20 respostas neste tópico

[Erik8]

Já fiz todos os procedimentos solicitados no Tópico Oficial. Segue o log abaixo.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:28:32, on 10/5/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\stsystra.exe
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\ZSSnp211.exe
C:\WINDOWS\Domino.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\Nova pasta\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll
O2 - BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Foxit PDF Creator Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avast] "C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Free Download Manager] "C:\Arquivos de programas\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil11g_Plugin.exe -update plugin
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm
O8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm
O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa...b/GBPDIST2K.CAB
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! antivírus - AVAST Software - C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Arquivos de programas\Skype\Updater\Updater.exe

--
End of file - 7705 bytes

[ciro-mota]

Erik8,

1)


Baixe o AdwCleaner e salve no desktop.
http://general-chang...de/2-adwcleaner

Execute o arquivo adwcleaner.exe

*** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo MbrScan.exe, depois clique em .

Clique em Delete.

Abrirá um bloco de notas com o resultado. Selecione, copie e cole o seu conteúdo na próxima resposta.

2)

Baixe o Malwarebytes' Anti-Malware (MBAM)
http://download.cnet...4-10804572.html

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.

• Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.
  
• Se houver atualizações a serem feitas, serão baixadas e instaladas.
  
• Ao final da atualização, com o programa aberto, marque Verificação Rápida e clique no botão Verificar.
  
• Começará então o exame. Aguarde, pois pode demorar.
  
• Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.
  
• Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.
  
• Ao final da desinfecção, abrirá o Bloco de notas com um log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
  
• O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do programa.
  
• Selecione, copie e cole todo o conteúdo deste log na sua próxima resposta, juntamente com um novo log do HijackThis.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

[Erik8]

# AdwCleaner v1.606 - Logfile created 05/10/2012 at 17:08:52
# Updated 10/05/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Usuario - PC
# Running from : C:\Documents and Settings\Usuario\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\DOCUME~1\Usuario\CONFIG~1\Temp\AskSearch
Folder Deleted : C:\Documents and Settings\Usuario\Dados de aplicativos\PriceGong
Folder Deleted : C:\Documents and Settings\Usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\2l2p8cs4.default\ConduitCommon
Folder Deleted : C:\Arquivos de programas\Ask.com
Folder Deleted : C:\Arquivos de programas\Conduit
Folder Deleted : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Deleted : C:\WINDOWS\system32\conduitEngine.tmp
File Deleted : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

***** [Registry] *****

[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2851643
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v12.0 (pt-BR)

Profile name : default
File : C:\Documents and Settings\Usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\2l2p8cs4.default\prefs.js

Deleted : user_pref("CT2851643..clientLogIsEnabled", true);
Deleted : user_pref("CT2851643..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2851643..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2851643.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2851643.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2851643.AppTrackingLastCheckTime", "Sun Nov 20 2011 10:36:35 GMT-0200");
Deleted : user_pref("CT2851643.CTID", "CT2851643");
Deleted : user_pref("CT2851643.CurrentServerDate", "25-11-2011");
Deleted : user_pref("CT2851643.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2851643.DialogsGetterLastCheckTime", "Tue Nov 22 2011 12:28:47 GMT-0200");
Deleted : user_pref("CT2851643.DownloadReferralCookieData", "");
Deleted : user_pref("CT2851643.EMailNotifierPollDate", "Thu Nov 24 2011 22:24:18 GMT-0200");
Deleted : user_pref("CT2851643.FeedLastCount1733423638652034402", 501);
Deleted : user_pref("CT2851643.FeedPollDate2429156812186649977", "Thu Nov 24 2011 21:44:18 GMT-0200");
Deleted : user_pref("CT2851643.FeedPollDate2429156813040823546", "Thu Nov 24 2011 21:44:18 GMT-0200");
Deleted : user_pref("CT2851643.FeedPollDate2429156813130095866", "Thu Nov 24 2011 21:44:18 GMT-0200");
Deleted : user_pref("CT2851643.FeedPollDate2429156813224203613", "Thu Nov 24 2011 21:44:18 GMT-0200");
Deleted : user_pref("CT2851643.FeedPollDate2429156813230837251", "Thu Nov 24 2011 21:44:18 GMT-0200");
Deleted : user_pref("CT2851643.FeedPollDate2429156813454291735", "Thu Nov 24 2011 21:44:18 GMT-0200");
Deleted : user_pref("CT2851643.FeedPollDate2429156813729834876", "Thu Nov 24 2011 21:44:18 GMT-0200");
Deleted : user_pref("CT2851643.FeedPollDate2429156813860870021", "Thu Nov 24 2011 21:44:19 GMT-0200");
Deleted : user_pref("CT2851643.FeedPollDate2429156814264681793", "Thu Nov 24 2011 21:44:18 GMT-0200");
Deleted : user_pref("CT2851643.FeedPollDate2429156814863075366", "Thu Nov 24 2011 21:44:18 GMT-0200");
Deleted : user_pref("CT2851643.FeedPollDate2429156815257761081", "Thu Nov 24 2011 21:44:18 GMT-0200");
Deleted : user_pref("CT2851643.FeedTTL2429156813040823546", 15);
Deleted : user_pref("CT2851643.FeedTTL2429156813130095866", 10);
Deleted : user_pref("CT2851643.FeedTTL2429156813454291735", 5);
Deleted : user_pref("CT2851643.FeedTTL2429156814264681793", 5);
Deleted : user_pref("CT2851643.FirstServerDate", "1-8-2011");
Deleted : user_pref("CT2851643.FirstTime", true);
Deleted : user_pref("CT2851643.FirstTimeFF3", true);
Deleted : user_pref("CT2851643.FixPageNotFoundErrors", false);
Deleted : user_pref("CT2851643.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2851643.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2851643.HasUserGlobalKeys", true);
Deleted : user_pref("CT2851643.HomePageProtectorEnabled", false);
Deleted : user_pref("CT2851643.Initialize", true);
Deleted : user_pref("CT2851643.InitializeCommonPrefs", true);
Deleted : user_pref("CT2851643.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2851643.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2851643.InstalledDate", "Mon Aug 01 2011 12:41:34 GMT-0300 (Hora oficial do Brasil)");
Deleted : user_pref("CT2851643.IsAlertDBUpdated", true);
Deleted : user_pref("CT2851643.IsGrouping", false);
Deleted : user_pref("CT2851643.IsInitSetupIni", true);
Deleted : user_pref("CT2851643.IsMulticommunity", false);
Deleted : user_pref("CT2851643.IsOpenThankYouPage", true);
Deleted : user_pref("CT2851643.IsOpenUninstallPage", false);
Deleted : user_pref("CT2851643.LanguagePackLastCheckTime", "Thu Nov 24 2011 22:01:53 GMT-0200");
Deleted : user_pref("CT2851643.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2851643.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2851643.LastLogin_3.5.0.12", "Tue Aug 16 2011 23:00:25 GMT-0300 (Hora oficial do Brasil[...]
Deleted : user_pref("CT2851643.LastLogin_3.6.0.10", "Thu Sep 22 2011 19:58:05 GMT-0300 (Hora oficial do Brasil[...]
Deleted : user_pref("CT2851643.LastLogin_3.7.0.6", "Tue Nov 08 2011 19:52:35 GMT-0200");
Deleted : user_pref("CT2851643.LastLogin_3.8.0.8", "Thu Nov 24 2011 21:46:54 GMT-0200");
Deleted : user_pref("CT2851643.LatestVersion", "3.8.0.8");
Deleted : user_pref("CT2851643.Locale", "pt");
Deleted : user_pref("CT2851643.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2851643.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2851643.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2851643.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2851643.OriginalFirstVersion", "3.5.0.12");
Deleted : user_pref("CT2851643.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT2851643.SearchBoxWidth", 148);
Deleted : user_pref("CT2851643.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
Deleted : user_pref("CT2851643.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2851643.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT285[...]
Deleted : user_pref("CT2851643.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2851643.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2851643.SearchInNewTabLastCheckTime", "Thu Nov 24 2011 22:01:51 GMT-0200");
Deleted : user_pref("CT2851643.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2851643.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Deleted : user_pref("CT2851643.SearchProtectorEnabled", false);
Deleted : user_pref("CT2851643.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2851643.ServiceMapLastCheckTime", "Thu Nov 24 2011 22:01:51 GMT-0200");
Deleted : user_pref("CT2851643.SettingsLastCheckTime", "Thu Nov 24 2011 20:37:32 GMT-0200");
Deleted : user_pref("CT2851643.SettingsLastUpdate", "1321891295");
Deleted : user_pref("CT2851643.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2851643.ThirdPartyComponentsLastCheck", "Sat Nov 19 2011 10:22:42 GMT-0200");
Deleted : user_pref("CT2851643.ThirdPartyComponentsLastUpdate", "1311768090");
Deleted : user_pref("CT2851643.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2851643.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2851643");
Deleted : user_pref("CT2851643.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2851643.UserID", "UN34409551588773224");
Deleted : user_pref("CT2851643.ValidationData_Search", 2);
Deleted : user_pref("CT2851643.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2851643.WeatherNetwork", "");
Deleted : user_pref("CT2851643.WeatherPollDate", "Thu Nov 24 2011 22:10:20 GMT-0200");
Deleted : user_pref("CT2851643.WeatherUnit", "C");
Deleted : user_pref("CT2851643.alertChannelId", "1243677");
Deleted : user_pref("CT2851643.backendstorage.cbfirsttime", "5765642053657020323820323031312030303A34363A34382[...]
Deleted : user_pref("CT2851643.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F67[...]
Deleted : user_pref("CT2851643.backendstorage.url_history", "687474703A2F2F7777772E6C616E63656E65742E636F6D2E6[...]
Deleted : user_pref("CT2851643.backendstorage.url_history_time", "31333232313830353731303831");
Deleted : user_pref("CT2851643.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2851643.globalFirstTimeInfoLastCheckTime", "Thu Nov 24 2011 21:46:53 GMT-0200");
Deleted : user_pref("CT2851643.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2851643.initDone", true);
Deleted : user_pref("CT2851643.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2851643.myStuffEnabled", true);
Deleted : user_pref("CT2851643.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2851643.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2851643.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2851643.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2851643.oldAppsList", "129351530870587943,129351530870900444,1000234,129351530871056696[...]
Deleted : user_pref("CT2851643.revertSettingsEnabled", true);
Deleted : user_pref("CT2851643.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2851643.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2851643.testingCtid", "");
Deleted : user_pref("CT2851643.toolbarAppMetaDataLastCheckTime", "Thu Nov 24 2011 22:01:52 GMT-0200");
Deleted : user_pref("CT2851643.toolbarContextMenuLastCheckTime", "Mon Nov 21 2011 20:26:39 GMT-0200");
Deleted : user_pref("CT2851643.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1243677/1239350/BR", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2851643", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2851643",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2851643&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=pt", "\"ea9[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\Usuario\\Dados de [...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.0.8");
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://YouTube.conduitapps.com/v115/gadget.php?appMo[...]
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2851643");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2851643");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2851643");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Thu Nov 24 2011 22:01:51 GMT-0200");
Deleted : user_pref("CommunityToolbar.globalUserId", "a0e8343f-72f9-4535-a0b0-01e5a86b0329");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sat Nov 19 2011 01:32:5[...]
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Thu Nov 24 2011 22:01:59 GMT-020[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Thu Nov 24 2011 22:01:51 GMT-0200");
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "7751d116-1daa-4522-8f9c-1d6afcd70824");

