsit.dll

2010-10-16 14:05 . 2010-10-16 14:05 277608 ----a-w- c:\windows\system32\nvmccs.dll

2010-10-16 14:05 . 2010-10-16 14:05 274432 ----a-w- c:\windows\system32\nvrspt.dll

2010-10-16 14:05 . 2010-10-16 14:05 270336 ----a-w- c:\windows\system32\nvrsja.dll

2010-10-16 14:05 . 2010-10-16 14:05 258048 ----a-w- c:\windows\system32\nvrspl.dll

2010-10-16 14:05 . 2010-10-16 14:05 253952 ----a-w- c:\windows\system32\nvrsno.dll

2010-10-16 14:05 . 2010-10-16 14:05 156776 ----a-w- c:\windows\system32\nvsvc32.exe

2010-10-16 14:05 . 2010-10-16 14:05 145000 ----a-w- c:\windows\system32\nvcolor.exe

2010-10-16 14:05 . 2010-10-16 14:05 13851752 ----a-w- c:\windows\system32\nvcpl.dll

2010-10-16 14:05 . 2010-10-16 14:05 110696 ----a-w- c:\windows\system32\nvmctray.dll

2010-01-26 12:11 . 2010-11-15 00:44 444283 ----a-w- c:\arquivos de programas\Arquivos comuns\WinPcapNmap.exe

.

 

((((((((((((((((((((((((((((( SnapShot@2010-12-18_21.14.17 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-12-19 01:00 . 2010-12-19 01:00 16384 c:\windows\Temp\Perflib_Perfdata_634.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

"DAEMON Tools Lite"="c:\arquivos de programas\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

"Skype"="c:\arquivos de programas\Skype\Phone\Skype.exe" [2010-10-11 14940040]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 16248320]

"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"ZSSnp211"="c:\windows\ZSSnp211.exe" [2007-04-06 57344]

"Domino"="c:\windows\Domino.exe" [2006-08-18 49152]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

"QuickTime Task"="c:\arquivos de programas\QuickTime\QTTask.exe" [2010-03-18 421888]

"iTunesHelper"="c:\arquivos de programas\iTunes\iTunesHelper.exe" [2010-03-26 142120]

"ArcSoft Connection Service"="c:\arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]

"egui"="c:\arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]

"TkBellExe"="c:\arquivos de programas\Real\RealPlayer\update\realsched.exe" [2010-11-20 274608]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]

"nwiz"="c:\arquivos de programas\NVIDIA Corporation\nView\nwiz.exe" [2010-08-26 1753192]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]

"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

 

c:\documents and settings\amanda\Menu Iniciar\Programas\Inicializar\

BrOffice.org 3.1.lnk - c:\arquivos de programas\BrOffice.org 3\program\quickstart.exe [2009-4-16 384000]

 

c:\documents and settings\Philip\Menu Iniciar\Programas\Inicializar\

BrOffice.org 3.1.lnk - c:\arquivos de programas\BrOffice.org 3\program\quickstart.exe [2009-4-16 384000]

Ferramenta de Verifica‡Æo de M¡dia do Picture Motion Browser.lnk - c:\arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2009-8-11 344064]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

McAfee Security Scan Plus.lnk - c:\arquivos de programas\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

Microsoft Office.lnk - c:\arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

Philips GoGear SA1VBExx Device Manager.lnk - c:\arquivos de programas\Philips\GoGear SA1VBExx Device Manager\GoGear_SA1VBExx_DeviceManager.exe [2010-5-24 1611120]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\Teamspeak2_RC2\\server_windows.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"c:\\Arquivos de programas\\VDOWNLOADER\\VDownloader.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\iTunes\\iTunes.exe"=

"c:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"=

"c:\\Nexon\\Combat Arms\\NMService.exe"=

"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe

"c:\\Arquivos de programas\\Valve\\hl.exe"=

"c:\\NGM\\NGM.exe"=

"c:\\Arquivos de programas\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"c:\\Nexon\\Combat Arms\\Engine.exe"=

