Ir para conteúdo
Fórum Script Brasil

bodonchild

Membros
  • Total de itens

    6
  • Registro em

  • Última visita

Sobre bodonchild

bodonchild's Achievements

0

Reputação

  1. Bem, depois de várias e várias tentativas, só foi possivel enviar após baixar o Virustotal Uploader... Outra coisa que esta acontecendo com o pc, é que de vez em quando aparece a mensagem: "Error Protection N°...". E todos os ícones somem da tela por algums segundos,semelhante quando se encerra o processo "explorer.exe". O número varia, mas quase sempre é 103 se não me engano...Depois volta ao normal... Log: File WININET.dll received on 2010.06.11 22:03:34 (UTC) Current status: finished Result: 0/41 (0.00%) Compact Print results Antivirus Version Last Update Result a-squared 5.0.0.26 2010.06.11 - AhnLab-V3 2010.06.11.00 2010.06.11 - AntiVir 8.2.2.6 2010.06.11 - Antiy-AVL 2.0.3.7 2010.06.11 - Authentium 5.2.0.5 2010.06.11 - Avast 4.8.1351.0 2010.06.11 - Avast5 5.0.332.0 2010.06.11 - AVG 9.0.0.787 2010.06.11 - BitDefender 7.2 2010.06.11 - CAT-QuickHeal 10.00 2010.06.11 - ClamAV 0.96.0.3-git 2010.06.11 - Comodo 5059 2010.06.11 - DrWeb 5.0.2.03300 2010.06.11 - eSafe 7.0.17.0 2010.06.10 - eTrust-Vet 36.1.7629 2010.06.11 - F-Prot 4.6.0.103 2010.06.11 - F-Secure 9.0.15370.0 2010.06.11 - Fortinet 4.1.133.0 2010.06.11 - GData 21 2010.06.11 - Ikarus T3.1.1.84.0 2010.06.11 - Jiangmin 13.0.900 2010.06.11 - Kaspersky 7.0.0.125 2010.06.11 - McAfee 5.400.0.1158 2010.06.11 - McAfee-GW-Edition 2010.1 2010.06.11 - Microsoft 1.5802 2010.06.11 - NOD32 5191 2010.06.11 - Norman 6.04.12 2010.06.11 - nProtect 2010-06-11.01 2010.06.11 - Panda 10.0.2.7 2010.06.11 - PCTools 7.0.3.5 2010.06.11 - Prevx 3.0 2010.06.12 - Rising 22.51.04.04 2010.06.11 - Sophos 4.54.0 2010.06.11 - Sunbelt 6436 2010.06.11 - Symantec 20101.1.0.89 2010.06.11 - TheHacker 6.5.2.0.297 2010.06.11 - TrendMicro 9.120.0.1004 2010.06.11 - TrendMicro-HouseCall 9.120.0.1004 2010.06.11 - VBA32 3.12.12.5 2010.06.11 - ViRobot 2010.6.11.3881 2010.06.11 - VirusBuster 5.0.27.0 2010.06.11 - Additional information File size: 916480 bytes MD5 : 2b050aa55beb6f3d5bf29fd7d3893a4e SHA1 : 56ce7eb7b3aa9c9a5c4d6a4d3ae536508df3f30c SHA256: c45b181f180a669f509d60fe6b49b2f36d87a67b173526c50178726759bc501b PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x1748 timedatestamp.....: 0x4BE29B29 (Thu May 6 12:34:17 2010) machinetype.......: 0x14C (Intel I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0xAF930 0xAFA00 6.64 09ff0ee3d069bf3b3e7fef46a72360e5 .data 0xB1000 0x6850 0x3400 1.84 c1390281996b6737eaf1c49856ef8b8d .rsrc 0xB8000 0x261C0 0x26200 4.72 f510d3857585944a3072e8e1477e9f00 .reloc 0xDF000 0x67CC 0x6800 6.78 704a73cec3949370af8444ca77511a69 ( 9 imports ) > advapi32.dll: RegDeleteValueW, RegQueryValueExW, CryptAcquireContextA, CryptGenRandom, CryptReleaseContext, RegOpenKeyA, RegEnumKeyA, RegSetValueExW, RegCreateKeyExW, RegDeleteKeyW, TraceEvent, DuplicateTokenEx, CreateWellKnownSid, SetTokenInformation, CreateProcessAsUserA, ConvertStringSecurityDescriptorToSecurityDescriptorA, GetSidSubAuthorityCount, GetSidSubAuthority, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, RegDeleteValueA, OpenThreadToken, OpenProcessToken, GetTokenInformation, RegOpenKeyExW, RegDeleteKeyA, UnregisterTraceGuids, RegisterTraceGuidsA, ConvertSidToStringSidW, ConvertStringSecurityDescriptorToSecurityDescriptorW, CryptAcquireContextW, CryptGetProvParam, GetTraceLoggerHandle, GetTraceEnableLevel, GetTraceEnableFlags, RegCreateKeyExA, RegSetValueExA, RegOpenKeyExA, RegQueryValueExA, RegQueryInfoKeyA, RegEnumKeyExA, RegCloseKey, GetUserNameA, OpenSCManagerA, OpenServiceA, CloseServiceHandle, QueryServiceStatus > iertutil.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, - > kernel32.dll: OpenFileMappingA, CreateFileMappingA, MapViewOfFileEx, FlushViewOfFile, SetEndOfFile, UnmapViewOfFile, OutputDebugStringA, DosDateTimeToFileTime, lstrcmpiW, GetEnvironmentVariableA, GetShortPathNameA, GetShortPathNameW, FindFirstFileA, RemoveDirectoryA, FindNextFileA, FindClose, GetDiskFreeSpaceExA, CopyFileA, SetFileTime, CreateDirectoryA, GetWindowsDirectoryA, GetPrivateProfileStringA, GetFileAttributesA, SetFileAttributesA, GetFileAttributesExA, FileTimeToDosDateTime, GetFileSizeEx, lstrcmpW, RaiseException, MoveFileExA, MoveFileExW, MoveFileW, MoveFileA, SetFilePointerEx, LocalFileTimeToFileTime, CreateSemaphoreA, ReleaseSemaphore, GetCurrentProcessId, GetFileTime, lstrcmpA, GetModuleHandleExA, LoadLibraryW, FreeLibraryAndExitThread, ResetEvent, ExpandEnvironmentStringsA, GetSystemTimeAsFileTime, DeleteFileW, GetACP, InterlockedExchangeAdd, CreateThread, Sleep, OpenMutexA, GetSystemDirectoryA, FormatMessageA, SetErrorMode, IsDBCSLeadByteEx, SystemTimeToFileTime, SizeofResource, TlsFree, TlsGetValue, TlsSetValue, TlsAlloc, GetDateFormatA, GetTimeFormatA, GlobalAlloc, InterlockedCompareExchange, GetCurrentThread, GetCurrentProcess, IsDBCSLeadByte, IsValidCodePage, GlobalFree, GetLongPathNameW, lstrlenW, GetLongPathNameA, DeleteFileA, FormatMessageW, GetModuleHandleA, GetSystemTime, GetModuleHandleW, WritePrivateProfileStringA, GetVersionExA, GetModuleFileNameA, WriteFile, SetFilePointer, CreateFileW, CreateFileA, GetFileSize, ReadFile, FileTimeToSystemTime, LocalReAlloc, HeapFree, HeapAlloc, GetProcessHeap, GetTimeFormatW, GetDateFormatW, GetUserDefaultLCID, GetComputerNameA, GlobalUnlock, GlobalLock, QueryPerformanceCounter, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, LoadResource, FindResourceExW, LoadLibraryExW, MapViewOfFile, CreateFileMappingW, GetLocaleInfoW, GetVersionExW, GetSystemDefaultUILanguage, GetUserDefaultUILanguage, FindResourceW, SearchPathW, CreateActCtxW, ReleaseActCtx, ActivateActCtx, DeactivateActCtx, SetFileAttributesW, CompareFileTime, WritePrivateProfileStringW, GetFileAttributesW, CreateMutexW, DuplicateHandle, OpenMutexW, OpenEventW, LockResource, ResumeThread, GetTickCount, GetProcAddress, LoadLibraryA, FreeLibrary, InterlockedExchange, CloseHandle, GetLastError, SetLastError, EnterCriticalSection, LeaveCriticalSection, CompareStringW, WaitForSingleObject, WideCharToMultiByte, MultiByteToWideChar, CreateEventA, CreateMutexA, CompareStringA, ReleaseMutex, GetCurrentThreadId, LocalFree, LocalAlloc, DeleteCriticalSection, SetEvent, InterlockedIncrement, lstrcmpiA, lstrlenA, InterlockedDecrement, GetModuleFileNameW, InitializeCriticalSectionAndSpinCount > msvcrt.dll: memset, _vsnwprintf, _lock, wcsncmp, bsearch, ___V@YAXPAX@Z, ___U@YAPAXI@Z, _onexit, _wcsnicmp, _wtoi, _wcsicmp, isupper, wcsstr, _purecall, _mbstok, iscntrl, ispunct, _strtoui64, __dllonexit, iswdigit, isalpha, atol, isalnum, _errno, isspace, strpbrk, isdigit, isxdigit, memchr, memcpy, mbtowc, __mb_cur_max, isleadbyte, _iob, _snprintf, _itoa, wctomb, ferror, __badioinfo, __pioinfo, _fileno, _lseeki64, _write, _isatty, _unlock, _adjust_fdiv, _amsg_exit, _initterm, _XcptFilter, iswlower, iswascii, iswxdigit, wcstol, islower, __isascii, strtol, memmove, iswspace, wcsrchr, strrchr, atoi, realloc, free, malloc, time, wcstok, _vsnprintf > normaliz.dll: IdnToAscii, IdnToUnicode > ntdll.dll: RtlUnwind, RtlConvertSidToUnicodeString, RtlMoveMemory > shlwapi.dll: SHRegGetValueW, -, SHRegGetValueA, PathAddBackslashW, PathFindFileNameW, StrRChrW, PathRemoveBackslashA, PathRemoveFileSpecA, -, PathRemoveBlanksA, PathAddBackslashA, -, PathAppendA, -, PathUnExpandEnvStringsA, PathRenameExtensionA, SHDeleteKeyA, SHDeleteValueW, StrCmpNIW, StrCmpNIA, StrStrIA, -, StrChrW, StrChrA, -, -, UrlCombineW, UrlCanonicalizeW, -, PathCreateFromUrlW, UrlUnescapeA, UrlCombineA, UrlCanonicalizeA, StrToIntW, StrCmpW, StrCmpNA, StrRChrA, StrToIntA, StrStrIW, SHGetValueA, SHSetValueA, SHGetValueW, SHSetValueW, -, -, StrStrA, PathCombineW, StrChrNW, StrTrimW > urlmon.dll: -, -, -, -, -, -, - > user32.dll: FindWindowW, PostMessageW, RegisterWindowMessageW, ReleaseDC, GetDC, SendDlgItemMessageW, LoadImageW, GetSystemMetrics, IntersectRect, EqualRect, GetWindowRect, GetWindow, SetForegroundWindow, DestroyIcon, SetDlgItemTextW, SetWindowPos, IsWindow, PostMessageA, CharNextExA, EnumWindows, GetAncestor, IsWindowVisible, EnumChildWindows, GetWindowThreadProcessId, IsCharAlphaNumericA, CharLowerW, CharUpperA, CharToOemA, LoadStringW, DialogBoxParamW, GetDesktopWindow, SendDlgItemMessageA, LoadIconA, LoadImageA, LoadStringA, CharLowerA, DestroyWindow, KillTimer, EnableWindow, SetWindowTextW, GetDlgItem, SetFocus, EndDialog, CheckDlgButton, SendMessageW, SendMessageA, IsDlgButtonChecked, DefWindowProcA, SetWindowLongA, GetWindowLongA, RegisterClassW, CreateWindowExW, SetTimer, GetWindowTextW, MessageBoxW, CharNextA, GetWindowInfo ( 1 exports ) > CommitUrlCacheEntryA, CommitUrlCacheEntryW, CreateMD5SSOHash, CreateUrlCacheContainerA, CreateUrlCacheContainerW, CreateUrlCacheEntryA, CreateUrlCacheEntryW, CreateUrlCacheGroup, DeleteIE3Cache, DeleteUrlCacheContainerA, DeleteUrlCacheContainerW, DeleteUrlCacheEntry, DeleteUrlCacheEntryA, DeleteUrlCacheEntryW, DeleteUrlCacheGroup, DeleteWpadCacheForNetworks, DetectAutoProxyUrl, DispatchAPICall, DllInstall, FindCloseUrlCache, FindFirstUrlCacheContainerA, FindFirstUrlCacheContainerW, FindFirstUrlCacheEntryA, FindFirstUrlCacheEntryExA, FindFirstUrlCacheEntryExW, FindFirstUrlCacheEntryW, FindFirstUrlCacheGroup, FindNextUrlCacheContainerA, FindNextUrlCacheContainerW, FindNextUrlCacheEntryA, FindNextUrlCacheEntryExA, FindNextUrlCacheEntryExW, FindNextUrlCacheEntryW, FindNextUrlCacheGroup, ForceNexusLookup, ForceNexusLookupExW, FreeUrlCacheSpaceA, FreeUrlCacheSpaceW, FtpCommandA, FtpCommandW, FtpCreateDirectoryA, FtpCreateDirectoryW, FtpDeleteFileA, FtpDeleteFileW, FtpFindFirstFileA, FtpFindFirstFileW, FtpGetCurrentDirectoryA, FtpGetCurrentDirectoryW, FtpGetFileA, FtpGetFileEx, FtpGetFileSize, FtpGetFileW, FtpOpenFileA, FtpOpenFileW, FtpPutFileA, FtpPutFileEx, FtpPutFileW, FtpRemoveDirectoryA, FtpRemoveDirectoryW, FtpRenameFileA, FtpRenameFileW, FtpSetCurrentDirectoryA, FtpSetCurrentDirectoryW, GetUrlCacheConfigInfoA, GetUrlCacheConfigInfoW, GetUrlCacheEntryInfoA, GetUrlCacheEntryInfoExA, GetUrlCacheEntryInfoExW, GetUrlCacheEntryInfoW, GetUrlCacheGroupAttributeA, GetUrlCacheGroupAttributeW, GetUrlCacheHeaderData, GopherCreateLocatorA, GopherCreateLocatorW, GopherFindFirstFileA, GopherFindFirstFileW, GopherGetAttributeA, GopherGetAttributeW, GopherGetLocatorTypeA, GopherGetLocatorTypeW, GopherOpenFileA, GopherOpenFileW, HttpAddRequestHeadersA, HttpAddRequestHeadersW, HttpCheckDavCompliance, HttpEndRequestA, HttpEndRequestW, HttpOpenRequestA, HttpOpenRequestW, HttpQueryInfoA, HttpQueryInfoW, HttpSendRequestA, HttpSendRequestExA, HttpSendRequestExW, HttpSendRequestW, IncrementUrlCacheHeaderData, InternetAlgIdToStringA, InternetAlgIdToStringW, InternetAttemptConnect, InternetAutodial, InternetAutodialCallback, InternetAutodialHangup, InternetCanonicalizeUrlA, InternetCanonicalizeUrlW, InternetCheckConnectionA, InternetCheckConnectionW, InternetClearAllPerSiteCookieDecisions, InternetCloseHandle, InternetCombineUrlA, InternetCombineUrlW, InternetConfirmZoneCrossing, InternetConfirmZoneCrossingA, InternetConfirmZoneCrossingW, InternetConnectA, InternetConnectW, InternetCrackUrlA, InternetCrackUrlW, InternetCreateUrlA, InternetCreateUrlW, InternetDial, InternetDialA, InternetDialW, InternetEnumPerSiteCookieDecisionA, InternetEnumPerSiteCookieDecisionW, InternetErrorDlg, InternetFindNextFileA, InternetFindNextFileW, InternetFortezzaCommand, InternetGetCertByURL, InternetGetCertByURLA, InternetGetConnectedState, InternetGetConnectedStateEx, InternetGetConnectedStateExA, InternetGetConnectedStateExW, InternetGetCookieA, InternetGetCookieExA, InternetGetCookieExW, InternetGetCookieW, InternetGetLastResponseInfoA, InternetGetLastResponseInfoW, InternetGetPerSiteCookieDecisionA, InternetGetPerSiteCookieDecisionW, InternetGetSecurityInfoByURL, InternetGetSecurityInfoByURLA, InternetGetSecurityInfoByURLW, InternetGoOnline, InternetGoOnlineA, InternetGoOnlineW, InternetHangUp, InternetInitializeAutoProxyDll, InternetLockRequestFile, InternetOpenA, InternetOpenUrlA, InternetOpenUrlW, InternetOpenW, InternetQueryDataAvailable, InternetQueryFortezzaStatus, InternetQueryOptionA, InternetQueryOptionW, InternetReadFile, InternetReadFileExA, InternetReadFileExW, InternetSecurityProtocolToStringA, InternetSecurityProtocolToStringW, InternetSetCookieA, InternetSetCookieExA, InternetSetCookieExW, InternetSetCookieW, InternetSetDialState, InternetSetDialStateA, InternetSetDialStateW, InternetSetFilePointer, InternetSetOptionA, InternetSetOptionExA, InternetSetOptionExW, InternetSetOptionW, InternetSetPerSiteCookieDecisionA, InternetSetPerSiteCookieDecisionW, InternetSetStatusCallback, InternetSetStatusCallbackA, InternetSetStatusCallbackW, InternetShowSecurityInfoByURL, InternetShowSecurityInfoByURLA, InternetShowSecurityInfoByURLW, InternetTimeFromSystemTime, InternetTimeFromSystemTimeA, InternetTimeFromSystemTimeW, InternetTimeToSystemTime, InternetTimeToSystemTimeA, InternetTimeToSystemTimeW, InternetUnlockRequestFile, InternetWriteFile, InternetWriteFileExA, InternetWriteFileExW, IsHostInProxyBypassList, IsUrlCacheEntryExpiredA, IsUrlCacheEntryExpiredW, LoadUrlCacheContent, ParseX509EncodedCertificateForListBoxEntry, PrivacyGetZonePreferenceW, PrivacySetZonePreferenceW, ReadUrlCacheEntryStream, ReadUrlCacheEntryStreamEx, RegisterUrlCacheNotification, ResumeSuspendedDownload, RetrieveUrlCacheEntryFileA, RetrieveUrlCacheEntryFileW, RetrieveUrlCacheEntryStreamA, RetrieveUrlCacheEntryStreamW, RunOnceUrlCache, SetUrlCacheConfigInfoA, SetUrlCacheConfigInfoW, SetUrlCacheEntryGroup, SetUrlCacheEntryGroupA, SetUrlCacheEntryGroupW, SetUrlCacheEntryInfoA, SetUrlCacheEntryInfoW, SetUrlCacheGroupAttributeA, SetUrlCacheGroupAttributeW, SetUrlCacheHeaderData, ShowCertificate, ShowClientAuthCerts, ShowSecurityInfo, ShowX509EncodedCertificate, UnlockUrlCacheEntryFile, UnlockUrlCacheEntryFileA, UnlockUrlCacheEntryFileW, UnlockUrlCacheEntryStream, UpdateUrlCacheContentPath, UrlZonesDetach, _GetFileExtensionFromUrl TrID : File type identification InstallShield setup (46.1%) Win32 Executable MS Visual C++ (generic) (40.4%) Win32 Executable Generic (9.1%) Generic Win/DOS Executable (2.1%) DOS Executable Generic (2.1%) ssdeep: 12288:QNXDE+TaypW+dfKscIcT3S8SRLlHPWfZHBf893by8YkMMIMMutumKIs:xB+dfKsHcT3JsvF3byJkMMIMMuw sigcheck: publisher....: Microsoft Corporation copyright....: © Microsoft Corporation. All rights reserved. product......: Windows_ Internet Explorer description..: Internet Extensions for Win32 original name: wininet.dll internal name: wininet.dll file version.: 8.00.6001.18923 (longhorn_ie8_gdr.100419-1241) comments.....: n/a signers......: - signing date.: - verified.....: Unsigned PEiD : - RDS : NSRL Reference Data Set -
  2. Havia uma nova versão do ComboFix, e eu atualizei.Novamente o "ComboFix detectou a presença de rootkit e precisou reiniciar o pc".Após o teste, logo que ativei o antivirus, a proteção automatica detectou o "eicar test file" (Av-test.txt), mas este não é um virus é apenas um "teste" para ver se o antivirus reage, certo?Bem, aí esta o log: ComboFix 10-06-28.01 - Administrador 29/06/2010 11:17:42.3.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.447.189 [GMT -3:00] Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe AV: ESET Smart Security 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: Avira FireWall *enabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6} FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0} * AV residente está ativo . (((((((((((((((( Arquivos/Ficheiros criados de 2010-05-28 to 2010-06-29 )))))))))))))))))))))))))))) . 2010-06-28 17:28 . 2010-06-28 17:30 96 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\TurboDemo\WRTDX8672.DLL 2010-06-28 17:28 . 2010-06-28 17:30 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\TurboDemo 2010-06-28 00:51 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe 2010-06-28 00:51 . 2010-02-17 17:07 2194176 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2010-06-28 00:51 . 2009-03-06 14:20 286208 -c----w- c:\windows\system32\dllcache\pdh.dll 2010-06-28 00:51 . 2009-02-09 11:25 111104 -c----w- c:\windows\system32\dllcache\services.exe 2010-06-28 00:51 . 2009-02-09 10:53 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll 2010-06-28 00:51 . 2009-02-09 10:53 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll 2010-06-28 00:51 . 2009-02-09 10:53 683520 -c----w- c:\windows\system32\dllcache\advapi32.dll 2010-06-28 00:51 . 2009-02-09 10:53 730624 -c----w- c:\windows\system32\dllcache\ntdll.dll 2010-06-28 00:51 . 2009-02-09 10:53 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll 2010-06-28 00:51 . 2010-02-16 19:07 2150400 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2010-06-28 00:51 . 2010-02-16 19:07 2028544 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2010-06-28 00:06 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys 2010-06-27 23:43 . 2008-06-14 17:34 272384 -c----w- c:\windows\system32\dllcache\bthport.sys 2010-06-27 23:42 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys 2010-06-27 23:39 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2010-06-27 23:36 . 2008-05-09 10:55 180224 -c----w- c:\windows\system32\dllcache\scrobj.dll 2010-06-27 23:36 . 2008-05-09 10:55 90112 -c----w- c:\windows\system32\dllcache\wshext.dll 2010-06-27 23:36 . 2008-05-09 10:55 172032 -c----w- c:\windows\system32\dllcache\scrrun.dll 2010-06-27 23:36 . 2008-05-09 08:45 135168 -c----w- c:\windows\system32\dllcache\cscript.exe 2010-06-27 23:36 . 2008-05-08 11:24 155648 -c----w- c:\windows\system32\dllcache\wscript.exe 2010-06-27 23:36 . 2009-10-15 16:32 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll 2010-06-27 23:36 . 2009-10-15 16:32 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll 2010-06-27 20:21 . 2009-11-21 15:58 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll 2010-06-27 20:11 . 2008-10-15 16:36 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll 2010-06-27 19:49 . 2010-06-27 19:49 -------- d-----w- c:\windows\system32\bits 2010-06-27 19:45 . 2008-04-13 22:20 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe 2010-06-24 02:50 . 2010-06-24 02:50 -------- d-----w- c:\documents and settings\Convidado\Dados de aplicativos\ESET 2010-06-24 00:46 . 2010-06-24 00:49 -------- d-----w- c:\arquivos de programas\UTorrents (Minha Pasta) 2010-06-24 00:40 . 2010-06-28 19:35 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\uTorrent 2010-06-24 00:19 . 2010-06-24 00:19 184320 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\wlan4.dll 2010-06-24 00:19 . 2010-06-24 00:19 59904 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\ups.dll 2010-06-24 00:19 . 2010-06-24 00:19 10752 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\system.dll 2010-06-24 00:19 . 2010-06-24 00:19 65536 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\sync.dll 2010-06-24 00:14 . 2010-06-24 00:19 75264 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\stp.dll 2010-06-24 00:14 . 2010-06-24 00:14 90624 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\secure.dll 2010-06-24 00:14 . 2010-06-24 00:14 116736 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\roting4.dll 2010-06-24 00:13 . 2010-06-24 00:14 59392 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\radlan.dll 2010-06-24 00:13 . 2010-06-24 00:13 109056 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\ppp.dll 2010-06-24 00:13 . 2010-06-24 00:13 70656 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\pim.dll 2010-06-24 00:13 . 2010-06-24 00:13 57856 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\ntp.dll 2010-06-24 00:13 . 2010-06-24 00:13 71168 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\mpls.dll 2010-06-24 00:11 . 2010-06-24 00:13 58368 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\lcd.dll 2010-06-24 00:09 . 2010-06-24 00:11 57344 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\isdn.dll 2010-06-24 00:09 . 2010-06-24 00:09 76288 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\ipv6.dll 2010-06-24 00:09 . 2010-06-24 00:09 79872 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\hotspot.dll 2010-06-24 00:09 . 