*************************

AdwCleaner[S1].txt - [16850 octets] - [10/05/2012 17:08:52]

########## EOF - C:\AdwCleaner[S1].txt - [16979 octets] ##########

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Versão da Base de Dados: v2012.05.10.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Usuario :: PC [administrador]

10/5/2012 17:24:02
mbam-log-2012-05-10 (17-24-02).txt

Tipo de Verificação: Verificação Rápida
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados: 178822
Tempo decorrido: 6 minuto(s), 6 segundo(s)

Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 4
HKCR\CLSID\{3A6A11A6-07E6-11D5-AC39-004005404D2E} (Worm.Ructo) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\TypeLib\{3A6A11A4-07E6-11D5-AC39-004005404D2E} (Worm.Ructo) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\Interface\{0F9550F1-0805-11D5-AC39-004005404D2E} (Worm.Ructo) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\mczipunziplib.mczip (Worm.Ructo) -> Enviado para a Quarentena e deletado com sucesso.

Valores de Registro Detectadas: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\WINDOWS\SYSTEM32\MCZIPUNZIPLIB.DLL (Worm.Ructo) -> Data: 1 -> Enviado para a Quarentena e deletado com sucesso.

Itens de Dados no Registro Detectadas: 1
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Ruim: (1) Bom: (0) -> Enviado para a Quarentena e reparado com sucesso.

Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)

Arquivos Detectados: 1
C:\WINDOWS\system32\mczipunziplib.dll (Worm.Ructo) -> Enviado para a Quarentena e deletado com sucesso.

(fim)

[Erik8]

Mais alguma coisa a fazer?

[ciro-mota]

Erik8, peço desculpas pela demora.

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

Faça o download do ComboFix
http://download.blee...Bs/ComboFix.exe

Salve-o na sua área de trabalho.

• Feche todas as janelas e programas. Rode o ComboFix.
  
• Dê um duplo-clique no combofix.exe e tecle "Sim" para prosseguir.
  
• Quando perguntado se deseja instalar o Console de Recuperação, clique em Sim e agüarde.
  
• Clique em OK para aceitar o EULA, e depois clique em Sim para continuar a busca por malwares.

Não clique em nada e não aperte nenhuma tecla durante o exame, pois a ferramenta não funcionará corretamente.

Quando a ferramenta terminar de rodar, gerará um log. Poste o conteúdo do arquivo C:\ComboFix.txt na sua próxima resposta.
Faça um novo log do HijackThis e cole na sua resposta.

Importante:

• É necessário estar conectado durante o procedimento com o ComboFix;
  
• É preciso estar logado no sistema com privilégios de administrador.
  
• Baixe e SALVE o ComboFix. Na janela de download, onde aparecem as opções Executar / Salvar, clique em Salvar. Não execute o ComboFix na janela do seu navegador.
  
• Mantenha seu antivírus, antispywares e firewall desativados durante os procedimentos com o ComboFix. Torne a ativá-los quando terminar tudo.
  
• Caso você já tenha usado o Combofix anteriormente, então delete-o e baixe-o novamente.
  
• Caso o Console de Recuperação já esteja instalado nesta máquina, o ComboFix não irá lhe sugerir a instalação.
  
