Pc lento após instalar net!

[bodonchild]

O pc perde rendimento, demora p/ abrir páginas e downloads.

O avira não atualiza..e as vzs a memória cai drasticamente..Eis o log:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 19:14:20, on 11/6/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avfwsvc.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\NOTEPAD.EXE

C:\WINDOWS\System32\NOTEPAD.EXE

C:\Arquivos de programas\Avira\AntiVir Desktop\avmailc.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\AVWEBGRD.EXE

C:\Arquivos de programas\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\update.exe

C:\Documents and Settings\Convidado\Meus documentos\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.live.com/sphome.aspx

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.live.com/sphome.aspx

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: NitroPDFBHO Class - {CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54} - C:\Arquivos de programas\Nitro PDF\PDF Download\NitroPDF.dll

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Save Page As PDF ... - file://C:\Arquivos de programas\Nitro PDF\PDF Download\nitroweb.htm

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {AD9E6088-E00B-42f9-9F0C-8480525D234E} - C:\Arquivos de programas\Nitro PDF\PDF Download\NitroPDF.dll

O9 - Extra 'Tools' menuitem: PDF Download - Options - {AD9E6088-E00B-42f9-9F0C-8480525D234E} - C:\Arquivos de programas\Nitro PDF\PDF Download\NitroPDF.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra button: PDF Download - {F1C0FD6C-A6A0-49a7-A932-71A56461867F} - C:\Arquivos de programas\Nitro PDF\PDF Download\NitroPDF.dll (HKCU)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{8AD1177A-26EC-45AA-A0C5-1772FE68E6CC}: NameServer = 172.19.51.1

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Avira FireWall (AntiVirFirewallService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avfwsvc.exe

O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avmailc.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\AVWEBGRD.EXE

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Arquivos de programas\TuneUp Utilities 2010\TuneUpDefragService.exe

O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Arquivos de programas\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--

End of file - 6670 bytes

[RenatoMejias]

1. Faça o download do DDS e salve no desktop.

Links Alternativos

Link2

• Temporariamente desative seus programas de proteção.
• Duplo clique em dds.scr.
• Irá surgir uma tela preta com algumas informações. Não clique em nada, apenas aguarde!
• Quando terminar, duas janelas abrirão: DDS.txt e Attach.txt.
• Salve os resultados e cole-os no seu tópico.

[bodonchild]

Desculpe a demora..E desde já obrigado pela ajuda!!

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 7/9/2007 20:11:15

System Uptime: 22/6/2010 19:57:37 (4 hours ago)

Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-7211

Processor: Intel® Celeron® CPU 2.66GHz | Socket 775 | 2660/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 75 GiB total, 25,898 GiB free.

D: is CDROM ()

E: is CDROM (UDF)

F: is CDROM (CDFS)

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: USB Device

Device ID: USB\VID_0D8C&PID_5200\5&1EEE9724&0&6

Manufacturer:

Name: USB Device

PNP Device ID: USB\VID_0D8C&PID_5200\5&1EEE9724&0&6

Service:

==== System Restore Points ===================

RP7: 19/6/2010 10:28:40 - Ponto de verificação do sistema

RP8: 19/6/2010 10:28:40 - teste 1

RP9: 19/6/2010 10:28:40 - Installed Windows XP WIC.

RP10: 19/6/2010 10:28:40 - DirectX instalado

RP11: 19/6/2010 10:28:39 - Removido Assistente de Conexão do Windows Live

RP12: 19/6/2010 10:28:39 - Removido Ferramenta de Carregamento do Windows Live

RP13: 19/6/2010 10:28:39 - Removed Microsoft SQL Server 2005 Compact Edition [ENU]

RP14: 19/6/2010 10:28:39 - Removido Windows Live Sync

RP15: 19/6/2010 10:28:39 - Removed Microsoft Sync Framework Runtime Native v1.0 (x86)

RP16: 19/6/2010 10:28:39 - Removed Microsoft Sync Framework Services Native v1.0 (x86)

RP17: 19/6/2010 10:28:38 - Operação de restauração

RP18: 19/6/2010 10:28:38 - Installed Windows Installer Clean Up

RP19: 18/6/2010 19:47:46 - Removed PDF Download for Internet Explorer

RP20: 19/6/2010 15:07:35 - OK

RP21: 20/6/2010 16:22:42 - Ponto de verificação do sistema

RP22: 22/6/2010 12:15:05 - Ponto de verificação do sistema

==== Installed Programs ======================

Acoustica Beatcraft

Acoustica Effects Pack

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 6.0.1 - Português

Agares RackA3 v1.0

Apple Application Support

Apple Software Update

Arquivo do WinRAR

ASIO4ALL

Assistente de Conexão do Windows Live

Atualização de Segurança para Windows Internet Explorer 8 (KB971961)

Atualização de Segurança para Windows Internet Explorer 8 (KB981332)

Atualização de Segurança para Windows Internet Explorer 8 (KB982381)

Atualização para Windows Internet Explorer 8 (KB976662)

Atualização para Windows Internet Explorer 8 (KB982632)

Avira Premium Security Suite

Blue Cat's Chorus - VST

Blue Cat's Chorus VST 3.5

Blue Cat's Flanger VST 2.5

Blue Cat's Freeware Pack VST 1.1

Blue Cat's FreqAnalyst VST 1.4

Blue Cat's Gain Suite VST 2.3

Blue Cat's Phaser - DX

Blue Cat's Phaser VST 2.5

Blue Cat's Stereo Chorus VST 3.5

Blue Cat's Stereo Flanger - DX

Blue Cat's Stereo Flanger VST 2.5

Blue Cat's Triple EQ VST 3.4

BlueCat's Digital Peak Meter - VST

Cakewalk VST Adapter 4

CCleaner

DAEMON Tools

Defraggler

Digital Camera Driver

Drumaxx

DVD Photo Slideshow Professional 8.00

DVDFab Platinum 3.0.8.0 Ghosthunter release

Ferramenta de Carregamento do Windows Live

FL Studio 9

GetRight

Google Chrome

Google Earth

Google SketchUp 7

Google Toolbar for Internet Explorer

Google Update Helper

Guitar Pro 5.2

Guitar Tracks Pro 3

Hardcore

IL Download Manager

Inkscape 0.47

K-Lite Mega Codec Pack 4.9.0

Malwarebytes' Anti-Malware

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Office Professional Edição 2003

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Motorola SM56 Speakerphone Modem

Mozilla Firefox (3.6.4)

MSVCRT

Need for Speed™ Most Wanted

Nero 7 Ultra Edition

Nero Suite

nullDC 1.0.0 Public Beta 1 Setup

OGA Notifier 2.0.0048.0

Platform

PoiZone

Polipo 1.0.4.1

PowerDVD

PSP PianoVerb 1.0

PSP VintageMeter 1.0

Realtek AC'97 Audio

Safari

Sawer

Segoe UI

Sonic Foundry Sound Forge 6.0

Speccy

Studio Devil British Valve Custom v1.1

The Simpsons Movie - Sleeping Homer Screen Saver

Tor 0.2.1.26

Toxic Biohazard

TuneUp Utilities

TuneUp Utilities Language Pack (pt-BR)

Tweak UI

UltraISO Premium V9.35

VIA Platform Device Manager

VIA/S3G Display Driver 6.14.10.0297

Vidalia 0.2.9

Wave Arts Tube Saturator

WebFldrs XP

Windows Genuine Advantage Validation Tool (KB892130)

Windows Installer 3.1 (KB893803)

Windows Installer Clean Up

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Messenger

Windows Media Format Runtime

==== End Of File ===========================

DDS (Ver_10-03-17.01) - NTFSx86

Run by Administrador at 22:58:30,93 on ter 22/06/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.447.150 [GMT -3:00]

AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {11638345-E4FC-4BEE-BB73-EC754659C5F6}

FW: Avira FireWall *enabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avfwsvc.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avmailc.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\AVWEBGRD.EXE

svchost.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\Documents and Settings\Administrador\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.br/

uSearch Page = hxxp://search.live.com

uSearch Bar = hxxp://search.live.com/sphome.aspx

uInternet Connection Wizard,ShellNext = iexplore

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://search.live.com/sphome.aspx

mCustomizeSearch = hxxp://search.live.com/sphome.aspx

BHO: IE to GetRight Helper: {31ff080d-12a3-439a-a2ef-4ba95a3148e8} - c:\arquivos de programas\getright\xx2gr.dll

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [avgnt] "c:\arquivos de programas\avira\antivir desktop\avgnt.exe" /min

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

uPolicies-explorer: MaxRecentDocs = 10 (0xa)

uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)

IE: Download with GetRight - c:\arquivos de programas\getright\GRdownload.htm

IE: Open with GetRight Browser - c:\arquivos de programas\getright\GRbrowse.htm

LSP: c:\arquivos de programas\avira\antivir desktop\avsda.dll

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

TCP: {8AD1177A-26EC-45AA-A0C5-1772FE68E6CC} = 172.19.51.1

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\dadosd~1\mozilla\firefox\profiles\i51zogxw.default\

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br

FF - prefs.js: network.proxy.type - 0

FF - component: c:\documents and settings\administrador\dados de aplicativos\mozilla\firefox\profiles\i51zogxw.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll

FF - plugin: c:\arquivos de programas\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\arquivos de programas\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\arquivos de programas\k-lite codec pack\real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\k-lite codec pack\real\browser\plugins\nprpjplug.dll

FF - plugin: c:\documents and settings\administrador\configuraã§ãµes locais\dados de aplicativos\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\documents and settings\administrador\dados de aplicativos\mozilla\firefox\profiles\i51zogxw.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

---- FIREFOX POLICIES ----

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-já", "mozff");

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2007-9-7 155136]

R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2007-9-7 5248]

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2007-9-7 11264]

R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [2010-6-10 102856]

R1 avgio;avgio;c:\arquivos de programas\avira\antivir desktop\avgio.sys [2009-12-11 11608]

R2 AntiVirFirewallService;Avira FireWall;c:\arquivos de programas\avira\antivir desktop\avfwsvc.exe [2010-6-10 536232]

R2 AntiVirMailService;Avira AntiVir MailGuard;c:\arquivos de programas\avira\antivir desktop\avmailc.exe [2010-6-10 337064]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\avira\antivir desktop\sched.exe [2009-12-11 135336]

R2 AntiVirService;Avira AntiVir Guard;c:\arquivos de programas\avira\antivir desktop\avguard.exe [2009-12-11 267432]

R2 AntiVirWebService;Avira AntiVir WebGuard;c:\arquivos de programas\avira\antivir desktop\avwebgrd.exe [2010-6-10 405672]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-12-11 60936]

R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [2010-6-10 79432]

S2 rjhnrsqbm;Support Server;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\arquivos de programas\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2010-2-25 10064]

S3 uti3nzc5;AVZ Kernel Driver;c:\windows\system32\drivers\uti3nzc5.sys [2009-12-11 7168]

S4 gupdate;Google Update Service (gupdate);"c:\arquivos de programas\google\update\googleupdate.exe" /svc --> c:\arquivos de programas\google\update\GoogleUpdate.exe [?]

