Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
Lucky.

Todas as pastas viraram proteção de tela

Recommended Posts

Coloquei um micro sd que achei na rua e todas as pastas estavam como proteção de tela e depois todas as minhas pastas viraram proteção de tela alem de eu não conseguir abrir não conseguir abrir o gerenciador de tarefas,regedit e o cmd

DDS (Ver_10-12-12.02) - NTFSx86 MINIMAL

Run by Lukasss at 2:08:49,78 on qui 16/12/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1535.1263 [GMT -2:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\WINDOWS\Explorer.EXE

C:\Documents and Settings\Lukasss\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.br/

uSearch Page = hxxp://search.localstrike.com.ar/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = local;*.local

uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=%s

uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\arquivos de programas\ask.com\GenericAskToolbar.dll

uURLSearchHooks: DefaultSearchHook Class: {c94e154b-1459-4a47-966b-4b843befc7db} - c:\arquivos de programas\asksearch\bin\DefaultSearch.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\dados de aplicativos\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: CocoonSoftware Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\arquivos de programas\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} -

TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\arquivos de programas\daemon tools toolbar\DTToolbar.dll

TB: CocoonSoftware Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\arquivos de programas\ask.com\GenericAskToolbar.dll

uRun: [AlcoholAutomount] "c:\arquivos de programas\alcohol soft\alcohol 120\axcmd.exe" /automount

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Dyyno Launcher] "c:\documents and settings\lukasss\configurações locais\dados de aplicativos\dyyno viewer\dyyno_launcher.exe" 30100 30101 30102 30103 30104

uRun: [AdobeBridge]

uRun: [<NO NAME>] C:\Project1.exe

mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

mRun: [RemoteControl] "c:\arquivos de programas\cyberlink dvd solution\powerdvd\PDVDServ.exe"

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [LGODDFU] "c:\arquivos de programas\lg_fwupdate\fwupdate.exe"

mRun: [iTunesHelper] "c:\arquivos de programas\itunes\iTunesHelper.exe"

mRun: [inCD] c:\arquivos de programas\ahead\incd\InCD.exe

mRun: [bigDogPath] c:\windows\VM_STI.EXE NoteCam Pro 300

mRun: [AdobeCS4ServiceManager] "c:\arquivos de programas\arquivos comuns\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin

mRun: [sunJavaUpdateSched] "c:\arquivos de programas\arquivos comuns\java\java update\jusched.exe"

mRun: [unlockerAssistant] "c:\arquivos de programas\unlocker\UnlockerAssistant.exe"

mRun: [Adobe Reader Speed Launcher] "c:\arquivos de programas\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\arquivos de programas\arquivos comuns\adobe\arm\1.0\AdobeARM.exe"

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] c:\arquivos de programas\nvidia corporation\nview\nwiz.exe /installquiet

mRun: [QuickTime Task] "c:\arquivos de programas\quicktime\qttask.exe" -atboottime

mRun: [c:\docume~1\lukasss\config~1\temp\ev~nen^e.exe] c:\docume~1\lukasss\config~1\temp\Ev~NeN^e.eXe

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\lukasss\menuin~1\progra~1\inicia~1\_unins~1.lnk - c:\documents and settings\lukasss\configurações locais\temp\_uninst_setup_9.0.0.722_24.02.2010_14_08.exe.bat

uPolicies-explorer: NoInstrumentation = 1 (0x1)

IE: Baixar com o Free Download Manager - file://c:\arquivos de programas\free download manager\dllink.htm

IE: Baixar tudo com o Free Download Manager - file://c:\arquivos de programas\free download manager\dlall.htm

IE: Baixar vídeo com o Free Download Manager - file://c:\arquivos de programas\free download manager\dlfvideo.htm

IE: Download selecionado pelo Free Download Manager - file://c:\arquivos de programas\free download manager\dlselected.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~4\office12\EXCEL.EXE/3000

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\arquiv~1\micros~4\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~4\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\arquiv~1\arquiv~1\skype\SKYPE4~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\lukasss\dadosd~1\mozilla\firefox\profiles\aa7pwpkw.default\

FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=CCS&o=15777&locale=pt_BR&apn_uid=5581EB76-61C0-40CA-9A95-742478B7904E&apn_ptnrs=HO&apn_sauid=C0B83FB6-96E7-46E0-AB6B-E3E3210354D3&apn_dtid=YYYYYYYYBR&q=

FF - prefs.js: network.proxy.http - localhost

FF - prefs.js: network.proxy.http_port - 9666

FF - prefs.js: network.proxy.socks - localhost

FF - prefs.js: network.proxy.socks_port - 9050

FF - prefs.js: network.proxy.ssl - localhost

FF - prefs.js: network.proxy.ssl_port - 9666

FF - prefs.js: network.proxy.type - 0

FF - component: c:\arquivos de programas\free download manager\firefox\extension\components\vmsfdmff.dll

FF - component: c:\documents and settings\all users\dados de aplicativos\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll

FF - component: c:\documents and settings\all users\dados de aplicativos\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll

FF - component: c:\documents and settings\lukasss\dados de aplicativos\mozilla\firefox\profiles\aa7pwpkw.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll

FF - plugin: c:\arquivos de programas\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\arquivos de programas\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\arquivos de programas\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\arquivos de programas\mozilla firefox\plugins\npkanevapatch.dll

FF - plugin: c:\arquivos de programas\opera\program\plugins\nppdf32.dll

FF - plugin: c:\arquivos de programas\pando networks\media booster\npPandoWebPlugin.dll

FF - plugin: c:\documents and settings\lukasss\dados de aplicativos\mozilla\firefox\profiles\aa7pwpkw.default\extensions\csweblauncher@cyberstep.com\plugins\npCsWebLauncher.dll

FF - plugin: c:\program files\real\realplayer\netscape6\nppl3260.dll

FF - plugin: c:\program files\real\realplayer\netscape6\nprjplug.dll

FF - plugin: c:\program files\real\realplayer\netscape6\nprpjplug.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\arquivos de programas\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ff

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\dados de aplicativos\real\realplayer\browserrecordplugin\firefox\Ext

FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

FF - Ext: Fast Video Download (with SearchMenu): {c50ca3c4-5656-43c2-a061-13e717f73fc8} - %profile%\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}

FF - Ext: Open IT Online: extension@openitonline.com - %profile%\extensions\extension@openitonline.com

FF - Ext: CS Web Launcher: CSWebLauncher@cyberstep.com - %profile%\extensions\CSWebLauncher@cyberstep.com

FF - Ext: UltraSurf Firefox Tool: {5B52016C-D097-4aec-BE61-9F129D8FDDBA} - %profile%\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}

FF - Ext: CocoonSoftware Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com

FF - Ext: Winamp Toolbar: {0b38152b-1b20-484d-a11f-5e04a9b0661f} - %profile%\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}

============= SERVICES / DRIVERS ===============

S2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336]

S2 gupdate1c9f14d4866eb10;Google Update Service (gupdate1c9f14d4866eb10);c:\arquivos de programas\google\update\GoogleUpdate.exe [2010-10-22 136176]

S2 huzdkxhp;Image Shell;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]

S2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\arquivos de programas\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-3-12 86016]

S2 StarWindServiceAE;StarWind AE Service;c:\arquivos de programas\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]

S2 vaxucebah;Image Microsoft;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]

S3 bjzouxw;bjzouxw;\??\c:\windows\system32\05.tmp --> c:\windows\system32\05.tmp [?]

S3 idisg;idisg;\??\c:\windows\system32\010.tmp --> c:\windows\system32\010.tmp [?]

S3 IlvMoneyDRIVER53;IlvMoneyDRIVER53;\??\c:\documents and settings\lucas\desktop\moonlight engine 1365.4.0.34 (chuck norris)\moonlight engine 1365.4.0.34 (chuck norris)\mle1365.sys --> c:\documents and settings\lucas\desktop\moonlight engine 1365.4.0.34 (chuck norris)\moonlight engine 1365.4.0.34 (chuck norris)\MLE1365.sys [?]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 PPJoyBus;Parallel Port Joystick Bus Enumerator;c:\windows\system32\drivers\PPJoyBus.sys [2009-11-4 15936]

S3 PPortJoystick;Parallel Port Joystick Device Driver;c:\windows\system32\drivers\PPortJoy.sys [2009-11-4 31808]

S3 WallHack-sXe80;WallHack-sXe80;\??\c:\documents and settings\lukasss\desktop\counter strike\sxewallhack80 www.tkt-cheats.net\wallhack-sxe80.sys --> c:\documents and settings\lukasss\desktop\counter strike\sxewallhack80 www.tkt-cheats.net\WallHack-sXe80.sys [?]

S3 WallHack;WallHack;\??\c:\documents and settings\lukasss\desktop\counter strike\wallhacksxev8.0\wallhack.sys --> c:\documents and settings\lukasss\desktop\counter strike\wallhacksxev8.0\WallHack.sys [?]

S3 XDva279;XDva279;\??\c:\windows\system32\xdva279.sys --> c:\windows\system32\XDva279.sys [?]

S3 XDva281;XDva281;\??\c:\windows\system32\xdva281.sys --> c:\windows\system32\XDva281.sys [?]

S3 XDva297;XDva297;\??\c:\windows\system32\xdva297.sys --> c:\windows\system32\XDva297.sys [?]

S3 XDva327;XDva327;\??\c:\windows\system32\xdva327.sys --> c:\windows\system32\XDva327.sys [?]

S3 XDva343;XDva343;\??\c:\windows\system32\xdva343.sys --> c:\windows\system32\XDva343.sys [?]

S3 XDva347;XDva347;\??\c:\windows\system32\xdva347.sys --> c:\windows\system32\XDva347.sys [?]

S3 XDva352;XDva352;\??\c:\windows\system32\xdva352.sys --> c:\windows\system32\XDva352.sys [?]

S3 XDva354;XDva354;\??\c:\windows\system32\xdva354.sys --> c:\windows\system32\XDva354.sys [?]

S3 XDva356;XDva356;\??\c:\windows\system32\xdva356.sys --> c:\windows\system32\XDva356.sys [?]

S3 XDva358;XDva358;\??\c:\windows\system32\xdva358.sys --> c:\windows\system32\XDva358.sys [?]

S3 XDva359;XDva359;\??\c:\windows\system32\xdva359.sys --> c:\windows\system32\XDva359.sys [?]

S3 XDva370;XDva370;\??\c:\windows\system32\xdva370.sys --> c:\windows\system32\XDva370.sys [?]

S3 ZIDDRVR;ZIDDRVR;\??\c:\documents and settings\lucas\desktop\ryu engine\zid32.sys --> c:\documents and settings\lucas\desktop\ryu engine\zid32.sys [?]

=============== Created Last 30 ================

2010-12-16 01:24:20 -------- d-----w- c:\arquivos de programas\CCleaner

2010-12-15 23:20:40 212480 ----a-w- c:\windows\LastGood .scr

2010-12-15 23:20:40 212480 ----a-w- c:\windows\ERDNT .scr

2010-12-15 23:20:40 212480 ----a-w- c:\windows\CSC .scr

2010-12-15 22:58:21 98816 ----a-w- c:\windows\sed.exe

2010-12-15 22:58:21 89088 ----a-w- c:\windows\MBR.exe

2010-12-15 22:58:21 256512 ----a-w- c:\windows\PEV.exe

2010-12-15 22:58:21 161792 ----a-w- c:\windows\SWREG.exe

2010-12-15 22:58:05 -------- d-s---w- C:\ComboFix

2010-12-15 04:43:13 94208 ---h--w- c:\windows\svchost.exe

2010-12-15 03:54:17 -------- d-----w- C:\PenClean

2010-12-15 00:53:21 -------- d-----w- c:\docume~1\alluse~1\dadosd~1\Spybot - Search & Destroy

2010-12-15 00:53:21 -------- d-----w- c:\arquivos de programas\Spybot - Search & Destroy

2010-12-15 00:22:55 -------- d-sh--r- C:\Win

2010-12-12 15:40:52 -------- d-----w- c:\arquivos de programas\gPotato.br

2010-12-11 17:55:00 -------- d-----w- c:\docume~1\lukasss\dadosd~1\Disney Interactive Studios

2010-12-11 17:48:25 107888 ----a-w- c:\windows\system32\CmdLineExt.dll

2010-12-11 04:50:41 -------- d-----w- C:\OnGame

2010-12-10 15:14:59 -------- d-----w- c:\docume~1\lukasss\dadosd~1\ClubCooee

2010-12-10 15:14:46 -------- d-----w- c:\docume~1\lukasss\config~1\dadosd~1\ClubCooee

2010-12-08 14:56:38 -------- d-----w- c:\docume~1\alluse~1\dadosd~1\Avira

2010-12-08 04:28:23 888424 ----a-w- c:\windows\system32\nvdispco32.dll

2010-12-08 04:28:23 813672 ----a-w- c:\windows\system32\nvgenco32.dll

2010-12-08 03:55:46 -------- d-----w- c:\docume~1\alluse~1\dadosd~1\IObit

2010-12-08 00:48:29 11776 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\nprjplug.dll

2010-12-08 00:48:14 -------- d-----w- c:\arquivos de programas\arquivos comuns\xing shared

2010-12-08 00:48:04 151776 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\nppl3260.dll

2010-12-08 00:47:57 100352 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\nprpjplug.dll

2010-12-07 03:41:14 241120 ----a-w- c:\windows\system32\nvdrsdb0.bin

2010-12-07 03:41:10 241120 ----a-w- c:\windows\system32\nvdrsdb1.bin

2010-12-07 03:41:10 1 ----a-w- c:\windows\system32\nvdrssel.bin

2010-12-07 03:40:13 61440 ----a-w- c:\windows\system32\OpenCL.dll

2010-12-07 03:40:09 13012992 ----a-w- c:\windows\system32\nvcompiler.dll

2010-12-07 03:22:19 -------- d-----w- c:\docume~1\lukasss\dadosd~1\IObit

2010-12-07 03:22:19 -------- d-----w- c:\arquivos de programas\IObit

2010-12-02 17:25:23 -------- d-----w- c:\docume~1\lukasss\dadosd~1\Need for Speed World

2010-12-02 13:41:41 -------- d-----w- c:\docume~1\lukasss\config~1\dadosd~1\Electronic_Arts_Inc

2010-12-02 13:40:43 -------- d-----w- c:\docume~1\alluse~1\dadosd~1\Electronic Arts

2010-11-29 22:15:46 -------- d-----w- c:\arquivos de programas\arquivos comuns\Autodesk Shared

2010-11-29 21:27:56 443752 ----a-w- c:\windows\system32\d3dx10_34.dll

2010-11-29 21:27:43 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll

2010-11-29 19:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-11-29 19:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-11-26 01:18:02 -------- d-----w- c:\arquivos de programas\arquivos comuns\Adobe AIR

2010-11-25 14:02:34 514048 ----a-w- c:\windows\P.Cheat$Injector.exe

2010-11-25 14:02:34 1033728 ----a-w- c:\windows\MachineCore.dll

2010-11-23 15:24:40 -------- d-----w- c:\docume~1\lukasss\config~1\dadosd~1\AskToolbar

2010-11-23 02:59:53 -------- d-----w- c:\arquivos de programas\Ask.com

2010-11-23 02:59:22 -------- d-----w- c:\docume~1\lukasss\dadosd~1\CocoonSoftware

2010-11-23 02:58:59 -------- d-----w- c:\docume~1\lukasss\config~1\dadosd~1\WDSetup

2010-11-23 00:51:53 -------- d-----w- c:\arquivos de programas\eRightSoft

2010-11-23 00:35:12 -------- d-----w- c:\docume~1\lukasss\config~1\dadosd~1\Tipard Studio

2010-11-23 00:34:50 -------- d-----w- c:\docume~1\alluse~1\dadosd~1\Tipard DVD to DPG Converter

2010-11-22 14:31:32 -------- d-----w- c:\arquivos de programas\Asprate

2010-11-21 00:00:35 54488 ----a-w- c:\windows\UninstCool.exe

2010-11-20 23:59:58 -------- d-----w- c:\arquivos de programas\The KMPlayer

2010-11-19 18:22:20 -------- d-----w- c:\arquivos de programas\BatchDPG

2010-11-18 14:10:12 -------- d-----w- c:\arquivos de programas\QuipTabela4.01

==================== Find3M ====================

2010-12-08 00:47:50 499712 ----a-w- c:\windows\system32\msvcp71.dll

2010-12-08 00:47:50 348160 ----a-w- c:\windows\system32\msvcr71.dll

2010-10-16 18:55:00 6359552 ----a-w- c:\windows\system32\nv4_disp.dll

2010-10-16 18:55:00 4882432 ----a-w- c:\windows\system32\nvcuda.dll

2010-10-16 18:55:00 2932840 ----a-w- c:\windows\system32\nvcuvid.dll

2010-10-16 18:55:00 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll

2010-10-16 18:55:00 2293194 ----a-w- c:\windows\system32\nvdata.bin

2010-10-16 18:55:00 1462272 ----a-w- c:\windows\system32\nvapi.dll

2010-10-16 18:55:00 14532608 ----a-w- c:\windows\system32\nvoglnt.dll

2010-10-16 14:04:22 81920 ----a-w- c:\windows\system32\nvwddi.dll

2010-10-16 14:04:16 277608 ----a-w- c:\windows\system32\nvmccs.dll

2010-10-16 14:04:16 13851752 ----a-w- c:\windows\system32\nvcpl.dll

2010-10-16 14:04:16 110696 ----a-w- c:\windows\system32\nvmctray.dll

2010-10-16 14:04:14 156776 ----a-w- c:\windows\system32\nvsvc32.exe

2010-10-16 14:04:14 145000 ----a-w- c:\windows\system32\nvcolor.exe

2010-09-28 17:53:31 4096 ----a-w- c:\windows\system32\03.tmp

2005-04-01 01:17:42 40960 -c--a-w- c:\arquivos de programas\Uninstall_CDS.exe

2006-05-03 10:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll

2007-02-21 11:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll

2008-03-16 13:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll

============= FINISH: 2:10:24,50 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 16/6/2009 23:45:14

System Uptime: 16/12/2010 02:05:37 (0 hours ago)

Motherboard: PCCHIPS | | M963GV

Processor: Intel® Celeron® CPU 2.26GHz | socket 478 | 2266/532mhz

==== Disk Partitions =========================

A: is Removable

C: is FIXED (NTFS) - 75 GiB total, 22,489 GiB free.