• Não rode o ComboFix mais do que uma vez. Isso irá sobreescrever o log e atrasará a remoção do(s) malware(s)
  
• O ComboFix é uma ferramenta que pode danificar o sistema se for usada incorretamente. Use-o apenas sob supervisão de um analista de malwares.

[Erik8]

ComboFix 12-05-17.05 - Usuario 17/05/2012 19:12:29.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1022.521 [GMT -3:00]
Executando de: c:\documents and settings\Usuario\Desktop\ComboFix.exe
AV: avast! antivírus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
ADS - system32: deleted 2 bytes in 1 streams.
ADS - drivers: deleted 212 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\zip32.dll
.
c:\windows\system32\drivers\i8042prt.sys . . . está faltando!!
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2012-04-17 to 2012-05-17 ))))))))))))))))))))))))))))
.
.
2012-05-10 20:44 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-05-10 20:44 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-05-10 20:20 . 2012-04-04 18:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-10 20:20 . 2012-05-10 20:20 -------- d-----w- C:\Nova pasta (2)
2012-05-10 18:19 . 2012-05-17 21:50 -------- d-----w- C:\Nova pasta
2012-05-10 18:06 . 2012-05-10 18:06 -------- d-----w- c:\arquivos de programas\CCleaner
2012-05-06 09:02 . 2012-05-06 09:02 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Trymedia
2012-05-03 04:54 . 2012-05-03 04:54 -------- d-----w- c:\arquivos de programas\Mozilla Maintenance Service
2012-05-03 04:54 . 2012-05-03 04:54 157352 ----a-w- c:\arquivos de programas\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-03 04:54 . 2012-05-03 04:54 129976 ----a-w- c:\arquivos de programas\Mozilla Firefox\maintenanceservice.exe
2012-04-22 02:02 . 2007-04-06 14:06 57344 ----a-w- c:\windows\ZSSnp211.exe
2012-04-22 02:02 . 2006-08-18 19:58 49152 ----a-w- c:\windows\Domino.exe
2012-04-22 02:01 . 2007-08-03 13:27 1470592 ----a-w- c:\windows\system32\drivers\ZS211.sys
2012-04-22 02:01 . 2007-04-06 17:21 77824 ----a-w- c:\windows\ZS211Cap.exe
2012-04-22 02:01 . 2006-08-09 20:37 81920 ----a-w- c:\windows\system32\ZS211STI.dll
2012-04-22 02:01 . 2006-03-14 17:28 172032 ----a-w- c:\windows\amcap.exe
2012-04-22 02:01 . 2012-04-22 02:01 -------- d-----w- c:\arquivos de programas\Vimicro
2012-04-22 02:01 . 2012-04-22 02:01 -------- d-----w- c:\documents and settings\Usuario\Dados de aplicativos\InstallShield
2012-04-22 01:53 . 2008-04-13 17:39 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2012-04-22 01:53 . 2008-04-13 17:46 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2012-04-22 01:53 . 2008-04-13 17:46 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2012-04-22 01:53 . 2008-04-14 01:21 16384 ----a-w- c:\windows\system32\ipsink.ax
2012-04-22 01:53 . 2008-04-13 17:46 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2012-04-22 01:53 . 2008-04-13 17:46 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2012-04-22 01:52 . 2008-04-13 17:46 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2012-04-22 01:52 . 2008-04-13 17:46 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2012-04-22 01:51 . 2008-04-14 01:21 28672 ----a-w- c:\windows\system32\vidcap.ax
2012-04-22 01:51 . 2008-04-14 01:21 91648 ----a-w- c:\windows\system32\kswdmcap.ax
2012-04-22 01:51 . 2008-04-14 01:21 43008 ----a-w- c:\windows\system32\ksxbar.ax
2012-04-22 01:51 . 2008-04-14 01:20 54784 ----a-w- c:\windows\system32\vfwwdm32.dll
2012-04-22 01:51 . 2008-04-14 01:21 61952 ----a-w- c:\windows\system32\kstvtune.ax
2012-04-22 01:50 . 2012-04-22 01:54 -------- dc----w- c:\windows\system32\DRVSTORE
2012-04-22 01:50 . 2006-07-14 17:36 172115 ----a-w- c:\windows\system32\ZS211Prp.Ax
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-11 13:51 . 2009-05-02 02:37 1871488 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:50 . 2009-05-03 04:23 2152448 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:50 . 2009-02-09 11:17 2030592 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-27 09:15 . 2011-08-02 02:07 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-07 00:15 . 2011-12-30 17:24 41184 ----a-w- c:\windows\avastSS.scr
2012-03-07 00:15 . 2011-12-30 17:24 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-07 00:03 . 2011-12-30 17:24 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-07 00:03 . 2011-12-30 17:24 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-07 00:02 . 2011-12-30 17:24 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-07 00:01 . 2011-12-30 17:24 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-07 00:01 . 2011-12-30 17:24 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-03-07 00:01 . 2011-12-30 17:24 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-03-07 00:01 . 2011-12-30 17:24 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-06 23:58 . 2011-12-30 17:24 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-03-01 10:59 . 2008-04-13 21:21 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-03-01 10:59 . 2008-04-13 21:20 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 10:59 . 2008-04-13 21:20 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-29 14:09 . 2008-04-13 21:20 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:09 . 2008-04-13 21:20 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2008-04-13 20:55 385024 ----a-w- c:\windows\system32\html.iec
2012-05-03 04:54 . 2011-10-10 01:09 97208 ----a-w- c:\arquivos de programas\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
.
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
.
[-] 2001-09-28 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2001-09-28 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[-] 2008-04-13 . D3D4832B494CBF9A87CF86D7517013CB . 25088 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
.
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
.
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
.
[-] 2001-09-28 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2001-09-28 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[-] 2009-05-02 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2009-05-02 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2008-04-13 . 572AEDA840986672DA2BB9D4183E2AA9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2008-04-13 . 572AEDA840986672DA2BB9D4183E2AA9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\browser.dll
.
[-] 2008-04-13 . 9607142710D3B64AB7FCCE4BE4E30D37 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2008-04-13 . 9607142710D3B64AB7FCCE4BE4E30D37 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lsass.exe
.
[-] 2008-04-13 . B199C4F441DDAB10253ABC0AC4858BFF . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2008-04-13 . B199C4F441DDAB10253ABC0AC4858BFF . 198144 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netman.dll
.
[-] 2008-04-13 21:20 . D3F8E8DBE93A80440CAC78B305B40A67 . 821760 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[-] 2008-04-13 21:20 . D3F8E8DBE93A80440CAC78B305B40A67 . 821760 . . [2001.12.4414.700] . . c:\windows\system32\dllcache\comres.dll
.
[-] 2008-04-13 . F0F5EEF8C4B0444E6E4D8E09F7A8F0A8 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-13 . F0F5EEF8C4B0444E6E4D8E09F7A8F0A8 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\dllcache\qmgr.dll
.
[-] 2009-05-03 . B5AE6227853C4B6A723567A8DEF68F03 . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-05-03 . B5AE6227853C4B6A723567A8DEF68F03 . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