"c:\\Level Up! Games\\Combat Arms\\NMService.exe"=

"c:\level up! games\Combat Arms\Engine.exe"= c:\level up! games\Combat Arms\Engine.exe:*Enabled:Engine.exe

"c:\level up! games\Combat Arms\CombatArms.exe"= c:\level up! games\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"56142:TCP"= 56142:TCP:Pando Media Booster

"56142:UDP"= 56142:UDP:Pando Media Booster

"57076:TCP"= 57076:TCP:Pando Media Booster

"57076:UDP"= 57076:UDP:Pando Media Booster

 

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [6/10/2009 23:20 28544]

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15/11/2009 01:42 691696]

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [20/2/2008 12:11 33800]

R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [24/4/2010 18:42 33824]

R2 a2free;a-squared Free Service;c:\arquivos de programas\a-squared Free\a2service.exe [11/10/2009 23:53 1858144]

R2 ekrn;Eset Service;c:\arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe [20/2/2008 12:08 472320]

R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [27/1/2010 00:09 50704]

S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [7/12/2010 21:35 136176]

S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [19/9/2002 18:20 3584]

S3 ddsxeiservice;ddsxeiservice2;c:\arquivos de programas\sXe Injected\ddsxei.sys [8/10/2010 00:34 91904]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\arquivos de programas\McAfee Security Scan\2.0.181\McCHSvc.exe [15/1/2010 10:49 227232]

S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-12-14 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 14:34]

 

2010-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-12-07 23:35]

 

2010-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-12-07 23:35]

 

2010-12-19 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-776561741-1682526488-682003330-1003.job

- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-11-05 13:33]

 

2010-12-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-776561741-1682526488-682003330-1003.job

- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-11-05 13:33]

.

.

------- Scan Suplementar -------

.

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = local

uSearchURL,(Default) = hxxp://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office10\EXCEL.EXE/3000

Trusted Zone: nexon.net\combatarms

FF - ProfilePath - c:\documents and settings\Philip\Dados de aplicativos\Mozilla\Firefox\Profiles\8eswv4zm.default\

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\arquivos de programas\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\arquivos de programas\Java\jre6\lib\deploy\jqs\ff

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-12-18 23:01

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\system32\nvsvc32.exe

c:\arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe

c:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\arquivos de programas\Bonjour\mDNSResponder.exe

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\RUNDLL32.EXE

c:\arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ArcCon.ac

c:\arquivos de programas\BrOffice.org 3\program\soffice.exe

c:\arquivos de programas\BrOffice.org 3\program\soffice.bin

c:\arquivos de programas\iPod\bin\iPodService.exe

.

**************************************************************************

.

Tempo para conclusão: 2010-12-18 23:13:33 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-12-19 01:13

ComboFix2.txt 2010-12-18 22:15

ComboFix3.txt 2010-12-18 21:19

ComboFix4.txt 2009-10-08 20:05

 

Pré-execução: 19 pasta(s) 280.056.713.216 bytes disponíveis

Pós execução: 20 pasta(s) 279.986.671.616 bytes disponíveis

 

- - End Of File - - C35B87FD9FC9888BDE8820773E50F814

 

 

------------------------------------------------

 

Obrigado :)

Compartilhar este post


Link para o post
Compartilhar em outros sites

OK...o PC está limpo.

 

 

1.

*Clique [iniciar] > [Executar] > copie e cole: Combofix /uninstall

 

9c7dcf5090.jpg

 

*Clique [OK] > [Executar]

*Aguarde surgir a mensagem: "ComboFix está desinstalado"

*Clique [OK]

 

2.

*Execute o OTS

*Clique [CleanUp] > [Yes]

*O PC será reiniciado

 

 

Um abraço e Boas Festas.

Compartilhar este post


Link para o post
Compartilhar em outros sites

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.