S4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\arquivos de programas\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2010-5-7 1051976]

=============== Created Last 30 ================

2010-06-21 18:38:49 0 d-----w- C:\Downloads

2010-06-21 18:11:28 0 d-----w- c:\arquivos de programas\GetRight

2010-06-21 17:52:39 0 d-----w- c:\docume~1\admini~1\dadosd~1\Tor

2010-06-21 17:52:37 0 d-----w- c:\arquivos de programas\Vidalia Bundle

2010-06-19 19:11:33 0 d-----w- c:\arquivos de programas\Acoustica Shared Effects

2010-06-19 19:11:05 0 d-----w- c:\arquivos de programas\Acoustica Beatcraft

2010-06-19 18:31:20 0 d-----w- c:\arquivos de programas\ASIO4ALL v2

2010-06-19 18:29:24 1554944 ----a-w- c:\windows\system32\vorbis.acm

2010-06-19 18:28:42 0 d-----w- c:\arquivos de programas\Outsim

2010-06-19 18:25:04 0 d-----w- c:\arquivos de programas\Image-Line

2010-06-19 17:04:36 0 d-----w- c:\docume~1\alluse~1\dadosd~1\Socusoft

2010-06-19 17:03:06 24064 ----a-w- c:\windows\system32\msxml3a.dll

2010-06-19 17:01:41 0 d-----w- c:\arquivos de programas\Socusoft

2010-06-19 17:01:41 0 d-----w- c:\arquivos de programas\DVD Photo Slideshow Professional

2010-06-18 23:43:38 0 d-----w- c:\arquivos de programas\Windows Live SkyDrive

2010-06-18 23:14:56 25984 ----a-w- c:\windows\system32\drivers\tap0901.sys

2010-06-18 22:25:10 0 d-----w- c:\arquivos de programas\Windows Installer Clean Up

2010-06-18 20:15:43 0 d-----w- c:\windows\system32\wbem\Repository

2010-06-18 17:35:08 0 d-----w- c:\docume~1\admini~1\dadosd~1\GetRight

2010-06-17 20:01:58 0 d-----w- c:\docume~1\admini~1\dadosd~1\QuickScan

2010-06-17 14:57:56 48620 ---há-w- c:\windows\system32\mlfcache.dat

2010-06-17 14:49:17 0 d-----w- c:\arquivos de programas\arquivos comuns\Apple

2010-06-16 20:03:21 0 d--h--w- c:\windows\msdownld.tmp

2010-06-16 19:18:36 0 d-----w- c:\docume~1\admini~1\dadosd~1\Uniblue

2010-06-16 16:11:03 266360 ----a-w- c:\windows\system32\TweakUI.exe

2010-06-16 13:42:11 0 d-----w- c:\windows\system32\CatRoot_bak

2010-06-13 18:05:29 0 d-----w- c:\windows\ServicePackFiles

2010-06-12 02:01:18 160217 ----a-w- c:\windows\system32\PowerToysLicense.rtf

2010-06-11 16:52:29 0 d-sh--w- c:\documents and settings\administrador\IECompatCache

2010-06-11 16:50:30 0 d-sh--w- c:\documents and settings\administrador\PrivacIE

2010-06-11 16:47:29 0 d-sh--w- c:\documents and settings\administrador\IETldCache

2010-06-11 16:44:12 0 d-----w- c:\windows\ie8updates

2010-06-11 16:42:08 0 dc-h--w- c:\windows\ie8

2010-06-11 16:38:00 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2010-06-11 16:38:00 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-06-11 16:37:57 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-06-11 16:37:57 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2010-06-11 16:37:57 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2010-06-11 16:37:56 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll

2010-06-11 16:37:54 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll

2010-06-11 16:23:02 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll

2010-06-10 23:48:18 30536 ----a-w- c:\windows\system32\TURegOpt.exe

2010-06-10 23:48:17 30024 ----a-w- c:\windows\system32\uxtuneup.dll

2010-06-10 23:47:36 0 d-----w- c:\arquivos de programas\TuneUp Utilities 2010

2010-06-10 23:47:19 0 d-----w- c:\docume~1\alluse~1\dadosd~1\TuneUp Software

2010-06-10 21:08:00 2062592 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe

2010-06-10 21:07:55 2020864 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe

2010-06-10 21:07:50 2185600 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe

2010-06-10 21:07:40 2141184 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe

2010-06-10 16:56:55 0 d-----w- c:\docume~1\admini~1\dadosd~1\Avira

2010-06-10 16:52:45 79432 ----a-w- c:\windows\system32\drivers\avfwim.sys

2010-06-10 16:52:45 102856 ----a-w- c:\windows\system32\drivers\avfwot.sys

2010-06-08 16:01:55 454016 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2010-06-08 15:52:53 272384 -c----w- c:\windows\system32\dllcache\bthport.sys

2010-06-08 15:52:53 272384 ------w- c:\windows\system32\drivers\bthport.sys

2010-06-08 14:16:30 0 d-----w- c:\docume~1\admini~1\dadosd~1\TuneUp Software

2010-06-08 14:15:48 0 d-sh--w- c:\docume~1\alluse~1\dadosd~1\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}

2010-06-08 14:14:05 0 d-----w- c:\arquivos de programas\Speccy

2010-06-08 13:40:38 0 d-----w- c:\arquivos de programas\Defraggler

2010-06-08 13:37:13 0 d-----w- c:\arquivos de programas\CCleaner

2010-06-08 03:17:44 215920 ----a-w- c:\windows\system32\muweb.dll

2010-06-08 03:17:44 17264 ----a-w- c:\windows\system32\mucltui.dll.mui

2010-06-08 03:17:43 274288 ----a-w- c:\windows\system32\mucltui.dll

2010-06-08 00:22:57 13369344 ----a-w- c:\documents and settings\administrador\NTUSER.DAT_tureg_old

2010-06-07 23:44:18 0 d-----w- c:\documents and settings\administrador\Tracing

2010-06-07 23:41:18 0 d-----w- c:\arquivos de programas\Microsoft

2010-06-07 22:38:52 0 d-----w- c:\arquivos de programas\arquivos comuns\Windows Live

2010-06-07 20:59:17 0 d-----w- c:\windows\system32\PreInstall

2010-06-07 17:16:48 0 d-----w- c:\windows\system32\SoftwareDistribution

2010-06-05 19:17:06 4926 ----a-w- c:\documents and settings\administrador\.recently-used.xbel

2010-06-04 19:45:24 249936 ----a-w- c:\windows\system32\prgiso.dll

==================== Find3M ====================

2010-06-20 15:19:20 44672 ----a-w- c:\windows\system32\drivers\UAGP35.SYS

2010-06-18 19:20:11 68306 ----a-w- c:\windows\system32\perfc016.dat

2010-06-18 19:20:11 428330 ----a-w- c:\windows\system32\perfh016.dat

2010-06-08 13:01:35 49586 ----a-w- c:\windows\system32\prfc0416.dat

2010-06-08 13:01:35 347294 ----a-w- c:\windows\system32\prfh0416.dat

2010-05-06 10:34:18 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 08:26:15 1851008 ----a-w- c:\windows\system32\win32k.sys

2010-04-29 18:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 18:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-20 05:47:37 285696 ----a-w- c:\windows\system32\atmfd.dll

2010-04-17 01:12:18 48464 ----a-w- c:\windows\system32\sirenacm.dll

============= FINISH: 23:00:18,15 ===============

Editado Junho 23, 2010 por bodonchild

[RenatoMejias]

Leia as instruções contidas neste link:

##### "Como usar o ComboFix" #####

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:
   • Link
   • Link alternativo
2. Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).
3. Duplo clique no icone que está no desktop.
4. Leia e aceite as condições, digitando 1 e enter.
5. Computadores com Windows XP deverão instalar o Console de Recuperação:
   • Se o seu computador tem instaldo o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
   • Clique em "OK" ao EULA.
   • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.
6. O ComboFix será executado, por favor seja paciente e aguarde.
7. Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.
8. Poderá surgir o aviso que é necessário reiniciar o computador.

   NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.

9. Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

• Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
• Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
• Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

[bodonchild]

Bem, estamos no caminho certo...havia um rootkit...

ComboFix 10-06-24.03 - Administrador 25/06/2010 13:19:47.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.447.197 [GMT -3:00]

Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe

AV: ESET Smart Security 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: Avira FireWall *enabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}

FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

* AV residente está ativo

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Administrador\Dados de aplicativos\.#

c:\documents and settings\Administrador\Dados de aplicativos\.#\MBX@150@935368.###

c:\documents and settings\Administrador\Dados de aplicativos\.#\MBX@150@935A58.###

c:\documents and settings\Administrador\Dados de aplicativos\.#\MBX@51C@9352F0.###

c:\documents and settings\Administrador\Dados de aplicativos\.#\MBX@51C@9359E0.###

c:\documents and settings\Administrador\Dados de aplicativos\.#\MBX@6E8@935368.###

c:\documents and settings\Administrador\Dados de aplicativos\.#\MBX@6E8@935A58.###

c:\documents and settings\mario\jpeg.dll

c:\documents and settings\mario\libtiff.dll

c:\documents and settings\mario\MARIO.exe

c:\documents and settings\mario\ogg.dll

c:\documents and settings\mario\smpeg.dll

c:\documents and settings\mario\vorbis.dll

c:\documents and settings\mario\vorbisfile.dll

c:\windows\system32\msvcsv60.dll

A cópia de c:\windows\system32\drivers\uagp35.sys foi encontrada e desinfectada

Cópia restaurada de - Kitty had a snack :p

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-05-25 to 2010-06-25 ))))))))))))))))))))))))))))

.