.
[-] 2009-05-03 . 38867483E0CB504BB8F277E05729881E . 111104 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-05-03 . 38867483E0CB504BB8F277E05729881E . 111104 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
.
[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[-] 2008-04-13 . AF1D9AE15C11163F576DF6ED6194B53C . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe
.
[-] 2008-04-13 . 71D440F79B711627B12B567FB2EADB42 . 509952 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-04-13 . 71D440F79B711627B12B567FB2EADB42 . 509952 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\winlogon.exe
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
.
[-] 2010-08-23 . 6CF079A582D64AC2BF7932F323F76BD2 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2010-08-23 . 6CF079A582D64AC2BF7932F323F76BD2 . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2010-08-23 . 3976FAE773878603E12188B29B86FD69 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[-] 2008-04-13 . 085C5892D9C1E19B3CEFD1B79F5BBF13 . 617472 . . [5.82] . . c:\windows\$NtUninstallKB2296011$\comctl32.dll
[-] 2008-04-13 . 3356DF9145BC1AD45B43C528F9F7527C . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2001-09-28 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
.
[-] 2008-04-13 . 554798AAD881736DFC4D08C572DECD7A . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2008-04-13 . 554798AAD881736DFC4D08C572DECD7A . 62464 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\cryptsvc.dll
.
[-] 2009-05-02 02:35 . 58586EB44E6FD9A711943647C8451741 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2009-05-02 02:35 . 58586EB44E6FD9A711943647C8451741 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
.
[-] 2008-04-13 . 05C621EAA979D33A12F3B510FF4C6F9F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2008-04-13 . 05C621EAA979D33A12F3B510FF4C6F9F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\imm32.dll
.
[-] 2009-05-02 . 03DA51CE83B0D693A10C91B139BBD221 . 1030656 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[-] 2009-05-02 . 03DA51CE83B0D693A10C91B139BBD221 . 1030656 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
.
[-] 2008-04-13 . 1E47527C69E79ECC13326BFB2E178394 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2008-04-13 . 1E47527C69E79ECC13326BFB2E178394 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\linkinfo.dll
.
[-] 2008-04-13 . 5F6337EAC9EA401AA0F9040CB6F16C80 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2008-04-13 . 5F6337EAC9EA401AA0F9040CB6F16C80 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lpk.dll
.
[-] 2008-04-13 . 63C2A8E1E33C8C714F11C91400F291E0 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2008-04-13 . 63C2A8E1E33C8C714F11C91400F291E0 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\dllcache\msvcrt.dll
[-] 2008-04-13 . 25E2B1C5D3CE1EC3517C755A1FCD3B0E . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2001-09-28 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
.
[-] 2009-05-02 . 5265EA72F599CF8277A34780F6369B60 . 247808 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2009-05-02 . 5265EA72F599CF8277A34780F6369B60 . 247808 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
.
[-] 2008-04-13 . 49897D67B04E62F8E59EB8B1C7DF7072 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2008-04-13 . 49897D67B04E62F8E59EB8B1C7DF7072 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netlogon.dll
.
[-] 2008-04-13 . C008BBC88156E0EE109C7FF445CD9555 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2008-04-13 . C008BBC88156E0EE109C7FF445CD9555 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\powrprof.dll
.
[-] 2008-04-13 . 879E802EF4EF2405014B170EA41E552B . 184832 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2008-04-13 . 879E802EF4EF2405014B170EA41E552B . 184832 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\scecli.dll
.
[-] 2008-04-13 . 39FD0DD101277F7261C7D602462C9A95 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2008-04-13 . 39FD0DD101277F7261C7D602462C9A95 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfc.dll
.
[-] 2008-04-13 . ED2D69CD4B0EBE37EFE11D4DC4ABC68F . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2008-04-13 . ED2D69CD4B0EBE37EFE11D4DC4ABC68F . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\svchost.exe
.
[-] 2008-04-13 . FEFA8CEBD17A788FDCB9A1C78311AFC3 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2008-04-13 . FEFA8CEBD17A788FDCB9A1C78311AFC3 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\tapisrv.dll
.
[-] 2008-04-13 . 54907DB28872A7A6D3EE2B4747A23828 . 579072 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2008-04-13 . 54907DB28872A7A6D3EE2B4747A23828 . 579072 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll
.
[-] 2008-04-13 . A7EA40F680163808D96F89B4FF991876 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2008-04-13 . A7EA40F680163808D96F89B4FF991876 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\userinit.exe
.
[-] 2008-04-13 . 1FA3C4B2D7E35176E65FB69AB597B0F0 . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2008-04-13 . 1FA3C4B2D7E35176E65FB69AB597B0F0 . 82432 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2_32.dll
.
[-] 2008-04-13 . 6832C2FB8F0D4E97B850BC6515A49633 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2008-04-13 . 6832C2FB8F0D4E97B850BC6515A49633 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2help.dll
.
[-] 2008-04-13 . 064EC7FF5F58B928C3E119402977FA6D . 1035776 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-13 . 064EC7FF5F58B928C3E119402977FA6D . 1035776 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe
.
[-] 2008-04-13 . B01DFF9DDE3A5155D7121BF813AC6DB0 . 150528 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-04-13 . B01DFF9DDE3A5155D7121BF813AC6DB0 . 150528 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regedit.exe
.
[-] 2010-04-16 . B441EF945AD4B44661A8D257D9032D44 . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll
[-] 2010-04-16 . B441EF945AD4B44661A8D257D9032D44 . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll
[-] 2010-04-16 . 68C76F0EC31E693F7A6E262FF7AA4F9E . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
[-] 2008-04-13 . A380011155FA92E1B374D9EA7FFA20CD . 406016 . . [1.0420.2600.5512] . . c:\windows\$NtUninstallKB981322$\usp10.dll
.
[-] 2008-04-14 . 9B1CCC2EB2E18985A9153A983E335AAF . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll
[-] 2008-04-14 . 9B1CCC2EB2E18985A9153A983E335AAF . 4096 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\ksuser.dll
.
[-] 2008-04-13 . 4E486ADFE3A0B9ED0EB0639902E9F64F . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2008-04-13 . 4E486ADFE3A0B9ED0EB0639902E9F64F . 15360 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe
.
[-] 2009-07-27 . 49E3691B7B320381D264D3D9950620AE . 135168 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll
[-] 2009-07-27 . 49E3691B7B320381D264D3D9950620AE . 135168 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll
[-] 2008-04-13 . 8FB4E8C957C22458452EBE96C36F1D94 . 135168 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB971029$\shsvcs.dll
.
[-] 2008-04-13 . 4423787F4261EE43B7341429AF0CBB77 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2008-04-13 . 4423787F4261EE43B7341429AF0CBB77 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll
.