2010-06-24 00:09 69632 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\dhcp.dll 2010-06-24 00:09 . 2010-06-24 00:09 58880 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\arlan.dll 2010-06-24 00:09 . 2010-06-24 00:09 69632 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\advtool.dll 2010-06-24 00:07 . 2010-06-24 00:09 1514496 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\roteros.dll 2010-06-23 18:34 . 2010-06-23 18:34 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Megaupload 2010-06-23 18:33 . 2010-06-23 18:33 -------- d-----w- c:\arquivos de programas\Megaupload 2010-06-23 13:40 . 2010-06-23 13:40 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\ESET 2010-06-23 13:38 . 2010-06-23 13:38 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\ESET 2010-06-23 13:38 . 2010-06-23 13:38 -------- d-----w- c:\arquivos de programas\ESET 2010-06-23 03:08 . 2010-06-23 03:08 184320 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\wlan4.dll 2010-06-23 03:08 . 2010-06-23 03:08 59904 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\ups.dll 2010-06-23 03:08 . 2010-06-23 03:08 10752 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\system.dll 2010-06-23 03:08 . 2010-06-23 03:08 65536 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\sync.dll 2010-06-23 03:08 . 2010-06-23 03:08 90624 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\secure.dll 2010-06-23 03:08 . 2010-06-23 03:08 116736 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\roting4.dll 2010-06-23 03:08 . 2010-06-23 03:08 59392 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\radlan.dll 2010-06-23 03:07 . 2010-06-23 03:08 110080 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\ppp.dll 2010-06-23 03:07 . 2010-06-23 03:07 70656 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\pim.dll 2010-06-23 03:07 . 2010-06-23 03:07 57856 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\ntp.dll 2010-06-23 03:07 . 2010-06-23 03:07 71168 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\mpls.dll 2010-06-23 03:07 . 2010-06-23 03:07 58368 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\lcd.dll 2010-06-23 03:07 . 2010-06-23 03:07 57344 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\isdn.dll 2010-06-23 03:07 . 2010-06-23 03:07 76288 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\ipv6.dll 2010-06-23 03:07 . 2010-06-23 03:07 79872 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\hotspot.dll 2010-06-23 03:07 . 2010-06-23 03:07 70144 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\dhcp.dll 2010-06-23 03:07 . 2010-06-23 03:07 58880 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\arlan.dll 2010-06-23 03:07 . 2010-06-23 03:07 69632 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\advtool.dll 2010-06-23 03:07 . 2010-06-23 03:07 1531904 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\roteros.dll 2010-06-23 03:06 . 2010-06-23 03:06 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik 2010-06-21 18:38 . 2010-06-28 17:03 -------- d-----w- C:\Downloads 2010-06-21 18:11 . 2010-06-21 19:20 -------- d-----w- c:\arquivos de programas\GetRight 2010-06-21 17:52 . 2010-06-26 18:45 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Tor 2010-06-21 17:52 . 2010-06-26 18:45 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Vidalia 2010-06-21 17:52 . 2010-06-21 17:52 -------- d-----w- c:\arquivos de programas\Vidalia Bundle 2010-06-20 02:35 . 2010-06-21 23:49 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP 2010-06-19 19:11 . 2010-06-19 19:11 -------- d-----w- c:\arquivos de programas\Acoustica Shared Effects 2010-06-19 19:11 . 2010-06-19 19:11 -------- d-----w- c:\arquivos de programas\Acoustica Beatcraft 2010-06-19 18:31 . 2010-06-19 18:31 -------- d-----w- c:\arquivos de programas\ASIO4ALL v2 2010-06-19 18:28 . 2010-06-19 18:28 -------- d-----w- c:\arquivos de programas\Outsim 2010-06-19 18:25 . 2010-06-19 19:10 -------- d-----w- c:\arquivos de programas\Image-Line 2010-06-19 17:04 . 2010-06-19 17:04 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Socusoft 2010-06-19 17:03 . 2010-06-03 12:00 24064 ----a-w- c:\windows\system32\msxml3a.dll 2010-06-19 17:01 . 2010-06-19 17:03 -------- d-----w- c:\arquivos de programas\DVD Photo Slideshow Professional 2010-06-19 17:01 . 2010-06-19 17:01 -------- d-----w- c:\arquivos de programas\Socusoft 2010-06-18 23:43 . 2010-06-18 23:43 -------- d-----w- c:\arquivos de programas\Windows Live SkyDrive 2010-06-18 23:43 . 2010-06-18 23:43 -------- d-----w- c:\arquivos de programas\Windows Live 2010-06-18 23:14 . 2009-11-20 19:26 25984 ----a-w- c:\windows\system32\drivers\tap0901.sys 2010-06-18 22:25 . 2010-06-18 22:25 3584 ----a-r- c:\documents and settings\Administrador\Dados de aplicativos\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe 2010-06-18 22:25 . 2010-06-18 22:25 -------- d-----w- c:\arquivos de programas\Windows Installer Clean Up 2010-06-18 20:15 . 2010-06-18 20:15 -------- d-----w- c:\windows\system32\wbem\Repository 2010-06-18 17:35 . 2010-06-28 17:04 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\GetRight 2010-06-18 16:15 . 2010-06-18 16:15 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java 2010-06-17 20:01 . 2010-06-25 19:20 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\QuickScan 2010-06-17 20:01 . 2010-05-31 19:34 702120 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\i51zogxw.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll 2010-06-17 20:01 . 2010-05-31 19:34 868456 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\i51zogxw.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll 2010-06-17 16:14 . 2010-06-17 16:14 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\DivX 2010-06-17 14:57 . 2010-06-18 00:19 48620 ---há-w- c:\windows\system32\mlfcache.dat 2010-06-17 14:50 . 2010-06-17 14:50 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Apple Computer 2010-06-17 14:50 . 2010-06-17 14:50 -------- d-----w- c:\arquivos de programas\Safari 2010-06-17 14:50 . 2010-06-17 14:50 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer 2010-06-17 14:49 . 2010-06-17 14:49 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Apple 2010-06-17 14:48 . 2010-06-17 14:48 -------- d-----w- c:\arquivos de programas\Apple Software Update 2010-06-17 14:48 . 2010-06-17 14:48 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple 2010-06-17 13:46 . 2010-06-17 13:46 0 ----a-w- c:\windows\nsreg.dat 2010-06-16 20:03 . 2010-06-16 20:10 -------- d--h--w- c:\windows\msdownld.tmp 2010-06-16 16:11 . 2003-06-25 19:05 266360 ----a-w- c:\windows\system32\TweakUI.exe 2010-06-13 18:05 . 2010-06-27 19:46 -------- d-----w- c:\windows\ServicePackFiles 2010-06-13 17:35 . 2010-06-13 17:35 -------- d-----w- c:\documents and settings\LocalService\Dados de aplicativos\McAfee 2010-06-11 18:49 . 2010-06-11 18:49 -------- d-sh--w- c:\documents and settings\Convidado\IECompatCache 2010-06-11 18:48 . 2010-06-11 18:48 -------- d-sh--w- c:\documents and settings\Convidado\PrivacIE 2010-06-11 18:10 . 2010-06-11 18:10 -------- d-sh--w- c:\documents and settings\Convidado\IETldCache 2010-06-11 16:52 . 2010-06-11 16:52 -------- d-sh--w- c:\documents and settings\Administrador\IECompatCache 2010-06-11 16:50 . 2010-06-11 16:50 -------- d-sh--w- c:\documents and settings\Administrador\PrivacIE 2010-06-11 16:47 . 2010-06-11 16:47 -------- d-sh--w- c:\documents and settings\Administrador\IETldCache 2010-06-11 16:44 . 2010-06-13 18:25 -------- d-----w- c:\windows\ie8updates 2010-06-11 16:42 . 2010-06-11 16:43 -------- dc-h--w- c:\windows\ie8 2010-06-11 16:38 . 2010-05-06 10:34 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2010-06-11 16:38 . 2010-05-06 10:34 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-28 14:05 . 2001-10-28 17:07 68422 ----a-w- c:\windows\system32\perfc016.dat 2010-06-28 14:05 . 2001-10-28 17:07 428674 ----a-w- c:\windows\system32\perfh016.dat 2010-06-23 18:33 . 2007-09-07 23:19 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information 2010-06-22 22:18 . 2008-01-26 14:21 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Media Player Classic 2010-06-22 00:22 . 2007-09-08 00:00 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Vso 2010-06-19 20:39 . 2009-11-05 14:42 16 ----a-w- c:\windows\msocreg32.dat 2010-06-17 13:44 . 2009-12-30 14:16 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\MSScanAppDataDir 2010-06-10 16:53 . 2009-12-11 22:07 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira 2010-06-08 13:01 . 2010-01-28 14:37 49586 ----a-w- c:\windows\system32\prfc0416.dat 2010-06-08 13:01 . 2010-01-28 14:37 347294 ----a-w- c:\windows\system32\prfh0416.dat 2010-06-07 16:13 . 2010-02-05 14:15 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware 2010-05-30 17:18 . 2009-05-25 17:11 -------- d-----w- c:\arquivos de programas\Sweet Home 3D 1.8 2010-05-12 23:40 . 2008-05-07 17:34 -------- d-----w- c:\arquivos de programas\EMULADORES 2010-05-06 10:34 . 2004-08-04 03:45 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-02 08:08 . 2004-08-04 03:38 1851392 ----a-w- c:\windows\system32\win32k.sys 2010-04-29 18:39 . 2010-02-05 14:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 18:39 . 2010-02-05 14:15 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-20 05:47 . 2004-08-04 03:44 285696 ----a-w- c:\windows\system32\atmfd.dll 2010-04-17 01:12 . 2010-04-17 01:12 48464 ----a-w- c:\windows\system32\sirenacm.dll . ------- Sigcheck ------- [-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\tcpip.sys [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\abc8d424bc7438e463cef8a2ec1c00e4\sp3gdr\tcpip.sys [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys [-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys [-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys [-] 2008-07-07 20:31 . C8FDAFC91302E9E905182EC6A2D1612A . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll [-] 2008-07-07 20:28 . B024AB8B7692D47C8176BE92AB36D316 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll [-] 2008-07-07 20:28 . B024AB8B7692D47C8176BE92AB36D316 . 