2010-06-24 02:50 . 2010-06-24 02:50 -------- d-----w- c:\documents and settings\Convidado\Dados de aplicativos\ESET

2010-06-24 00:46 . 2010-06-24 00:49 -------- d-----w- c:\arquivos de programas\UTorrents (Minha Pasta)

2010-06-24 00:40 . 2010-06-25 16:02 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\uTorrent

2010-06-24 00:19 . 2010-06-24 00:19 184320 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\wlan4.dll

2010-06-24 00:19 . 2010-06-24 00:19 59904 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\ups.dll

2010-06-24 00:19 . 2010-06-24 00:19 10752 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\system.dll

2010-06-24 00:19 . 2010-06-24 00:19 65536 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\sync.dll

2010-06-24 00:14 . 2010-06-24 00:19 75264 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\stp.dll

2010-06-24 00:14 . 2010-06-24 00:14 90624 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\secure.dll

2010-06-24 00:14 . 2010-06-24 00:14 116736 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\roting4.dll

2010-06-24 00:13 . 2010-06-24 00:14 59392 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\radlan.dll

2010-06-24 00:13 . 2010-06-24 00:13 109056 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\ppp.dll

2010-06-24 00:13 . 2010-06-24 00:13 70656 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\pim.dll

2010-06-24 00:13 . 2010-06-24 00:13 57856 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\ntp.dll

2010-06-24 00:13 . 2010-06-24 00:13 71168 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\mpls.dll

2010-06-24 00:11 . 2010-06-24 00:13 58368 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\lcd.dll

2010-06-24 00:09 . 2010-06-24 00:11 57344 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\isdn.dll

2010-06-24 00:09 . 2010-06-24 00:09 76288 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\ipv6.dll

2010-06-24 00:09 . 2010-06-24 00:09 79872 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\hotspot.dll

2010-06-24 00:09 . 2010-06-24 00:09 69632 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\dhcp.dll

2010-06-24 00:09 . 2010-06-24 00:09 58880 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\arlan.dll

2010-06-24 00:09 . 2010-06-24 00:09 69632 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\advtool.dll

2010-06-24 00:07 . 2010-06-24 00:09 1514496 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\roteros.dll

2010-06-23 18:34 . 2010-06-23 18:34 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Megaupload

2010-06-23 18:33 . 2010-06-23 18:33 -------- d-----w- c:\arquivos de programas\Megaupload

2010-06-23 13:40 . 2010-06-23 13:40 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\ESET

2010-06-23 13:38 . 2010-06-23 13:38 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\ESET

2010-06-23 13:38 . 2010-06-23 13:38 -------- d-----w- c:\arquivos de programas\ESET

2010-06-23 03:08 . 2010-06-23 03:08 184320 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\wlan4.dll

2010-06-23 03:08 . 2010-06-23 03:08 59904 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\ups.dll

2010-06-23 03:08 . 2010-06-23 03:08 10752 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\system.dll

2010-06-23 03:08 . 2010-06-23 03:08 65536 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\sync.dll

2010-06-23 03:08 . 2010-06-23 03:08 90624 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\secure.dll

2010-06-23 03:08 . 2010-06-23 03:08 116736 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\roting4.dll

2010-06-23 03:08 . 2010-06-23 03:08 59392 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\radlan.dll

2010-06-23 03:07 . 2010-06-23 03:08 110080 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\ppp.dll

2010-06-23 03:07 . 2010-06-23 03:07 70656 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\pim.dll

2010-06-23 03:07 . 2010-06-23 03:07 57856 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\ntp.dll

2010-06-23 03:07 . 2010-06-23 03:07 71168 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\mpls.dll

2010-06-23 03:07 . 2010-06-23 03:07 58368 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\lcd.dll

2010-06-23 03:07 . 2010-06-23 03:07 57344 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\isdn.dll

2010-06-23 03:07 . 2010-06-23 03:07 76288 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\ipv6.dll

2010-06-23 03:07 . 2010-06-23 03:07 79872 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\hotspot.dll

2010-06-23 03:07 . 2010-06-23 03:07 70144 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\dhcp.dll

2010-06-23 03:07 . 2010-06-23 03:07 58880 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\arlan.dll

2010-06-23 03:07 . 2010-06-23 03:07 69632 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\advtool.dll

2010-06-23 03:07 . 2010-06-23 03:07 1531904 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\roteros.dll

2010-06-23 03:06 . 2010-06-23 03:06 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik

2010-06-21 18:38 . 2010-06-24 20:10 -------- d-----w- C:\Downloads

2010-06-21 18:11 . 2010-06-21 19:20 -------- d-----w- c:\arquivos de programas\GetRight

2010-06-21 17:52 . 2010-06-23 20:45 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Tor

2010-06-21 17:52 . 2010-06-23 20:45 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Vidalia

2010-06-21 17:52 . 2010-06-21 17:52 -------- d-----w- c:\arquivos de programas\Vidalia Bundle

2010-06-20 02:35 . 2010-06-21 23:49 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2010-06-19 19:11 . 2010-06-19 19:11 -------- d-----w- c:\arquivos de programas\Acoustica Shared Effects

2010-06-19 19:11 . 2010-06-19 19:11 -------- d-----w- c:\arquivos de programas\Acoustica Beatcraft

2010-06-19 18:31 . 2010-06-19 18:31 -------- d-----w- c:\arquivos de programas\ASIO4ALL v2

2010-06-19 18:28 . 2010-06-19 18:28 -------- d-----w- c:\arquivos de programas\Outsim

2010-06-19 18:25 . 2010-06-19 19:10 -------- d-----w- c:\arquivos de programas\Image-Line

2010-06-19 17:04 . 2010-06-19 17:04 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Socusoft

2010-06-19 17:03 . 2010-06-03 12:00 24064 ----a-w- c:\windows\system32\msxml3a.dll

2010-06-19 17:01 . 2010-06-19 17:03 -------- d-----w- c:\arquivos de programas\DVD Photo Slideshow Professional

2010-06-19 17:01 . 2010-06-19 17:01 -------- d-----w- c:\arquivos de programas\Socusoft

2010-06-18 23:43 . 2010-06-18 23:43 -------- d-----w- c:\arquivos de programas\Windows Live SkyDrive

2010-06-18 23:43 . 2010-06-18 23:43 -------- d-----w- c:\arquivos de programas\Windows Live

2010-06-18 23:14 . 2009-11-20 19:26 25984 ----a-w- c:\windows\system32\drivers\tap0901.sys

2010-06-18 22:25 . 2010-06-18 22:25 3584 ----a-r- c:\documents and settings\Administrador\Dados de aplicativos\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe

2010-06-18 22:25 . 2010-06-18 22:25 -------- d-----w- c:\arquivos de programas\Windows Installer Clean Up

2010-06-18 20:15 . 2010-06-18 20:15 -------- d-----w- c:\windows\system32\wbem\Repository

2010-06-18 17:35 . 2010-06-24 20:10 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\GetRight

2010-06-18 16:15 . 2010-06-18 16:15 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java

2010-06-17 20:01 . 2010-06-22 16:46 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\QuickScan

2010-06-17 20:01 . 2010-05-31 19:34 702120 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\i51zogxw.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll

2010-06-17 20:01 . 2010-05-31 19:34 868456 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\i51zogxw.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

2010-06-17 16:14 . 2010-06-17 16:14 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\DivX

2010-06-17 14:57 . 2010-06-18 00:19 48620 ---há-w- c:\windows\system32\mlfcache.dat

2010-06-17 14:50 . 2010-06-17 14:50 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Apple Computer

2010-06-17 14:50 . 2010-06-17 14:50 -------- d-----w- c:\arquivos de programas\Safari

2010-06-17 14:50 . 2010-06-17 14:50 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer

2010-06-17 14:49 . 2010-06-17 14:49 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Apple

2010-06-17 14:48 . 2010-06-17 14:48 -------- d-----w- c:\arquivos de programas\Apple Software Update

2010-06-17 14:48 . 2010-06-17 14:48 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple

2010-06-17 13:46 . 2010-06-17 13:46 0 ----a-w- c:\windows\nsreg.dat

2010-06-16 20:03 . 2010-06-16 20:10 -------- d--h--w- c:\windows\msdownld.tmp

2010-06-16 19:18 . 2010-06-16 19:18 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Uniblue

2010-06-16 16:11 . 2003-06-25 19:05 266360 ----a-w- c:\windows\system32\TweakUI.exe

2010-06-16 13:42 . 2010-06-16 14:39 -------- d-----w- c:\windows\system32\CatRoot_bak

2010-06-13 18:05 . 2010-06-13 18:05 -------- d-----w- c:\windows\ServicePackFiles

2010-06-13 17:35 . 2010-06-13 17:35 -------- d-----w- c:\documents and settings\LocalService\Dados de aplicativos\McAfee

2010-06-11 18:49 . 2010-06-11 18:49 -------- d-sh--w- c:\documents and settings\Convidado\IECompatCache

2010-06-11 18:48 . 2010-06-11 18:48 -------- d-sh--w- c:\documents and settings\Convidado\PrivacIE

2010-06-11 18:10 . 2010-06-11 18:10 -------- d-sh--w- c:\documents and settings\Convidado\IETldCache

2010-06-11 16:52 . 2010-06-11 16:52 -------- d-sh--w- c:\documents and settings\Administrador\IECompatCache

2010-06-11 16:50 . 2010-06-11 16:50 -------- d-sh--w- c:\documents and settings\Administrador\PrivacIE

2010-06-11 16:47 . 2010-06-11 16:47 -------- d-sh--w- c:\documents and settings\Administrador\IETldCache

2010-06-11 16:44 . 2010-06-13 18:25 -------- d-----w- c:\windows\ie8updates

2010-06-11 16:42 . 2010-06-11 16:43 -------- dc-h--w- c:\windows\ie8

2010-06-11 16:38 . 2010-05-06 10:34 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2010-06-11 16:38 . 2010-05-06 10:34 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-06-11 16:37 . 2010-05-06 10:34 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2010-06-11 16:37 . 2010-05-06 10:34 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2010-06-11 16:37 . 2010-05-06 10:34 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-06-11 16:37 . 2010-05-06 10:34 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll

2010-06-11 16:37 . 2010-05-06 10:34 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll

2010-06-11 16:23 . 2010-04-16 11:43 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll

2010-06-11 01:59 . 2010-06-11 01:59 -------- d-sh--w- c:\documents and settings\Convidado\UserData

2010-06-11 01:56 . 2010-06-24 02:51 -------- d-----w- c:\documents and settings\Convidado\Tracing

2010-06-11 00:25 . 2010-06-11 00:25 -------- d-----w- c:\documents and settings\Convidado\Dados de aplicativos\TuneUp Software

2010-06-10 23:48 . 2010-05-07 20:50 30536 ----a-w- c:\windows\system32\TURegOpt.exe

2010-06-10 23:48 . 2010-05-07 20:45 30024 ----a-w- c:\windows\system32\uxtuneup.dll

2010-06-10 23:47 . 2010-06-10 23:48 -------- d-----w- c:\arquivos de programas\TuneUp Utilities 2010

2010-06-10 23:47 . 2010-06-10 23:47 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\TuneUp Software

2010-06-10 21:08 . 2010-02-16 19:33 2062592 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe

2010-06-10 21:07 . 2010-02-16 19:32 2020864 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe

2010-06-10 21:07 . 2010-02-16 19:33 2185600 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe

2010-06-10 21:07 . 2010-02-16 19:33 2141184 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe

2010-06-10 15:05 . 2010-06-10 15:24 -------- d-----w- c:\arquivos de programas\Google

2010-06-08 16:01 . 2010-02-24 12:31 454016 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2010-06-08 15:52 . 2008-06-14 17:59 272384 -c----w- c:\windows\system32\dllcache\bthport.sys

2010-06-08 15:52 . 2008-06-14 17:59 272384 ------w- c:\windows\system32\drivers\bthport.sys

2010-06-08 14:16 . 2010-06-08 14:16 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\TuneUp Software

2010-06-08 14:15 . 2010-06-08 14:15 -------- d-sh--w- c:\documents and settings\All Users\Dados de aplicativos\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}

2010-06-08 14:14 . 2010-06-08 14:14 -------- d-----w- c:\arquivos de programas\Speccy

2010-06-08 13:40 . 2010-06-08 13:40 -------- d-----w- c:\arquivos de programas\Defraggler

2010-06-08 13:37 . 2010-06-08 13:37 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Yahoo!