D: is CDROM ()

F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: Controlador de comunicação PCI simples

Device ID: PCI\VEN_11C1&DEV_048C&SUBSYS_044C11C1&REV_03\3&267A616A&0&48

Manufacturer:

Name: Controlador de comunicação PCI simples

PNP Device ID: PCI\VEN_11C1&DEV_048C&SUBSYS_044C11C1&REV_03\3&267A616A&0&48

Service:

==== System Restore Points ===================

RP1: 16/12/2010 01:01:36 - Ponto de verificação do sistema

RP2: 16/12/2010 01:22:32 - Kaspersky Internet Security 2010 removido.

RP3: 16/12/2010 01:30:30 - Removed Steam

==== Installed Programs ======================

!P Re-Loader 1.0

7-Zip 4.65

ActivePerl 5.8.8 Build 822

Adobe Acrobat 5.0

Adobe After Effects CS4

Adobe After Effects CS4 Presets

Adobe After Effects CS4 Third Party Content

Adobe AIR

Adobe Anchor Service CS3

Adobe Anchor Service CS4

Adobe Asset Services CS3

Adobe Bridge CS4

Adobe Bridge Start Meeting

Adobe CMaps CS4

Adobe Color - Photoshop Specific

Adobe Color EU Extra Settings

Adobe Color JA Extra Settings

Adobe Color NA Recommended Settings

Adobe Color Video Profiles AE CS4

Adobe Common File Installer

Adobe CSI CS4

Adobe Default Language CS4

Adobe Device Central CS3

Adobe Device Central CS4

Adobe Dreamweaver CS4

Adobe Dynamiclink Support

Adobe ExtendScript Toolkit 2

Adobe ExtendScript Toolkit CS4

Adobe Extension Manager CS4

Adobe Fireworks CS4

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Fonts All

Adobe Help Center 1.0

Adobe Help Viewer CS3

Adobe Linguistics CS3

Adobe Media Encoder CS4

Adobe Media Encoder CS4 Additional Exporter

Adobe Media Player

Adobe MotionPicture Color Files CS4

Adobe Output Module

Adobe PDF Library Files CS4

Adobe Photoshop CS4

Adobe Reader 9.4.1 - Português

Adobe Search for Help

Adobe Service Manager Extension

Adobe Setup

Adobe Shockwave Player 11.5

Adobe Type Support CS4

Adobe Update Manager CS3

Adobe Update Manager CS4

Adobe Version Cue CS3 Client

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS3

Adobe XMP Panels CS4

AdobeColorCommonSetRGB

AIKA

Akamai NetSession Interface

AMP WinOFF

Apple Application Support

Apple Software Update

Ask Toolbar

Assistente de Conexão do Windows Live

µTorrent

Atualização de Segurança para o Windows Media Player (KB968816)

Atualização de Segurança para Windows XP (KB921883)

Atualização de Segurança para Windows XP (KB938464-v2)

Atualização de Segurança para Windows XP (KB951066)

Atualização de Segurança para Windows XP (KB954600)

Atualização de Segurança para Windows XP (KB958687)

Atualização de Segurança para Windows XP (KB961371-v2)

Atualização de Segurança para Windows XP (KB969947)

Atualização de Segurança para Windows XP (KB971557)

Atualização de Segurança para Windows XP (KB971633)

Atualização de Segurança para Windows XP (KB973354)

Atualização de Segurança para Windows XP (KB977165-v2)

Atualização de Segurança para Windows XP (KB978251)

Atualização de Segurança para Windows XP (KB978262)

Atualização para Windows XP (KB898461)

Autodesk 3ds Max 2010 32-bit

Autodesk Backburner 2008.1

Autodesk FBX Plugin 2009.4 - 3ds Max 2010

Bonjour

BS.Player FREE

BS_Player Toolbar

C-Media 3D Audio

C-Media WDM Audio Driver

Claro

Club Cooee

Combat Arms

Connect

Counter-Strike CP

DAEMON Tools Toolbar

Discador Oi

DVD Solution

Dyyno Viewer

eMule

Expstudio Audio Editor FREE

Ferramenta de Carregamento do Windows Live

FileZilla Client 3.2.8.1

FolderIllustrator v0.3

Free Download Manager 3.0

Game Booster

Google Earth

Google Update Helper

Grand Chase Season 2

Hex Workshop v6

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB954550-v5)

Hotfix para Windows XP (KB979306)

InCD

iTunes

Java Auto Updater

Java 6 Update 22

kuler

LG ODD Auto Firmware Update

LS-USBMX 1/2/3 Steering Wheel W/Vibration

Maxis\The Sims 8 in 1

Megacubo 7.3.7

Microsoft .NET Framework 1.1

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft National Language Support Downlevel APIs

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (Portuguese (Brazil)) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (Portuguese (Brazil)) 2007

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

Microsoft Office Word MUI (Portuguese (Brazil)) 2007

Microsoft Software Update for Web Folders (Portuguese (Brazil)) 12

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Mozilla Firefox (3.6.12)

MSVCRT

MSXML 6.0 Parser (KB933579)

Multimedia Launcher

Need For Speed™ World

NitroPC

NVIDIA Driver de gráficos 260.99

NVIDIA Install Application

NVIDIA nView 135.36

NVIDIA nView Desktop Manager

On-line Help Console

OpenAL

Opera 10.10

Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0

Oxelon Media Converter 1.1

Painel de controle da NVIDIA 260.99

Pando Media Booster

PC Wizard 2008.1.871

PDF Settings

Photoshop Camera Raw

Pixel Bender Toolkit

PowerDVD

PowerProducer

Pro Evolution Soccer 2009

Pure

QMC

QuickTime

QuipTabela 4.01

Quivi 1.2.0

Rappelz

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

RealUpgrade 1.1

S4 League_EU

San Andreas Mod Installer

SeePassword

Segoe UI

SiS 900 PCI Fast Ethernet Adapter Driver

SiSAGP driver

Skype™ 4.1

Stykz 1.0 for Windows (RC 3)

Suite Shared Configuration CS4

SUPER © Version 2010.bld.42 (Nov 7, 2010)

System Requirements Lab

TeamSpeak 2 RC2

The KMPlayer (remove only)

TikaraRO Patch 1.9

Virtual DJ - Atomix Productions

WebFldrs XP

Whorld

Win AVI HelixSDK

Winamp

Winamp Remote

Windows Imaging Component

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Messenger

Windows Media Format Runtime

WinRAR archiver

XP Codec Pack

Zune Desktop Theme

==== End Of File ===========================

Ps:O Gmer travava até mesmo no modo seguro então não consegui pegar o log.

Editado por lukasss13
ajeitar as informações de modo que possa compreender melhor a situação

Compartilhar este post


Link para o post
Compartilhar em outros sites

Instale um antivírus antes de iniciarmos os procedimentos.

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Instalei o avira e ele fez um scan automatico no pc foram poucas 10 horas... ou mais x_X e no fim as pastas não sao mais proteção de tela porém ainda estão desaparecidas elas ainda estão no pc mais nao estão aparecendo

    ps:gerenciador de tarefas,regedit e cmd estão funcionando

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • DDS (Ver_10-12-12.02) - NTFSx86

    Run by Lukasss at 11:49:20,64 on seg 20/12/2010

    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23

    Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1535.1024 [GMT -2:00]

    AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

    ============== Running Processes ===============

    C:\WINDOWS\system32\nvsvc32.exe

    C:\WINDOWS\system32\svchost -k DcomLaunch

    svchost.exe

    C:\WINDOWS\System32\svchost.exe -k netsvcs

    C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

    svchost.exe

    svchost.exe

    C:\WINDOWS\System32\svchost.exe -k netsvcs

    C:\WINDOWS\system32\spoolsv.exe

    C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\System32\svchost.exe -k Akamai

    C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

    C:\Arquivos de programas\Bonjour\mDNSResponder.exe

    C:\Arquivos de programas\Java\jre6\bin\jqs.exe

    C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe

    C:\Arquivos de programas\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe

    C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

    C:\Arquivos de programas\lg_fwupdate\fwupdate.exe

    C:\Arquivos de programas\iTunes\iTunesHelper.exe

    C:\Arquivos de programas\Ahead\InCD\InCD.exe

    C:\WINDOWS\VM_STI.EXE

    C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

    C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

    C:\WINDOWS\system32\svchost.exe -k imgsvc

    C:\program files\real\realplayer\update\realsched.exe

    C:\WINDOWS\system32\RUNDLL32.EXE

    C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Documents and Settings\Lukasss\Configurações locais\Dados de aplicativos\Dyyno Viewer\dyyno_launcher.exe

    C:\WINDOWS\system32\wscntfy.exe

    C:\Arquivos de programas\iPod\bin\iPodService.exe

    C:\WINDOWS\system32\wbem\wmiapsrv.exe

    C:\Arquivos de programas\Internet Explorer\iexplore.exe

    C:\Arquivos de programas\Internet Explorer\iexplore.exe

    C:\Documents and Settings\Lukasss\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com.br/

    uSearch Page = hxxp://search.localstrike.com.ar/

    uInternet Connection Wizard,ShellNext = iexplore

    uInternet Settings,ProxyOverride = local;*.local

    uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=%s

    uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\arquivos de programas\ask.com\GenericAskToolbar.dll

    uURLSearchHooks: DefaultSearchHook Class: {c94e154b-1459-4a47-966b-4b843befc7db} - c:\arquivos de programas\asksearch\bin\DefaultSearch.dll

    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelperShim.dll

    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\dados de aplicativos\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

    BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

    BHO: CocoonSoftware Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\arquivos de programas\ask.com\GenericAskToolbar.dll

    BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll

    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

    TB: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} -

    TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\arquivos de programas\daemon tools toolbar\DTToolbar.dll

    TB: CocoonSoftware Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\arquivos de programas\ask.com\GenericAskToolbar.dll

    uRun: [AlcoholAutomount] "c:\arquivos de programas\alcohol soft\alcohol 120\axcmd.exe" /automount

    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

    uRun: [Dyyno Launcher] "c:\documents and settings\lukasss\configurações locais\dados de aplicativos\dyyno viewer\dyyno_launcher.exe" 30100 30101 30102 30103 30104

    uRun: [AdobeBridge]

    uRun: [<NO NAME>] C:\Project1.exe

    mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

    mRun: [RemoteControl] "c:\arquivos de programas\cyberlink dvd solution\powerdvd\PDVDServ.exe"

    mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

    mRun: [LGODDFU] "c:\arquivos de programas\lg_fwupdate\fwupdate.exe"

    mRun: [iTunesHelper] "c:\arquivos de programas\itunes\iTunesHelper.exe"

    mRun: [inCD] c:\arquivos de programas\ahead\incd\InCD.exe

    mRun: [bigDogPath] c:\windows\VM_STI.EXE NoteCam Pro 300

    mRun: [AdobeCS4ServiceManager] "c:\arquivos de programas\arquivos comuns\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin

    mRun: [sunJavaUpdateSched] "c:\arquivos de programas\arquivos comuns\java\java update\jusched.exe"

    mRun: [unlockerAssistant] "c:\arquivos de programas\unlocker\UnlockerAssistant.exe"

    mRun: [Adobe Reader Speed Launcher] "c:\arquivos de programas\adobe\reader 9.0\reader\Reader_sl.exe"

    mRun: [Adobe ARM] "c:\arquivos de programas\arquivos comuns\adobe\arm\1.0\AdobeARM.exe"

    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

    mRun: [nwiz] c:\arquivos de programas\nvidia corporation\nview\nwiz.exe /installquiet

    mRun: [QuickTime Task] "c:\arquivos de programas\quicktime\qttask.exe" -atboottime

    mRun: [avgnt] "c:\arquivos de programas\avira\antivir desktop\avgnt.exe" /min

    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

    uPolicies-explorer: NoInstrumentation = 1 (0x1)

    IE: Baixar com o Free Download Manager - file://c:\arquivos de programas\free download manager\dllink.htm

    IE: Baixar tudo com o Free Download Manager - file://c:\arquivos de programas\free download manager\dlall.htm

    IE: Baixar vídeo com o Free Download Manager - file://c:\arquivos de programas\free download manager\dlfvideo.htm

    IE: Download selecionado pelo Free Download Manager - file://c:\arquivos de programas\free download manager\dlselected.htm

    IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~4\office12\EXCEL.EXE/3000

    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\arquiv~1\micros~4\office12\ONBttnIE.dll

    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~4\office12\REFIEBAR.DLL

    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\arquiv~1\arquiv~1\skype\SKYPE4~1.DLL

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\lukasss\dadosd~1\mozilla\firefox\profiles\aa7pwpkw.default\

    FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=

    FF - prefs.js: browser.search.selectedEngine - Ask.com

    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

    FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=CCS&o=15777&locale=pt_BR&apn_uid=5581EB76-61C0-40CA-9A95-742478B7904E&apn_ptnrs=HO&apn_sauid=C0B83FB6-96E7-46E0-AB6B-E3E3210354D3&apn_dtid=YYYYYYYYBR&q=

    FF - prefs.js: network.proxy.http - localhost

    FF - prefs.js: network.proxy.http_port - 9666

    FF - prefs.js: network.proxy.socks - localhost

    FF - prefs.js: network.proxy.socks_port - 9050

    FF - prefs.js: network.proxy.ssl - localhost

    FF - prefs.js: network.proxy.ssl_port - 9666

    FF - prefs.js: network.proxy.type - 0

    FF - component: c:\arquivos de programas\free download manager\firefox\extension\components\vmsfdmff.dll

    FF - component: c:\documents and settings\all users\dados de aplicativos\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll

    FF - component: c:\documents and settings\all users\dados de aplicativos\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll

    FF - component: c:\documents and settings\lukasss\dados de aplicativos\mozilla\firefox\profiles\aa7pwpkw.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll

    FF - plugin: c:\arquivos de programas\google\google earth\plugin\npgeplugin.dll

    FF - plugin: c:\arquivos de programas\google\update\1.2.183.39\npGoogleOneClick8.dll

    FF - plugin: c:\arquivos de programas\java\jre6\bin\new_plugin\npdeployJava1.dll

    FF - plugin: c:\arquivos de programas\mozilla firefox\plugins\npkanevapatch.dll

    FF - plugin: c:\arquivos de programas\opera\program\plugins\nppdf32.dll

    FF - plugin: c:\arquivos de programas\pando networks\media booster\npPandoWebPlugin.dll

    FF - plugin: c:\documents and settings\lukasss\dados de aplicativos\mozilla\firefox\profiles\aa7pwpkw.default\extensions\csweblauncher@cyberstep.com\plugins\npCsWebLauncher.dll

    FF - plugin: c:\program files\real\realplayer\netscape6\nppl3260.dll

    FF - plugin: c:\program files\real\realplayer\netscape6\nprjplug.dll

    FF - plugin: c:\program files\real\realplayer\netscape6\nprpjplug.dll

    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\arquivos de programas\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

    FF - Ext: Java Quick Starter: jqs@sun.com - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ff

    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\dados de aplicativos\real\realplayer\browserrecordplugin\firefox\Ext

    FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

    FF - Ext: Fast Video Download (with SearchMenu): {c50ca3c4-5656-43c2-a061-13e717f73fc8} - %profile%\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}

    FF - Ext: Open IT Online: extension@openitonline.com - %profile%\extensions\extension@openitonline.com

    FF - Ext: CS Web Launcher: CSWebLauncher@cyberstep.com - %profile%\extensions\CSWebLauncher@cyberstep.com

    FF - Ext: UltraSurf Firefox Tool: {5B52016C-D097-4aec-BE61-9F129D8FDDBA} - %profile%\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}

    FF - Ext: CocoonSoftware Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com

    FF - Ext: Winamp Toolbar: {0b38152b-1b20-484d-a11f-5e04a9b0661f} - %profile%\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}

    ============= SERVICES / DRIVERS ===============

    R1 avgio;avgio;c:\arquivos de programas\avira\antivir desktop\avgio.sys [2010-12-18 11608]

    R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336]

    R2 AntiVirSchedulerService;Avira AntiVir Agendamento;c:\arquivos de programas\avira\antivir desktop\sched.exe [2010-12-18 135336]

    R2 AntiVirService;Avira AntiVir Guard;c:\arquivos de programas\avira\antivir desktop\avguard.exe [2010-12-18 267944]

    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-12-18 60936]

    R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\arquivos de programas\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-3-12 86016]

    R2 StarWindServiceAE;StarWind AE Service;c:\arquivos de programas\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]

    S2 gupdate1c9f14d4866eb10;Google Update Service (gupdate1c9f14d4866eb10);c:\arquivos de programas\google\update\GoogleUpdate.exe [2010-10-22 136176]

    S2 huzdkxhp;Image Shell;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]

    S2 vaxucebah;Image Microsoft;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]

    S3 idisg;idisg;\??\c:\windows\system32\010.tmp --> c:\windows\system32\010.tmp [?]