253952 . . [2001.12.4414.706] . . c:\windows\ERDNT\cache\es.dll [-] 2008-07-07 20:28 . B024AB8B7692D47C8176BE92AB36D316 . 253952 . . [2001.12.4414.706] . . c:\windows\SoftwareDistribution\Download\cef92b38c90fc921728c6ea550391cb2\sp3gdr\es.dll [-] 2008-07-07 20:28 . B024AB8B7692D47C8176BE92AB36D316 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll [-] 2008-07-07 20:28 . B024AB8B7692D47C8176BE92AB36D316 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll [-] 2008-07-07 20:25 . 58586EB44E6FD9A711943647C8451741 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll [-] 2008-07-07 20:18 . 788A6C475F332290217C33921623CF48 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll [7] 2008-04-13 22:20 . 957E7822860EB8E5CD9EDB7BA04B7E65 . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll [-] 2010-05-06 . 20800D7145CF4E247775458B404FD44A . 5950976 . . [8.00.6001.18928] . . c:\windows\ERDNT\cache\mshtml.dll [-] 2010-05-06 . 20800D7145CF4E247775458B404FD44A . 5950976 . . [8.00.6001.18928] . . c:\windows\system32\mshtml.dll [-] 2010-05-06 . 20800D7145CF4E247775458B404FD44A . 5950976 . . [8.00.6001.18928] . . c:\windows\system32\dllcache\mshtml.dll [-] 2010-05-06 . AA1410ABF16D5F3655569927075CEF05 . 5953024 . . [8.00.6001.23019] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll [-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB982381-IE8\mshtml.dll [7] 2008-04-13 . 64C5EB55D74A90AB4DC89F9A6C2E797F . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll [7] 2004-08-04 . 2D36439FE3C0FBD30F5ABD8FDBAA31B5 . 3003392 . . [6.00.2900.2180] . . c:\windows\ie8\mshtml.dll [-] 2008-06-20 . 401BBBCD7A0116BF42BE81171510486A . 247808 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll [-] 2008-06-20 . 401BBBCD7A0116BF42BE81171510486A . 247808 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\mswsock.dll [-] 2008-06-20 . 401BBBCD7A0116BF42BE81171510486A . 247808 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\abc8d424bc7438e463cef8a2ec1c00e4\sp3gdr\mswsock.dll [-] 2008-06-20 . 401BBBCD7A0116BF42BE81171510486A . 247808 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll [-] 2008-06-20 . 401BBBCD7A0116BF42BE81171510486A . 247808 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll [-] 2008-06-20 . 5265EA72F599CF8277A34780F6369B60 . 247808 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll [-] 2008-06-20 . 59AB513554BA8770BF493D6F2121637B . 247808 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll [-] 2008-06-20 . E8C71AECFD3B76407430A22C9EB371FF . 247808 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll [7] 2008-04-13 . CF7C16037A5905AA5A173813D14D5C4A . 247808 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll [-] 2010-05-06 . 2B050AA55BEB6F3D5BF29FD7D3893A4E . 916480 . . [8.00.6001.18923] . . c:\windows\ERDNT\cache\wininet.dll [-] 2010-05-06 . 2B050AA55BEB6F3D5BF29FD7D3893A4E . 916480 . . [8.00.6001.18923] . . c:\windows\system32\wininet.dll [-] 2010-05-06 . 2B050AA55BEB6F3D5BF29FD7D3893A4E . 916480 . . [8.00.6001.18923] . . c:\windows\system32\dllcache\wininet.dll [-] 2010-05-06 . 326CDF2109D669998922946D6B490836 . 919040 . . [8.00.6001.23014] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll [-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB982381-IE8\wininet.dll [7] 2008-04-13 . DF6D0F37A71883BE3505DD517EB8AD83 . 668160 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll [7] 2004-08-04 . 398A619CE60090303042D1F8CC68F712 . 658432 . . [6.00.2900.2180] . . c:\windows\ie8\wininet.dll . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="c:\arquivos de programas\ESET\ESET Smart Security\egui.exe" [2010-03-24 2145000] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "MaxRecentDocs"= 10 (0xa) "NoRecentDocsNetHood"= 1 (0x1) [HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^desktop.ini] path=c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\desktop.ini backup=c:\windows\pss\desktop.iniStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^desktop.ini] path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\desktop.ini backup=c:\windows\pss\desktop.iniCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2007-01-15 19:14 147456 ----a-r- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] 2004-08-22 20:05 81920 ----a-r- c:\arquivos de programas\D-Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig] 2008-04-13 22:21 171520 ----a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2006-01-12 18:40 155648 ----a-r- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2003-12-08 20:35 32768 ----a-r- c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL] 2004-12-28 22:01 544768 ----a-w- c:\windows\sm56hlpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] 2006-08-02 21:12 577536 ------w- c:\windows\soundman.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp] 2006-04-11 08:06 176128 ----a-w- c:\windows\system32\VTTrayp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "TuneUp.Defrag"=3 (0x3) "NBService"=3 (0x3) "WZCSVC"=2 (0x2) "UxTuneUp"=2 (0x2) "TapiSrv"=3 (0x3) "RDSessMgr"=3 (0x3) "RasMan"=3 (0x3) "RasAuto"=3 (0x3) "mnmsrvc"=3 (0x3) "ImapiService"=3 (0x3) "getPlusHelper"=3 (0x3) "XoftSpyService"=3 (0x3) "TuneUp.UtilitiesSvc"=2 (0x2) "ose"=3 (0x3) "MDM"=2 (0x2) "gusvc"=3 (0x3) "gupdate"=2 (0x2) "rjhnrsqbm"=2 (0x2) "FastUserSwitchingCompatibility"=3 (0x3) "helpsvc"=2 (0x2) "wscsvc"=2 (0x2) "SharedAccess"=2 (0x2) "SCardSvr"=3 (0x3) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Google Update"="c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "VTTimer"=VTTimer.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Arquivos de programas\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"= "c:\\Arquivos de programas\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Arquivos de programas\\UTorrents (Minha Pasta)\\uTorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1277:TCP"= 1277:TCP:*:Disabled:qxfyulz R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [7/9/2007 20:59 155136] R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [7/9/2007 20:59 5248] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [24/3/2010 20:31 114984] R2 ekrn;ESET Service;c:\arquivos de programas\ESET\ESET Smart Security\ekrn.exe [24/3/2010 20:31 810120] S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [26/6/2010 11:26 136176] S2 rjhnrsqbm;Support Server;c:\windows\system32\svchost.exe -k netsvcs [4/8/2004 00:45 14336] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\arquivos de programas\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [25/2/2010 11:18 10064] S3 uti3nzc5;AVZ Kernel Driver;c:\windows\system32\drivers\uti3nzc5.sys [11/12/2009 17:31 7168] S4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\arquivos de programas\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [7/5/2010 17:48 1051976] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Conteúdo da pasta 'Tarefas Agendadas' 2010-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-06-26 14:26] 2010-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-06-26 14:26] . . ------- Scan Suplementar ------- . uStart Page = hxxp://www.google.com.br/ uInternet Connection Wizard,ShellNext = iexplore uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Download Link Using Mega Manager... - c:\arquivos de programas\Megaupload\Mega Manager\mm_file.htm IE: Download with GetRight - c:\arquivos de programas\GetRight\GRdownload.htm IE: Open with GetRight Browser - c:\arquivos de programas\GetRight\GRbrowse.htm TCP: {8AD1177A-26EC-45AA-A0C5-1772FE68E6CC} = 198.153.192.1,198.153.194.1 FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\i51zogxw.default\ FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br FF - prefs.js: network.proxy.type - 0 FF - component: c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\i51zogxw.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll FF - plugin: c:\arquivos de programas\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\i51zogxw.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll ---- FIREFOX POLICIES ---- FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-29 11:25 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8486D870]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf75acf28 \Driver\ACPI -> ACPI.sys @ 0xf74d9cb8 \Driver\atapi -> 0x8486d870 IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615 ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac \Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615 ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac NDIS: VIA Rhine II Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf735fbb0 PacketIndicateHandler -> NDIS.sys @ 0xf736ca21 SendHandler -> NDIS.sys @ 0xf734a87b Warning: possible MBR rootkit infection ! user & kernel MBR OK ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet006\Services\rjhnrsqbm] "ServiceDll"="c:\windows\system32\hincakl.dll" . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- [HKEY_USERS\S-1-5-21-796845957-115176313-725345543-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,49,4c,65,43,56,d8,40,4f,96,08,c2,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,49,4c,65,43,56,d8,40,4f,96,08,c2,\ "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,49,4c,65,43,56,d8,40,4f,96,08,c2,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|þ»Òw*] "6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . Tempo para conclusão: 2010-06-29 11:30:02 ComboFix-quarantined-files.txt 2010-06-29 14:29 ComboFix2.txt 2010-06-28 19:53 ComboFix3.txt 2010-06-25 16:30 Pré-execução: 11 pasta(s) 25.866.915.840 bytes disponíveis Pós execução: 12 pasta(s) 25.862.721.536 bytes disponíveis Current=6 Default=6 Failed=2 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8 - - End Of File - - 39695115BC43EFE23D63358F4F79EB4C