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-25 15:17 . 2007-09-07 19:17 44672 ----a-w- c:\windows\system32\drivers\uagp35.sys

2010-06-23 18:33 . 2007-09-07 23:19 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2010-06-22 22:18 . 2008-01-26 14:21 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Media Player Classic

2010-06-22 00:22 . 2007-09-08 00:00 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Vso

2010-06-19 20:39 . 2009-11-05 14:42 16 ----a-w- c:\windows\msocreg32.dat

2010-06-18 19:20 . 2001-10-28 17:07 68306 ----a-w- c:\windows\system32\perfc016.dat

2010-06-18 19:20 . 2001-10-28 17:07 428330 ----a-w- c:\windows\system32\perfh016.dat

2010-06-17 13:44 . 2009-12-30 14:16 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\MSScanAppDataDir

2010-06-10 16:53 . 2009-12-11 22:07 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira

2010-06-08 13:01 . 2010-01-28 14:37 49586 ----a-w- c:\windows\system32\prfc0416.dat

2010-06-08 13:01 . 2010-01-28 14:37 347294 ----a-w- c:\windows\system32\prfh0416.dat

2010-06-07 16:13 . 2010-02-05 14:15 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-05-30 17:18 . 2009-05-25 17:11 -------- d-----w- c:\arquivos de programas\Sweet Home 3D 1.8

2010-05-12 23:40 . 2008-05-07 17:34 -------- d-----w- c:\arquivos de programas\EMULADORES

2010-05-06 10:34 . 2004-08-04 03:45 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 08:26 . 2004-08-04 03:38 1851008 ----a-w- c:\windows\system32\win32k.sys

2010-04-29 18:39 . 2010-02-05 14:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 18:39 . 2010-02-05 14:15 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-20 05:47 . 2004-08-04 03:44 285696 ----a-w- c:\windows\system32\atmfd.dll

2010-04-17 01:12 . 2010-04-17 01:12 48464 ----a-w- c:\windows\system32\sirenacm.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"egui"="c:\arquivos de programas\ESET\ESET Smart Security\egui.exe" [2010-03-24 2145000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"MaxRecentDocs"= 10 (0xa)

"NoRecentDocsNetHood"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^desktop.ini]

path=c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\desktop.ini

backup=c:\windows\pss\desktop.iniStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^desktop.ini]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\desktop.ini

backup=c:\windows\pss\desktop.iniCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2007-01-15 19:14 147456 ----a-r- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]

2004-08-22 20:05 81920 ----a-r- c:\arquivos de programas\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]

2004-08-04 03:45 159744 ----a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2006-01-12 18:40 155648 ----a-r- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2003-12-08 20:35 32768 ----a-r- c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]

2004-12-28 22:01 544768 ----a-w- c:\windows\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

2006-08-02 21:12 577536 ------w- c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]

2006-04-11 08:06 176128 ----a-w- c:\windows\system32\VTTrayp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"TuneUp.Defrag"=3 (0x3)

"NBService"=3 (0x3)

"WZCSVC"=2 (0x2)

"UxTuneUp"=2 (0x2)

"TapiSrv"=3 (0x3)

"RDSessMgr"=3 (0x3)

"RasMan"=3 (0x3)

"RasAuto"=3 (0x3)

"mnmsrvc"=3 (0x3)

"ImapiService"=3 (0x3)

"getPlusHelper"=3 (0x3)

"XoftSpyService"=3 (0x3)

"TuneUp.UtilitiesSvc"=2 (0x2)

"ose"=3 (0x3)

"MDM"=2 (0x2)

"gusvc"=3 (0x3)

"gupdate"=2 (0x2)

"rjhnrsqbm"=2 (0x2)

"FastUserSwitchingCompatibility"=3 (0x3)

"helpsvc"=2 (0x2)

"wscsvc"=2 (0x2)

"SharedAccess"=2 (0x2)

"SCardSvr"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"Google Update"="c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"VTTimer"=VTTimer.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Arquivos de programas\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=

"c:\\Arquivos de programas\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\UTorrents (Minha Pasta)\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1277:TCP"= 1277:TCP:*:Disabled:qxfyulz

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [7/9/2007 20:59 155136]

R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [7/9/2007 20:59 5248]

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [24/3/2010 20:31 114984]

R2 ekrn;ESET Service;c:\arquivos de programas\ESET\ESET Smart Security\ekrn.exe [24/3/2010 20:31 810120]

S2 rjhnrsqbm;Support Server;c:\windows\system32\svchost.exe -k netsvcs [4/8/2004 00:45 14336]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\arquivos de programas\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [25/2/2010 11:18 10064]

S3 uti3nzc5;AVZ Kernel Driver;c:\windows\system32\drivers\uti3nzc5.sys [11/12/2009 17:31 7168]

S4 gupdate;Google Update Service (gupdate);"c:\arquivos de programas\Google\Update\GoogleUpdate.exe" /svc --> c:\arquivos de programas\Google\Update\GoogleUpdate.exe [?]

S4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\arquivos de programas\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [7/5/2010 17:48 1051976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uInternet Connection Wizard,ShellNext = iexplore

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Download Link Using Mega Manager... - c:\arquivos de programas\Megaupload\Mega Manager\mm_file.htm

IE: Download with GetRight - c:\arquivos de programas\GetRight\GRdownload.htm

IE: Open with GetRight Browser - c:\arquivos de programas\GetRight\GRbrowse.htm

TCP: {8AD1177A-26EC-45AA-A0C5-1772FE68E6CC} = 172.19.51.1

FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\i51zogxw.default\

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br

FF - prefs.js: network.proxy.type - 0

FF - component: c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\i51zogxw.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll

FF - plugin: c:\arquivos de programas\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\i51zogxw.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

---- FIREFOX POLICIES ----

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORFÃOS REMOVIDOS - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

MSConfigStartUp-swg - c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-06-25 13:27

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x83E11BA8]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xf752cfc3

\Driver\ACPI -> ACPI.sys @ 0xf7459cb8

\Driver\atapi -> 0x83e11ba8

IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a18f6

ParseProcedure -> ntoskrnl.exe @ 0x8056f26d

\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a18f6

ParseProcedure -> ntoskrnl.exe @ 0x8056f26d

NDIS: VIA Rhine II Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf72e0ba0

PacketIndicateHandler -> NDIS.sys @ 0xf72edb21

SendHandler -> NDIS.sys @ 0xf72cb87b

Warning: possible MBR rootkit infection !

user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet006\Services\rjhnrsqbm]

"ServiceDll"="c:\windows\system32\hincakl.dll"

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_USERS\S-1-5-21-796845957-115176313-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,49,4c,65,43,56,d8,40,4f,96,08,c2,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,49,4c,65,43,56,d8,40,4f,96,08,c2,\

"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,49,4c,65,43,56,d8,40,4f,96,08,c2,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|þ»Òw*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

Tempo para conclusão: 2010-06-25 13:30:45

ComboFix-quarantined-files.txt 2010-06-25 16:30

Pré-execução: 11 pasta(s) 27.611.176.960 bytes disponíveis

Pós execução: 12 pasta(s) 27.570.814.976 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=6 Default=6 Failed=2 LastKnownGood=7 Sets=1,2,3,4,5,6,7

- - End Of File - - C90B77C83EF9758E1D6B1286E5BEF873

Editado Junho 25, 2010 por bodonchild

[bodonchild]

Mais um detalhe...Logo após o procedimento com o ComboFix, fiz um scan automático com o ESET Smart Security, (pois desinstalei o Avira porque não estava atualizando) e havia alguns trojans..Dois deles estavam na pasta que o ComboFix criou..Os outros já estavam na quarentena...

Locais dos vírus:

C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Av-test.txt - Eicar test file

C:\QooBox\32788R22FWJFW\uagp35.sys - Win32/Olmarik.ZC trojan

C:\Arquivos de programas\EMULADORES\P64\Project64 1.7.0.55E\NRage-Language-1034.dll - Win32/Agent trojan

C:\WINDOWS\system32\drivers\uagp35.sys - Win32/Olmarik.ZC trojan

C:\WINDOWS\system32\drivers\uagp35.sys.tmp - Win32/Olmarik.ZC trojan

E estes, (todos uma variante do Win32/TrojanClicker.Delf.NKC trojan):

C:\WINDOWS\system32\emxqkjn.dll

C:\WINDOWS\system32\ywdlyom.dll

C:\WINDOWS\system32\ttgtdsw.dll

C:\WINDOWS\system32\ceidajv.dll

C:\WINDOWS\system32\nlxylqz.dll

C:\WINDOWS\system32\wedqqhz.dll

C:\WINDOWS\system32\vdutiby.dll

C:\WINDOWS\system32\henaxzk.dll

C:\WINDOWS\system32\vzckwya.dll

C:\WINDOWS\system32\tunmasw.dll

Só que assim que eles eram postos na quarentena,

acho que eles voltavam,porque ocorria um erro no log do antivirus em:

C:\WINDOWS\Temp\xnpg.tmp\svchost.exe.

Espero q isso possa ajudar em algo..

[RenatoMejias]

Faça uma nova execução do ComboFix e poste seu logs para análise.

[bodonchild]

Havia uma nova versão do ComboFix, e eu atualizei.Novamente o "ComboFix detectou a presença de rootkit e precisou reiniciar o pc".Após o teste, logo que ativei o antivirus, a proteção automatica detectou o "eicar test file" (Av-test.txt), mas este não é um virus é apenas um "teste" para ver se o antivirus reage, certo?Bem, aí esta o log:

ComboFix 10-06-28.01 - Administrador 29/06/2010 11:17:42.3.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.447.189 [GMT -3:00]

Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe

AV: ESET Smart Security 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: Avira FireWall *enabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}

FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

* AV residente está ativo

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-05-28 to 2010-06-29 ))))))))))))))))))))))))))))

.