[-] 2008-04-13 . 3DBE0D011E911AADFB6ED17EDC525066 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2008-04-13 . 3DBE0D011E911AADFB6ED17EDC525066 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wscntfy.exe
.
[-] 2008-04-13 . 568DF6E220B431A92B57C4C3BD97870D . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2008-04-13 . 568DF6E220B431A92B57C4C3BD97870D . 129024 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\xmlprov.dll
.
[-] 2008-04-13 . A8CDC8DECE4735B86BBEF28460996C30 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2008-04-13 . A8CDC8DECE4735B86BBEF28460996C30 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\eventlog.dll
.
[-] 2008-04-13 . 698F9583D1EB213B09F12DD5826A46E2 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2008-04-13 . 698F9583D1EB213B09F12DD5826A46E2 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfcfiles.dll
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
.
[-] 2008-04-13 . 70870E16BA3E1B4336C53F483D67FF25 . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2008-04-13 . 70870E16BA3E1B4336C53F483D67FF25 . 59904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regsvc.dll
.
[-] 2008-04-13 . 9C2C97DF8224061D9F7EE18BCA61B02E . 193536 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2008-04-13 . 9C2C97DF8224061D9F7EE18BCA61B02E . 193536 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\schedsvc.dll
.
[-] 2008-04-13 . 4424AE68E670D1270F5026E1AF417933 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2008-04-13 . 4424AE68E670D1270F5026E1AF417933 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ssdpsrv.dll
.
[-] 2008-04-13 . 0F4DB70DCE17B9DC1A5D835B1A5EE469 . 296960 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2008-04-13 . 0F4DB70DCE17B9DC1A5D835B1A5EE469 . 296960 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\termsrv.dll
.
[-] 2008-04-13 . 4059795B00B6B23B7814018D2FBB84FB . 346624 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[-] 2008-04-13 . 4059795B00B6B23B7814018D2FBB84FB . 346624 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\hnetcfg.dll
.
[-] 2008-04-13 . 27683D3EE8FCB7E620B25C8A84B329D6 . 172032 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2008-04-13 . 27683D3EE8FCB7E620B25C8A84B329D6 . 172032 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\appmgmts.dll
.
[-] 2001-09-28 . EBD5CF43AD9526EAB9B2A15A54760EA9 . 11904 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[-] 2008-04-13 15:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\dllcache\aec.sys
[-] 2008-04-13 15:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
.
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
.
[-] 2010-09-18 07:18 . 7E9E27D39EAC36D2E6B1023F9CA915E2 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
[-] 2010-09-18 06:53 . EBA8BC5C21D8EAB3997CC47D9212BACB . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
[-] 2010-09-18 06:53 . EBA8BC5C21D8EAB3997CC47D9212BACB . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll
[-] 2008-04-13 21:20 . DAE8EC624824A8AD8660C2EF5F1ECE0B . 927504 . . [4.1.0.61] . . c:\windows\$NtUninstallKB2387149$\mfc40u.dll
.
[-] 2008-04-13 . 1DCE231F3E55B71B66AA0B7B8FD9BD97 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2008-04-13 . 1DCE231F3E55B71B66AA0B7B8FD9BD97 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\msgsvc.dll
.
[-] 2009-05-02 02:31 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2009-05-02 02:31 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
.
[-] 2008-04-13 21:20 . 209683D85036AAA4E4D8CA732FA51A2B . 437248 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2008-04-13 21:20 . 209683D85036AAA4E4D8CA732FA51A2B . 437248 . . [5.1.2400.5512] . . c:\windows\system32\dllcache\ntmssvc.dll
.
[-] 2008-04-13 . E3C0A6F5732C9E9B2BD2FD3D0AFCEB87 . 186368 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2008-04-13 . E3C0A6F5732C9E9B2BD2FD3D0AFCEB87 . 186368 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\upnphost.dll
.
[-] 2008-04-13 . 24713AE49611471DF8924D5FF562883D . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2008-04-13 . 24713AE49611471DF8924D5FF562883D . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\dsound.dll
.
[-] 2008-04-13 . 22DCF487731B84C57807F85E16044073 . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[-] 2008-04-13 . 22DCF487731B84C57807F85E16044073 . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\dllcache\d3d9.dll
.
[-] 2008-04-13 . B948C29C72073A7B8C9D822C66F9FADA . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2008-04-13 . B948C29C72073A7B8C9D822C66F9FADA . 279552 . . [5.03.2600.5512] . . c:\windows\system32\dllcache\ddraw.dll
.
[-] 2008-04-13 21:20 . 30A6FA4B34A2EC96CDFE2BA3B69233C0 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2008-04-13 21:20 . 30A6FA4B34A2EC96CDFE2BA3B69233C0 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\olepro32.dll
.
[-] 2008-04-13 . 84A41B2B978AB366873CDB289118786C . 40960 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2008-04-13 . 84A41B2B978AB366873CDB289118786C . 40960 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\perfctrs.dll
.
[-] 2008-04-13 . 5383E4C03D7AAE01AA653E756CF20D2E . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[-] 2008-04-13 . 5383E4C03D7AAE01AA653E756CF20D2E . 18944 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\version.dll
.
[-] 2008-04-13 . 4423787F4261EE43B7341429AF0CBB77 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2008-04-13 . 4423787F4261EE43B7341429AF0CBB77 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll
.
[-] 2008-04-13 . E41419F44AC35DD414D436479A0ED211 . 176128 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
[-] 2008-04-13 . E41419F44AC35DD414D436479A0ED211 . 176128 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\w32time.dll
.
[-] 2008-04-13 . 8BCDAECAB7BC90E116ED6BB104EEDBEC . 334336 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
[-] 2008-04-13 . 8BCDAECAB7BC90E116ED6BB104EEDBEC . 334336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wiaservc.dll
.
[-] 2008-04-13 . F70CCB59E0A325896D679A4935E4F835 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
[-] 2008-04-13 . F70CCB59E0A325896D679A4935E4F835 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\midimap.dll
.
[-] 2008-04-13 . 889A287A7B2393109EA6847AA68CD4E9 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
[-] 2008-04-13 . 889A287A7B2393109EA6847AA68CD4E9 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\rasadhlp.dll
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 123536 ----a-w- c:\arquivos de programas\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\arquivos de programas\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"ares"="c:\arquivos de programas\Ares\Ares.exe" [2010-10-27 1015808]
"Free Download Manager"="c:\arquivos de programas\Free Download Manager\fdm.exe" [2011-06-08 3797039]
"Skype"="c:\arquivos de programas\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
"ATIPTA"="c:\arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-10 344064]
"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"avast"="c:\arquivos de programas\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
"ZSSnp211"="c:\windows\ZSSnp211.exe" [2007-04-06 57344]
"Domino"="c:\windows\Domino.exe" [2006-08-18 49152]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
"DWQueuedReporting"="c:\arquiv~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]