  3. Mais um detalhe...Logo após o procedimento com o ComboFix, fiz um scan automático com o ESET Smart Security, (pois desinstalei o Avira porque não estava atualizando) e havia alguns trojans..Dois deles estavam na pasta que o ComboFix criou..Os outros já estavam na quarentena... Locais dos vírus: C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Av-test.txt - Eicar test file C:\QooBox\32788R22FWJFW\uagp35.sys - Win32/Olmarik.ZC trojan C:\Arquivos de programas\EMULADORES\P64\Project64 1.7.0.55E\NRage-Language-1034.dll - Win32/Agent trojan C:\WINDOWS\system32\drivers\uagp35.sys - Win32/Olmarik.ZC trojan C:\WINDOWS\system32\drivers\uagp35.sys.tmp - Win32/Olmarik.ZC trojan E estes, (todos uma variante do Win32/TrojanClicker.Delf.NKC trojan): C:\WINDOWS\system32\emxqkjn.dll C:\WINDOWS\system32\ywdlyom.dll C:\WINDOWS\system32\ttgtdsw.dll C:\WINDOWS\system32\ceidajv.dll C:\WINDOWS\system32\nlxylqz.dll C:\WINDOWS\system32\wedqqhz.dll C:\WINDOWS\system32\vdutiby.dll C:\WINDOWS\system32\henaxzk.dll C:\WINDOWS\system32\vzckwya.dll C:\WINDOWS\system32\tunmasw.dll Só que assim que eles eram postos na quarentena, acho que eles voltavam,porque ocorria um erro no log do antivirus em: C:\WINDOWS\Temp\xnpg.tmp\svchost.exe. Espero q isso possa ajudar em algo..
  4. Bem, estamos no caminho certo...havia um rootkit... ComboFix 10-06-24.03 - Administrador 25/06/2010 13:19:47.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.447.197 [GMT -3:00] Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe AV: ESET Smart Security 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: Avira FireWall *enabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6} FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0} * AV residente está ativo . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Administrador\Dados de aplicativos\.# c:\documents and settings\Administrador\Dados de aplicativos\.#\MBX@150@935368.### c:\documents and settings\Administrador\Dados de aplicativos\.#\MBX@150@935A58.### c:\documents and settings\Administrador\Dados de aplicativos\.#\MBX@51C@9352F0.### c:\documents and settings\Administrador\Dados de aplicativos\.#\MBX@51C@9359E0.### c:\documents and settings\Administrador\Dados de aplicativos\.#\MBX@6E8@935368.### c:\documents and settings\Administrador\Dados de aplicativos\.#\MBX@6E8@935A58.### c:\documents and settings\mario\jpeg.dll c:\documents and settings\mario\libtiff.dll c:\documents and settings\mario\MARIO.exe c:\documents and settings\mario\ogg.dll c:\documents and settings\mario\smpeg.dll c:\documents and settings\mario\vorbis.dll c:\documents and settings\mario\vorbisfile.dll c:\windows\system32\msvcsv60.dll A cópia de c:\windows\system32\drivers\uagp35.sys foi encontrada e desinfectada Cópia restaurada de - Kitty had a snack :p . (((((((((((((((( Arquivos/Ficheiros criados de 2010-05-25 to 2010-06-25 )))))))))))))))))))))))))))) . 2010-06-24 02:50 . 2010-06-24 02:50 -------- d-----w- c:\documents and settings\Convidado\Dados de aplicativos\ESET 2010-06-24 00:46 . 2010-06-24 00:49 -------- d-----w- c:\arquivos de programas\UTorrents (Minha Pasta) 2010-06-24 00:40 . 2010-06-25 16:02 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\uTorrent 2010-06-24 00:19 . 2010-06-24 00:19 184320 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\wlan4.dll 2010-06-24 00:19 . 2010-06-24 00:19 59904 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\ups.dll 2010-06-24 00:19 . 2010-06-24 00:19 10752 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\system.dll 2010-06-24 00:19 . 2010-06-24 00:19 65536 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\sync.dll 2010-06-24 00:14 . 2010-06-24 00:19 75264 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\stp.dll 2010-06-24 00:14 . 2010-06-24 00:14 90624 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\secure.dll 2010-06-24 00:14 . 2010-06-24 00:14 116736 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\roting4.dll 2010-06-24 00:13 . 2010-06-24 00:14 59392 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\radlan.dll 2010-06-24 00:13 . 2010-06-24 00:13 109056 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\ppp.dll 2010-06-24 00:13 . 2010-06-24 00:13 70656 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\pim.dll 2010-06-24 00:13 . 2010-06-24 00:13 57856 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\ntp.dll 2010-06-24 00:13 . 2010-06-24 00:13 71168 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\mpls.dll 2010-06-24 00:11 . 2010-06-24 00:13 58368 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\lcd.dll 2010-06-24 00:09 . 2010-06-24 00:11 57344 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\isdn.dll 2010-06-24 00:09 . 2010-06-24 00:09 76288 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\ipv6.dll 2010-06-24 00:09 . 2010-06-24 00:09 79872 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\hotspot.dll 2010-06-24 00:09 . 2010-06-24 00:09 69632 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\dhcp.dll 2010-06-24 00:09 . 2010-06-24 00:09 58880 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\arlan.dll 2010-06-24 00:09 . 2010-06-24 00:09 69632 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\advtool.dll 2010-06-24 00:07 . 2010-06-24 00:09 1514496 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\roteros.dll 2010-06-23 18:34 . 2010-06-23 18:34 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Megaupload 2010-06-23 18:33 . 2010-06-23 18:33 -------- d-----w- c:\arquivos de programas\Megaupload 2010-06-23 13:40 . 2010-06-23 13:40 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\ESET 2010-06-23 13:38 . 2010-06-23 13:38 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\ESET 2010-06-23 13:38 . 2010-06-23 13:38 -------- d-----w- c:\arquivos de programas\ESET 2010-06-23 03:08 . 2010-06-23 03:08 184320 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\wlan4.dll 2010-06-23 03:08 . 2010-06-23 03:08 59904 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\ups.dll 2010-06-23 03:08 . 2010-06-23 03:08 10752 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\system.dll 2010-06-23 03:08 . 2010-06-23 03:08 65536 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\sync.dll 2010-06-23 03:08 . 2010-06-23 03:08 90624 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\secure.dll 2010-06-23 03:08 . 2010-06-23 03:08 116736 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\roting4.dll 2010-06-23 03:08 . 2010-06-23 03:08 59392 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\radlan.dll 2010-06-23 03:07 . 2010-06-23 03:08 110080 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\ppp.dll 2010-06-23 03:07 . 2010-06-23 03:07 70656 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\pim.dll 2010-06-23 03:07 . 2010-06-23 03:07 57856 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\ntp.dll 2010-06-23 03:07 . 2010-06-23 03:07 71168 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\mpls.dll 2010-06-23 03:07 . 2010-06-23 03:07 58368 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\lcd.dll 2010-06-23 03:07 . 2010-06-23 03:07 57344 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\isdn.dll 2010-06-23 03:07 . 2010-06-23 03:07 76288 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\ipv6.dll 2010-06-23 03:07 . 2010-06-23 03:07 79872 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\hotspot.dll 2010-06-23 03:07 . 2010-06-23 03:07 70144 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\dhcp.dll 2010-06-23 03:07 . 2010-06-23 03:07 58880 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\arlan.dll 2010-06-23 03:07 . 2010-06-23 03:07 69632 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\advtool.dll 2010-06-23 03:07 . 2010-06-23 03:07 1531904 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\roteros.dll 2010-06-23 03:06 . 2010-06-23 03:06 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik 2010-06-21 18:38 . 2010-06-24 20:10 -------- d-----w- C:\Downloads 2010-06-21 18:11 . 2010-06-21 19:20 -------- d-----w- c:\arquivos de programas\GetRight 2010-06-21 17:52 . 2010-06-23 20:45 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Tor 2010-06-21 17:52 . 2010-06-23 20:45 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Vidalia 2010-06-21 17:52 . 2010-06-21 17:52 -------- d-----w- c:\arquivos de programas\Vidalia Bundle 2010-06-20 02:35 . 2010-06-21 23:49 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP 2010-06-19 19:11 . 2010-06-19 19:11 -------- d-----w- c:\arquivos de programas\Acoustica Shared Effects 2010-06-19 19:11 . 2010-06-19 19:11 -------- d-----w- c:\arquivos de programas\Acoustica Beatcraft 2010-06-19 18:31 . 2010-06-19 18:31 -------- d-----w- c:\arquivos de programas\ASIO4ALL v2 2010-06-19 18:28 . 2010-06-19 18:28 -------- d-----w- c:\arquivos de programas\Outsim 2010-06-19 18:25 . 2010-06-19 19:10 -------- d-----w- c:\arquivos de programas\Image-Line 2010-06-19 17:04 . 2010-06-19 17:04 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Socusoft 2010-06-19 17:03 . 2010-06-03 12:00 24064 ----a-w- c:\windows\system32\msxml3a.dll 2010-06-19 17:01 . 2010-06-19 17:03 -------- d-----w- c:\arquivos de programas\DVD Photo Slideshow Professional 2010-06-19 17:01 . 2010-06-19 17:01 -------- d-----w- c:\arquivos de programas\Socusoft 2010-06-18 23:43 . 2010-06-18 23:43 -------- d-----w- c:\arquivos de programas\Windows Live SkyDrive 2010-06-18 23:43 . 2010-06-18 23:43 -------- d-----w- c:\arquivos de programas\Windows Live 2010-06-18 23:14 . 2009-11-20 19:26 25984 ----a-w- c:\windows\system32\drivers\tap0901.sys 2010-06-18 22:25 . 2010-06-18 22:25 3584 ----a-r- c:\documents and settings\Administrador\Dados de aplicativos\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe 2010-06-18 22:25 . 2010-06-18 22:25 -------- d-----w- c:\arquivos de programas\Windows Installer Clean Up 2010-06-18 20:15 . 2010-06-18 20:15 -------- d-----w- c:\windows\system32\wbem\Repository 2010-06-18 17:35 . 2010-06-24 20:10 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\GetRight 2010-06-18 16:15 . 2010-06-18 16:15 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java 2010-06-17 20:01 . 2010-06-22 16:46 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\QuickScan 2010-06-17 20:01 . 2010-05-31 19:34 702120 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\i51zogxw.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll 2010-06-17 20:01 . 2010-05-31 19:34 868456 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\i51zogxw.