    S3 IlvMoneyDRIVER53;IlvMoneyDRIVER53;\??\c:\documents and settings\lucas\desktop\moonlight engine 1365.4.0.34 (chuck norris)\moonlight engine 1365.4.0.34 (chuck norris)\mle1365.sys --> c:\documents and settings\lucas\desktop\moonlight engine 1365.4.0.34 (chuck norris)\moonlight engine 1365.4.0.34 (chuck norris)\MLE1365.sys [?]

    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

    S3 PPJoyBus;Parallel Port Joystick Bus Enumerator;c:\windows\system32\drivers\PPJoyBus.sys [2009-11-4 15936]

    S3 PPortJoystick;Parallel Port Joystick Device Driver;c:\windows\system32\drivers\PPortJoy.sys [2009-11-4 31808]

    S3 WallHack-sXe80;WallHack-sXe80;\??\c:\documents and settings\lukasss\desktop\counter strike\sxewallhack80 www.tkt-cheats.net\wallhack-sxe80.sys --> c:\documents and settings\lukasss\desktop\counter strike\sxewallhack80 www.tkt-cheats.net\WallHack-sXe80.sys [?]

    S3 WallHack;WallHack;\??\c:\documents and settings\lukasss\desktop\counter strike\wallhacksxev8.0\wallhack.sys --> c:\documents and settings\lukasss\desktop\counter strike\wallhacksxev8.0\WallHack.sys [?]

    S3 XDva279;XDva279;\??\c:\windows\system32\xdva279.sys --> c:\windows\system32\XDva279.sys [?]

    S3 XDva281;XDva281;\??\c:\windows\system32\xdva281.sys --> c:\windows\system32\XDva281.sys [?]

    S3 XDva297;XDva297;\??\c:\windows\system32\xdva297.sys --> c:\windows\system32\XDva297.sys [?]

    S3 XDva327;XDva327;\??\c:\windows\system32\xdva327.sys --> c:\windows\system32\XDva327.sys [?]

    S3 XDva343;XDva343;\??\c:\windows\system32\xdva343.sys --> c:\windows\system32\XDva343.sys [?]

    S3 XDva347;XDva347;\??\c:\windows\system32\xdva347.sys --> c:\windows\system32\XDva347.sys [?]

    S3 XDva352;XDva352;\??\c:\windows\system32\xdva352.sys --> c:\windows\system32\XDva352.sys [?]

    S3 XDva354;XDva354;\??\c:\windows\system32\xdva354.sys --> c:\windows\system32\XDva354.sys [?]

    S3 XDva356;XDva356;\??\c:\windows\system32\xdva356.sys --> c:\windows\system32\XDva356.sys [?]

    S3 XDva358;XDva358;\??\c:\windows\system32\xdva358.sys --> c:\windows\system32\XDva358.sys [?]

    S3 XDva359;XDva359;\??\c:\windows\system32\xdva359.sys --> c:\windows\system32\XDva359.sys [?]

    S3 XDva370;XDva370;\??\c:\windows\system32\xdva370.sys --> c:\windows\system32\XDva370.sys [?]

    S3 XDva375;XDva375;\??\c:\windows\system32\xdva375.sys --> c:\windows\system32\XDva375.sys [?]

    S3 ZIDDRVR;ZIDDRVR;\??\c:\documents and settings\lucas\desktop\ryu engine\zid32.sys --> c:\documents and settings\lucas\desktop\ryu engine\zid32.sys [?]

    =============== Created Last 30 ================

    2010-12-18 17:51:55 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys

    2010-12-18 17:51:53 -------- d-----w- c:\arquivos de programas\Avira

    2010-12-18 16:27:02 -------- d-----w- c:\docume~1\alluse~1\dadosd~1\MFAData

    2010-12-16 01:24:20 -------- d-----w- c:\arquivos de programas\CCleaner

    2010-12-15 22:58:21 98816 ----a-w- c:\windows\sed.exe

    2010-12-15 22:58:21 89088 ----a-w- c:\windows\MBR.exe

    2010-12-15 22:58:21 256512 ----a-w- c:\windows\PEV.exe

    2010-12-15 22:58:21 161792 ----a-w- c:\windows\SWREG.exe

    2010-12-15 22:58:05 -------- d-s---w- C:\ComboFix

    2010-12-15 03:54:17 -------- d-----w- C:\PenClean

    2010-12-15 00:53:21 -------- d-----w- c:\docume~1\alluse~1\dadosd~1\Spybot - Search & Destroy

    2010-12-15 00:53:21 -------- d-----w- c:\arquivos de programas\Spybot - Search & Destroy

    2010-12-15 00:22:55 -------- d-sh--r- C:\Win

    2010-12-12 15:40:52 -------- d-----w- c:\arquivos de programas\gPotato.br

    2010-12-11 17:55:00 -------- d-----w- c:\docume~1\lukasss\dadosd~1\Disney Interactive Studios

    2010-12-11 17:48:25 107888 ----a-w- c:\windows\system32\CmdLineExt.dll

    2010-12-11 04:50:41 -------- d-----w- C:\OnGame

    2010-12-10 15:14:59 -------- d-----w- c:\docume~1\lukasss\dadosd~1\ClubCooee

    2010-12-10 15:14:46 -------- d-----w- c:\docume~1\lukasss\config~1\dadosd~1\ClubCooee

    2010-12-08 14:56:38 -------- d-----w- c:\docume~1\alluse~1\dadosd~1\Avira

    2010-12-08 04:28:23 888424 ----a-w- c:\windows\system32\nvdispco32.dll

    2010-12-08 04:28:23 813672 ----a-w- c:\windows\system32\nvgenco32.dll

    2010-12-08 03:55:46 -------- d-----w- c:\docume~1\alluse~1\dadosd~1\IObit

    2010-12-08 00:48:29 11776 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\nprjplug.dll

    2010-12-08 00:48:14 -------- d-----w- c:\arquivos de programas\arquivos comuns\xing shared

    2010-12-08 00:48:04 151776 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\nppl3260.dll

    2010-12-08 00:47:57 100352 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\nprpjplug.dll

    2010-12-07 03:41:14 241120 ----a-w- c:\windows\system32\nvdrsdb0.bin

    2010-12-07 03:41:10 241120 ----a-w- c:\windows\system32\nvdrsdb1.bin

    2010-12-07 03:41:10 1 ----a-w- c:\windows\system32\nvdrssel.bin

    2010-12-07 03:40:13 61440 ----a-w- c:\windows\system32\OpenCL.dll

    2010-12-07 03:40:09 13012992 ----a-w- c:\windows\system32\nvcompiler.dll

    2010-12-07 03:22:19 -------- d-----w- c:\docume~1\lukasss\dadosd~1\IObit

    2010-12-07 03:22:19 -------- d-----w- c:\arquivos de programas\IObit

    2010-12-02 17:25:23 -------- d-----w- c:\docume~1\lukasss\dadosd~1\Need for Speed World

    2010-12-02 13:41:41 -------- d-----w- c:\docume~1\lukasss\config~1\dadosd~1\Electronic_Arts_Inc

    2010-12-02 13:40:43 -------- d-----w- c:\docume~1\alluse~1\dadosd~1\Electronic Arts

    2010-11-29 22:15:46 -------- d-----w- c:\arquivos de programas\arquivos comuns\Autodesk Shared

    2010-11-29 21:27:56 443752 ----a-w- c:\windows\system32\d3dx10_34.dll

    2010-11-29 21:27:43 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll

    2010-11-29 19:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

    2010-11-29 19:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

    2010-11-26 01:18:02 -------- d-----w- c:\arquivos de programas\arquivos comuns\Adobe AIR

    2010-11-25 14:02:34 1033728 ----a-w- c:\windows\MachineCore.dll

    2010-11-23 15:24:40 -------- d-----w- c:\docume~1\lukasss\config~1\dadosd~1\AskToolbar

    2010-11-23 02:59:53 -------- d-----w- c:\arquivos de programas\Ask.com

    2010-11-23 02:59:22 -------- d-----w- c:\docume~1\lukasss\dadosd~1\CocoonSoftware

    2010-11-23 02:58:59 -------- d-----w- c:\docume~1\lukasss\config~1\dadosd~1\WDSetup

    2010-11-23 00:51:53 -------- d-----w- c:\arquivos de programas\eRightSoft

    2010-11-23 00:35:12 -------- d-----w- c:\docume~1\lukasss\config~1\dadosd~1\Tipard Studio

    2010-11-23 00:34:50 -------- d-----w- c:\docume~1\alluse~1\dadosd~1\Tipard DVD to DPG Converter

    2010-11-22 14:31:32 -------- d-----w- c:\arquivos de programas\Asprate

    2010-11-21 00:00:35 54488 ----a-w- c:\windows\UninstCool.exe

    2010-11-20 23:59:58 -------- d-----w- c:\arquivos de programas\The KMPlayer

    ==================== Find3M ====================

    2010-12-08 00:47:50 499712 ----a-w- c:\windows\system32\msvcp71.dll

    2010-12-08 00:47:50 348160 ----a-w- c:\windows\system32\msvcr71.dll

    2010-11-12 20:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll

    2010-11-12 18:34:10 73728 ----a-w- c:\windows\system32\javacpl.cpl

    2010-10-16 18:55:00 6359552 ----a-w- c:\windows\system32\nv4_disp.dll

    2010-10-16 18:55:00 4882432 ----a-w- c:\windows\system32\nvcuda.dll

    2010-10-16 18:55:00 2932840 ----a-w- c:\windows\system32\nvcuvid.dll

    2010-10-16 18:55:00 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll

    2010-10-16 18:55:00 2293194 ----a-w- c:\windows\system32\nvdata.bin

    2010-10-16 18:55:00 1462272 ----a-w- c:\windows\system32\nvapi.dll

    2010-10-16 18:55:00 14532608 ----a-w- c:\windows\system32\nvoglnt.dll

    2010-10-16 14:04:22 81920 ----a-w- c:\windows\system32\nvwddi.dll

    2010-10-16 14:04:16 277608 ----a-w- c:\windows\system32\nvmccs.dll

    2010-10-16 14:04:16 13851752 ----a-w- c:\windows\system32\nvcpl.dll

    2010-10-16 14:04:16 110696 ----a-w- c:\windows\system32\nvmctray.dll

    2010-10-16 14:04:14 156776 ----a-w- c:\windows\system32\nvsvc32.exe

    2010-10-16 14:04:14 145000 ----a-w- c:\windows\system32\nvcolor.exe

    2005-04-01 01:17:42 40960 -c--a-w- c:\arquivos de programas\Uninstall_CDS.exe

    2006-05-03 10:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll

    2007-02-21 11:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll

    2008-03-16 13:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll

    ============= FINISH: 11:51:04,51 ===============

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows XP Professional

    Boot Device: \Device\HarddiskVolume1

    Install Date: 16/6/2009 23:45:14

    System Uptime: 20/12/2010 11:36:00 (0 hours ago)

    Motherboard: PCCHIPS | | M963GV

    Processor: Intel® Celeron® CPU 2.26GHz | socket 478 | 2266/532mhz

    ==== Disk Partitions =========================

    A: is Removable

    C: is FIXED (NTFS) - 75 GiB total, 22,26 GiB free.

    D: is CDROM ()

    F: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

    Description: Controlador de comunicação PCI simples

    Device ID: PCI\VEN_11C1&DEV_048C&SUBSYS_044C11C1&REV_03\3&267A616A&0&48

    Manufacturer:

    Name: Controlador de comunicação PCI simples

    PNP Device ID: PCI\VEN_11C1&DEV_048C&SUBSYS_044C11C1&REV_03\3&267A616A&0&48

    Service:

    ==== System Restore Points ===================

    RP1: 16/12/2010 01:01:36 - Ponto de verificação do sistema

    RP2: 16/12/2010 01:22:32 - Kaspersky Internet Security 2010 removido.

    RP3: 16/12/2010 01:30:30 - Removed Steam

    RP4: 18/12/2010 15:01:33 - Instalado Java 6 Update 23

    ==== Installed Programs ======================

    !P Re-Loader 1.0

    7-Zip 4.65

    ActivePerl 5.8.8 Build 822

    Adobe Acrobat 5.0

    Adobe After Effects CS4

    Adobe After Effects CS4 Presets

    Adobe After Effects CS4 Third Party Content

    Adobe AIR

    Adobe Anchor Service CS3

    Adobe Anchor Service CS4

    Adobe Asset Services CS3

    Adobe Bridge CS4

    Adobe Bridge Start Meeting

    Adobe CMaps CS4

    Adobe Color - Photoshop Specific

    Adobe Color EU Extra Settings

    Adobe Color JA Extra Settings

    Adobe Color NA Recommended Settings

    Adobe Color Video Profiles AE CS4

    Adobe Common File Installer

    Adobe CSI CS4

    Adobe Default Language CS4

    Adobe Device Central CS3

    Adobe Device Central CS4

    Adobe Dreamweaver CS4

    Adobe Dynamiclink Support

    Adobe ExtendScript Toolkit 2

    Adobe ExtendScript Toolkit CS4

    Adobe Extension Manager CS4

    Adobe Fireworks CS4

    Adobe Flash Player 10 ActiveX

    Adobe Flash Player 10 Plugin

    Adobe Fonts All

    Adobe Help Center 1.0

    Adobe Help Viewer CS3

    Adobe Linguistics CS3

    Adobe Media Encoder CS4

    Adobe Media Encoder CS4 Additional Exporter

    Adobe Media Player

    Adobe MotionPicture Color Files CS4

    Adobe Output Module

    Adobe PDF Library Files CS4

    Adobe Photoshop CS4

    Adobe Reader 9.4.1 - Português

    Adobe Search for Help

    Adobe Service Manager Extension

    Adobe Setup

    Adobe Shockwave Player 11.5

    Adobe Type Support CS4

    Adobe Update Manager CS3

    Adobe Update Manager CS4

    Adobe Version Cue CS3 Client

    Adobe WinSoft Linguistics Plugin

    Adobe XMP Panels CS3

    Adobe XMP Panels CS4

    AdobeColorCommonSetRGB

    AIKA

    Akamai NetSession Interface

    AMP WinOFF

    Apple Application Support

    Apple Software Update

    Ask Toolbar

    Assistente de Conexão do Windows Live

    µTorrent

    Atualização de Segurança para o Windows Media Player (KB968816)

    Atualização de Segurança para Windows XP (KB921883)

    Atualização de Segurança para Windows XP (KB938464-v2)

    Atualização de Segurança para Windows XP (KB951066)

    Atualização de Segurança para Windows XP (KB954600)

    Atualização de Segurança para Windows XP (KB958687)

    Atualização de Segurança para Windows XP (KB961371-v2)

    Atualização de Segurança para Windows XP (KB969947)

    Atualização de Segurança para Windows XP (KB971557)

    Atualização de Segurança para Windows XP (KB971633)

    Atualização de Segurança para Windows XP (KB973354)

    Atualização de Segurança para Windows XP (KB977165-v2)

    Atualização de Segurança para Windows XP (KB978251)

    Atualização de Segurança para Windows XP (KB978262)

    Atualização para Windows XP (KB898461)

    Autodesk 3ds Max 2010 32-bit

    Autodesk Backburner 2008.1

    Autodesk FBX Plugin 2009.4 - 3ds Max 2010

    Avira AntiVir Personal - Free Antivirus

    Bonjour

    BS.Player FREE

    BS_Player Toolbar

    C-Media 3D Audio

    C-Media WDM Audio Driver

    Claro

    Club Cooee

    Combat Arms

    Connect

    Counter-Strike CP

    DAEMON Tools Toolbar

    Discador Oi

    DVD Solution

    Dyyno Viewer

    eMule

    Expstudio Audio Editor FREE

    Ferramenta de Carregamento do Windows Live

    FileZilla Client 3.2.8.1

    FolderIllustrator v0.3

    Free Download Manager 3.0

    Game Booster

    Google Earth

    Google Update Helper

    Grand Chase Season 2

    Hex Workshop v6

    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

    Hotfix for Windows XP (KB954550-v5)

    Hotfix para Windows XP (KB979306)