2012-01-11 18:01 726360 ----a-w- c:\arquivos de programas\GbPlugin\gbiehcef.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Arquivos de programas\\Winamp\\winamp.exe"=
"c:\\Arquivos de programas\\Ares\\Ares.exe"=
"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=
"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
.
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [1/8/2011 22:38 42584]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [30/12/2011 14:24 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [30/12/2011 14:24 337880]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [29/3/2011 19:21 218688]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [30/12/2011 14:24 20696]
R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [1/8/2011 22:38 194904]
S1 MpKsl2fec59ea;MpKsl2fec59ea;\??\c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{6FFCE150-6025-407B-9557-FAED70ECF6AF}\MpKsl2fec59ea.sys --> c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{6FFCE150-6025-407B-9557-FAED70ECF6AF}\MpKsl2fec59ea.sys [?]
S1 MpKsl322e294b;MpKsl322e294b;\??\c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{DB412E0E-0BFC-4FF3-B96D-7DC4C0E825E5}\MpKsl322e294b.sys --> c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{DB412E0E-0BFC-4FF3-B96D-7DC4C0E825E5}\MpKsl322e294b.sys [?]
S1 MpKsl3411344a;MpKsl3411344a;\??\c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{D1B83032-3E10-43F5-BF07-852209A61264}\MpKsl3411344a.sys --> c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{D1B83032-3E10-43F5-BF07-852209A61264}\MpKsl3411344a.sys [?]
S1 MpKsl4c2eba57;MpKsl4c2eba57;\??\c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{64B088AC-5D26-4E08-B9FC-E22CA39E8067}\MpKsl4c2eba57.sys --> c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{64B088AC-5D26-4E08-B9FC-E22CA39E8067}\MpKsl4c2eba57.sys [?]
S1 MpKsl6995c9aa;MpKsl6995c9aa;\??\c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{CF29326A-11C1-40B0-B80D-2A8DE80D1A8A}\MpKsl6995c9aa.sys --> c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{CF29326A-11C1-40B0-B80D-2A8DE80D1A8A}\MpKsl6995c9aa.sys [?]
S1 MpKsl69c0aa9b;MpKsl69c0aa9b;\??\c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{D1B83032-3E10-43F5-BF07-852209A61264}\MpKsl69c0aa9b.sys --> c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{D1B83032-3E10-43F5-BF07-852209A61264}\MpKsl69c0aa9b.sys [?]
S1 MpKsl6d3be853;MpKsl6d3be853;\??\c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{3F4BA14D-D617-495C-932C-8A1AE6FF93F7}\MpKsl6d3be853.sys --> c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{3F4BA14D-D617-495C-932C-8A1AE6FF93F7}\MpKsl6d3be853.sys [?]
S1 MpKsl87d46c00;MpKsl87d46c00;\??\c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{D6591437-75B1-4645-B887-BC5E46055A58}\MpKsl87d46c00.sys --> c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{D6591437-75B1-4645-B887-BC5E46055A58}\MpKsl87d46c00.sys [?]
S1 MpKsl8bf504c5;MpKsl8bf504c5;\??\c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{610B20F1-6FFA-4287-A76B-B66BAF6FF73D}\MpKsl8bf504c5.sys --> c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{610B20F1-6FFA-4287-A76B-B66BAF6FF73D}\MpKsl8bf504c5.sys [?]
S1 MpKslbd2fc55f;MpKslbd2fc55f;\??\c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{4D5DB105-1BDA-498D-AA27-64737B3687DA}\MpKslbd2fc55f.sys --> c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{4D5DB105-1BDA-498D-AA27-64737B3687DA}\MpKslbd2fc55f.sys [?]
S1 MpKslcc0554f0;MpKslcc0554f0;\??\c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{11FF4C35-FD7A-42F8-A6E4-1FA505955E15}\MpKslcc0554f0.sys --> c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{11FF4C35-FD7A-42F8-A6E4-1FA505955E15}\MpKslcc0554f0.sys [?]
S1 MpKsle4a3abb1;MpKsle4a3abb1;\??\c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{A3B72758-850C-450A-AAB0-648FAF8DB66C}\MpKsle4a3abb1.sys --> c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{A3B72758-850C-450A-AAB0-648FAF8DB66C}\MpKsle4a3abb1.sys [?]
S1 MpKsle79dda38;MpKsle79dda38;\??\c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{CBAA547F-C1FB-4942-B89A-6A5BD4C36281}\MpKsle79dda38.sys --> c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{CBAA547F-C1FB-4942-B89A-6A5BD4C36281}\MpKsle79dda38.sys [?]
S1 MpKsle910ead3;MpKsle910ead3;\??\c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{9D8E76ED-872D-4EE7-99A1-ED40CD8DF0DD}\MpKsle910ead3.sys --> c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{9D8E76ED-872D-4EE7-99A1-ED40CD8DF0DD}\MpKsle910ead3.sys [?]
S1 MpKsle927250e;MpKsle927250e;\??\c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{79487D20-177E-4987-AC8F-BD93664F48EE}\MpKsle927250e.sys --> c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{79487D20-177E-4987-AC8F-BD93664F48EE}\MpKsle927250e.sys [?]
S1 MpKslf5990581;MpKslf5990581;\??\c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{64B088AC-5D26-4E08-B9FC-E22CA39E8067}\MpKslf5990581.sys --> c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{64B088AC-5D26-4E08-B9FC-E22CA39E8067}\MpKslf5990581.sys [?]
S1 MpKslf59da148;MpKslf59da148;\??\c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{35FB71AB-5B76-47DB-9A20-8FFA0F679BA2}\MpKslf59da148.sys --> c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{35FB71AB-5B76-47DB-9A20-8FFA0F679BA2}\MpKslf59da148.sys [?]
S1 MpKslf6bdbb71;MpKslf6bdbb71;\??\c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{17481A91-5867-4897-9599-ED2A451048E6}\MpKslf6bdbb71.sys --> c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{17481A91-5867-4897-9599-ED2A451048E6}\MpKslf6bdbb71.sys [?]
S1 MpKslfc5d925e;MpKslfc5d925e;\??\c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{EC3EC969-49CC-4C66-9323-58DF64B50F0C}\MpKslfc5d925e.sys --> c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{EC3EC969-49CC-4C66-9323-58DF64B50F0C}\MpKslfc5d925e.sys [?]
S2 SkypeUpdate;Skype Updater;c:\arquivos de programas\Skype\Updater\Updater.exe [29/2/2012 08:50 158856]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\e:\aplicativos\EVEREST portable\kerneld.wnt --> e:\aplicativos\EVEREST portable\kerneld.wnt [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe [3/5/2012 01:54 129976]
.
Conteúdo da pasta 'Tarefas Agendadas'
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com.br/
IE: Baixar com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dllink.htm
IE: Baixar tudo com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlall.htm
IE: Baixar vídeo com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlfvideo.htm
IE: Download selecionado pelo Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlselected.htm
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\2l2p8cs4.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-17 19:21
Windows 5.1.2600 Service Pack 3 NTFS
.
Procurando processos ocultos ...
.
Procurando entradas auto inicializáveis ocultas ...
.
Procurando ficheiros/arquivos ocultos ...
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\e:\aplicativos\EVEREST portable\kerneld.wnt"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
.
- - - - - - - > 'winlogon.exe'(708)
c:\arquivos de programas\GbPlugin\gbiehcef.dll
.
Tempo para conclusão: 2012-05-17 19:23:47
ComboFix-quarantined-files.txt 2012-05-17 22:23
.
Pré-execução: 24 pasta(s) 43.408.998.400 bytes disponíveis
Pós execução: 28 pasta(s) 44.773.281.792 bytes disponíveis
.
WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - FAD8A317A26A13B9532620504C1B4EEB