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll 2010-06-17 16:14 . 2010-06-17 16:14 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\DivX 2010-06-17 14:57 . 2010-06-18 00:19 48620 ---há-w- c:\windows\system32\mlfcache.dat 2010-06-17 14:50 . 2010-06-17 14:50 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Apple Computer 2010-06-17 14:50 . 2010-06-17 14:50 -------- d-----w- c:\arquivos de programas\Safari 2010-06-17 14:50 . 2010-06-17 14:50 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer 2010-06-17 14:49 . 2010-06-17 14:49 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Apple 2010-06-17 14:48 . 2010-06-17 14:48 -------- d-----w- c:\arquivos de programas\Apple Software Update 2010-06-17 14:48 . 2010-06-17 14:48 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple 2010-06-17 13:46 . 2010-06-17 13:46 0 ----a-w- c:\windows\nsreg.dat 2010-06-16 20:03 . 2010-06-16 20:10 -------- d--h--w- c:\windows\msdownld.tmp 2010-06-16 19:18 . 2010-06-16 19:18 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Uniblue 2010-06-16 16:11 . 2003-06-25 19:05 266360 ----a-w- c:\windows\system32\TweakUI.exe 2010-06-16 13:42 . 2010-06-16 14:39 -------- d-----w- c:\windows\system32\CatRoot_bak 2010-06-13 18:05 . 2010-06-13 18:05 -------- d-----w- c:\windows\ServicePackFiles 2010-06-13 17:35 . 2010-06-13 17:35 -------- d-----w- c:\documents and settings\LocalService\Dados de aplicativos\McAfee 2010-06-11 18:49 . 2010-06-11 18:49 -------- d-sh--w- c:\documents and settings\Convidado\IECompatCache 2010-06-11 18:48 . 2010-06-11 18:48 -------- d-sh--w- c:\documents and settings\Convidado\PrivacIE 2010-06-11 18:10 . 2010-06-11 18:10 -------- d-sh--w- c:\documents and settings\Convidado\IETldCache 2010-06-11 16:52 . 2010-06-11 16:52 -------- d-sh--w- c:\documents and settings\Administrador\IECompatCache 2010-06-11 16:50 . 2010-06-11 16:50 -------- d-sh--w- c:\documents and settings\Administrador\PrivacIE 2010-06-11 16:47 . 2010-06-11 16:47 -------- d-sh--w- c:\documents and settings\Administrador\IETldCache 2010-06-11 16:44 . 2010-06-13 18:25 -------- d-----w- c:\windows\ie8updates 2010-06-11 16:42 . 2010-06-11 16:43 -------- dc-h--w- c:\windows\ie8 2010-06-11 16:38 . 2010-05-06 10:34 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2010-06-11 16:38 . 2010-05-06 10:34 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2010-06-11 16:37 . 2010-05-06 10:34 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2010-06-11 16:37 . 2010-05-06 10:34 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2010-06-11 16:37 . 2010-05-06 10:34 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2010-06-11 16:37 . 2010-05-06 10:34 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll 2010-06-11 16:37 . 2010-05-06 10:34 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll 2010-06-11 16:23 . 2010-04-16 11:43 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll 2010-06-11 01:59 . 2010-06-11 01:59 -------- d-sh--w- c:\documents and settings\Convidado\UserData 2010-06-11 01:56 . 2010-06-24 02:51 -------- d-----w- c:\documents and settings\Convidado\Tracing 2010-06-11 00:25 . 2010-06-11 00:25 -------- d-----w- c:\documents and settings\Convidado\Dados de aplicativos\TuneUp Software 2010-06-10 23:48 . 2010-05-07 20:50 30536 ----a-w- c:\windows\system32\TURegOpt.exe 2010-06-10 23:48 . 2010-05-07 20:45 30024 ----a-w- c:\windows\system32\uxtuneup.dll 2010-06-10 23:47 . 2010-06-10 23:48 -------- d-----w- c:\arquivos de programas\TuneUp Utilities 2010 2010-06-10 23:47 . 2010-06-10 23:47 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\TuneUp Software 2010-06-10 21:08 . 2010-02-16 19:33 2062592 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe 2010-06-10 21:07 . 2010-02-16 19:32 2020864 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2010-06-10 21:07 . 2010-02-16 19:33 2185600 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2010-06-10 21:07 . 2010-02-16 19:33 2141184 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2010-06-10 15:05 . 2010-06-10 15:24 -------- d-----w- c:\arquivos de programas\Google 2010-06-08 16:01 . 2010-02-24 12:31 454016 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2010-06-08 15:52 . 2008-06-14 17:59 272384 -c----w- c:\windows\system32\dllcache\bthport.sys 2010-06-08 15:52 . 2008-06-14 17:59 272384 ------w- c:\windows\system32\drivers\bthport.sys 2010-06-08 14:16 . 2010-06-08 14:16 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\TuneUp Software 2010-06-08 14:15 . 2010-06-08 14:15 -------- d-sh--w- c:\documents and settings\All Users\Dados de aplicativos\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} 2010-06-08 14:14 . 2010-06-08 14:14 -------- d-----w- c:\arquivos de programas\Speccy 2010-06-08 13:40 . 2010-06-08 13:40 -------- d-----w- c:\arquivos de programas\Defraggler 2010-06-08 13:37 . 2010-06-08 13:37 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Yahoo! . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-25 15:17 . 2007-09-07 19:17 44672 ----a-w- c:\windows\system32\drivers\uagp35.sys 2010-06-23 18:33 . 2007-09-07 23:19 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information 2010-06-22 22:18 . 2008-01-26 14:21 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Media Player Classic 2010-06-22 00:22 . 2007-09-08 00:00 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Vso 2010-06-19 20:39 . 2009-11-05 14:42 16 ----a-w- c:\windows\msocreg32.dat 2010-06-18 19:20 . 2001-10-28 17:07 68306 ----a-w- c:\windows\system32\perfc016.dat 2010-06-18 19:20 . 2001-10-28 17:07 428330 ----a-w- c:\windows\system32\perfh016.dat 2010-06-17 13:44 . 2009-12-30 14:16 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\MSScanAppDataDir 2010-06-10 16:53 . 2009-12-11 22:07 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira 2010-06-08 13:01 . 2010-01-28 14:37 49586 ----a-w- c:\windows\system32\prfc0416.dat 2010-06-08 13:01 . 2010-01-28 14:37 347294 ----a-w- c:\windows\system32\prfh0416.dat 2010-06-07 16:13 . 2010-02-05 14:15 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware 2010-05-30 17:18 . 2009-05-25 17:11 -------- d-----w- c:\arquivos de programas\Sweet Home 3D 1.8 2010-05-12 23:40 . 2008-05-07 17:34 -------- d-----w- c:\arquivos de programas\EMULADORES 2010-05-06 10:34 . 2004-08-04 03:45 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-02 08:26 . 2004-08-04 03:38 1851008 ----a-w- c:\windows\system32\win32k.sys 2010-04-29 18:39 . 2010-02-05 14:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 18:39 . 2010-02-05 14:15 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-20 05:47 . 2004-08-04 03:44 285696 ----a-w- c:\windows\system32\atmfd.dll 2010-04-17 01:12 . 2010-04-17 01:12 48464 ----a-w- c:\windows\system32\sirenacm.dll . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="c:\arquivos de programas\ESET\ESET Smart Security\egui.exe" [2010-03-24 2145000] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "MaxRecentDocs"= 10 (0xa) "NoRecentDocsNetHood"= 1 (0x1) [HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^desktop.ini] path=c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\desktop.ini backup=c:\windows\pss\desktop.iniStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^desktop.ini] path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\desktop.ini backup=c:\windows\pss\desktop.iniCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2007-01-15 19:14 147456 ----a-r- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] 2004-08-22 20:05 81920 ----a-r- c:\arquivos de programas\D-Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig] 2004-08-04 03:45 159744 ----a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2006-01-12 18:40 155648 ----a-r- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2003-12-08 20:35 32768 ----a-r- c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL] 2004-12-28 22:01 544768 ----a-w- c:\windows\sm56hlpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] 2006-08-02 21:12 577536 ------w- c:\windows\soundman.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp] 2006-04-11 08:06 176128 ----a-w- c:\windows\system32\VTTrayp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "TuneUp.Defrag"=3 (0x3) "NBService"=3 (0x3) "WZCSVC"=2 (0x2) "UxTuneUp"=2 (0x2) "TapiSrv"=3 (0x3) "RDSessMgr"=3 (0x3) "RasMan"=3 (0x3) "RasAuto"=3 (0x3) "mnmsrvc"=3 (0x3) "ImapiService"=3 (0x3) "getPlusHelper"=3 (0x3) "XoftSpyService"=3 (0x3) "TuneUp.UtilitiesSvc"=2 (0x2) "ose"=3 (0x3) "MDM"=2 (0x2) "gusvc"=3 (0x3) "gupdate"=2 (0x2) "rjhnrsqbm"=2 (0x2) "FastUserSwitchingCompatibility"=3 (0x3) "helpsvc"=2 (0x2) "wscsvc"=2 (0x2) "SharedAccess"=2 (0x2) "SCardSvr"=3 (0x3) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Google Update"="c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "VTTimer"=VTTimer.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Arquivos de programas\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"= "c:\\Arquivos de programas\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Arquivos de programas\\UTorrents (Minha Pasta)\\uTorrent.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1277:TCP"= 1277:TCP:*:Disabled:qxfyulz R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [7/9/2007 20:59 155136] R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [7/9/2007 20:59 5248] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [24/3/2010 20:31 114984] R2 ekrn;ESET Service;c:\arquivos de programas\ESET\ESET Smart Security\ekrn.exe [24/3/2010 20:31 810120] S2 rjhnrsqbm;Support Server;c:\windows\system32\svchost.exe -k netsvcs [4/8/2004 00:45 14336] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\arquivos de programas\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [25/2/2010 11:18 10064] S3 uti3nzc5;AVZ Kernel Driver;c:\windows\system32\drivers\uti3nzc5.sys [11/12/2009 17:31 7168] S4 gupdate;Google Update Service (gupdate);"c:\arquivos de programas\Google\Update\GoogleUpdate.exe" /svc --> c:\arquivos de programas\Google\Update\GoogleUpdate.exe [?] S4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\arquivos de programas\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [7/5/2010 17:48 1051976] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . . ------- Scan Suplementar ------- . uStart Page = hxxp://www.google.com.br/ uInternet Connection Wizard,ShellNext = iexplore uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Download Link Using Mega Manager... - c:\arquivos de programas\Megaupload\Mega Manager\mm_file.htm IE: Download with GetRight - c:\arquivos de programas\GetRight\GRdownload.htm IE: Open with GetRight Browser - c:\arquivos de programas\GetRight\GRbrowse.htm TCP: {8AD1177A-26EC-45AA-A0C5-1772FE68E6CC} = 172.19.51.1 FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\i51zogxw.default\ FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br FF - prefs.js: network.proxy.type - 0 FF - component: c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\i51zogxw.