    InCD

    iTunes

    Java Auto Updater

    Java 6 Update 23

    kuler

    LG ODD Auto Firmware Update

    LS-USBMX 1/2/3 Steering Wheel W/Vibration

    Maxis\The Sims 8 in 1

    Megacubo 7.3.7

    Microsoft .NET Framework 1.1

    Microsoft .NET Framework 2.0 Service Pack 2

    Microsoft .NET Framework 3.0 Service Pack 2

    Microsoft .NET Framework 3.5 SP1

    Microsoft Application Error Reporting

    Microsoft Choice Guard

    Microsoft National Language Support Downlevel APIs

    Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

    Microsoft Office Home and Student 2007

    Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

    Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

    Microsoft Office Proof (English) 2007

    Microsoft Office Proof (Portuguese (Brazil)) 2007

    Microsoft Office Proof (Spanish) 2007

    Microsoft Office Proofing (Portuguese (Brazil)) 2007

    Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

    Microsoft Office Word MUI (Portuguese (Brazil)) 2007

    Microsoft Software Update for Web Folders (Portuguese (Brazil)) 12

    Microsoft Visual C++ 2005 Redistributable

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

    Mozilla Firefox (3.6.12)

    MSVCRT

    MSXML 6.0 Parser (KB933579)

    Multimedia Launcher

    Need For Speed™ World

    NitroPC

    NVIDIA Driver de gráficos 260.99

    NVIDIA Install Application

    NVIDIA nView 135.36

    NVIDIA nView Desktop Manager

    On-line Help Console

    OpenAL

    Opera 10.10

    Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0

    Oxelon Media Converter 1.1

    Painel de controle da NVIDIA 260.99

    Pando Media Booster

    PC Wizard 2008.1.871

    PDF Settings

    Photoshop Camera Raw

    Pixel Bender Toolkit

    PowerDVD

    PowerProducer

    Pro Evolution Soccer 2009

    Pure

    QMC

    QuickTime

    QuipTabela 4.01

    Quivi 1.2.0

    Rappelz

    RealNetworks - Microsoft Visual C++ 2008 Runtime

    RealPlayer

    RealUpgrade 1.1

    S4 League_EU

    San Andreas Mod Installer

    SeePassword

    Segoe UI

    SiS 900 PCI Fast Ethernet Adapter Driver

    SiSAGP driver

    Skype™ 4.1

    Stykz 1.0 for Windows (RC 3)

    Suite Shared Configuration CS4

    SUPER © Version 2010.bld.42 (Nov 7, 2010)

    System Requirements Lab

    TeamSpeak 2 RC2

    The KMPlayer (remove only)

    TikaraRO Patch 1.9

    Virtual DJ - Atomix Productions

    WebFldrs XP

    Whorld

    Win AVI HelixSDK

    Winamp

    Winamp Remote

    Windows Imaging Component

    Windows Installer 3.1 (KB893803)

    Windows Internet Explorer 8

    Windows Live Call

    Windows Live Communications Platform

    Windows Live Essentials

    Windows Live Messenger

    Windows Media Format Runtime

    WinRAR archiver

    XP Codec Pack

    Zune Desktop Theme

    ==== End Of File ===========================

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Leia as instruções contidas neste link:

    Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

    1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

    [*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

    • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
    • Clique em "OK" ao EULA.
    • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

    [*]O ComboFix será executado, por favor seja paciente e aguarde. [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

    NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

    NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

    • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
    • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
    • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • ta tão critica a coisa aqui assim pra mim ter que usar o combofix?

    log:

    ComboFix 10-12-21.05 - Lukasss 22/12/2010 18:45:48.1.1 - x86

    Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1535.1037 [GMT -2:00]

    Executando de: c:\documents and settings\Lukasss\Desktop\ComboFix.exe

    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

    .

    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    C:\Win

    c:\win\names.txt

    c:\windows\system32\autorun.i

    c:\windows\system32\autorun.in

    c:\windows\system32\Restore\14122010.kp_

    c:\windows\system32\Restore\15122010.kp_

    c:\windows\XSxS

    c:\windows\Help\Tours\mmTour\tour.exe . . . está infectado!!

    .

    ((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    -------\Legacy_ILVMONEYDRIVER53

    -------\Service_IlvMoneyDRIVER53

    (((((((((((((((( Arquivos/Ficheiros criados de 2010-11-22 to 2010-12-22 ))))))))))))))))))))))))))))

    .

    2010-12-21 10:16 . 2010-12-21 10:34 -------- d-----r- c:\documents and settings\Solange\Favoritos

    2010-12-20 15:26 . 2010-12-20 15:26 -------- d-----w- c:\documents and settings\Lukasss\Dados de aplicativos\Avira

    2010-12-20 01:21 . 2010-12-20 01:22 -------- d-----w- c:\documents and settings\Solange\Lays

    2010-12-18 21:05 . 2010-12-18 21:05 -------- d-----r- c:\documents and settings\LocalService\Favoritos

    2010-12-18 17:51 . 2010-09-03 17:44 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys

    2010-12-18 17:51 . 2010-09-03 17:44 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys

    2010-12-18 17:51 . 2010-06-17 17:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

    2010-12-18 17:51 . 2010-06-17 17:29 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

    2010-12-18 17:51 . 2010-12-18 17:51 -------- d-----w- c:\arquivos de programas\Avira

    2010-12-18 16:27 . 2010-12-18 16:27 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\MFAData

    2010-12-18 16:14 . 2010-12-18 16:14 -------- d-----w- c:\documents and settings\Lucas\Configurações locais\Dados de aplicativos\Apple Computer

    2010-12-18 16:13 . 2010-12-18 16:13 -------- d-sh--w- c:\documents and settings\Lucas\IETldCache

    2010-12-18 10:04 . 2010-12-22 15:55 -------- d-----w- c:\documents and settings\Solange\Configurações locais\Dados de aplicativos\AskToolbar

    2010-12-16 01:24 . 2010-12-16 01:24 -------- d-----w- c:\arquivos de programas\CCleaner

    2010-12-15 03:54 . 2010-12-15 22:52 -------- d-----w- C:\PenClean

    2010-12-15 00:53 . 2010-12-16 03:32 -------- d-----w- c:\arquivos de programas\Spybot - Search & Destroy

    2010-12-15 00:53 . 2010-12-16 03:30 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

    2010-12-12 15:40 . 2010-12-12 15:40 -------- d-----w- c:\arquivos de programas\gPotato.br

    2010-12-11 17:55 . 2010-12-11 17:55 -------- d-----w- c:\documents and settings\Lukasss\Dados de aplicativos\Disney Interactive Studios

    2010-12-11 17:51 . 2010-12-11 17:51 -------- d-----w- c:\documents and settings\Lukasss\Dados de aplicativos\Leadertech

    2010-12-11 17:48 . 2010-12-11 17:48 107888 ----a-w- c:\windows\system32\CmdLineExt.dll

    2010-12-11 04:50 . 2010-12-11 04:50 -------- d-----w- C:\OnGame

    2010-12-10 15:14 . 2010-12-18 14:29 -------- d-----w- c:\documents and settings\Lukasss\Dados de aplicativos\ClubCooee

    2010-12-10 15:14 . 2010-12-18 13:35 -------- d-----w- c:\documents and settings\Lukasss\Configurações locais\Dados de aplicativos\ClubCooee

    2010-12-08 14:56 . 2010-12-18 17:51 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira

    2010-12-08 04:28 . 2010-10-16 18:55 888424 ----a-w- c:\windows\system32\nvdispco32.dll

    2010-12-08 04:28 . 2010-10-16 18:55 813672 ----a-w- c:\windows\system32\nvgenco32.dll

    2010-12-08 03:55 . 2010-12-08 03:55 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\IObit

    2010-12-08 00:48 . 2010-12-08 00:48 -------- d-----w- c:\documents and settings\Solange\Configurações locais\Dados de aplicativos\Real

    2010-12-08 00:48 . 2010-12-08 00:48 11776 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugins\nprjplug.dll

    2010-12-08 00:48 . 2010-12-08 00:48 -------- d-----w- c:\arquivos de programas\Real

    2010-12-08 00:48 . 2010-12-08 00:48 -------- d-----w- c:\arquivos de programas\Arquivos comuns\xing shared

    2010-12-08 00:48 . 2010-12-08 00:48 151776 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugins\nppl3260.dll

    2010-12-08 00:47 . 2010-12-08 00:47 100352 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugins\nprpjplug.dll

    2010-12-07 03:41 . 2010-12-08 04:29 241120 ----a-w- c:\windows\system32\nvdrsdb0.bin

    2010-12-07 03:41 . 2010-12-08 04:29 241120 ----a-w- c:\windows\system32\nvdrsdb1.bin

    2010-12-07 03:41 . 2010-12-08 04:29 1 ----a-w- c:\windows\system32\nvdrssel.bin

    2010-12-07 03:40 . 2010-10-16 18:55 61440 ----a-w- c:\windows\system32\OpenCL.dll

    2010-12-07 03:40 . 2010-10-16 18:55 13012992 ----a-w- c:\windows\system32\nvcompiler.dll

    2010-12-07 03:22 . 2010-12-08 03:55 -------- d-----w- c:\documents and settings\Lukasss\Dados de aplicativos\IObit

    2010-12-07 03:22 . 2010-12-07 03:22 -------- d-----w- c:\arquivos de programas\IObit

    2010-12-02 17:25 . 2010-12-02 17:25 -------- d-----w- c:\documents and settings\Lukasss\Dados de aplicativos\Need for Speed World

    2010-12-02 13:41 . 2010-12-02 13:41 -------- d-----w- c:\documents and settings\Lukasss\Configurações locais\Dados de aplicativos\Electronic_Arts_Inc

    2010-12-02 13:40 . 2010-12-02 13:40 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Electronic Arts

    2010-11-29 22:15 . 2010-11-29 22:16 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Autodesk Shared

    2010-11-29 21:27 . 2007-05-16 18:45 443752 ----a-w- c:\windows\system32\d3dx10_34.dll

    2010-11-29 21:27 . 2007-05-16 18:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll

    2010-11-29 19:38 . 2010-11-29 19:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

    2010-11-29 19:38 . 2010-11-29 19:38 69632 ----a-w- c:\windows\system32\QuickTime.qts

    2010-11-26 01:21 . 2010-11-26 01:21 -------- d-----w- c:\arquivos de programas\Adobe Media Player

    2010-11-26 01:18 . 2010-11-26 01:18 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe AIR

    2010-11-25 14:02 . 2010-12-13 15:34 1033728 ----a-w- c:\windows\MachineCore.dll

    2010-11-24 13:15 . 2010-11-24 13:15 -------- d-----w- c:\documents and settings\Solange\Configurações locais\Dados de aplicativos\Microsoft Help

    2010-11-23 15:24 . 2010-11-23 15:26 -------- d-----w- c:\documents and settings\Lukasss\Configurações locais\Dados de aplicativos\AskToolbar

    2010-11-23 02:59 . 2010-11-29 19:02 -------- d-----w- c:\arquivos de programas\Ask.com

    2010-11-23 02:59 . 2010-11-23 02:59 -------- d-----w- c:\documents and settings\Lukasss\Dados de aplicativos\CocoonSoftware

    2010-11-23 02:58 . 2010-11-23 02:58 -------- d-----w- c:\documents and settings\Lukasss\Configurações locais\Dados de aplicativos\WDSetup

    2010-11-23 00:51 . 2010-11-23 00:51 -------- d-----w- c:\arquivos de programas\eRightSoft

    2010-11-23 00:35 . 2010-11-23 00:35 -------- d-----w- c:\documents and settings\Lukasss\Configurações locais\Dados de aplicativos\Tipard Studio

    2010-11-23 00:34 . 2010-11-23 00:34 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Tipard DVD to DPG Converter

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2010-12-08 00:47 . 2009-06-20 02:18 499712 ----a-w- c:\windows\system32\msvcp71.dll

    2010-12-08 00:47 . 2009-06-20 02:18 348160 ----a-w- c:\windows\system32\msvcr71.dll

    2010-11-23 00:14 . 2010-11-21 00:00 54488 ----a-w- c:\windows\UninstCool.exe

    2010-11-12 20:53 . 2010-07-06 02:56 472808 ----a-w- c:\windows\system32\deployJava1.dll

    2010-11-12 18:34 . 2010-07-06 02:56 73728 ----a-w- c:\windows\system32\javacpl.cpl

    2010-10-16 18:55 . 2009-08-06 21:05 2932840 ----a-w- c:\windows\system32\nvcuvid.dll

    2010-10-16 18:55 . 2009-08-06 21:05 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll

    2010-10-16 18:55 . 2009-08-06 21:05 4882432 ----a-w- c:\windows\system32\nvcuda.dll

    2010-10-16 18:55 . 2007-04-19 05:26 9623680 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

    2010-10-16 18:55 . 2007-04-19 05:26 6359552 ----a-w- c:\windows\system32\nv4_disp.dll

    2010-10-16 18:55 . 2007-04-19 05:26 1462272 ----a-w- c:\windows\system32\nvapi.dll

    2010-10-16 18:55 . 2007-04-19 05:26 14532608 ----a-w- c:\windows\system32\nvoglnt.dll

    2010-10-16 14:04 . 2010-10-16 14:04 81920 ----a-w- c:\windows\system32\nvwddi.dll

    2010-10-16 14:04 . 2010-10-16 14:04 277608 ----a-w- c:\windows\system32\nvmccs.dll

    2010-10-16 14:04 . 2010-10-16 14:04 13851752 ----a-w- c:\windows\system32\nvcpl.dll

    2010-10-16 14:04 . 2010-10-16 14:04 110696 ----a-w- c:\windows\system32\nvmctray.dll

    2010-10-16 14:04 . 2010-10-16 14:04 156776 ----a-w- c:\windows\system32\nvsvc32.exe

    2010-10-16 14:04 . 2010-10-16 14:04 145000 ----a-w- c:\windows\system32\nvcolor.exe

    2005-04-01 01:17 . 2009-06-18 22:46 40960 -c--a-w- c:\arquivos de programas\Uninstall_CDS.exe

    2006-05-03 10:06 163328 --sh--r- c:\windows\system32\flvDX.dll

    2007-02-21 11:47 31232 --sh--r- c:\windows\system32\msfDX.dll

    2008-03-16 13:30 216064 --sh--r- c:\windows\system32\nbDX.dll

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* entradas vazias e legítimas por defeito não são mostradas.

    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

    "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\arquivos de programas\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

    [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

    2010-09-29 00:44 1400712 ----a-w- c:\arquivos de programas\Ask.com\GenericAskToolbar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\arquivos de programas\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\arquivos de programas\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "AlcoholAutomount"="c:\arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-02-24 203928]

    "Dyyno Launcher"="c:\documents and settings\Lukasss\Configurações locais\Dados de aplicativos\Dyyno Viewer\dyyno_launcher.exe" [2010-06-21 2147680]

    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "RemoteControl"="c:\arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 32768]

    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

    "LGODDFU"="c:\arquivos de programas\lg_fwupdate\fwupdate.exe" [2005-04-12 229376]

    "iTunesHelper"="c:\arquivos de programas\iTunes\iTunesHelper.exe" [2010-02-15 141608]

    "InCD"="c:\arquivos de programas\Ahead\InCD\InCD.exe" [2005-06-10 1397760]

    "BigDogPath"="c:\windows\VM_STI.EXE" [2003-01-21 40960]

    "AdobeCS4ServiceManager"="c:\arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

    "SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-05-14 248552]

    "Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

    "Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

    "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2010-12-08 274608]

    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]

    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]

    "nwiz"="c:\arquivos de programas\NVIDIA Corporation\nView\nwiz.exe" [2010-08-26 1753192]

    "QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2010-11-29 421888]

    "avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2010-09-03 281768]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

    c:\documents and settings\Lucas\Menu Iniciar\Programas\Inicializar\

    Adobe Gamma.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

    "c:\\Level Up! Games\\Grand Chase Season 2\\main.exe"=

    "c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

    "c:\\Arquivos de programas\\eMule\\emule.exe"=

    "c:\\Arquivos de programas\\Adobe\\Adobe Dreamweaver CS4\\Dreamweaver.exe"=

    "c:\\Arquivos de programas\\Winamp Remote\\bin\\Orb.exe"=

    "c:\\Arquivos de programas\\Winamp Remote\\bin\\OrbTray.exe"=

    "c:\\Arquivos de programas\\Winamp Remote\\bin\\OrbStreamerClient.exe"=

    "c:\\WINDOWS\\system32\\dpvsetup.exe"=

    "c:\\Arquivos de programas\\Opera\\opera.exe"=

    "c:\\Arquivos de programas\\Autodesk\\Backburner\\monitor.exe"=

    "c:\\Arquivos de programas\\Autodesk\\Backburner\\manager.exe"=

    "c:\\Arquivos de programas\\Autodesk\\Backburner\\server.exe"=

    "c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"=

    "c:\\Arquivos de programas\\VirtualDJ\\virtualdj.exe"=

    "c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

    "c:\\Arquivos de programas\\iTunes\\iTunes.exe"=

    "c:\\Level Up! Games\\Grand Chase Season 2\\grandchase.exe"=

    "c:\\Arquivos de programas\\Arquivos comuns\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