2010-06-28 17:28 . 2010-06-28 17:30 96 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\TurboDemo\WRTDX8672.DLL

2010-06-28 17:28 . 2010-06-28 17:30 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\TurboDemo

2010-06-28 00:51 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe

2010-06-28 00:51 . 2010-02-17 17:07 2194176 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe

2010-06-28 00:51 . 2009-03-06 14:20 286208 -c----w- c:\windows\system32\dllcache\pdh.dll

2010-06-28 00:51 . 2009-02-09 11:25 111104 -c----w- c:\windows\system32\dllcache\services.exe

2010-06-28 00:51 . 2009-02-09 10:53 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll

2010-06-28 00:51 . 2009-02-09 10:53 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll

2010-06-28 00:51 . 2009-02-09 10:53 683520 -c----w- c:\windows\system32\dllcache\advapi32.dll

2010-06-28 00:51 . 2009-02-09 10:53 730624 -c----w- c:\windows\system32\dllcache\ntdll.dll

2010-06-28 00:51 . 2009-02-09 10:53 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll

2010-06-28 00:51 . 2010-02-16 19:07 2150400 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe

2010-06-28 00:51 . 2010-02-16 19:07 2028544 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe

2010-06-28 00:06 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys

2010-06-27 23:43 . 2008-06-14 17:34 272384 -c----w- c:\windows\system32\dllcache\bthport.sys

2010-06-27 23:42 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys

2010-06-27 23:39 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2010-06-27 23:36 . 2008-05-09 10:55 180224 -c----w- c:\windows\system32\dllcache\scrobj.dll

2010-06-27 23:36 . 2008-05-09 10:55 90112 -c----w- c:\windows\system32\dllcache\wshext.dll

2010-06-27 23:36 . 2008-05-09 10:55 172032 -c----w- c:\windows\system32\dllcache\scrrun.dll

2010-06-27 23:36 . 2008-05-09 08:45 135168 -c----w- c:\windows\system32\dllcache\cscript.exe

2010-06-27 23:36 . 2008-05-08 11:24 155648 -c----w- c:\windows\system32\dllcache\wscript.exe

2010-06-27 23:36 . 2009-10-15 16:32 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll

2010-06-27 23:36 . 2009-10-15 16:32 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll

2010-06-27 20:21 . 2009-11-21 15:58 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

2010-06-27 20:11 . 2008-10-15 16:36 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll

2010-06-27 19:49 . 2010-06-27 19:49 -------- d-----w- c:\windows\system32\bits

2010-06-27 19:45 . 2008-04-13 22:20 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe

2010-06-24 02:50 . 2010-06-24 02:50 -------- d-----w- c:\documents and settings\Convidado\Dados de aplicativos\ESET

2010-06-24 00:46 . 2010-06-24 00:49 -------- d-----w- c:\arquivos de programas\UTorrents (Minha Pasta)

2010-06-24 00:40 . 2010-06-28 19:35 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\uTorrent

2010-06-24 00:19 . 2010-06-24 00:19 184320 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\wlan4.dll

2010-06-24 00:19 . 2010-06-24 00:19 59904 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\ups.dll

2010-06-24 00:19 . 2010-06-24 00:19 10752 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\system.dll

2010-06-24 00:19 . 2010-06-24 00:19 65536 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\sync.dll

2010-06-24 00:14 . 2010-06-24 00:19 75264 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\stp.dll

2010-06-24 00:14 . 2010-06-24 00:14 90624 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\secure.dll

2010-06-24 00:14 . 2010-06-24 00:14 116736 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\roting4.dll

2010-06-24 00:13 . 2010-06-24 00:14 59392 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\radlan.dll

2010-06-24 00:13 . 2010-06-24 00:13 109056 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\ppp.dll

2010-06-24 00:13 . 2010-06-24 00:13 70656 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\pim.dll

2010-06-24 00:13 . 2010-06-24 00:13 57856 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\ntp.dll

2010-06-24 00:13 . 2010-06-24 00:13 71168 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\mpls.dll

2010-06-24 00:11 . 2010-06-24 00:13 58368 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\lcd.dll

2010-06-24 00:09 . 2010-06-24 00:11 57344 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\isdn.dll

2010-06-24 00:09 . 2010-06-24 00:09 76288 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\ipv6.dll

2010-06-24 00:09 . 2010-06-24 00:09 79872 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\hotspot.dll

2010-06-24 00:09 . 2010-06-24 00:09 69632 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\dhcp.dll

2010-06-24 00:09 . 2010-06-24 00:09 58880 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\arlan.dll

2010-06-24 00:09 . 2010-06-24 00:09 69632 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\advtool.dll

2010-06-24 00:07 . 2010-06-24 00:09 1514496 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.3-4232445254\roteros.dll

2010-06-23 18:34 . 2010-06-23 18:34 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Megaupload

2010-06-23 18:33 . 2010-06-23 18:33 -------- d-----w- c:\arquivos de programas\Megaupload

2010-06-23 13:40 . 2010-06-23 13:40 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\ESET

2010-06-23 13:38 . 2010-06-23 13:38 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\ESET

2010-06-23 13:38 . 2010-06-23 13:38 -------- d-----w- c:\arquivos de programas\ESET

2010-06-23 03:08 . 2010-06-23 03:08 184320 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\wlan4.dll

2010-06-23 03:08 . 2010-06-23 03:08 59904 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\ups.dll

2010-06-23 03:08 . 2010-06-23 03:08 10752 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\system.dll

2010-06-23 03:08 . 2010-06-23 03:08 65536 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\sync.dll

2010-06-23 03:08 . 2010-06-23 03:08 90624 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\secure.dll

2010-06-23 03:08 . 2010-06-23 03:08 116736 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\roting4.dll

2010-06-23 03:08 . 2010-06-23 03:08 59392 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\radlan.dll

2010-06-23 03:07 . 2010-06-23 03:08 110080 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\ppp.dll

2010-06-23 03:07 . 2010-06-23 03:07 70656 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\pim.dll

2010-06-23 03:07 . 2010-06-23 03:07 57856 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\ntp.dll

2010-06-23 03:07 . 2010-06-23 03:07 71168 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\mpls.dll

2010-06-23 03:07 . 2010-06-23 03:07 58368 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\lcd.dll

2010-06-23 03:07 . 2010-06-23 03:07 57344 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\isdn.dll

2010-06-23 03:07 . 2010-06-23 03:07 76288 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\ipv6.dll

2010-06-23 03:07 . 2010-06-23 03:07 79872 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\hotspot.dll

2010-06-23 03:07 . 2010-06-23 03:07 70144 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\dhcp.dll

2010-06-23 03:07 . 2010-06-23 03:07 58880 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\arlan.dll

2010-06-23 03:07 . 2010-06-23 03:07 69632 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\advtool.dll

2010-06-23 03:07 . 2010-06-23 03:07 1531904 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik\Winbox\4.6-2146247327\roteros.dll

2010-06-23 03:06 . 2010-06-23 03:06 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Mikrotik

2010-06-21 18:38 . 2010-06-28 17:03 -------- d-----w- C:\Downloads

2010-06-21 18:11 . 2010-06-21 19:20 -------- d-----w- c:\arquivos de programas\GetRight

2010-06-21 17:52 . 2010-06-26 18:45 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Tor

2010-06-21 17:52 . 2010-06-26 18:45 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Vidalia

2010-06-21 17:52 . 2010-06-21 17:52 -------- d-----w- c:\arquivos de programas\Vidalia Bundle

2010-06-20 02:35 . 2010-06-21 23:49 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2010-06-19 19:11 . 2010-06-19 19:11 -------- d-----w- c:\arquivos de programas\Acoustica Shared Effects

2010-06-19 19:11 . 2010-06-19 19:11 -------- d-----w- c:\arquivos de programas\Acoustica Beatcraft

2010-06-19 18:31 . 2010-06-19 18:31 -------- d-----w- c:\arquivos de programas\ASIO4ALL v2

2010-06-19 18:28 . 2010-06-19 18:28 -------- d-----w- c:\arquivos de programas\Outsim

2010-06-19 18:25 . 2010-06-19 19:10 -------- d-----w- c:\arquivos de programas\Image-Line

2010-06-19 17:04 . 2010-06-19 17:04 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Socusoft

2010-06-19 17:03 . 2010-06-03 12:00 24064 ----a-w- c:\windows\system32\msxml3a.dll

2010-06-19 17:01 . 2010-06-19 17:03 -------- d-----w- c:\arquivos de programas\DVD Photo Slideshow Professional

2010-06-19 17:01 . 2010-06-19 17:01 -------- d-----w- c:\arquivos de programas\Socusoft

2010-06-18 23:43 . 2010-06-18 23:43 -------- d-----w- c:\arquivos de programas\Windows Live SkyDrive

2010-06-18 23:43 . 2010-06-18 23:43 -------- d-----w- c:\arquivos de programas\Windows Live

2010-06-18 23:14 . 2009-11-20 19:26 25984 ----a-w- c:\windows\system32\drivers\tap0901.sys

2010-06-18 22:25 . 2010-06-18 22:25 3584 ----a-r- c:\documents and settings\Administrador\Dados de aplicativos\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe

2010-06-18 22:25 . 2010-06-18 22:25 -------- d-----w- c:\arquivos de programas\Windows Installer Clean Up

2010-06-18 20:15 . 2010-06-18 20:15 -------- d-----w- c:\windows\system32\wbem\Repository

2010-06-18 17:35 . 2010-06-28 17:04 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\GetRight

2010-06-18 16:15 . 2010-06-18 16:15 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java

2010-06-17 20:01 . 2010-06-25 19:20 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\QuickScan

2010-06-17 20:01 . 2010-05-31 19:34 702120 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\i51zogxw.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll

2010-06-17 20:01 . 2010-05-31 19:34 868456 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\i51zogxw.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

2010-06-17 16:14 . 2010-06-17 16:14 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\DivX

2010-06-17 14:57 . 2010-06-18 00:19 48620 ---há-w- c:\windows\system32\mlfcache.dat

2010-06-17 14:50 . 2010-06-17 14:50 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Apple Computer

2010-06-17 14:50 . 2010-06-17 14:50 -------- d-----w- c:\arquivos de programas\Safari

2010-06-17 14:50 . 2010-06-17 14:50 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer

2010-06-17 14:49 . 2010-06-17 14:49 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Apple

2010-06-17 14:48 . 2010-06-17 14:48 -------- d-----w- c:\arquivos de programas\Apple Software Update

2010-06-17 14:48 . 2010-06-17 14:48 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple

2010-06-17 13:46 . 2010-06-17 13:46 0 ----a-w- c:\windows\nsreg.dat

2010-06-16 20:03 . 2010-06-16 20:10 -------- d--h--w- c:\windows\msdownld.tmp

2010-06-16 16:11 . 2003-06-25 19:05 266360 ----a-w- c:\windows\system32\TweakUI.exe

2010-06-13 18:05 . 2010-06-27 19:46 -------- d-----w- c:\windows\ServicePackFiles

2010-06-13 17:35 . 2010-06-13 17:35 -------- d-----w- c:\documents and settings\LocalService\Dados de aplicativos\McAfee

2010-06-11 18:49 . 2010-06-11 18:49 -------- d-sh--w- c:\documents and settings\Convidado\IECompatCache

2010-06-11 18:48 . 2010-06-11 18:48 -------- d-sh--w- c:\documents and settings\Convidado\PrivacIE

2010-06-11 18:10 . 2010-06-11 18:10 -------- d-sh--w- c:\documents and settings\Convidado\IETldCache

2010-06-11 16:52 . 2010-06-11 16:52 -------- d-sh--w- c:\documents and settings\Administrador\IECompatCache

2010-06-11 16:50 . 2010-06-11 16:50 -------- d-sh--w- c:\documents and settings\Administrador\PrivacIE

2010-06-11 16:47 . 2010-06-11 16:47 -------- d-sh--w- c:\documents and settings\Administrador\IETldCache