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll FF - plugin: c:\arquivos de programas\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\i51zogxw.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll ---- FIREFOX POLICIES ---- FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORFÃOS REMOVIDOS - - - - WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) MSConfigStartUp-swg - c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-25 13:27 Windows 5.1.2600 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x83E11BA8]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf752cfc3 \Driver\ACPI -> ACPI.sys @ 0xf7459cb8 \Driver\atapi -> 0x83e11ba8 IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a18f6 ParseProcedure -> ntoskrnl.exe @ 0x8056f26d \Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a18f6 ParseProcedure -> ntoskrnl.exe @ 0x8056f26d NDIS: VIA Rhine II Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf72e0ba0 PacketIndicateHandler -> NDIS.sys @ 0xf72edb21 SendHandler -> NDIS.sys @ 0xf72cb87b Warning: possible MBR rootkit infection ! user & kernel MBR OK ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet006\Services\rjhnrsqbm] "ServiceDll"="c:\windows\system32\hincakl.dll" . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- [HKEY_USERS\S-1-5-21-796845957-115176313-725345543-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,49,4c,65,43,56,d8,40,4f,96,08,c2,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,49,4c,65,43,56,d8,40,4f,96,08,c2,\ "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,49,4c,65,43,56,d8,40,4f,96,08,c2,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|þ»Òw*] "6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . Tempo para conclusão: 2010-06-25 13:30:45 ComboFix-quarantined-files.txt 2010-06-25 16:30 Pré-execução: 11 pasta(s) 27.611.176.960 bytes disponíveis Pós execução: 12 pasta(s) 27.570.814.976 bytes disponíveis WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect Current=6 Default=6 Failed=2 LastKnownGood=7 Sets=1,2,3,4,5,6,7 - - End Of File - - C90B77C83EF9758E1D6B1286E5BEF873
  5. Desculpe a demora..E desde já obrigado pela ajuda!! UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-03-17.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 7/9/2007 20:11:15 System Uptime: 22/6/2010 19:57:37 (4 hours ago) Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-7211 Processor: Intel® Celeron® CPU 2.66GHz | Socket 775 | 2660/133mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 75 GiB total, 25,898 GiB free. D: is CDROM () E: is CDROM (UDF) F: is CDROM (CDFS) ==== Disabled Device Manager Items ============= Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: USB Device Device ID: USB\VID_0D8C&PID_5200\5&1EEE9724&0&6 Manufacturer: Name: USB Device PNP Device ID: USB\VID_0D8C&PID_5200\5&1EEE9724&0&6 Service: ==== System Restore Points =================== RP7: 19/6/2010 10:28:40 - Ponto de verificação do sistema RP8: 19/6/2010 10:28:40 - teste 1 RP9: 19/6/2010 10:28:40 - Installed Windows XP WIC. RP10: 19/6/2010 10:28:40 - DirectX instalado RP11: 19/6/2010 10:28:39 - Removido Assistente de Conexão do Windows Live RP12: 19/6/2010 10:28:39 - Removido Ferramenta de Carregamento do Windows Live RP13: 19/6/2010 10:28:39 - Removed Microsoft SQL Server 2005 Compact Edition [ENU] RP14: 19/6/2010 10:28:39 - Removido Windows Live Sync RP15: 19/6/2010 10:28:39 - Removed Microsoft Sync Framework Runtime Native v1.0 (x86) RP16: 19/6/2010 10:28:39 - Removed Microsoft Sync Framework Services Native v1.0 (x86) RP17: 19/6/2010 10:28:38 - Operação de restauração RP18: 19/6/2010 10:28:38 - Installed Windows Installer Clean Up RP19: 18/6/2010 19:47:46 - Removed PDF Download for Internet Explorer RP20: 19/6/2010 15:07:35 - OK RP21: 20/6/2010 16:22:42 - Ponto de verificação do sistema RP22: 22/6/2010 12:15:05 - Ponto de verificação do sistema ==== Installed Programs ====================== Acoustica Beatcraft Acoustica Effects Pack Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 6.0.1 - Português Agares RackA3 v1.0 Apple Application Support Apple Software Update Arquivo do WinRAR ASIO4ALL Assistente de Conexão do Windows Live Atualização de Segurança para Windows Internet Explorer 8 (KB971961) Atualização de Segurança para Windows Internet Explorer 8 (KB981332) Atualização de Segurança para Windows Internet Explorer 8 (KB982381) Atualização para Windows Internet Explorer 8 (KB976662) Atualização para Windows Internet Explorer 8 (KB982632) Avira Premium Security Suite Blue Cat's Chorus - VST Blue Cat's Chorus VST 3.5 Blue Cat's Flanger VST 2.5 Blue Cat's Freeware Pack VST 1.1 Blue Cat's FreqAnalyst VST 1.4 Blue Cat's Gain Suite VST 2.3 Blue Cat's Phaser - DX Blue Cat's Phaser VST 2.5 Blue Cat's Stereo Chorus VST 3.5 Blue Cat's Stereo Flanger - DX Blue Cat's Stereo Flanger VST 2.5 Blue Cat's Triple EQ VST 3.4 BlueCat's Digital Peak Meter - VST Cakewalk VST Adapter 4 CCleaner DAEMON Tools Defraggler Digital Camera Driver Drumaxx DVD Photo Slideshow Professional 8.00 DVDFab Platinum 3.0.8.0 Ghosthunter release Ferramenta de Carregamento do Windows Live FL Studio 9 GetRight Google Chrome Google Earth Google SketchUp 7 Google Toolbar for Internet Explorer Google Update Helper Guitar Pro 5.2 Guitar Tracks Pro 3 Hardcore IL Download Manager Inkscape 0.47 K-Lite Mega Codec Pack 4.9.0 Malwarebytes' Anti-Malware Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Office Professional Edição 2003 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Motorola SM56 Speakerphone Modem Mozilla Firefox (3.6.4) MSVCRT Need for Speed™ Most Wanted Nero 7 Ultra Edition Nero Suite nullDC 1.0.0 Public Beta 1 Setup OGA Notifier 2.0.0048.0 Platform PoiZone Polipo 1.0.4.1 PowerDVD PSP PianoVerb 1.0 PSP VintageMeter 1.0 Realtek AC'97 Audio Safari Sawer Segoe UI Sonic Foundry Sound Forge 6.0 Speccy Studio Devil British Valve Custom v1.1 The Simpsons Movie - Sleeping Homer Screen Saver Tor 0.2.1.26 Toxic Biohazard TuneUp Utilities TuneUp Utilities Language Pack (pt-BR) Tweak UI UltraISO Premium V9.35 VIA Platform Device Manager VIA/S3G Display Driver 6.14.10.0297 Vidalia 0.2.9 Wave Arts Tube Saturator WebFldrs XP Windows Genuine Advantage Validation Tool (KB892130) Windows Installer 3.1 (KB893803) Windows Installer Clean Up Windows Internet Explorer 8 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Messenger Windows Media Format Runtime ==== End Of File =========================== DDS (Ver_10-03-17.01) - NTFSx86 Run by Administrador at 22:58:30,93 on ter 22/06/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.447.150 [GMT -3:00] AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {11638345-E4FC-4BEE-BB73-EC754659C5F6} FW: Avira FireWall *enabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avfwsvc.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avmailc.exe C:\Arquivos de programas\Avira\AntiVir Desktop\AVWEBGRD.EXE svchost.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\Administrador\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com.br/ uSearch Page = hxxp://search.live.com uSearch Bar = hxxp://search.live.com/sphome.aspx uInternet Connection Wizard,ShellNext = iexplore uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://search.live.com/sphome.aspx mCustomizeSearch = hxxp://search.live.com/sphome.aspx BHO: IE to GetRight Helper: {31ff080d-12a3-439a-a2ef-4ba95a3148e8} - c:\arquivos de programas\getright\xx2gr.dll BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [avgnt] "c:\arquivos de programas\avira\antivir desktop\avgnt.exe" /min dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE uPolicies-explorer: MaxRecentDocs = 10 (0xa) uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1) IE: Download with GetRight - c:\arquivos de programas\getright\GRdownload.htm IE: Open with GetRight Browser - c:\arquivos de programas\getright\GRbrowse.htm LSP: c:\arquivos de programas\avira\antivir desktop\avsda.dll DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab TCP: {8AD1177A-26EC-45AA-A0C5-1772FE68E6CC} = 172.19.51.1 ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\admini~1\dadosd~1\mozilla\firefox\profiles\i51zogxw.default\ FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br FF - prefs.js: network.proxy.type - 0 FF - component: c:\documents and settings\administrador\dados de aplicativos\mozilla\firefox\profiles\i51zogxw.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll FF - plugin: c:\arquivos de programas\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\arquivos de programas\google\update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\arquivos de programas\k-lite codec pack\real\browser\plugins\nppl3260.dll FF - plugin: c:\arquivos de programas\k-lite codec pack\real\browser\plugins\nprpjplug.dll FF - plugin: c:\documents and settings\administrador\configuraã§ãµes locais\dados de aplicativos\google\update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\documents and settings\administrador\dados de aplicativos\mozilla\firefox\profiles\i51zogxw.