    "c:\\Level Up! Games\\Combat Arms\\NMService.exe"=

    "c:\level up! games\Combat Arms\CombatArms.exe"= c:\level up! games\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe

    "c:\\Level Up! Games\\Combat Arms\\NGM.exe"=

    "c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

    "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

    "c:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

    "c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

    "c:\\Arquivos de programas\\Pando Networks\\Media Booster\\PMB.exe"=

    "c:\\xampp\\mysql\\bin\\mysqld.exe"=

    "c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

    "c:\\Arquivos de programas\\Google\\Google Earth\\client\\googleearth.exe"=

    "c:\\Documents and Settings\\Lukasss\\Meus documentos\\Downloads\\Pro.Evolution.Soccer.2009.Full-Rip.Skullptura\\Pro.Evolution.Soccer.2009.Full-Rip.Skullptura\\PES 2009\\pes2009.exe"=

    "c:\\Arquivos de programas\\Autodesk\\3ds Max 2010\\3dsmax.exe"=

    "c:\\Arquivos de programas\\Autodesk\\3ds Max 2010\\mentalray\\satellite\\raysat_3dsmax2010_32server.exe"=

    "c:\\Arquivos de programas\\Autodesk\\3ds Max 2010\\mentalray\\satellite\\raysat_3dsmax2010_32.exe"=

    "c:\level up! games\Combat Arms\Engine.exe"= c:\level up! games\Combat Arms\Engine.exe:*Enabled:Engine.exe

    "c:\\WINDOWS\\system32\\ftp.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

    "57511:TCP"= 57511:TCP:Pando Media Booster

    "57511:UDP"= 57511:UDP:Pando Media Booster

    "2786:TCP"= 2786:TCP:tevctzp

    "5500:TCP"= 5500:TCP:VNCV

    "5353:TCP"= 5353:TCP:Adobe CSI CS4

    "57389:TCP"= 57389:TCP:Pando Media Booster

    "57389:UDP"= 57389:UDP:Pando Media Booster

    "6000:TCP"= 6000:TCP:The Duel

    "9700:TCP"= 9700:TCP:The Duel

    "9600:UDP"= 9600:UDP:The Duel

    "9610:UDP"= 9610:UDP:The Duel

    "63000:UDP"= 63000:UDP:The Duel

    "63005:UDP"= 63005:UDP:The Duel

    "57635:TCP"= 57635:TCP:Pando Media Booster

    "57635:UDP"= 57635:UDP:Pando Media Booster

    "1036:TCP"= 1036:TCP:Akamai NetSession Interface

    "5000:UDP"= 5000:UDP:Akamai NetSession Interface

    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26/6/2009 20:13 721904]

    R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [4/8/2004 01:45 14336]

    R2 AntiVirSchedulerService;Avira AntiVir Agendamento;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [18/12/2010 15:52 135336]

    R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\arquivos de programas\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [12/3/2009 17:36 86016]

    S2 ajvznpie;Boot Monitor;c:\windows\system32\svchost.exe -k netsvcs [4/8/2004 01:45 14336]

    S2 gupdate1c9f14d4866eb10;Google Update Service (gupdate1c9f14d4866eb10);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [22/10/2010 22:01 136176]

    S2 huzdkxhp;Image Shell;c:\windows\system32\svchost.exe -k netsvcs [4/8/2004 01:45 14336]

    S2 vaxucebah;Image Microsoft;c:\windows\system32\svchost.exe -k netsvcs [4/8/2004 01:45 14336]

    S3 idisg;idisg;\??\c:\windows\system32\010.tmp --> c:\windows\system32\010.tmp [?]

    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

    S3 PPJoyBus;Parallel Port Joystick Bus Enumerator;c:\windows\system32\drivers\PPJoyBus.sys [4/11/2009 01:03 15936]

    S3 PPortJoystick;Parallel Port Joystick Device Driver;c:\windows\system32\drivers\PPortJoy.sys [4/11/2009 01:03 31808]

    S3 WallHack-sXe80;WallHack-sXe80;\??\c:\documents and settings\Lukasss\Desktop\Counter Strike\sXeWallHack80 www.tkt-cheats.net\WallHack-sXe80.sys --> c:\documents and settings\Lukasss\Desktop\Counter Strike\sXeWallHack80 www.tkt-cheats.net\WallHack-sXe80.sys [?]

    S3 WallHack;WallHack;\??\c:\documents and settings\Lukasss\Desktop\Counter Strike\WallHacksXev8.0\WallHack.sys --> c:\documents and settings\Lukasss\Desktop\Counter Strike\WallHacksXev8.0\WallHack.sys [?]

    S3 XDva279;XDva279;\??\c:\windows\system32\XDva279.sys --> c:\windows\system32\XDva279.sys [?]

    S3 XDva281;XDva281;\??\c:\windows\system32\XDva281.sys --> c:\windows\system32\XDva281.sys [?]

    S3 XDva297;XDva297;\??\c:\windows\system32\XDva297.sys --> c:\windows\system32\XDva297.sys [?]

    S3 XDva327;XDva327;\??\c:\windows\system32\XDva327.sys --> c:\windows\system32\XDva327.sys [?]

    S3 XDva343;XDva343;\??\c:\windows\system32\XDva343.sys --> c:\windows\system32\XDva343.sys [?]

    S3 XDva347;XDva347;\??\c:\windows\system32\XDva347.sys --> c:\windows\system32\XDva347.sys [?]

    S3 XDva352;XDva352;\??\c:\windows\system32\XDva352.sys --> c:\windows\system32\XDva352.sys [?]

    S3 XDva354;XDva354;\??\c:\windows\system32\XDva354.sys --> c:\windows\system32\XDva354.sys [?]

    S3 XDva356;XDva356;\??\c:\windows\system32\XDva356.sys --> c:\windows\system32\XDva356.sys [?]

    S3 XDva358;XDva358;\??\c:\windows\system32\XDva358.sys --> c:\windows\system32\XDva358.sys [?]

    S3 XDva359;XDva359;\??\c:\windows\system32\XDva359.sys --> c:\windows\system32\XDva359.sys [?]

    S3 XDva370;XDva370;\??\c:\windows\system32\XDva370.sys --> c:\windows\system32\XDva370.sys [?]

    S3 XDva375;XDva375;\??\c:\windows\system32\XDva375.sys --> c:\windows\system32\XDva375.sys [?]

    S3 ZIDDRVR;ZIDDRVR;\??\c:\documents and settings\Lucas\Desktop\Ryu Engine\zid32.sys --> c:\documents and settings\Lucas\Desktop\Ryu Engine\zid32.sys [?]

    --- =Outros Serviços/Drivers Na Memória ---

    *NewlyCreated* - AJVZNPIE

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

    Akamai REG_MULTI_SZ Akamai

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

    vaxucebah

    tagadgir

    huzdkxhp

    ajvznpie

    .

    Conteúdo da pasta 'Tarefas Agendadas'

    2010-12-16 c:\windows\Tasks\AppleSoftwareUpdate.job

    - c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34]

    2010-12-22 c:\windows\Tasks\Game_Booster_Startup.job

    - c:\arquivos de programas\IObit\Game Booster 2\GameBox.exe [2010-12-08 21:08]

    2010-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

    - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-10-23 00:01]

    2010-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

    - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-10-23 00:01]

    2010-08-21 c:\windows\Tasks\Install.job

    - c:\windows\system32\Macromed\Shockwave 10\nssstub.exe [2010-08-20 16:48]

    2010-12-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1292428093-2146940605-1801674531-1003.job

    - c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-11-05 13:33]

    2010-12-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1292428093-2146940605-1801674531-1005.job

    - c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-11-05 13:33]

    2010-12-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1292428093-2146940605-1801674531-1006.job

    - c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-11-05 13:33]

    2010-12-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1292428093-2146940605-1801674531-1007.job

    - c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-11-05 13:33]

    2010-12-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1292428093-2146940605-1801674531-1003.job

    - c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-11-05 13:33]

    2010-12-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1292428093-2146940605-1801674531-1005.job

    - c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-11-05 13:33]

    2010-12-11 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1292428093-2146940605-1801674531-1006.job

    - c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-11-05 13:33]

    2010-12-10 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1292428093-2146940605-1801674531-1007.job

    - c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-11-05 13:33]

    2010-12-22 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

    - c:\arquivos de programas\Ask.com\UpdateTask.exe [2010-09-29 00:44]

    .

    .

    ------- Scan Suplementar -------

    .

    uStart Page = hxxp://www.google.com.br/

    uInternet Connection Wizard,ShellNext = iexplore

    uInternet Settings,ProxyOverride = local;*.local

    uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=%s

    IE: Baixar com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dllink.htm

    IE: Baixar tudo com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlall.htm

    IE: Baixar vídeo com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlfvideo.htm

    IE: Download selecionado pelo Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlselected.htm

    IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~4\Office12\EXCEL.EXE/3000

    FF - ProfilePath - c:\documents and settings\Lukasss\Dados de aplicativos\Mozilla\Firefox\Profiles\aa7pwpkw.default\

    FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=

    FF - prefs.js: browser.search.selectedEngine - Ask.com

    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

    FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=CCS&o=15777&locale=pt_BR&apn_uid=5581EB76-61C0-40CA-9A95-742478B7904E&apn_ptnrs=HO&apn_sauid=C0B83FB6-96E7-46E0-AB6B-E3E3210354D3&apn_dtid=YYYYYYYYBR&q=

    FF - prefs.js: network.proxy.http - localhost

    FF - prefs.js: network.proxy.http_port - 9666

    FF - prefs.js: network.proxy.socks - localhost

    FF - prefs.js: network.proxy.socks_port - 9050

    FF - prefs.js: network.proxy.ssl - localhost

    FF - prefs.js: network.proxy.ssl_port - 9666

    FF - prefs.js: network.proxy.type - 0

    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\arquivos de programas\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

    FF - Ext: Java Quick Starter: jqs@sun.com - c:\arquivos de programas\Java\jre6\lib\deploy\jqs\ff

    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

    FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

    FF - Ext: Fast Video Download (with SearchMenu): {c50ca3c4-5656-43c2-a061-13e717f73fc8} - %profile%\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}

    FF - Ext: Open IT Online: extension@openitonline.com - %profile%\extensions\extension@openitonline.com

    FF - Ext: CS Web Launcher: CSWebLauncher@cyberstep.com - %profile%\extensions\CSWebLauncher@cyberstep.com

    FF - Ext: UltraSurf Firefox Tool: {5B52016C-D097-4aec-BE61-9F129D8FDDBA} - %profile%\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}

    FF - Ext: CocoonSoftware Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com

    FF - Ext: Winamp Toolbar: {0b38152b-1b20-484d-a11f-5e04a9b0661f} - %profile%\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}

    .

    - - - - ORFÃOS REMOVIDOS - - - -

    Toolbar-{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - (no file)

    HKCU-Run-AdobeBridge - (no file)

    HKLM-Run-Cmaudio - cmicnfg.cpl

    HKLM-Run-UnlockerAssistant - c:\arquivos de programas\Unlocker\UnlockerAssistant.exe

    AddRemove-Counter-Strike CP - c:\arquivos de programas\Cs\uninstall.exe

    AddRemove-The Sims 8 in 1 - c:\arquivos de programas\Maxis\The Sims 8 in 1\uninstall.exe

    AddRemove-{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1 - c:\arquivos de programas\Electronic Arts\Need For Speed World\unins000.exe

    AddRemove-{C1080852-065E-4991-9260-F3756E3CC182} - c:\documents and settings\Lukasss\Configurações locais\Dados de aplicativos\{DE032019-B933-4DF4-9174-48C52613DA13}\CursorFX_setup.exe

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2010-12-22 19:23

    Windows 5.1.2600 Service Pack 2 NTFS

    Procurando processos ocultos ...

    Procurando entradas auto inicializáveis ocultas ...

    Procurando ficheiros/arquivos ocultos ...

    Varredura completada com sucesso

    arquivos/ficheiros ocultos: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\idisg]

    "ImagePath"="\??\c:\windows\system32\010.tmp"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]

    "ImagePath"="c:\windows\system32\GameMon.des -service"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ajvznpie]

    "ServiceDll"="c:\windows\system32\bbwpqb.dll"

    --

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\huzdkxhp]

    "ServiceDll"="c:\windows\system32\bbwpqb.dll"

    --

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vaxucebah]

    .

    --------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    --------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

    - - - - - - - > 'explorer.exe'(2956)

    c:\windows\system32\msi.dll

    c:\windows\system32\ieframe.dll

    c:\windows\system32\webcheck.dll

    .

    ------------------------ Outros Processos em Execução ------------------------

    .

    c:\windows\system32\nvsvc32.exe

    c:\arquivos de programas\Ahead\InCD\InCDsrv.exe

    c:\arquivos de programas\Avira\AntiVir Desktop\avguard.exe

    c:\arquivos de programas\Bonjour\mDNSResponder.exe

    c:\arquivos de programas\Java\jre6\bin\jqs.exe

    c:\arquivos de programas\Avira\AntiVir Desktop\avshadow.exe

    c:\arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

    c:\windows\system32\wdfmgr.exe

    c:\windows\system32\wbem\wmiapsrv.exe

    c:\windows\system32\RUNDLL32.EXE

    c:\arquivos de programas\iPod\bin\iPodService.exe

    .

    **************************************************************************

    .

    Tempo para conclusão: 2010-12-22 19:35:35 - Máquina reiniciou

    ComboFix-quarantined-files.txt 2010-12-22 21:35

    Pré-execução: 15 pasta(s) 23.756.713.984 bytes disponíveis

    Pós execução: 19 pasta(s) 25.536.081.920 bytes disponíveis

    WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

    [boot loader]

    timeout=2

    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

    [operating systems]

    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

    UnsupportedDebug="do not select this" /debug

    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    - - End Of File - - 32FD97F4B5A470C40096390652396347

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Configure o Windows para mostrar todos os arquivos

    Acesse este site: http://virustotal.com/

    Em File to upload coloque: c:\windows\Help\Tours\mmTour\tour.exe

    Em seguida clique em Submit

    Copie e poste o resultado deste exame.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • ele ta limpo :o

    link : http://www.virustotal.com/file-scan/report.html?id=bde89bc2cf8f592e788793bf9481551553a79fe3df9087102d6a181496876e59-1293119199

    Antivirus Version Last Update Result

    AhnLab-V3 2010.12.23.04 2010.12.23 -

    AntiVir 7.11.0.151 2010.12.23 -

    Antiy-AVL 2.0.3.7 2010.12.23 -

    Avast 4.8.1351.0 2010.12.23 -

    Avast5 5.0.677.0 2010.12.23 -

    AVG 9.0.0.851 2010.12.23 -

    BitDefender 7.2 2010.12.23 -

    CAT-QuickHeal 11.00 2010.12.23 -

    ClamAV 0.96.4.0 2010.12.23 -

    Command 5.2.11.5 2010.12.23 -

    Comodo 7161 2010.12.23 -

    DrWeb 5.0.2.03300 2010.12.23 -

    eSafe 7.0.17.0 2010.12.22 -

    eTrust-Vet 36.1.8056 2010.12.23 -

    F-Prot 4.6.2.117 2010.12.22 -

    F-Secure 9.0.16160.0 2010.12.23 -

    Fortinet 4.2.254.0 2010.12.23 -

    GData 21 2010.12.23 -

    Ikarus T3.1.1.90.0 2010.12.23 -

    Jiangmin 13.0.900 2010.12.22 -

    K7AntiVirus 9.74.3330 2010.12.23 -

    Kaspersky 7.0.0.125 2010.12.23 -

    McAfee 5.400.0.1158 2010.12.23 -

    McAfee-GW-Edition 2010.1C 2010.12.23 -

    Microsoft 1.6402 2010.12.23 -

    NOD32 5727 2010.12.23 -

    Norman 6.06.12 2010.12.23 -

    nProtect 2010-12-23.02 2010.12.23 -

    Panda 10.0.2.7 2010.12.22 -

    PCTools 7.0.3.5 2010.12.23 -

    Prevx 3.0 2010.12.23 -

    Rising 22.79.02.04 2010.12.23 -

    Sophos 4.60.0 2010.12.23 -

    SUPERAntiSpyware 4.40.0.1006 2010.12.23 -

    Symantec 20101.3.0.103 2010.12.23 -

    TheHacker 6.7.0.1.104 2010.12.21 -

    TrendMicro 9.120.0.1004 2010.12.23 -

    TrendMicro-HouseCall 9.120.0.1004 2010.12.23 -

    VBA32 3.12.14.2 2010.12.23 -

    VIPRE 7771 2010.12.23 -

    ViRobot 2010.12.23.4216 2010.12.23 -

    VirusBuster 13.6.109.0 2010.12.23 -

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

    Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":


    Driver::

    vaxucebah
    tagadgir
    huzdkxhp
    idisg
    ajvznpie

    NetSvc::

    vaxucebah
    tagadgir
    huzdkxhp
    ajvznpie

    • Salve este arquivo como: CFScript.txt
      CFScriptB-4.gif
    • Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para dentro do ComboFix.exe
    • Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • ComboFix 10-12-21.05 - Lukasss 24/12/2010 2:02.3.1 - x86

    Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1535.1068 [GMT -2:00]

    Executando de: c:\documents and settings\Lukasss\Desktop\ComboFix.exe

    Comandos utilizados :: c:\documents and settings\Lukasss\Desktop\CFScript.txt

    AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}

    .