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:27:02, on 17/5/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\stsystra.exe
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\ZSSnp211.exe
C:\WINDOWS\Domino.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Nova pasta\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll
O2 - BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avast] "C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Free Download Manager] "C:\Arquivos de programas\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm
O8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm
O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa...b/GBPDIST2K.CAB
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! antivírus - AVAST Software - C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Arquivos de programas\Skype\Updater\Updater.exe

--
End of file - 6958 bytes

[ciro-mota]

Erik8,

1)


Faça o download do Farbar Service Scanner, e salve na sua área de trabalho.
http://download.blee.../farbar/FSS.exe

Dê dois cliques no FSS.exe para executá-lo. Marque todas as opções e em seguida clique no botão Scan.




** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo FSS.exe, depois clique em .

Um log ficará salvo na sua área de trabalho, com o nome FSS.txt.

Copie todo o conteúdo desse log e cole na sua próxima resposta.

2)

Baixe o MbrScan.exe e salve no desktop.
http://eric71.geekst...ols/MbrScan.exe

Execute o arquivo MbrScan.exe.

Clique no botão Scan. Ao final do exame clique no botão Report. Abrirá um bloco de notas com o resultado do exame. É salvo no desktop com o nome de MbrScan.log.

*** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo MbrScan.exe, depois clique em .

Selecione, copie e cole o seu conteúdo na próxima resposta.

[Erik8]

Farbar Service Scanner Version: 17-05-2012
Ran by Usuario (administrator) on 19-05-2012 at 01:16:13
Running from "C:\Documents and Settings\Usuario\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
[2008-04-13 18:20] - [2008-04-13 18:20] - 0126976 ____A (Microsoft Corporation) E587EEB3DA2390AE30053EC7EF2AFD92

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll
[2008-04-13 18:20] - [2009-04-20 14:07] - 0045568 ____A (Microsoft Corporation) 35B99FFCD629E8AD0D37B8E0B0F3D4EA

C:\WINDOWS\system32\ipnathlp.dll
[2008-04-13 18:20] - [2008-04-13 18:20] - 0331264 ____A (Microsoft Corporation) 0F70B1A8839BD83DB28210B6F11F9058

C:\WINDOWS\system32\netman.dll
[2008-04-13 18:20] - [2008-04-13 18:20] - 0198144 ____A (Microsoft Corporation) B199C4F441DDAB10253ABC0AC4858BFF

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2011-03-21 00:43] - [2008-04-13 18:20] - 0145408 ____A (Microsoft Corporation) 4176F07A724AEC7E4722A2D539EDC0B7

C:\WINDOWS\system32\srsvc.dll
[2011-03-21 00:45] - [2008-04-13 18:20] - 0171520 ____A (Microsoft Corporation) 4423787F4261EE43B7341429AF0CBB77

C:\WINDOWS\system32\Drivers\sr.sys
[2011-03-21 00:45] - [2008-04-13 18:02] - 0073472 ____A (Microsoft Corporation) D6C5A1A97FE0C533E712652AD9DC00D4

C:\WINDOWS\system32\wscsvc.dll
[2008-04-13 18:20] - [2008-04-13 18:20] - 0080896 ____A (Microsoft Corporation) B57E408B8E0758AF6EA4BF37B3ADC91D

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2011-03-21 00:43] - [2008-04-13 18:20] - 0145408 ____A (Microsoft Corporation) 4176F07A724AEC7E4722A2D539EDC0B7

C:\WINDOWS\system32\wuauserv.dll
[2011-03-21 00:45] - [2008-04-13 18:20] - 0006656 ____A (Microsoft Corporation) EB4EA477B7B4959D41B153C6D3CD869B

C:\WINDOWS\system32\qmgr.dll
[2011-03-21 00:45] - [2008-04-13 18:20] - 0409088 ____A (Microsoft Corporation) F0F5EEF8C4B0444E6E4D8E09F7A8F0A8

C:\WINDOWS\system32\es.dll
[2009-05-01 23:35] - [2009-05-01 23:35] - 0253952 ____A (Microsoft Corporation) 58586EB44E6FD9A711943647C8451741

C:\WINDOWS\system32\cryptsvc.dll
[2008-04-13 18:20] - [2008-04-13 18:20] - 0062464 ____A (Microsoft Corporation) 554798AAD881736DFC4D08C572DECD7A

C:\WINDOWS\system32\svchost.exe
[2008-04-13 18:21] - [2008-04-13 18:21] - 0014336 ____A (Microsoft Corporation) ED2D69CD4B0EBE37EFE11D4DC4ABC68F

C:\WINDOWS\system32\rpcss.dll
[2009-05-03 01:23] - [2009-05-03 01:23] - 0401408 ____A (Microsoft Corporation) B5AE6227853C4B6A723567A8DEF68F03

C:\WINDOWS\system32\services.exe
[2009-05-03 01:23] - [2009-05-03 01:23] - 0111104 ____A (Microsoft Corporation) 38867483E0CB504BB8F277E05729881E


Extra List:
=======
aswTdi(8) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x080000000400000001000000020000000300000008000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****

MBRScan v1.1.1

OS			 : Windows XP Home Service Pack 3 (32 bit)
PROCESSOR	  : x86 Family 15 Model 4 Stepping 9, GenuineIntel
BOOT		   : Normal Boot
DATE		   : 2012/05/19 (ISO 8601) at 01:18:40
________________________________________________________________________________

DISK		   : Device\Harddisk0\DR0 __WDC WD1600JS-75NCB1 (10.02E01)
BUS_TYPE	   : (0x03)  P-ATA
USE_PIO	    : YES
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

Device\Harddisk0\DR0    149.0 Go  [Fixed] ==> XP MBR Code

MBR_MD5   : FCE82878D150BB84CB195C4AAE204A59
MBR_SHA1  : 3C837C08836F0C0AD0592E7D89F7BD3F77C32B5B

Device\Harddisk0\Partition1    47.03 Mo      0xDE Dell Utility
Device\Harddisk0\Partition2    146.0 Go      0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition3    3.00 Go      0xDB CP/M/CTOS
________________________________________________________________________________

############################### Additional scan ################################

DRIVER  : C:\WINDOWS\System32\Drivers\dump_atapi.sys => Invisible on the disk
ADDRESS : 0xF1DFE000
SIZE    : 96.0 Ko

DRIVER  : C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS => Invisible on the disk
ADDRESS : 0xF7B98000
SIZE    : 8.0 Ko