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll ---- FIREFOX POLICIES ---- FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-já", "mozff"); c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2007-9-7 155136] R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2007-9-7 5248] R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2007-9-7 11264] R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [2010-6-10 102856] R1 avgio;avgio;c:\arquivos de programas\avira\antivir desktop\avgio.sys [2009-12-11 11608] R2 AntiVirFirewallService;Avira FireWall;c:\arquivos de programas\avira\antivir desktop\avfwsvc.exe [2010-6-10 536232] R2 AntiVirMailService;Avira AntiVir MailGuard;c:\arquivos de programas\avira\antivir desktop\avmailc.exe [2010-6-10 337064] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\avira\antivir desktop\sched.exe [2009-12-11 135336] R2 AntiVirService;Avira AntiVir Guard;c:\arquivos de programas\avira\antivir desktop\avguard.exe [2009-12-11 267432] R2 AntiVirWebService;Avira AntiVir WebGuard;c:\arquivos de programas\avira\antivir desktop\avwebgrd.exe [2010-6-10 405672] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-12-11 60936] R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [2010-6-10 79432] S2 rjhnrsqbm;Support Server;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\arquivos de programas\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2010-2-25 10064] S3 uti3nzc5;AVZ Kernel Driver;c:\windows\system32\drivers\uti3nzc5.sys [2009-12-11 7168] S4 gupdate;Google Update Service (gupdate);"c:\arquivos de programas\google\update\googleupdate.exe" /svc --> c:\arquivos de programas\google\update\GoogleUpdate.exe [?] S4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\arquivos de programas\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2010-5-7 1051976] =============== Created Last 30 ================ 2010-06-21 18:38:49 0 d-----w- C:\Downloads 2010-06-21 18:11:28 0 d-----w- c:\arquivos de programas\GetRight 2010-06-21 17:52:39 0 d-----w- c:\docume~1\admini~1\dadosd~1\Tor 2010-06-21 17:52:37 0 d-----w- c:\arquivos de programas\Vidalia Bundle 2010-06-19 19:11:33 0 d-----w- c:\arquivos de programas\Acoustica Shared Effects 2010-06-19 19:11:05 0 d-----w- c:\arquivos de programas\Acoustica Beatcraft 2010-06-19 18:31:20 0 d-----w- c:\arquivos de programas\ASIO4ALL v2 2010-06-19 18:29:24 1554944 ----a-w- c:\windows\system32\vorbis.acm 2010-06-19 18:28:42 0 d-----w- c:\arquivos de programas\Outsim 2010-06-19 18:25:04 0 d-----w- c:\arquivos de programas\Image-Line 2010-06-19 17:04:36 0 d-----w- c:\docume~1\alluse~1\dadosd~1\Socusoft 2010-06-19 17:03:06 24064 ----a-w- c:\windows\system32\msxml3a.dll 2010-06-19 17:01:41 0 d-----w- c:\arquivos de programas\Socusoft 2010-06-19 17:01:41 0 d-----w- c:\arquivos de programas\DVD Photo Slideshow Professional 2010-06-18 23:43:38 0 d-----w- c:\arquivos de programas\Windows Live SkyDrive 2010-06-18 23:14:56 25984 ----a-w- c:\windows\system32\drivers\tap0901.sys 2010-06-18 22:25:10 0 d-----w- c:\arquivos de programas\Windows Installer Clean Up 2010-06-18 20:15:43 0 d-----w- c:\windows\system32\wbem\Repository 2010-06-18 17:35:08 0 d-----w- c:\docume~1\admini~1\dadosd~1\GetRight 2010-06-17 20:01:58 0 d-----w- c:\docume~1\admini~1\dadosd~1\QuickScan 2010-06-17 14:57:56 48620 ---há-w- c:\windows\system32\mlfcache.dat 2010-06-17 14:49:17 0 d-----w- c:\arquivos de programas\arquivos comuns\Apple 2010-06-16 20:03:21 0 d--h--w- c:\windows\msdownld.tmp 2010-06-16 19:18:36 0 d-----w- c:\docume~1\admini~1\dadosd~1\Uniblue 2010-06-16 16:11:03 266360 ----a-w- c:\windows\system32\TweakUI.exe 2010-06-16 13:42:11 0 d-----w- c:\windows\system32\CatRoot_bak 2010-06-13 18:05:29 0 d-----w- c:\windows\ServicePackFiles 2010-06-12 02:01:18 160217 ----a-w- c:\windows\system32\PowerToysLicense.rtf 2010-06-11 16:52:29 0 d-sh--w- c:\documents and settings\administrador\IECompatCache 2010-06-11 16:50:30 0 d-sh--w- c:\documents and settings\administrador\PrivacIE 2010-06-11 16:47:29 0 d-sh--w- c:\documents and settings\administrador\IETldCache 2010-06-11 16:44:12 0 d-----w- c:\windows\ie8updates 2010-06-11 16:42:08 0 dc-h--w- c:\windows\ie8 2010-06-11 16:38:00 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2010-06-11 16:38:00 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2010-06-11 16:37:57 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2010-06-11 16:37:57 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2010-06-11 16:37:57 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2010-06-11 16:37:56 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll 2010-06-11 16:37:54 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll 2010-06-11 16:23:02 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll 2010-06-10 23:48:18 30536 ----a-w- c:\windows\system32\TURegOpt.exe 2010-06-10 23:48:17 30024 ----a-w- c:\windows\system32\uxtuneup.dll 2010-06-10 23:47:36 0 d-----w- c:\arquivos de programas\TuneUp Utilities 2010 2010-06-10 23:47:19 0 d-----w- c:\docume~1\alluse~1\dadosd~1\TuneUp Software 2010-06-10 21:08:00 2062592 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe 2010-06-10 21:07:55 2020864 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2010-06-10 21:07:50 2185600 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2010-06-10 21:07:40 2141184 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2010-06-10 16:56:55 0 d-----w- c:\docume~1\admini~1\dadosd~1\Avira 2010-06-10 16:52:45 79432 ----a-w- c:\windows\system32\drivers\avfwim.sys 2010-06-10 16:52:45 102856 ----a-w- c:\windows\system32\drivers\avfwot.sys 2010-06-08 16:01:55 454016 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2010-06-08 15:52:53 272384 -c----w- c:\windows\system32\dllcache\bthport.sys 2010-06-08 15:52:53 272384 ------w- c:\windows\system32\drivers\bthport.sys 2010-06-08 14:16:30 0 d-----w- c:\docume~1\admini~1\dadosd~1\TuneUp Software 2010-06-08 14:15:48 0 d-sh--w- c:\docume~1\alluse~1\dadosd~1\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} 2010-06-08 14:14:05 0 d-----w- c:\arquivos de programas\Speccy 2010-06-08 13:40:38 0 d-----w- c:\arquivos de programas\Defraggler 2010-06-08 13:37:13 0 d-----w- c:\arquivos de programas\CCleaner 2010-06-08 03:17:44 215920 ----a-w- c:\windows\system32\muweb.dll 2010-06-08 03:17:44 17264 ----a-w- c:\windows\system32\mucltui.dll.mui 2010-06-08 03:17:43 274288 ----a-w- c:\windows\system32\mucltui.dll 2010-06-08 00:22:57 13369344 ----a-w- c:\documents and settings\administrador\NTUSER.DAT_tureg_old 2010-06-07 23:44:18 0 d-----w- c:\documents and settings\administrador\Tracing 2010-06-07 23:41:18 0 d-----w- c:\arquivos de programas\Microsoft 2010-06-07 22:38:52 0 d-----w- c:\arquivos de programas\arquivos comuns\Windows Live 2010-06-07 20:59:17 0 d-----w- c:\windows\system32\PreInstall 2010-06-07 17:16:48 0 d-----w- c:\windows\system32\SoftwareDistribution 2010-06-05 19:17:06 4926 ----a-w- c:\documents and settings\administrador\.recently-used.xbel 2010-06-04 19:45:24 249936 ----a-w- c:\windows\system32\prgiso.dll ==================== Find3M ==================== 2010-06-20 15:19:20 44672 ----a-w- c:\windows\system32\drivers\UAGP35.SYS 2010-06-18 19:20:11 68306 ----a-w- c:\windows\system32\perfc016.dat 2010-06-18 19:20:11 428330 ----a-w- c:\windows\system32\perfh016.dat 2010-06-08 13:01:35 49586 ----a-w- c:\windows\system32\prfc0416.dat 2010-06-08 13:01:35 347294 ----a-w- c:\windows\system32\prfh0416.dat 2010-05-06 10:34:18 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-02 08:26:15 1851008 ----a-w- c:\windows\system32\win32k.sys 2010-04-29 18:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 18:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-20 05:47:37 285696 ----a-w- c:\windows\system32\atmfd.dll 2010-04-17 01:12:18 48464 ----a-w- c:\windows\system32\sirenacm.dll ============= FINISH: 23:00:18,15 ===============
  6. O pc perde rendimento, demora p/ abrir páginas e downloads. O avira não atualiza..e as vzs a memória cai drasticamente..Eis o log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:14:20, on 11/6/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avfwsvc.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\NOTEPAD.EXE C:\WINDOWS\System32\NOTEPAD.EXE C:\Arquivos de programas\Avira\AntiVir Desktop\avmailc.exe C:\Arquivos de programas\Avira\AntiVir Desktop\AVWEBGRD.EXE C:\Arquivos de programas\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe C:\WINDOWS\system32\wscntfy.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe C:\Arquivos de programas\Avira\AntiVir Desktop\update.exe C:\Documents and Settings\Convidado\Meus documentos\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.live.com/sphome.aspx R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.live.com/sphome.aspx O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: NitroPDFBHO Class - {CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54} - C:\Arquivos de programas\Nitro PDF\PDF Download\NitroPDF.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Save Page As PDF ... - file://C:\Arquivos de programas\Nitro PDF\PDF Download\nitroweb.htm O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {AD9E6088-E00B-42f9-9F0C-8480525D234E} - C:\Arquivos de programas\Nitro PDF\PDF Download\NitroPDF.dll O9 - Extra 'Tools' menuitem: PDF Download - Options - {AD9E6088-E00B-42f9-9F0C-8480525D234E} - C:\Arquivos de programas\Nitro PDF\PDF Download\NitroPDF.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing) O9 - Extra button: PDF Download - {F1C0FD6C-A6A0-49a7-A932-71A56461867F} - C:\Arquivos de programas\Nitro PDF\PDF Download\NitroPDF.dll (HKCU) O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{8AD1177A-26EC-45AA-A0C5-1772FE68E6CC}: NameServer = 172.19.51.1 O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Avira FireWall (AntiVirFirewallService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avfwsvc.exe O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avmailc.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\AVWEBGRD.EXE O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Arquivos de programas\TuneUp Utilities 2010\TuneUpDefragService.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Arquivos de programas\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- End of file - 6670 bytes
×
×
  • Criar Novo...