    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    -- Execuções precedente --

    c:\windows\Help\Tours\mmTour\tour.exe . . . está infectado!!

    --------

    c:\windows\Help\Tours\mmTour\tour.exe . . . está infectado!!

    .

    ((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    -------\Legacy_AJVZNPIE

    -------\Legacy_HUZDKXHP

    -------\Legacy_VAXUCEBAH

    -------\Service_ajvznpie

    -------\Service_huzdkxhp

    -------\Service_idisg

    -------\Service_vaxucebah

    (((((((((((((((( Arquivos/Ficheiros criados de 2010-11-24 to 2010-12-24 ))))))))))))))))))))))))))))

    .

    2010-12-22 21:52 . 2010-12-22 21:52 -------- d-----w- c:\documents and settings\LocalService\Configurações locais\Dados de aplicativos\Apple

    2010-12-21 10:16 . 2010-12-21 10:34 -------- d-----r- c:\documents and settings\Solange\Favoritos

    2010-12-20 15:26 . 2010-12-20 15:26 -------- d-----w- c:\documents and settings\Lukasss\Dados de aplicativos\Avira

    2010-12-20 01:21 . 2010-12-20 01:22 -------- d-----w- c:\documents and settings\Solange\Lays

    2010-12-18 21:05 . 2010-12-18 21:05 -------- d-----r- c:\documents and settings\LocalService\Favoritos

    2010-12-18 17:51 . 2010-09-03 17:44 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys

    2010-12-18 17:51 . 2010-09-03 17:44 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys

    2010-12-18 17:51 . 2010-06-17 17:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

    2010-12-18 17:51 . 2010-06-17 17:29 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

    2010-12-18 17:51 . 2010-12-18 17:51 -------- d-----w- c:\arquivos de programas\Avira

    2010-12-18 16:27 . 2010-12-18 16:27 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\MFAData

    2010-12-18 16:14 . 2010-12-18 16:14 -------- d-----w- c:\documents and settings\Lucas\Configurações locais\Dados de aplicativos\Apple Computer

    2010-12-18 16:13 . 2010-12-18 16:13 -------- d-sh--w- c:\documents and settings\Lucas\IETldCache

    2010-12-18 10:04 . 2010-12-22 15:55 -------- d-----w- c:\documents and settings\Solange\Configurações locais\Dados de aplicativos\AskToolbar

    2010-12-16 01:24 . 2010-12-16 01:24 -------- d-----w- c:\arquivos de programas\CCleaner

    2010-12-15 03:54 . 2010-12-15 22:52 -------- d-----w- C:\PenClean

    2010-12-15 00:53 . 2010-12-16 03:32 -------- d-----w- c:\arquivos de programas\Spybot - Search & Destroy

    2010-12-15 00:53 . 2010-12-16 03:30 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

    2010-12-12 15:40 . 2010-12-12 15:40 -------- d-----w- c:\arquivos de programas\gPotato.br

    2010-12-11 17:55 . 2010-12-11 17:55 -------- d-----w- c:\documents and settings\Lukasss\Dados de aplicativos\Disney Interactive Studios

    2010-12-11 17:51 . 2010-12-11 17:51 -------- d-----w- c:\documents and settings\Lukasss\Dados de aplicativos\Leadertech

    2010-12-11 17:48 . 2010-12-11 17:48 107888 ----a-w- c:\windows\system32\CmdLineExt.dll

    2010-12-11 04:50 . 2010-12-11 04:50 -------- d-----w- C:\OnGame

    2010-12-10 15:14 . 2010-12-23 21:29 -------- d-----w- c:\documents and settings\Lukasss\Dados de aplicativos\ClubCooee

    2010-12-10 15:14 . 2010-12-23 20:26 -------- d-----w- c:\documents and settings\Lukasss\Configurações locais\Dados de aplicativos\ClubCooee

    2010-12-08 14:56 . 2010-12-18 17:51 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira

    2010-12-08 04:28 . 2010-10-16 18:55 888424 ----a-w- c:\windows\system32\nvdispco32.dll

    2010-12-08 04:28 . 2010-10-16 18:55 813672 ----a-w- c:\windows\system32\nvgenco32.dll

    2010-12-08 03:55 . 2010-12-08 03:55 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\IObit

    2010-12-08 00:48 . 2010-12-08 00:48 -------- d-----w- c:\documents and settings\Solange\Configurações locais\Dados de aplicativos\Real

    2010-12-08 00:48 . 2010-12-08 00:48 11776 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugins\nprjplug.dll

    2010-12-08 00:48 . 2010-12-08 00:48 -------- d-----w- c:\arquivos de programas\Real

    2010-12-08 00:48 . 2010-12-08 00:48 -------- d-----w- c:\arquivos de programas\Arquivos comuns\xing shared

    2010-12-08 00:48 . 2010-12-08 00:48 151776 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugins\nppl3260.dll

    2010-12-08 00:47 . 2010-12-08 00:47 100352 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugins\nprpjplug.dll

    2010-12-07 03:41 . 2010-12-08 04:29 241120 ----a-w- c:\windows\system32\nvdrsdb0.bin

    2010-12-07 03:41 . 2010-12-08 04:29 241120 ----a-w- c:\windows\system32\nvdrsdb1.bin

    2010-12-07 03:41 . 2010-12-08 04:29 1 ----a-w- c:\windows\system32\nvdrssel.bin

    2010-12-07 03:40 . 2010-10-16 18:55 61440 ----a-w- c:\windows\system32\OpenCL.dll

    2010-12-07 03:40 . 2010-10-16 18:55 13012992 ----a-w- c:\windows\system32\nvcompiler.dll

    2010-12-07 03:22 . 2010-12-08 03:55 -------- d-----w- c:\documents and settings\Lukasss\Dados de aplicativos\IObit

    2010-12-07 03:22 . 2010-12-07 03:22 -------- d-----w- c:\arquivos de programas\IObit

    2010-12-02 17:25 . 2010-12-02 17:25 -------- d-----w- c:\documents and settings\Lukasss\Dados de aplicativos\Need for Speed World

    2010-12-02 13:41 . 2010-12-02 13:41 -------- d-----w- c:\documents and settings\Lukasss\Configurações locais\Dados de aplicativos\Electronic_Arts_Inc

    2010-12-02 13:40 . 2010-12-02 13:40 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Electronic Arts

    2010-11-29 22:15 . 2010-11-29 22:16 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Autodesk Shared

    2010-11-29 21:27 . 2007-05-16 18:45 443752 ----a-w- c:\windows\system32\d3dx10_34.dll

    2010-11-29 21:27 . 2007-05-16 18:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll

    2010-11-29 19:38 . 2010-11-29 19:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

    2010-11-29 19:38 . 2010-11-29 19:38 69632 ----a-w- c:\windows\system32\QuickTime.qts

    2010-11-26 01:21 . 2010-11-26 01:21 -------- d-----w- c:\arquivos de programas\Adobe Media Player

    2010-11-26 01:18 . 2010-11-26 01:18 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe AIR

    2010-11-25 14:02 . 2010-12-13 15:34 1033728 ----a-w- c:\windows\MachineCore.dll

    2010-11-24 13:15 . 2010-11-24 13:15 -------- d-----w- c:\documents and settings\Solange\Configurações locais\Dados de aplicativos\Microsoft Help

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2010-12-08 00:47 . 2009-06-20 02:18 499712 ----a-w- c:\windows\system32\msvcp71.dll

    2010-12-08 00:47 . 2009-06-20 02:18 348160 ----a-w- c:\windows\system32\msvcr71.dll

    2010-11-23 00:14 . 2010-11-21 00:00 54488 ----a-w- c:\windows\UninstCool.exe

    2010-11-12 20:53 . 2010-07-06 02:56 472808 ----a-w- c:\windows\system32\deployJava1.dll

    2010-11-12 18:34 . 2010-07-06 02:56 73728 ----a-w- c:\windows\system32\javacpl.cpl

    2010-10-16 18:55 . 2009-08-06 21:05 2932840 ----a-w- c:\windows\system32\nvcuvid.dll

    2010-10-16 18:55 . 2009-08-06 21:05 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll

    2010-10-16 18:55 . 2009-08-06 21:05 4882432 ----a-w- c:\windows\system32\nvcuda.dll

    2010-10-16 18:55 . 2007-04-19 05:26 9623680 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

    2010-10-16 18:55 . 2007-04-19 05:26 6359552 ----a-w- c:\windows\system32\nv4_disp.dll

    2010-10-16 18:55 . 2007-04-19 05:26 1462272 ----a-w- c:\windows\system32\nvapi.dll

    2010-10-16 18:55 . 2007-04-19 05:26 14532608 ----a-w- c:\windows\system32\nvoglnt.dll

    2010-10-16 14:04 . 2010-10-16 14:04 81920 ----a-w- c:\windows\system32\nvwddi.dll

    2010-10-16 14:04 . 2010-10-16 14:04 277608 ----a-w- c:\windows\system32\nvmccs.dll

    2010-10-16 14:04 . 2010-10-16 14:04 13851752 ----a-w- c:\windows\system32\nvcpl.dll

    2010-10-16 14:04 . 2010-10-16 14:04 110696 ----a-w- c:\windows\system32\nvmctray.dll

    2010-10-16 14:04 . 2010-10-16 14:04 156776 ----a-w- c:\windows\system32\nvsvc32.exe

    2010-10-16 14:04 . 2010-10-16 14:04 145000 ----a-w- c:\windows\system32\nvcolor.exe

    2005-04-01 01:17 . 2009-06-18 22:46 40960 -c--a-w- c:\arquivos de programas\Uninstall_CDS.exe

    2006-05-03 10:06 163328 --sh--r- c:\windows\system32\flvDX.dll

    2007-02-21 11:47 31232 --sh--r- c:\windows\system32\msfDX.dll

    2008-03-16 13:30 216064 --sh--r- c:\windows\system32\nbDX.dll

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* entradas vazias e legítimas por defeito não são mostradas.

    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

    "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\arquivos de programas\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

    [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

    2010-09-29 00:44 1400712 ----a-w- c:\arquivos de programas\Ask.com\GenericAskToolbar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\arquivos de programas\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\arquivos de programas\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "AlcoholAutomount"="c:\arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-02-24 203928]

    "Dyyno Launcher"="c:\documents and settings\Lukasss\Configurações locais\Dados de aplicativos\Dyyno Viewer\dyyno_launcher.exe" [2010-06-21 2147680]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "RemoteControl"="c:\arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 32768]

    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

    "LGODDFU"="c:\arquivos de programas\lg_fwupdate\fwupdate.exe" [2005-04-12 229376]

    "iTunesHelper"="c:\arquivos de programas\iTunes\iTunesHelper.exe" [2010-02-15 141608]

    "InCD"="c:\arquivos de programas\Ahead\InCD\InCD.exe" [2005-06-10 1397760]

    "BigDogPath"="c:\windows\VM_STI.EXE" [2003-01-21 40960]

    "AdobeCS4ServiceManager"="c:\arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

    "SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-05-14 248552]

    "Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

    "Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

    "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2010-12-08 274608]

    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]

    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]

    "nwiz"="c:\arquivos de programas\NVIDIA Corporation\nView\nwiz.exe" [2010-08-26 1753192]

    "QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2010-11-29 421888]

    "avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2010-09-03 281768]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

    c:\documents and settings\Lucas\Menu Iniciar\Programas\Inicializar\

    Adobe Gamma.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

    "c:\\Level Up! Games\\Grand Chase Season 2\\main.exe"=

    "c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

    "c:\\Arquivos de programas\\eMule\\emule.exe"=

    "c:\\Arquivos de programas\\Adobe\\Adobe Dreamweaver CS4\\Dreamweaver.exe"=

    "c:\\Arquivos de programas\\Winamp Remote\\bin\\Orb.exe"=

    "c:\\Arquivos de programas\\Winamp Remote\\bin\\OrbTray.exe"=

    "c:\\Arquivos de programas\\Winamp Remote\\bin\\OrbStreamerClient.exe"=

    "c:\\WINDOWS\\system32\\dpvsetup.exe"=

    "c:\\Arquivos de programas\\Opera\\opera.exe"=

    "c:\\Arquivos de programas\\Autodesk\\Backburner\\monitor.exe"=

    "c:\\Arquivos de programas\\Autodesk\\Backburner\\manager.exe"=

    "c:\\Arquivos de programas\\Autodesk\\Backburner\\server.exe"=

    "c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"=

    "c:\\Arquivos de programas\\VirtualDJ\\virtualdj.exe"=

    "c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

    "c:\\Arquivos de programas\\iTunes\\iTunes.exe"=

    "c:\\Level Up! Games\\Grand Chase Season 2\\grandchase.exe"=

    "c:\\Arquivos de programas\\Arquivos comuns\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

    "c:\\Level Up! Games\\Combat Arms\\NMService.exe"=

    "c:\level up! games\Combat Arms\CombatArms.exe"= c:\level up! games\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe

    "c:\\Level Up! Games\\Combat Arms\\NGM.exe"=

    "c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

    "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

    "c:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

    "c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

    "c:\\Arquivos de programas\\Pando Networks\\Media Booster\\PMB.exe"=

    "c:\\xampp\\mysql\\bin\\mysqld.exe"=

    "c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

    "c:\\Arquivos de programas\\Google\\Google Earth\\client\\googleearth.exe"=

    "c:\\Documents and Settings\\Lukasss\\Meus documentos\\Downloads\\Pro.Evolution.Soccer.2009.Full-Rip.Skullptura\\Pro.Evolution.Soccer.2009.Full-Rip.Skullptura\\PES 2009\\pes2009.exe"=

    "c:\\Arquivos de programas\\Autodesk\\3ds Max 2010\\3dsmax.exe"=

    "c:\\Arquivos de programas\\Autodesk\\3ds Max 2010\\mentalray\\satellite\\raysat_3dsmax2010_32server.exe"=

    "c:\\Arquivos de programas\\Autodesk\\3ds Max 2010\\mentalray\\satellite\\raysat_3dsmax2010_32.exe"=

    "c:\level up! games\Combat Arms\Engine.exe"= c:\level up! games\Combat Arms\Engine.exe:*Enabled:Engine.exe

    "c:\\WINDOWS\\system32\\ftp.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

    "57511:TCP"= 57511:TCP:Pando Media Booster

    "57511:UDP"= 57511:UDP:Pando Media Booster

    "2786:TCP"= 2786:TCP:tevctzp

    "5500:TCP"= 5500:TCP:VNCV

    "5353:TCP"= 5353:TCP:Adobe CSI CS4

    "57389:TCP"= 57389:TCP:Pando Media Booster

    "57389:UDP"= 57389:UDP:Pando Media Booster

    "6000:TCP"= 6000:TCP:The Duel

    "9700:TCP"= 9700:TCP:The Duel

    "9600:UDP"= 9600:UDP:The Duel

    "9610:UDP"= 9610:UDP:The Duel

    "63000:UDP"= 63000:UDP:The Duel

    "63005:UDP"= 63005:UDP:The Duel

    "57635:TCP"= 57635:TCP:Pando Media Booster

    "57635:UDP"= 57635:UDP:Pando Media Booster

    "1039:TCP"= 1039:TCP:Akamai NetSession Interface

    "5000:UDP"= 5000:UDP:Akamai NetSession Interface

    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26/6/2009 20:13 721904]

    R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [4/8/2004 01:45 14336]

    R2 AntiVirSchedulerService;Avira AntiVir Agendamento;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [18/12/2010 15:52 135336]

    S2 gupdate1c9f14d4866eb10;Google Update Service (gupdate1c9f14d4866eb10);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [22/10/2010 22:01 136176]

    S2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\arquivos de programas\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [12/3/2009 17:36 86016]

    S2 nbyfsju;Manager Center;c:\windows\system32\svchost.exe -k netsvcs [4/8/2004 01:45 14336]

    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

    S3 PPJoyBus;Parallel Port Joystick Bus Enumerator;c:\windows\system32\drivers\PPJoyBus.sys [4/11/2009 01:03 15936]

    S3 PPortJoystick;Parallel Port Joystick Device Driver;c:\windows\system32\drivers\PPortJoy.sys [4/11/2009 01:03 31808]

    S3 WallHack-sXe80;WallHack-sXe80;\??\c:\documents and settings\Lukasss\Desktop\Counter Strike\sXeWallHack80 www.tkt-cheats.net\WallHack-sXe80.sys --> c:\documents and settings\Lukasss\Desktop\Counter Strike\sXeWallHack80 www.tkt-cheats.net\WallHack-sXe80.sys [?]

    S3 WallHack;WallHack;\??\c:\documents and settings\Lukasss\Desktop\Counter Strike\WallHacksXev8.0\WallHack.sys --> c:\documents and settings\Lukasss\Desktop\Counter Strike\WallHacksXev8.0\WallHack.sys [?]