2010-06-11 16:44 . 2010-06-13 18:25 -------- d-----w- c:\windows\ie8updates

2010-06-11 16:42 . 2010-06-11 16:43 -------- dc-h--w- c:\windows\ie8

2010-06-11 16:38 . 2010-05-06 10:34 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2010-06-11 16:38 . 2010-05-06 10:34 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-28 14:05 . 2001-10-28 17:07 68422 ----a-w- c:\windows\system32\perfc016.dat

2010-06-28 14:05 . 2001-10-28 17:07 428674 ----a-w- c:\windows\system32\perfh016.dat

2010-06-23 18:33 . 2007-09-07 23:19 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2010-06-22 22:18 . 2008-01-26 14:21 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Media Player Classic

2010-06-22 00:22 . 2007-09-08 00:00 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Vso

2010-06-19 20:39 . 2009-11-05 14:42 16 ----a-w- c:\windows\msocreg32.dat

2010-06-17 13:44 . 2009-12-30 14:16 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\MSScanAppDataDir

2010-06-10 16:53 . 2009-12-11 22:07 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira

2010-06-08 13:01 . 2010-01-28 14:37 49586 ----a-w- c:\windows\system32\prfc0416.dat

2010-06-08 13:01 . 2010-01-28 14:37 347294 ----a-w- c:\windows\system32\prfh0416.dat

2010-06-07 16:13 . 2010-02-05 14:15 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-05-30 17:18 . 2009-05-25 17:11 -------- d-----w- c:\arquivos de programas\Sweet Home 3D 1.8

2010-05-12 23:40 . 2008-05-07 17:34 -------- d-----w- c:\arquivos de programas\EMULADORES

2010-05-06 10:34 . 2004-08-04 03:45 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 08:08 . 2004-08-04 03:38 1851392 ----a-w- c:\windows\system32\win32k.sys

2010-04-29 18:39 . 2010-02-05 14:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 18:39 . 2010-02-05 14:15 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-20 05:47 . 2004-08-04 03:44 285696 ----a-w- c:\windows\system32\atmfd.dll

2010-04-17 01:12 . 2010-04-17 01:12 48464 ----a-w- c:\windows\system32\sirenacm.dll

.

------- Sigcheck -------

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys

[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\tcpip.sys

[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\abc8d424bc7438e463cef8a2ec1c00e4\sp3gdr\tcpip.sys

[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys

[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys

[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys

[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys

[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys

[-] 2008-07-07 20:31 . C8FDAFC91302E9E905182EC6A2D1612A . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll

[-] 2008-07-07 20:28 . B024AB8B7692D47C8176BE92AB36D316 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll

[-] 2008-07-07 20:28 . B024AB8B7692D47C8176BE92AB36D316 . 253952 . . [2001.12.4414.706] . . c:\windows\ERDNT\cache\es.dll

[-] 2008-07-07 20:28 . B024AB8B7692D47C8176BE92AB36D316 . 253952 . . [2001.12.4414.706] . . c:\windows\SoftwareDistribution\Download\cef92b38c90fc921728c6ea550391cb2\sp3gdr\es.dll

[-] 2008-07-07 20:28 . B024AB8B7692D47C8176BE92AB36D316 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll

[-] 2008-07-07 20:28 . B024AB8B7692D47C8176BE92AB36D316 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll

[-] 2008-07-07 20:25 . 58586EB44E6FD9A711943647C8451741 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll

[-] 2008-07-07 20:18 . 788A6C475F332290217C33921623CF48 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll

[7] 2008-04-13 22:20 . 957E7822860EB8E5CD9EDB7BA04B7E65 . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll

[-] 2010-05-06 . 20800D7145CF4E247775458B404FD44A . 5950976 . . [8.00.6001.18928] . . c:\windows\ERDNT\cache\mshtml.dll

[-] 2010-05-06 . 20800D7145CF4E247775458B404FD44A . 5950976 . . [8.00.6001.18928] . . c:\windows\system32\mshtml.dll

[-] 2010-05-06 . 20800D7145CF4E247775458B404FD44A . 5950976 . . [8.00.6001.18928] . . c:\windows\system32\dllcache\mshtml.dll

[-] 2010-05-06 . AA1410ABF16D5F3655569927075CEF05 . 5953024 . . [8.00.6001.23019] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll

[-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB982381-IE8\mshtml.dll

[7] 2008-04-13 . 64C5EB55D74A90AB4DC89F9A6C2E797F . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll

[7] 2004-08-04 . 2D36439FE3C0FBD30F5ABD8FDBAA31B5 . 3003392 . . [6.00.2900.2180] . . c:\windows\ie8\mshtml.dll

[-] 2008-06-20 . 401BBBCD7A0116BF42BE81171510486A . 247808 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll

[-] 2008-06-20 . 401BBBCD7A0116BF42BE81171510486A . 247808 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\mswsock.dll

[-] 2008-06-20 . 401BBBCD7A0116BF42BE81171510486A . 247808 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\abc8d424bc7438e463cef8a2ec1c00e4\sp3gdr\mswsock.dll

[-] 2008-06-20 . 401BBBCD7A0116BF42BE81171510486A . 247808 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll

[-] 2008-06-20 . 401BBBCD7A0116BF42BE81171510486A . 247808 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll

[-] 2008-06-20 . 5265EA72F599CF8277A34780F6369B60 . 247808 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll

[-] 2008-06-20 . 59AB513554BA8770BF493D6F2121637B . 247808 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll

[-] 2008-06-20 . E8C71AECFD3B76407430A22C9EB371FF . 247808 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll

[7] 2008-04-13 . CF7C16037A5905AA5A173813D14D5C4A . 247808 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll

[-] 2010-05-06 . 2B050AA55BEB6F3D5BF29FD7D3893A4E . 916480 . . [8.00.6001.18923] . . c:\windows\ERDNT\cache\wininet.dll

[-] 2010-05-06 . 2B050AA55BEB6F3D5BF29FD7D3893A4E . 916480 . . [8.00.6001.18923] . . c:\windows\system32\wininet.dll

[-] 2010-05-06 . 2B050AA55BEB6F3D5BF29FD7D3893A4E . 916480 . . [8.00.6001.18923] . . c:\windows\system32\dllcache\wininet.dll

[-] 2010-05-06 . 326CDF2109D669998922946D6B490836 . 919040 . . [8.00.6001.23014] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll

[-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB982381-IE8\wininet.dll

[7] 2008-04-13 . DF6D0F37A71883BE3505DD517EB8AD83 . 668160 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll

[7] 2004-08-04 . 398A619CE60090303042D1F8CC68F712 . 658432 . . [6.00.2900.2180] . . c:\windows\ie8\wininet.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"egui"="c:\arquivos de programas\ESET\ESET Smart Security\egui.exe" [2010-03-24 2145000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"MaxRecentDocs"= 10 (0xa)

"NoRecentDocsNetHood"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^desktop.ini]

path=c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\desktop.ini

backup=c:\windows\pss\desktop.iniStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^desktop.ini]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\desktop.ini

backup=c:\windows\pss\desktop.iniCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2007-01-15 19:14 147456 ----a-r- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]

2004-08-22 20:05 81920 ----a-r- c:\arquivos de programas\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]

2008-04-13 22:21 171520 ----a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2006-01-12 18:40 155648 ----a-r- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2003-12-08 20:35 32768 ----a-r- c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]

2004-12-28 22:01 544768 ----a-w- c:\windows\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

2006-08-02 21:12 577536 ------w- c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]

2006-04-11 08:06 176128 ----a-w- c:\windows\system32\VTTrayp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"TuneUp.Defrag"=3 (0x3)

"NBService"=3 (0x3)

"WZCSVC"=2 (0x2)

"UxTuneUp"=2 (0x2)

"TapiSrv"=3 (0x3)

"RDSessMgr"=3 (0x3)

"RasMan"=3 (0x3)

"RasAuto"=3 (0x3)

"mnmsrvc"=3 (0x3)

"ImapiService"=3 (0x3)

"getPlusHelper"=3 (0x3)

"XoftSpyService"=3 (0x3)

"TuneUp.UtilitiesSvc"=2 (0x2)

"ose"=3 (0x3)

"MDM"=2 (0x2)

"gusvc"=3 (0x3)

"gupdate"=2 (0x2)

"rjhnrsqbm"=2 (0x2)

"FastUserSwitchingCompatibility"=3 (0x3)

"helpsvc"=2 (0x2)

"wscsvc"=2 (0x2)

"SharedAccess"=2 (0x2)

"SCardSvr"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"Google Update"="c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"VTTimer"=VTTimer.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Arquivos de programas\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=

"c:\\Arquivos de programas\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\UTorrents (Minha Pasta)\\uTorrent.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1277:TCP"= 1277:TCP:*:Disabled:qxfyulz

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [7/9/2007 20:59 155136]

R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [7/9/2007 20:59 5248]

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [24/3/2010 20:31 114984]

R2 ekrn;ESET Service;c:\arquivos de programas\ESET\ESET Smart Security\ekrn.exe [24/3/2010 20:31 810120]

S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [26/6/2010 11:26 136176]

S2 rjhnrsqbm;Support Server;c:\windows\system32\svchost.exe -k netsvcs [4/8/2004 00:45 14336]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\arquivos de programas\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [25/2/2010 11:18 10064]

S3 uti3nzc5;AVZ Kernel Driver;c:\windows\system32\drivers\uti3nzc5.sys [11/12/2009 17:31 7168]

S4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\arquivos de programas\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [7/5/2010 17:48 1051976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Conteúdo da pasta 'Tarefas Agendadas'

2010-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-06-26 14:26]

2010-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-06-26 14:26]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uInternet Connection Wizard,ShellNext = iexplore

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Download Link Using Mega Manager... - c:\arquivos de programas\Megaupload\Mega Manager\mm_file.htm

IE: Download with GetRight - c:\arquivos de programas\GetRight\GRdownload.htm

IE: Open with GetRight Browser - c:\arquivos de programas\GetRight\GRbrowse.htm

TCP: {8AD1177A-26EC-45AA-A0C5-1772FE68E6CC} = 198.153.192.1,198.153.194.1

FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\i51zogxw.default\

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br

FF - prefs.js: network.proxy.type - 0

FF - component: c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\i51zogxw.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll

FF - plugin: c:\arquivos de programas\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\i51zogxw.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

---- FIREFOX POLICIES ----

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-06-29 11:25

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8486D870]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xf75acf28

\Driver\ACPI -> ACPI.sys @ 0xf74d9cb8

\Driver\atapi -> 0x8486d870

IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615

ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac

\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615

ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac

NDIS: VIA Rhine II Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf735fbb0

PacketIndicateHandler -> NDIS.sys @ 0xf736ca21

SendHandler -> NDIS.sys @ 0xf734a87b

Warning: possible MBR rootkit infection !

user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet006\Services\rjhnrsqbm]

"ServiceDll"="c:\windows\system32\hincakl.dll"

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_USERS\S-1-5-21-796845957-115176313-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,49,4c,65,43,56,d8,40,4f,96,08,c2,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,49,4c,65,43,56,d8,40,4f,96,08,c2,\

"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,49,4c,65,43,56,d8,40,4f,96,08,c2,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|þ»Òw*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

Tempo para conclusão: 2010-06-29 11:30:02

ComboFix-quarantined-files.txt 2010-06-29 14:29

ComboFix2.txt 2010-06-28 19:53

ComboFix3.txt 2010-06-25 16:30

Pré-execução: 11 pasta(s) 25.866.915.840 bytes disponíveis

Pós execução: 12 pasta(s) 25.862.721.536 bytes disponíveis

Current=6 Default=6 Failed=2 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8

- - End Of File - - 39695115BC43EFE23D63358F4F79EB4C

[RenatoMejias]

Configure o Windows para mostrar todos os arquivos

Acesse este site: http://virustotal.com/

Em File to upload coloque: c:\windows\system32\dllcache\wininet.dll

Em seguida clique em Submit

Copie e poste o resultado deste exame.