    S3 XDva279;XDva279;\??\c:\windows\system32\XDva279.sys --> c:\windows\system32\XDva279.sys [?]

    S3 XDva281;XDva281;\??\c:\windows\system32\XDva281.sys --> c:\windows\system32\XDva281.sys [?]

    S3 XDva297;XDva297;\??\c:\windows\system32\XDva297.sys --> c:\windows\system32\XDva297.sys [?]

    S3 XDva327;XDva327;\??\c:\windows\system32\XDva327.sys --> c:\windows\system32\XDva327.sys [?]

    S3 XDva343;XDva343;\??\c:\windows\system32\XDva343.sys --> c:\windows\system32\XDva343.sys [?]

    S3 XDva347;XDva347;\??\c:\windows\system32\XDva347.sys --> c:\windows\system32\XDva347.sys [?]

    S3 XDva352;XDva352;\??\c:\windows\system32\XDva352.sys --> c:\windows\system32\XDva352.sys [?]

    S3 XDva354;XDva354;\??\c:\windows\system32\XDva354.sys --> c:\windows\system32\XDva354.sys [?]

    S3 XDva356;XDva356;\??\c:\windows\system32\XDva356.sys --> c:\windows\system32\XDva356.sys [?]

    S3 XDva358;XDva358;\??\c:\windows\system32\XDva358.sys --> c:\windows\system32\XDva358.sys [?]

    S3 XDva359;XDva359;\??\c:\windows\system32\XDva359.sys --> c:\windows\system32\XDva359.sys [?]

    S3 XDva370;XDva370;\??\c:\windows\system32\XDva370.sys --> c:\windows\system32\XDva370.sys [?]

    S3 XDva375;XDva375;\??\c:\windows\system32\XDva375.sys --> c:\windows\system32\XDva375.sys [?]

    S3 ZIDDRVR;ZIDDRVR;\??\c:\documents and settings\Lucas\Desktop\Ryu Engine\zid32.sys --> c:\documents and settings\Lucas\Desktop\Ryu Engine\zid32.sys [?]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

    Akamai REG_MULTI_SZ Akamai

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

    nbyfsju

    .

    Conteúdo da pasta 'Tarefas Agendadas'

    2010-12-22 c:\windows\Tasks\AppleSoftwareUpdate.job

    - c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34]

    2010-12-24 c:\windows\Tasks\Game_Booster_Startup.job

    - c:\arquivos de programas\IObit\Game Booster 2\GameBox.exe [2010-12-08 21:08]

    2010-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

    - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-10-23 00:01]

    2010-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

    - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-10-23 00:01]

    2010-08-21 c:\windows\Tasks\Install.job

    - c:\windows\system32\Macromed\Shockwave 10\nssstub.exe [2010-08-20 16:48]

    2010-12-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1292428093-2146940605-1801674531-1003.job

    - c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-11-05 13:33]

    2010-12-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1292428093-2146940605-1801674531-1005.job

    - c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-11-05 13:33]

    2010-12-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1292428093-2146940605-1801674531-1006.job

    - c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-11-05 13:33]

    2010-12-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1292428093-2146940605-1801674531-1007.job

    - c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-11-05 13:33]

    2010-12-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1292428093-2146940605-1801674531-1003.job

    - c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-11-05 13:33]

    2010-12-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1292428093-2146940605-1801674531-1005.job

    - c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-11-05 13:33]

    2010-12-11 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1292428093-2146940605-1801674531-1006.job

    - c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-11-05 13:33]

    2010-12-10 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1292428093-2146940605-1801674531-1007.job

    - c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-11-05 13:33]

    2010-12-23 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

    - c:\arquivos de programas\Ask.com\UpdateTask.exe [2010-09-29 00:44]

    .

    .

    ------- Scan Suplementar -------

    .

    uStart Page = hxxp://www.google.com.br/

    uInternet Connection Wizard,ShellNext = iexplore

    uInternet Settings,ProxyOverride = local;*.local

    uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=%s

    IE: Baixar com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dllink.htm

    IE: Baixar tudo com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlall.htm

    IE: Baixar vídeo com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlfvideo.htm

    IE: Download selecionado pelo Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlselected.htm

    IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~4\Office12\EXCEL.EXE/3000

    FF - ProfilePath - c:\documents and settings\Lukasss\Dados de aplicativos\Mozilla\Firefox\Profiles\aa7pwpkw.default\

    FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=

    FF - prefs.js: browser.search.selectedEngine - Ask.com

    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

    FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=CCS&o=15777&locale=pt_BR&apn_uid=5581EB76-61C0-40CA-9A95-742478B7904E&apn_ptnrs=HO&apn_sauid=C0B83FB6-96E7-46E0-AB6B-E3E3210354D3&apn_dtid=YYYYYYYYBR&q=

    FF - prefs.js: network.proxy.http - localhost

    FF - prefs.js: network.proxy.http_port - 9666

    FF - prefs.js: network.proxy.socks - localhost

    FF - prefs.js: network.proxy.socks_port - 9050

    FF - prefs.js: network.proxy.ssl - localhost

    FF - prefs.js: network.proxy.ssl_port - 9666

    FF - prefs.js: network.proxy.type - 0

    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\arquivos de programas\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

    FF - Ext: Java Quick Starter: jqs@sun.com - c:\arquivos de programas\Java\jre6\lib\deploy\jqs\ff

    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

    FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

    FF - Ext: Fast Video Download (with SearchMenu): {c50ca3c4-5656-43c2-a061-13e717f73fc8} - %profile%\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}

    FF - Ext: Open IT Online: extension@openitonline.com - %profile%\extensions\extension@openitonline.com

    FF - Ext: CS Web Launcher: CSWebLauncher@cyberstep.com - %profile%\extensions\CSWebLauncher@cyberstep.com

    FF - Ext: UltraSurf Firefox Tool: {5B52016C-D097-4aec-BE61-9F129D8FDDBA} - %profile%\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}

    FF - Ext: CocoonSoftware Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com

    FF - Ext: Winamp Toolbar: {0b38152b-1b20-484d-a11f-5e04a9b0661f} - %profile%\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}

    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2010-12-24 02:19

    Windows 5.1.2600 Service Pack 2 NTFS

    Procurando processos ocultos ...

    Procurando entradas auto inicializáveis ocultas ...

    Procurando ficheiros/arquivos ocultos ...

    Varredura completada com sucesso

    arquivos/ficheiros ocultos: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]

    "ImagePath"="c:\windows\system32\GameMon.des -service"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nbyfsju]

    "ServiceDll"="c:\windows\system32\bbwpqb.dll"

    .

    --------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    --------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

    - - - - - - - > 'explorer.exe'(3844)

    c:\windows\system32\ieframe.dll

    c:\windows\system32\msi.dll

    c:\arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\PDFShell.dll

    c:\arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\PDFShell.PTB

    c:\windows\system32\webcheck.dll

    .

    Tempo para conclusão: 2010-12-24 02:23:53

    ComboFix-quarantined-files.txt 2010-12-24 04:23

    ComboFix2.txt 2010-12-22 21:35

    Pré-execução: 18 pasta(s) 25.954.443.264 bytes disponíveis

    Pós execução: 19 pasta(s) 25.953.910.784 bytes disponíveis

    - - End Of File - - 038C3C5C0E52F00873627AE298B39E53

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

    Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":


    Driver::

    nbyfsju

    NetSvc::

    nbyfsju

    File::

    c:\windows\system32\bbwpqb.dll

    • Salve este arquivo como: CFScript.txt
      CFScriptB-4.gif
    • Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para dentro do ComboFix.exe
    • Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • ComboFix 10-12-21.05 - Lukasss 28/12/2010 16:04:01.4.1 - x86

    Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1535.1069 [GMT -2:00]

    Executando de: c:\documents and settings\Lukasss\Desktop\ComboFix.exe

    Comandos utilizados :: c:\documents and settings\Lukasss\Desktop\CFScript.txt

    AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}

    * Criado um novo ponto de restauração

    .

    - MODO DE FUNCIONALIDADE REDUZIDA -

    FILE ::

    "c:\windows\system32\bbwpqb.dll"

    .

    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    c:\windows\Help\Tours\mmTour\tour.exe . . . está infectado!!

    .

    (((((((((((((((( Arquivos/Ficheiros criados de 2010-11-28 to 2010-12-28 ))))))))))))))))))))))))))))

    .

    2010-12-26 02:25 . 2010-12-26 02:27 -------- d-----w- c:\documents and settings\Lukasss\Dados de aplicativos\VDownloader

    2010-12-26 02:25 . 2010-12-26 02:50 -------- d-----w- c:\documents and settings\Lukasss\Configurações locais\Dados de aplicativos\VDownloader

    2010-12-26 02:25 . 2010-12-26 02:25 -------- d-----w- c:\arquivos de programas\WinPcap

    2010-12-26 02:24 . 2010-01-26 12:11 444283 ----a-w- c:\arquivos de programas\Arquivos comuns\WinPcapNmap.exe

    2010-12-26 02:24 . 2010-12-26 02:33 -------- d-----w- c:\arquivos de programas\VDownloader

    2010-12-26 02:18 . 2010-12-26 02:18 -------- d-----w- c:\arquivos de programas\Mozilla Firefox 4.0 Beta 8

    2010-12-25 12:53 . 2010-12-25 12:53 -------- d-----w- c:\documents and settings\LocalService\Menu Iniciar

    2010-12-22 21:52 . 2010-12-22 21:52 -------- d-----w- c:\documents and settings\LocalService\Configurações locais\Dados de aplicativos\Apple

    2010-12-21 10:16 . 2010-12-21 10:34 -------- d-----r- c:\documents and settings\Solange\Favoritos

    2010-12-20 15:26 . 2010-12-20 15:26 -------- d-----w- c:\documents and settings\Lukasss\Dados de aplicativos\Avira

    2010-12-20 01:21 . 2010-12-20 01:22 -------- d-----w- c:\documents and settings\Solange\Lays

    2010-12-18 21:05 . 2010-12-18 21:05 -------- d-----r- c:\documents and settings\LocalService\Favoritos

    2010-12-18 17:51 . 2010-12-25 12:52 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys

    2010-12-18 17:51 . 2010-12-25 12:52 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

    2010-12-18 17:51 . 2010-06-17 17:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

    2010-12-18 17:51 . 2010-06-17 17:29 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

    2010-12-18 17:51 . 2010-12-18 17:51 -------- d-----w- c:\arquivos de programas\Avira

    2010-12-18 16:27 . 2010-12-18 16:27 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\MFAData

    2010-12-18 16:14 . 2010-12-18 16:14 -------- d-----w- c:\documents and settings\Lucas\Configurações locais\Dados de aplicativos\Apple Computer

    2010-12-18 16:13 . 2010-12-18 16:13 -------- d-sh--w- c:\documents and settings\Lucas\IETldCache

    2010-12-18 10:04 . 2010-12-22 15:55 -------- d-----w- c:\documents and settings\Solange\Configurações locais\Dados de aplicativos\AskToolbar

    2010-12-16 01:24 . 2010-12-16 01:24 -------- d-----w- c:\arquivos de programas\CCleaner

    2010-12-15 03:54 . 2010-12-15 22:52 -------- d-----w- C:\PenClean

    2010-12-15 00:53 . 2010-12-16 03:32 -------- d-----w- c:\arquivos de programas\Spybot - Search & Destroy

    2010-12-15 00:53 . 2010-12-16 03:30 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

    2010-12-12 15:40 . 2010-12-12 15:40 -------- d-----w- c:\arquivos de programas\gPotato.br

    2010-12-11 17:55 . 2010-12-11 17:55 -------- d-----w- c:\documents and settings\Lukasss\Dados de aplicativos\Disney Interactive Studios

    2010-12-11 17:51 . 2010-12-11 17:51 -------- d-----w- c:\documents and settings\Lukasss\Dados de aplicativos\Leadertech

    2010-12-11 17:48 . 2010-12-11 17:48 107888 ----a-w- c:\windows\system32\CmdLineExt.dll

    2010-12-11 04:50 . 2010-12-11 04:50 -------- d-----w- C:\OnGame

    2010-12-10 15:14 . 2010-12-27 20:17 -------- d-----w- c:\documents and settings\Lukasss\Dados de aplicativos\ClubCooee

    2010-12-10 15:14 . 2010-12-27 17:19 -------- d-----w- c:\documents and settings\Lukasss\Configurações locais\Dados de aplicativos\ClubCooee

    2010-12-08 14:56 . 2010-12-18 17:51 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira

    2010-12-08 04:28 . 2010-10-16 18:55 888424 ----a-w- c:\windows\system32\nvdispco32.dll

    2010-12-08 04:28 . 2010-10-16 18:55 813672 ----a-w- c:\windows\system32\nvgenco32.dll

    2010-12-08 03:55 . 2010-12-08 03:55 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\IObit

    2010-12-08 00:48 . 2010-12-08 00:48 -------- d-----w- c:\documents and settings\Solange\Configurações locais\Dados de aplicativos\Real

    2010-12-08 00:48 . 2010-12-08 00:48 11776 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugins\nprjplug.dll

    2010-12-08 00:48 . 2010-12-08 00:48 -------- d-----w- c:\arquivos de programas\Real

    2010-12-08 00:48 . 2010-12-08 00:48 -------- d-----w- c:\arquivos de programas\Arquivos comuns\xing shared

    2010-12-08 00:48 . 2010-12-08 00:48 151776 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugins\nppl3260.dll

    2010-12-08 00:47 . 2010-12-08 00:47 100352 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugins\nprpjplug.dll

    2010-12-07 03:41 . 2010-12-08 04:29 241120 ----a-w- c:\windows\system32\nvdrsdb0.bin

    2010-12-07 03:41 . 2010-12-08 04:29 241120 ----a-w- c:\windows\system32\nvdrsdb1.bin

    2010-12-07 03:41 . 2010-12-08 04:29 1 ----a-w- c:\windows\system32\nvdrssel.bin

    2010-12-07 03:40 . 2010-10-16 18:55 61440 ----a-w- c:\windows\system32\OpenCL.dll

    2010-12-07 03:40 . 2010-10-16 18:55 13012992 ----a-w- c:\windows\system32\nvcompiler.dll

    2010-12-07 03:22 . 2010-12-08 03:55 -------- d-----w- c:\documents and settings\Lukasss\Dados de aplicativos\IObit

    2010-12-07 03:22 . 2010-12-07 03:22 -------- d-----w- c:\arquivos de programas\IObit

    2010-12-02 17:25 . 2010-12-02 17:25 -------- d-----w- c:\documents and settings\Lukasss\Dados de aplicativos\Need for Speed World

    2010-12-02 13:41 . 2010-12-02 13:41 -------- d-----w- c:\documents and settings\Lukasss\Configurações locais\Dados de aplicativos\Electronic_Arts_Inc

    2010-12-02 13:40 . 2010-12-02 13:40 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Electronic Arts

    2010-11-29 22:15 . 2010-11-29 22:16 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Autodesk Shared

    2010-11-29 21:27 . 2007-05-16 18:45 443752 ----a-w- c:\windows\system32\d3dx10_34.dll

    2010-11-29 21:27 . 2007-05-16 18:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll

    2010-11-29 19:38 . 2010-11-29 19:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

    2010-11-29 19:38 . 2010-11-29 19:38 69632 ----a-w- c:\windows\system32\QuickTime.qts

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2010-12-13 15:34 . 2010-11-25 14:02 1033728 ----a-w- c:\windows\MachineCore.dll

    2010-12-08 00:47 . 2009-06-20 02:18 499712 ----a-w- c:\windows\system32\msvcp71.dll

    2010-12-08 00:47 . 2009-06-20 02:18 348160 ----a-w- c:\windows\system32\msvcr71.dll

    2010-11-23 00:14 . 2010-11-21 00:00 54488 ----a-w- c:\windows\UninstCool.exe

    2010-11-12 20:53 . 2010-07-06 02:56 472808 ----a-w- c:\windows\system32\deployJava1.dll

    2010-11-12 18:34 . 2010-07-06 02:56 73728 ----a-w- c:\windows\system32\javacpl.cpl

    2010-10-16 18:55 . 2009-08-06 21:05 2932840 ----a-w- c:\windows\system32\nvcuvid.dll

    2010-10-16 18:55 . 2009-08-06 21:05 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll

    2010-10-16 18:55 . 2009-08-06 21:05 4882432 ----a-w- c:\windows\system32\nvcuda.dll

    2010-10-16 18:55 . 2007-04-19 05:26 9623680 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

    2010-10-16 18:55 . 2007-04-19 05:26 6359552 ----a-w- c:\windows\system32\nv4_disp.dll

    2010-10-16 18:55 . 2007-04-19 05:26 1462272 ----a-w- c:\windows\system32\nvapi.dll

    2010-10-16 18:55 . 2007-04-19 05:26 14532608 ----a-w- c:\windows\system32\nvoglnt.dll

    2010-10-16 14:04 . 2010-10-16 14:04 81920 ----a-w- c:\windows\system32\nvwddi.dll

    2010-10-16 14:04 . 2010-10-16 14:04 277608 ----a-w- c:\windows\system32\nvmccs.dll

    2010-10-16 14:04 . 2010-10-16 14:04 13851752 ----a-w- c:\windows\system32\nvcpl.dll

    2010-10-16 14:04 . 2010-10-16 14:04 110696 ----a-w- c:\windows\system32\nvmctray.dll

    2010-10-16 14:04 . 2010-10-16 14:04 156776 ----a-w- c:\windows\system32\nvsvc32.exe

    2010-10-16 14:04 . 2010-10-16 14:04 145000 ----a-w- c:\windows\system32\nvcolor.exe

    2005-04-01 01:17 . 2009-06-18 22:46 40960 -c--a-w- c:\arquivos de programas\Uninstall_CDS.exe

    2006-05-03 10:06 163328 --sh--r- c:\windows\system32\flvDX.dll

    2007-02-21 11:47 31232 --sh--r- c:\windows\system32\msfDX.dll

    2008-03-16 13:30 216064 --sh--r- c:\windows\system32\nbDX.dll

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* entradas vazias e legítimas por defeito não são mostradas.

    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

    "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\arquivos de programas\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

    [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

    2010-09-29 00:44 1400712 ----a-w- c:\arquivos de programas\Ask.com\GenericAskToolbar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\arquivos de programas\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\arquivos de programas\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "AlcoholAutomount"="c:\arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-02-24 203928]

    "Dyyno Launcher"="c:\documents and settings\Lukasss\Configurações locais\Dados de aplicativos\Dyyno Viewer\dyyno_launcher.exe" [2010-06-21 2147680]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "RemoteControl"="c:\arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 32768]

    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

    "LGODDFU"="c:\arquivos de programas\lg_fwupdate\fwupdate.exe" [2005-04-12 229376]

    "iTunesHelper"="c:\arquivos de programas\iTunes\iTunesHelper.exe" [2010-02-15 141608]

    "InCD"="c:\arquivos de programas\Ahead\InCD\InCD.exe" [2005-06-10 1397760]

    "BigDogPath"="c:\windows\VM_STI.EXE" [2003-01-21 40960]

    "AdobeCS4ServiceManager"="c:\arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

    "SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-05-14 248552]

    "Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

    "Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

    "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2010-12-08 274608]

    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]

    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]

    "nwiz"="c:\arquivos de programas\NVIDIA Corporation\nView\nwiz.exe" [2010-08-26 1753192]

    "QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2010-11-29 421888]

    "avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2010-09-03 281768]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

    c:\documents and settings\Lucas\Menu Iniciar\Programas\Inicializar\

    Adobe Gamma.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

    "c:\\Level Up! Games\\Grand Chase Season 2\\main.exe"=

    "c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

    "c:\\Arquivos de programas\\eMule\\emule.exe"=

    "c:\\Arquivos de programas\\Adobe\\Adobe Dreamweaver CS4\\Dreamweaver.exe"=

    "c:\\Arquivos de programas\\Winamp Remote\\bin\\Orb.exe"=

    "c:\\Arquivos de programas\\Winamp Remote\\bin\\OrbTray.exe"=

    "c:\\Arquivos de programas\\Winamp Remote\\bin\\OrbStreamerClient.exe"=

    "c:\\WINDOWS\\system32\\dpvsetup.exe"=

    "c:\\Arquivos de programas\\Opera\\opera.exe"=

    "c:\\Arquivos de programas\\Autodesk\\Backburner\\monitor.exe"=

    "c:\\Arquivos de programas\\Autodesk\\Backburner\\manager.exe"=

    "c:\\Arquivos de programas\\Autodesk\\Backburner\\server.exe"=

    "c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"=

    "c:\\Arquivos de programas\\VirtualDJ\\virtualdj.exe"=

    "c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

    "c:\\Arquivos de programas\\iTunes\\iTunes.exe"=

    "c:\\Level Up! Games\\Grand Chase Season 2\\grandchase.exe"=

    "c:\\Arquivos de programas\\Arquivos comuns\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

    "c:\\Level Up! Games\\Combat Arms\\NMService.exe"=

    "c:\level up! games\Combat Arms\CombatArms.exe"= c:\level up! games\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe

    "c:\\Level Up! Games\\Combat Arms\\NGM.exe"=

    "c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

    "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

    "c:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

    "c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

    "c:\\Arquivos de programas\\Pando Networks\\Media Booster\\PMB.exe"=

    "c:\\xampp\\mysql\\bin\\mysqld.exe"=

    "c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

    "c:\\Arquivos de programas\\Google\\Google Earth\\client\\googleearth.exe"=

    "c:\\Documents and Settings\\Lukasss\\Meus documentos\\Downloads\\Pro.Evolution.Soccer.2009.Full-Rip.Skullptura\\Pro.Evolution.Soccer.2009.Full-Rip.Skullptura\\PES 2009\\pes2009.exe"=

    "c:\\Arquivos de programas\\Autodesk\\3ds Max 2010\\3dsmax.exe"=

    "c:\\Arquivos de programas\\Autodesk\\3ds Max 2010\\mentalray\\satellite\\raysat_3dsmax2010_32server.exe"=

    "c:\\Arquivos de programas\\Autodesk\\3ds Max 2010\\mentalray\\satellite\\raysat_3dsmax2010_32.exe"=

    "c:\level up! games\Combat Arms\Engine.exe"= c:\level up! games\Combat Arms\Engine.exe:*Enabled:Engine.exe

    "c:\\WINDOWS\\system32\\ftp.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

    "57511:TCP"= 57511:TCP:Pando Media Booster

    "57511:UDP"= 57511:UDP:Pando Media Booster

    "2786:TCP"= 2786:TCP:tevctzp

    "5500:TCP"= 5500:TCP:VNCV

    "5353:TCP"= 5353:TCP:Adobe CSI CS4

    "57389:TCP"= 57389:TCP:Pando Media Booster

    "57389:UDP"= 57389:UDP:Pando Media Booster

    "6000:TCP"= 6000:TCP:The Duel

    "9700:TCP"= 9700:TCP:The Duel

    "9600:UDP"= 9600:UDP:The Duel

    "9610:UDP"= 9610:UDP:The Duel

    "63000:UDP"= 63000:UDP:The Duel

    "63005:UDP"= 63005:UDP:The Duel

    "57635:TCP"= 57635:TCP:Pando Media Booster

    "57635:UDP"= 57635:UDP:Pando Media Booster

    "1037:TCP"= 1037:TCP:Akamai NetSession Interface

    "5000:UDP"= 5000:UDP:Akamai NetSession Interface

    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26/6/2009 20:13 721904]

    R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [4/8/2004 01:45 14336]

    R2 AntiVirSchedulerService;Avira AntiVir Agendamento;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [18/12/2010 15:52 135336]

    R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [27/1/2010 00:09 50704]

    R3 XDva370;XDva370;\??\c:\windows\system32\XDva370.sys --> c:\windows\system32\XDva370.sys [?]

    R3 XDva375;XDva375;\??\c:\windows\system32\XDva375.sys --> c:\windows\system32\XDva375.sys [?]

    S2 gupdate1c9f14d4866eb10;Google Update Service (gupdate1c9f14d4866eb10);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [22/10/2010 22:01 136176]

    S2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\arquivos de programas\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [12/3/2009 17:36 86016]

    S2 nbyfsju;Manager Center;c:\windows\system32\svchost.exe -k netsvcs [4/8/2004 01:45 14336]

    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

    S3 PPJoyBus;Parallel Port Joystick Bus Enumerator;c:\windows\system32\drivers\PPJoyBus.sys [4/11/2009 01:03 15936]

    S3 PPortJoystick;Parallel Port Joystick Device Driver;c:\windows\system32\drivers\PPortJoy.sys [4/11/2009 01:03 31808]

    S3 WallHack-sXe80;WallHack-sXe80;\??\c:\documents and settings\Lukasss\Desktop\Counter Strike\sXeWallHack80 www.tkt-cheats.net\WallHack-sXe80.sys --> c:\documents and settings\Lukasss\Desktop\Counter Strike\sXeWallHack80 www.tkt-cheats.net\WallHack-sXe80.sys [?]

    S3 WallHack;WallHack;\??\c:\documents and settings\Lukasss\Desktop\Counter Strike\WallHacksXev8.0\WallHack.sys --> c:\documents and settings\Lukasss\Desktop\Counter Strike\WallHacksXev8.0\WallHack.sys [?]

    S3 XDva279;XDva279;\??\c:\windows\system32\XDva279.sys --> c:\windows\system32\XDva279.sys [?]

    S3 XDva281;XDva281;\??\c:\windows\system32\XDva281.sys --> c:\windows\system32\XDva281.sys [?]

    S3 XDva297;XDva297;\??\c:\windows\system32\XDva297.sys --> c:\windows\system32\XDva297.sys [?]

    S3 XDva327;XDva327;\??\c:\windows\system32\XDva327.sys --> c:\windows\system32\XDva327.sys [?]

    S3 XDva343;XDva343;\??\c:\windows\system32\XDva343.sys --> c:\windows\system32\XDva343.sys [?]

    S3 XDva347;XDva347;\??\c:\windows\system32\XDva347.sys --> c:\windows\system32\XDva347.sys [?]

    S3 XDva352;XDva352;\??\c:\windows\system32\XDva352.sys --> c:\windows\system32\XDva352.sys [?]

    S3 XDva354;XDva354;\??\c:\windows\system32\XDva354.sys --> c:\windows\system32\XDva354.sys [?]

    S3 XDva356;XDva356;\??\c:\windows\system32\XDva356.sys --> c:\windows\system32\XDva356.sys [?]

    S3 XDva358;XDva358;\??\c:\windows\system32\XDva358.sys --> c:\windows\system32\XDva358.sys [?]

    S3 XDva359;XDva359;\??\c:\windows\system32\XDva359.sys --> c:\windows\system32\XDva359.sys [?]

    S3 ZIDDRVR;ZIDDRVR;\??\c:\documents and settings\Lucas\Desktop\Ryu Engine\zid32.sys --> c:\documents and settings\Lucas\Desktop\Ryu Engine\zid32.sys [?]

    --- =Outros Serviços/Drivers Na Memória ---

    *Deregistered* - dump_wmimmc

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

    Akamai REG_MULTI_SZ Akamai

    .

    Conteúdo da pasta 'Tarefas Agendadas'

    2010-12-22 c:\windows\Tasks\AppleSoftwareUpdate.job

    - c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34]

    2010-12-28 c:\windows\Tasks\Game_Booster_Startup.job

    - c:\arquivos de programas\IObit\Game Booster 2\GameBox.exe [2010-12-08 21:08]

    2010-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

    - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-10-23 00:01]

    2010-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

    - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-10-23 00:01]

    2010-08-21 c:\windows\Tasks\Install.job

    - c:\windows\system32\Macromed\Shockwave 10\nssstub.exe [2010-08-20 16:48]

    2010-12-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1292428093-2146940605-1801674531-1003.job

    - c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-11-05 13:33]

    2010-12-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1292428093-2146940605-1801674531-1005.job

    - c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-11-05 13:33]

    2010-12-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1292428093-2146940605-1801674531-1006.job

    - c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-11-05 13:33]

    2010-12-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1292428093-2146940605-1801674531-1007.job

    - c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-11-05 13:33]

    2010-12-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1292428093-2146940605-1801674531-1003.job

    - c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-11-05 13:33]

    2010-12-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1292428093-2146940605-1801674531-1005.job

    - c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-11-05 13:33]

    2010-12-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1292428093-2146940605-1801674531-1006.job

    - c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-11-05 13:33]

    2010-12-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1292428093-2146940605-1801674531-1007.job

    - c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-11-05 13:33]

    2010-12-28 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

    - c:\arquivos de programas\Ask.com\UpdateTask.exe [2010-09-29 00:44]

    .

    .

    ------- Scan Suplementar -------

    .

    uStart Page = hxxp://www.google.com.br/

    uInternet Connection Wizard,ShellNext = iexplore

    uInternet Settings,ProxyOverride = local;*.local

    uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=%s

    IE: Baixar com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dllink.htm

    IE: Baixar tudo com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlall.htm

    IE: Baixar vídeo com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlfvideo.htm

    IE: Download selecionado pelo Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlselected.htm

    IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~4\Office12\EXCEL.EXE/3000

    FF - ProfilePath - c:\documents and settings\Lukasss\Dados de aplicativos\Mozilla\Firefox\Profiles\clziactc.default\

    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

    FF - prefs.js: network.proxy.type - 0

    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2010-12-28 16:14

    Windows 5.1.2600 Service Pack 2 NTFS

    Procurando processos ocultos ...

    Procurando entradas auto inicializáveis ocultas ...

    Procurando ficheiros/arquivos ocultos ...

    Varredura completada com sucesso

    arquivos/ficheiros ocultos: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]

    "ImagePath"="c:\windows\system32\GameMon.des -service"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nbyfsju]

    "ServiceDll"="c:\windows\system32\bbwpqb.dll"

    .

    --------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    --------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

    - - - - - - - > 'explorer.exe'(1172)

    c:\windows\system32\ieframe.dll

    c:\windows\system32\msi.dll

    c:\windows\system32\webcheck.dll

    .

    Tempo para conclusão: 2010-12-28 16:21:20

    ComboFix-quarantined-files.txt 2010-12-28 18:21

    ComboFix2.txt 2010-12-24 04:23

    ComboFix3.txt 2010-12-22 21:35

    Pré-execução: 18 pasta(s) 24.967.753.728 bytes disponíveis

    Pós execução: 19 pasta(s) 25.666.158.592 bytes disponíveis

    - - End Of File - - BE02F6B5A920BE98CD81841C3EB9ADBC

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Leia atentamente toda a instrução abaixo antes de executar o programa.

    Faça download do Kaspersky Removal Tool e salve em seu desktop.

    • Instale o programa normalmente, seguindo todas as instruções.
    • Uma pasta chamada Virus Removal Tool será criada no desktop.
    • Na tela do programa clique nas opções:
      • Meu computador
      • Hidden Startup objects
      • Disk boot sectors
      • System Memory

      [*]Clique no botão Start Scan.[*]Seja paciente, o scan é demorado![*]Conforme for scaneando provavelmente abrirá algumas janelas pequenas ao lado do relógio, não clique em nada.[*]Também há uma possibilidade de abrir uma janela maior contendo as seguintes opções:

      • Desinfection (quando possível)
      • Delete
      • Skip
    • Quando aparecer, marque primero a opção abaixo Apply to all objects e depois clique numa das opções acima.
    • Após completar tudo, clique no botão Reports, na janela que abrir nas opções acima deixe:
      • Autoscan
      • Group by result
      • All Events

      [*]Expanda Autoscan clicando no sinal ao lado de +[*]Expanda Result: Detected.[*]Clique com o botão direito do mouse e escolha Select all, e depois escolha Copy.[*]Atenção, ao fazer isso parece que o PC travou, mas não, aguarde uns minutos para liberar a memória.[*]Abra o Bloco de Notas e cole (ctrl + v)[*]Dê um nome para o arquivo e salve numa pasta de sua preferência.[*]Feche o resultado clicando no botão Exit.[*]Ao fazer isso será questionado se quer desinstalar a ferramenta, clique em Sim.[*]Reinicie o computador quando for pedido.[*]Poste o conteúdo desse arquivo em sua próxima resposta.

    OBSERVAÇÃO1:
    Atente para as janelas durante o scan elas possuem cores diferentes dependendo do risco. Portanto,

    • verde
      :
      baixo risco
    • amarelo
      :
      médio risco
    • vermelho
      :
      alto risco

    Antes de tomar qualquer medida verifique com cuidado o caminho/nome do arquivo para ver é de seu conhecimento, caso seja clique em
    Skip
    .

    OBSERVAÇÃO2:
    Se no resultado final do scan apenas tiver
    Result:
    OK
    , não precisa gerar um relatório, apenas informe deste.

    OBSERVAÇÃO3:
    Durante o scan pode ser que o Kaspersky acuse a seguinte pasta com vírus:
    c:\
    QooBox
    . Caso isto aconteça escolha a opção
    Skip
    , pois a mesma pertence ao
    ComboFix
    e será removida quando o mesmo for desinstalado.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • como diz na observação 2

    tudo ok

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Parabéns, seu log está limpo.

    De agora em diante fique ALERTA!

    Para finalizar faça o seguinte:

    Vá em Iniciar > Executar e digite ComboFix /Uninstall . Isso desinstalará o ComboFix de sua máquina.

    Faça download do OTCleanIt by OldTimer

    • Salve no seu desktop (área/ambiente de trabalho).
    • Duplo-clique no icone do OTC.
    • Clique no botão "Cleanup" 8gehxg0.gif
    • Permita que o seu computador seja reiniciado.

    Sugiro que rode o CCleaner para fazer uma limpeza em sua máquina. Faça o download dele aqui CCleaner

    • Abra o programa e clique em Executar Limpeza;
    • Após isto, clique em Erros >> Procurar erros >> Corrigir Erros

    Sugiro também que consulte este artigo: Proteja seu PC

    Mais algum problema com o computador?

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com a moderação solicitando o desbloqueio.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Visitante
    Este tópico está impedido de receber novos posts.
    Entre para seguir isso  





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×