[bodonchild]

Bem, depois de várias e várias tentativas, só foi possivel enviar após baixar o Virustotal Uploader...

Outra coisa que esta acontecendo com o pc, é que de vez em quando aparece a mensagem: "Error Protection N°...".

E todos os ícones somem da tela por algums segundos,semelhante quando se encerra o processo "explorer.exe".

O número varia, mas quase sempre é 103 se não me engano...Depois volta ao normal...

Log:

File WININET.dll received on 2010.06.11 22:03:34 (UTC)

Current status: finished

Result: 0/41 (0.00%)

Compact Print results Antivirus Version Last Update Result

a-squared 5.0.0.26 2010.06.11 -

AhnLab-V3 2010.06.11.00 2010.06.11 -

AntiVir 8.2.2.6 2010.06.11 -

Antiy-AVL 2.0.3.7 2010.06.11 -

Authentium 5.2.0.5 2010.06.11 -

Avast 4.8.1351.0 2010.06.11 -

Avast5 5.0.332.0 2010.06.11 -

AVG 9.0.0.787 2010.06.11 -

BitDefender 7.2 2010.06.11 -

CAT-QuickHeal 10.00 2010.06.11 -

ClamAV 0.96.0.3-git 2010.06.11 -

Comodo 5059 2010.06.11 -

DrWeb 5.0.2.03300 2010.06.11 -

eSafe 7.0.17.0 2010.06.10 -

eTrust-Vet 36.1.7629 2010.06.11 -

F-Prot 4.6.0.103 2010.06.11 -

F-Secure 9.0.15370.0 2010.06.11 -

Fortinet 4.1.133.0 2010.06.11 -

GData 21 2010.06.11 -

Ikarus T3.1.1.84.0 2010.06.11 -

Jiangmin 13.0.900 2010.06.11 -

Kaspersky 7.0.0.125 2010.06.11 -

McAfee 5.400.0.1158 2010.06.11 -

McAfee-GW-Edition 2010.1 2010.06.11 -

Microsoft 1.5802 2010.06.11 -

NOD32 5191 2010.06.11 -

Norman 6.04.12 2010.06.11 -

nProtect 2010-06-11.01 2010.06.11 -

Panda 10.0.2.7 2010.06.11 -

PCTools 7.0.3.5 2010.06.11 -

Prevx 3.0 2010.06.12 -

Rising 22.51.04.04 2010.06.11 -

Sophos 4.54.0 2010.06.11 -

Sunbelt 6436 2010.06.11 -

Symantec 20101.1.0.89 2010.06.11 -

TheHacker 6.5.2.0.297 2010.06.11 -

TrendMicro 9.120.0.1004 2010.06.11 -

TrendMicro-HouseCall 9.120.0.1004 2010.06.11 -

VBA32 3.12.12.5 2010.06.11 -

ViRobot 2010.6.11.3881 2010.06.11 -

VirusBuster 5.0.27.0 2010.06.11 -

Additional information

File size: 916480 bytes

MD5 : 2b050aa55beb6f3d5bf29fd7d3893a4e

SHA1 : 56ce7eb7b3aa9c9a5c4d6a4d3ae536508df3f30c

SHA256: c45b181f180a669f509d60fe6b49b2f36d87a67b173526c50178726759bc501b

PEInfo: PE Structure information

( base data )

entrypointaddress.: 0x1748

timedatestamp.....: 0x4BE29B29 (Thu May 6 12:34:17 2010)

machinetype.......: 0x14C (Intel I386)

( 4 sections )

name viradd virsiz rawdsiz ntrpy md5

.text 0x1000 0xAF930 0xAFA00 6.64 09ff0ee3d069bf3b3e7fef46a72360e5

.data 0xB1000 0x6850 0x3400 1.84 c1390281996b6737eaf1c49856ef8b8d

.rsrc 0xB8000 0x261C0 0x26200 4.72 f510d3857585944a3072e8e1477e9f00

.reloc 0xDF000 0x67CC 0x6800 6.78 704a73cec3949370af8444ca77511a69

( 9 imports )

> advapi32.dll: RegDeleteValueW, RegQueryValueExW, CryptAcquireContextA, CryptGenRandom, CryptReleaseContext, RegOpenKeyA, RegEnumKeyA, RegSetValueExW, RegCreateKeyExW, RegDeleteKeyW, TraceEvent, DuplicateTokenEx, CreateWellKnownSid, SetTokenInformation, CreateProcessAsUserA, ConvertStringSecurityDescriptorToSecurityDescriptorA, GetSidSubAuthorityCount, GetSidSubAuthority, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, RegDeleteValueA, OpenThreadToken, OpenProcessToken, GetTokenInformation, RegOpenKeyExW, RegDeleteKeyA, UnregisterTraceGuids, RegisterTraceGuidsA, ConvertSidToStringSidW, ConvertStringSecurityDescriptorToSecurityDescriptorW, CryptAcquireContextW, CryptGetProvParam, GetTraceLoggerHandle, GetTraceEnableLevel, GetTraceEnableFlags, RegCreateKeyExA, RegSetValueExA, RegOpenKeyExA, RegQueryValueExA, RegQueryInfoKeyA, RegEnumKeyExA, RegCloseKey, GetUserNameA, OpenSCManagerA, OpenServiceA, CloseServiceHandle, QueryServiceStatus

> iertutil.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -

> kernel32.dll: OpenFileMappingA, CreateFileMappingA, MapViewOfFileEx, FlushViewOfFile, SetEndOfFile, UnmapViewOfFile, OutputDebugStringA, DosDateTimeToFileTime, lstrcmpiW, GetEnvironmentVariableA, GetShortPathNameA, GetShortPathNameW, FindFirstFileA, RemoveDirectoryA, FindNextFileA, FindClose, GetDiskFreeSpaceExA, CopyFileA, SetFileTime, CreateDirectoryA, GetWindowsDirectoryA, GetPrivateProfileStringA, GetFileAttributesA, SetFileAttributesA, GetFileAttributesExA, FileTimeToDosDateTime, GetFileSizeEx, lstrcmpW, RaiseException, MoveFileExA, MoveFileExW, MoveFileW, MoveFileA, SetFilePointerEx, LocalFileTimeToFileTime, CreateSemaphoreA, ReleaseSemaphore, GetCurrentProcessId, GetFileTime, lstrcmpA, GetModuleHandleExA, LoadLibraryW, FreeLibraryAndExitThread, ResetEvent, ExpandEnvironmentStringsA, GetSystemTimeAsFileTime, DeleteFileW, GetACP, InterlockedExchangeAdd, CreateThread, Sleep, OpenMutexA, GetSystemDirectoryA, FormatMessageA, SetErrorMode, IsDBCSLeadByteEx, SystemTimeToFileTime, SizeofResource, TlsFree, TlsGetValue, TlsSetValue, TlsAlloc, GetDateFormatA, GetTimeFormatA, GlobalAlloc, InterlockedCompareExchange, GetCurrentThread, GetCurrentProcess, IsDBCSLeadByte, IsValidCodePage, GlobalFree, GetLongPathNameW, lstrlenW, GetLongPathNameA, DeleteFileA, FormatMessageW, GetModuleHandleA, GetSystemTime, GetModuleHandleW, WritePrivateProfileStringA, GetVersionExA, GetModuleFileNameA, WriteFile, SetFilePointer, CreateFileW, CreateFileA, GetFileSize, ReadFile, FileTimeToSystemTime, LocalReAlloc, HeapFree, HeapAlloc, GetProcessHeap, GetTimeFormatW, GetDateFormatW, GetUserDefaultLCID, GetComputerNameA, GlobalUnlock, GlobalLock, QueryPerformanceCounter, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, LoadResource, FindResourceExW, LoadLibraryExW, MapViewOfFile, CreateFileMappingW, GetLocaleInfoW, GetVersionExW, GetSystemDefaultUILanguage, GetUserDefaultUILanguage, FindResourceW, SearchPathW, CreateActCtxW, ReleaseActCtx, ActivateActCtx, DeactivateActCtx, SetFileAttributesW, CompareFileTime, WritePrivateProfileStringW, GetFileAttributesW, CreateMutexW, DuplicateHandle, OpenMutexW, OpenEventW, LockResource, ResumeThread, GetTickCount, GetProcAddress, LoadLibraryA, FreeLibrary, InterlockedExchange, CloseHandle, GetLastError, SetLastError, EnterCriticalSection, LeaveCriticalSection, CompareStringW, WaitForSingleObject, WideCharToMultiByte, MultiByteToWideChar, CreateEventA, CreateMutexA, CompareStringA, ReleaseMutex, GetCurrentThreadId, LocalFree, LocalAlloc, DeleteCriticalSection, SetEvent, InterlockedIncrement, lstrcmpiA, lstrlenA, InterlockedDecrement, GetModuleFileNameW, InitializeCriticalSectionAndSpinCount

> msvcrt.dll: memset, _vsnwprintf, _lock, wcsncmp, bsearch, ___V@YAXPAX@Z, ___U@YAPAXI@Z, _onexit, _wcsnicmp, _wtoi, _wcsicmp, isupper, wcsstr, _purecall, _mbstok, iscntrl, ispunct, _strtoui64, __dllonexit, iswdigit, isalpha, atol, isalnum, _errno, isspace, strpbrk, isdigit, isxdigit, memchr, memcpy, mbtowc, __mb_cur_max, isleadbyte, _iob, _snprintf, _itoa, wctomb, ferror, __badioinfo, __pioinfo, _fileno, _lseeki64, _write, _isatty, _unlock, _adjust_fdiv, _amsg_exit, _initterm, _XcptFilter, iswlower, iswascii, iswxdigit, wcstol, islower, __isascii, strtol, memmove, iswspace, wcsrchr, strrchr, atoi, realloc, free, malloc, time, wcstok, _vsnprintf

> normaliz.dll: IdnToAscii, IdnToUnicode

> ntdll.dll: RtlUnwind, RtlConvertSidToUnicodeString, RtlMoveMemory

> shlwapi.dll: SHRegGetValueW, -, SHRegGetValueA, PathAddBackslashW, PathFindFileNameW, StrRChrW, PathRemoveBackslashA, PathRemoveFileSpecA, -, PathRemoveBlanksA, PathAddBackslashA, -, PathAppendA, -, PathUnExpandEnvStringsA, PathRenameExtensionA, SHDeleteKeyA, SHDeleteValueW, StrCmpNIW, StrCmpNIA, StrStrIA, -, StrChrW, StrChrA, -, -, UrlCombineW, UrlCanonicalizeW, -, PathCreateFromUrlW, UrlUnescapeA, UrlCombineA, UrlCanonicalizeA, StrToIntW, StrCmpW, StrCmpNA, StrRChrA, StrToIntA, StrStrIW, SHGetValueA, SHSetValueA, SHGetValueW, SHSetValueW, -, -, StrStrA, PathCombineW, StrChrNW, StrTrimW

> urlmon.dll: -, -, -, -, -, -, -

> user32.dll: FindWindowW, PostMessageW, RegisterWindowMessageW, ReleaseDC, GetDC, SendDlgItemMessageW, LoadImageW, GetSystemMetrics, IntersectRect, EqualRect, GetWindowRect, GetWindow, SetForegroundWindow, DestroyIcon, SetDlgItemTextW, SetWindowPos, IsWindow, PostMessageA, CharNextExA, EnumWindows, GetAncestor, IsWindowVisible, EnumChildWindows, GetWindowThreadProcessId, IsCharAlphaNumericA, CharLowerW, CharUpperA, CharToOemA, LoadStringW, DialogBoxParamW, GetDesktopWindow, SendDlgItemMessageA, LoadIconA, LoadImageA, LoadStringA, CharLowerA, DestroyWindow, KillTimer, EnableWindow, SetWindowTextW, GetDlgItem, SetFocus, EndDialog, CheckDlgButton, SendMessageW, SendMessageA, IsDlgButtonChecked, DefWindowProcA, SetWindowLongA, GetWindowLongA, RegisterClassW, CreateWindowExW, SetTimer, GetWindowTextW, MessageBoxW, CharNextA, GetWindowInfo

( 1 exports )

> CommitUrlCacheEntryA, CommitUrlCacheEntryW, CreateMD5SSOHash, CreateUrlCacheContainerA, CreateUrlCacheContainerW, CreateUrlCacheEntryA, CreateUrlCacheEntryW, CreateUrlCacheGroup, DeleteIE3Cache, DeleteUrlCacheContainerA, DeleteUrlCacheContainerW, DeleteUrlCacheEntry, DeleteUrlCacheEntryA, DeleteUrlCacheEntryW, DeleteUrlCacheGroup, DeleteWpadCacheForNetworks, DetectAutoProxyUrl, DispatchAPICall, DllInstall, FindCloseUrlCache, FindFirstUrlCacheContainerA, FindFirstUrlCacheContainerW, FindFirstUrlCacheEntryA, FindFirstUrlCacheEntryExA, FindFirstUrlCacheEntryExW, FindFirstUrlCacheEntryW, FindFirstUrlCacheGroup, FindNextUrlCacheContainerA, FindNextUrlCacheContainerW, FindNextUrlCacheEntryA, FindNextUrlCacheEntryExA, FindNextUrlCacheEntryExW, FindNextUrlCacheEntryW, FindNextUrlCacheGroup, ForceNexusLookup, ForceNexusLookupExW, FreeUrlCacheSpaceA, FreeUrlCacheSpaceW, FtpCommandA, FtpCommandW, FtpCreateDirectoryA, FtpCreateDirectoryW, FtpDeleteFileA, FtpDeleteFileW, FtpFindFirstFileA, FtpFindFirstFileW, FtpGetCurrentDirectoryA, FtpGetCurrentDirectoryW, FtpGetFileA, FtpGetFileEx, FtpGetFileSize, FtpGetFileW, FtpOpenFileA, FtpOpenFileW, FtpPutFileA, FtpPutFileEx, FtpPutFileW, FtpRemoveDirectoryA, FtpRemoveDirectoryW, FtpRenameFileA, FtpRenameFileW, FtpSetCurrentDirectoryA, FtpSetCurrentDirectoryW, GetUrlCacheConfigInfoA, GetUrlCacheConfigInfoW, GetUrlCacheEntryInfoA, GetUrlCacheEntryInfoExA, GetUrlCacheEntryInfoExW, GetUrlCacheEntryInfoW, GetUrlCacheGroupAttributeA, GetUrlCacheGroupAttributeW, GetUrlCacheHeaderData, GopherCreateLocatorA, GopherCreateLocatorW, GopherFindFirstFileA, GopherFindFirstFileW, GopherGetAttributeA, GopherGetAttributeW, GopherGetLocatorTypeA, GopherGetLocatorTypeW, GopherOpenFileA, GopherOpenFileW, HttpAddRequestHeadersA, HttpAddRequestHeadersW, HttpCheckDavCompliance, HttpEndRequestA, HttpEndRequestW, HttpOpenRequestA, HttpOpenRequestW, HttpQueryInfoA, HttpQueryInfoW, HttpSendRequestA, HttpSendRequestExA, HttpSendRequestExW, HttpSendRequestW, IncrementUrlCacheHeaderData, InternetAlgIdToStringA, InternetAlgIdToStringW, InternetAttemptConnect, InternetAutodial, InternetAutodialCallback, InternetAutodialHangup, InternetCanonicalizeUrlA, InternetCanonicalizeUrlW, InternetCheckConnectionA, InternetCheckConnectionW, InternetClearAllPerSiteCookieDecisions, InternetCloseHandle, InternetCombineUrlA, InternetCombineUrlW, InternetConfirmZoneCrossing, InternetConfirmZoneCrossingA, InternetConfirmZoneCrossingW, InternetConnectA, InternetConnectW, InternetCrackUrlA, InternetCrackUrlW, InternetCreateUrlA, InternetCreateUrlW, InternetDial, InternetDialA, InternetDialW, InternetEnumPerSiteCookieDecisionA, InternetEnumPerSiteCookieDecisionW, InternetErrorDlg, InternetFindNextFileA, InternetFindNextFileW, InternetFortezzaCommand, InternetGetCertByURL, InternetGetCertByURLA, InternetGetConnectedState, InternetGetConnectedStateEx, InternetGetConnectedStateExA, InternetGetConnectedStateExW, InternetGetCookieA, InternetGetCookieExA, InternetGetCookieExW, InternetGetCookieW, InternetGetLastResponseInfoA, InternetGetLastResponseInfoW, InternetGetPerSiteCookieDecisionA, InternetGetPerSiteCookieDecisionW, InternetGetSecurityInfoByURL, InternetGetSecurityInfoByURLA, InternetGetSecurityInfoByURLW, InternetGoOnline, InternetGoOnlineA, InternetGoOnlineW, InternetHangUp, InternetInitializeAutoProxyDll, InternetLockRequestFile, InternetOpenA, InternetOpenUrlA, InternetOpenUrlW, InternetOpenW, InternetQueryDataAvailable, InternetQueryFortezzaStatus, InternetQueryOptionA, InternetQueryOptionW, InternetReadFile, InternetReadFileExA, InternetReadFileExW, InternetSecurityProtocolToStringA, InternetSecurityProtocolToStringW, InternetSetCookieA, InternetSetCookieExA, InternetSetCookieExW, InternetSetCookieW, InternetSetDialState, InternetSetDialStateA, InternetSetDialStateW, InternetSetFilePointer, InternetSetOptionA, InternetSetOptionExA, InternetSetOptionExW, InternetSetOptionW, InternetSetPerSiteCookieDecisionA, InternetSetPerSiteCookieDecisionW, InternetSetStatusCallback, InternetSetStatusCallbackA, InternetSetStatusCallbackW, InternetShowSecurityInfoByURL, InternetShowSecurityInfoByURLA, InternetShowSecurityInfoByURLW, InternetTimeFromSystemTime, InternetTimeFromSystemTimeA, InternetTimeFromSystemTimeW, InternetTimeToSystemTime, InternetTimeToSystemTimeA, InternetTimeToSystemTimeW, InternetUnlockRequestFile, InternetWriteFile, InternetWriteFileExA, InternetWriteFileExW, IsHostInProxyBypassList, IsUrlCacheEntryExpiredA, IsUrlCacheEntryExpiredW, LoadUrlCacheContent, ParseX509EncodedCertificateForListBoxEntry, PrivacyGetZonePreferenceW, PrivacySetZonePreferenceW, ReadUrlCacheEntryStream, ReadUrlCacheEntryStreamEx, RegisterUrlCacheNotification, ResumeSuspendedDownload, RetrieveUrlCacheEntryFileA, RetrieveUrlCacheEntryFileW, RetrieveUrlCacheEntryStreamA, RetrieveUrlCacheEntryStreamW, RunOnceUrlCache, SetUrlCacheConfigInfoA, SetUrlCacheConfigInfoW, SetUrlCacheEntryGroup, SetUrlCacheEntryGroupA, SetUrlCacheEntryGroupW, SetUrlCacheEntryInfoA, SetUrlCacheEntryInfoW, SetUrlCacheGroupAttributeA, SetUrlCacheGroupAttributeW, SetUrlCacheHeaderData, ShowCertificate, ShowClientAuthCerts, ShowSecurityInfo, ShowX509EncodedCertificate, UnlockUrlCacheEntryFile, UnlockUrlCacheEntryFileA, UnlockUrlCacheEntryFileW, UnlockUrlCacheEntryStream, UpdateUrlCacheContentPath, UrlZonesDetach, _GetFileExtensionFromUrl

TrID : File type identification

InstallShield setup (46.1%)

Win32 Executable MS Visual C++ (generic) (40.4%)

Win32 Executable Generic (9.1%)

Generic Win/DOS Executable (2.1%)

DOS Executable Generic (2.1%)

ssdeep: 12288:QNXDE+TaypW+dfKscIcT3S8SRLlHPWfZHBf893by8YkMMIMMutumKIs:xB+dfKsHcT3JsvF3byJkMMIMMuw

sigcheck: publisher....: Microsoft Corporation

copyright....: © Microsoft Corporation. All rights reserved.

product......: Windows_ Internet Explorer

description..: Internet Extensions for Win32

original name: wininet.dll

internal name: wininet.dll

file version.: 8.00.6001.18923 (longhorn_ie8_gdr.100419-1241)

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

PEiD : -

RDS : NSRL Reference Data Set

-

[RenatoMejias]

Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":

FCopy::

c:\windows\ie8\mshtml.dll|c:\windows\system32\mshtml.dll
c:\windows\ServicePackFiles\i386\mswsock.dll|c:\windows\system32\mswsock.dll
c:\windows\ServicePackFiles\i386\wininet.dll|c:\windows\system32\wininet.dll

Driver::

rjhnrsqbm

• Salve este arquivo como: CFScript.txt

  

• Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para dentro do ComboFix.exe
• Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.