SystemStartOptions : NOEXECUTE=OPTIN  FASTDETECT

________________________________________________________________________________

_______MBR   \Device\Harddisk0\DR0  

0x00000000   33 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 1B 7C   3À.м.|ûP.P.ü¾.|
0x00000010   BF 1B 06 50 57 B9 E5 01 F3 A4 CB BD BE 07 B1 04   ¿..PW¹å.ó¤Ë½¾.±.
0x00000020   38 6E 00 7C 09 75 13 83 C5 10 E2 F4 CD 18 8B F5   8n.|.u..Å.âôÍ..õ
0x00000030   83 C6 10 49 74 19 38 2C 74 F6 A0 B5 07 B4 07 8B   .Æ.It.8,tö.µ.´..
0x00000040   F0 AC 3C 00 74 FC BB 07 00 B4 0E CD 10 EB F2 88   ð¬<.tü»..´.Í.ëò.
0x00000050   4E 10 E8 46 00 73 2A FE 46 10 80 7E 04 0B 74 0B   N.èF.s*þF..~..t.
0x00000060   80 7E 04 0C 74 05 A0 B6 07 75 D2 80 46 02 06 83   .~..t..¶.uÒ.F...
0x00000070   46 08 06 83 56 0A 00 E8 21 00 73 05 A0 B6 07 EB   F...V..è!.s..¶.ë
0x00000080   BC 81 3E FE 7D 55 AA 74 0B 80 7E 10 00 74 C8 A0   ¼.>þ}Uªt..~..tÈ.
0x00000090   B7 07 EB A9 8B FC 1E 57 8B F5 CB BF 05 00 8A 56   ·.ë©.ü.W.õË¿...V
0x000000A0   00 B4 08 CD 13 72 23 8A C1 24 3F 98 8A DE 8A FC   .´.Í.r#.Á$?..Þ.ü
0x000000B0   43 F7 E3 8B D1 86 D6 B1 06 D2 EE 42 F7 E2 39 56   C÷ã.Ñ.Ö±.ÒîB÷â9V
0x000000C0   0A 77 23 72 05 39 46 08 73 1C B8 01 02 BB 00 7C   .w#r.9F.s.¸..».|
0x000000D0   8B 4E 02 8B 56 00 CD 13 73 51 4F 74 4E 32 E4 8A   .N..V.Í.sQOtN2ä.
0x000000E0   56 00 CD 13 EB E4 8A 56 00 60 BB AA 55 B4 41 CD   V.Í.ëä.V.`»ªU´AÍ
0x000000F0   13 72 36 81 FB 55 AA 75 30 F6 C1 01 74 2B 61 60   .r6.ûUªu0öÁ.t+a`
0x00000100   6A 00 6A 00 FF 76 0A FF 76 08 6A 00 68 00 7C 6A   j.j..v..v.j.h.|j
0x00000110   01 6A 10 B4 42 8B F4 CD 13 61 61 73 0E 4F 74 0B   .j.´B.ôÍ.aas.Ot.
0x00000120   32 E4 8A 56 00 CD 13 EB D6 61 F9 C3 54 61 62 65   2ä.V.Í.ëÖaùÃTabe
0x00000130   6C 61 20 64 65 20 70 61 72 74 69 87 E4 65 73 20   la de parti.äes
0x00000140   69 6E 76 A0 6C 69 64 61 00 45 72 72 6F 20 61 6F   inv.lida.Erro ao
0x00000150   20 63 61 72 72 65 67 61 72 20 6F 20 73 69 73 74    carregar o sist
0x00000160   65 6D 61 20 6F 70 65 72 61 63 69 6F 6E 61 6C 00   ema operacional.
0x00000170   53 69 73 74 65 6D 61 20 6F 70 65 72 61 63 69 6F   Sistema operacio
0x00000180   6E 61 6C 20 61 75 73 65 6E 74 65 00 00 00 00 00   nal ausente.....
0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 00 00 00 2C 49 70 CA 84 74 EC 00 00 00 01   .....,IpÊ.tì....
0x000001C0   01 00 DE FE 3F 05 3F 00 00 00 47 78 01 00 80 00   ..Þþ?.?...Gx....
0x000001D0   01 06 07 FE FF FF 86 78 01 00 EE C0 3E 12 00 FE   ...þ...x..îÀ>..þ
0x000001E0   FF FF DB FE FF FF 74 39 40 12 88 17 60 00 00 00   ..Ûþ..t9@...`...
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

[ciro-mota]

Erik8,

Desative seu antivírus, antispywares e firewall, para não causar conflitos. Mantenha-os desativados até terminar as instruções.

Selecione e copie o texto dentro do QUOTE. Abra o Bloco de Notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

OBS: Certifique-se de copiar começando pela letra "S" de SRPeek.

SRPeek::
c:\windows\system32\drivers\i8042prt.sys

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.



O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.
* Caso isso não aconteça, então reinicie manualmente.

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes.

Aos visitantes: Se estiverem com um problema semelhante, não utilizem esse script, pois o uso sem supervisão pode causar danos ao sistema.

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

OBS: Não rode o ComboFix mais do que uma vez. Isso irá sobreescrever o log e dificultará a remoção do(s) malware(s)

Poste também o novo log do ComboFix.

[Erik8]

ComboFix 12-05-20.09 - Usuario 20/05/2012 20:56:04.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1022.618 [GMT -3:00]
Executando de: c:\documents and settings\Usuario\Desktop\ComboFix.exe
Comandos utilizados :: c:\documents and settings\Usuario\Desktop\CFScript.txt
.
ADS - drivers: deleted 212 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\userinit.exe . . . está infectado!!
.
c:\windows\system32\drivers\i8042prt.sys . . . está faltando!!
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2012-04-21 to 2012-05-21 ))))))))))))))))))))))))))))
.
.
2012-05-10 20:44 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-05-10 20:44 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-05-10 20:20 . 2012-04-04 18:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-10 20:20 . 2012-05-10 20:20 -------- d-----w- C:\Nova pasta (2)
2012-05-10 18:19 . 2012-05-17 22:27 -------- d-----w- C:\Nova pasta
2012-05-10 18:06 . 2012-05-10 18:06 -------- d-----w- c:\arquivos de programas\CCleaner
2012-05-06 09:02 . 2012-05-06 09:02 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Trymedia
2012-05-03 04:54 . 2012-05-03 04:54 -------- d-----w- c:\arquivos de programas\Mozilla Maintenance Service
2012-05-03 04:54 . 2012-05-03 04:54 157352 ----a-w- c:\arquivos de programas\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-03 04:54 . 2012-05-03 04:54 129976 ----a-w- c:\arquivos de programas\Mozilla Firefox\maintenanceservice.exe
2012-04-22 02:02 . 2007-04-06 14:06 57344 ----a-w- c:\windows\ZSSnp211.exe
2012-04-22 02:02 . 2006-08-18 19:58 49152 ----a-w- c:\windows\Domino.exe
2012-04-22 02:01 . 2007-08-03 13:27 1470592 ----a-w- c:\windows\system32\drivers\ZS211.sys
2012-04-22 02:01 . 2007-04-06 17:21 77824 ----a-w- c:\windows\ZS211Cap.exe
2012-04-22 02:01 . 2006-08-09 20:37 81920 ----a-w- c:\windows\system32\ZS211STI.dll
2012-04-22 02:01 . 2006-03-14 17:28 172032 ----a-w- c:\windows\amcap.exe
2012-04-22 02:01 . 2012-04-22 02:01 -------- d-----w- c:\arquivos de programas\Vimicro
2012-04-22 02:01 . 2012-04-22 02:01 -------- d-----w- c:\documents and settings\Usuario\Dados de aplicativos\InstallShield
2012-04-22 01:53 . 2008-04-13 17:39 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2012-04-22 01:53 . 2008-04-13 17:46 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2012-04-22 01:53 . 2008-04-13 17:46 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2012-04-22 01:53 . 2008-04-14 01:21 16384 ----a-w- c:\windows\system32\ipsink.ax
2012-04-22 01:53 . 2008-04-13 17:46 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2012-04-22 01:53 . 2008-04-13 17:46 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2012-04-22 01:52 . 2008-04-13 17:46 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2012-04-22 01:52 . 2008-04-13 17:46 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2012-04-22 01:51 . 2008-04-14 01:21 28672 ----a-w- c:\windows\system32\vidcap.ax
2012-04-22 01:51 . 2008-04-14 01:21 91648 ----a-w- c:\windows\system32\kswdmcap.ax
2012-04-22 01:51 . 2008-04-14 01:21 43008 ----a-w- c:\windows\system32\ksxbar.ax
2012-04-22 01:51 . 2008-04-14 01:20 54784 ----a-w- c:\windows\system32\vfwwdm32.dll
2012-04-22 01:51 . 2008-04-14 01:21 61952 ----a-w- c:\windows\system32\kstvtune.ax
2012-04-22 01:50 . 2012-04-22 01:54 -------- dc----w- c:\windows\system32\DRVSTORE
2012-04-22 01:50 . 2006-07-14 17:36 172115 ----a-w- c:\windows\system32\ZS211Prp.Ax
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-11 13:51 . 2009-05-02 02:37 1871488 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:50 . 2009-05-03 04:23 2152448 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:50 . 2009-02-09 11:17 2030592 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-27 09:15 . 2011-08-02 02:07 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-07 00:15 . 2011-12-30 17:24 41184 ----a-w- c:\windows\avastSS.scr
2012-03-07 00:15 . 2011-12-30 17:24 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-07 00:03 . 2011-12-30 17:24 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-07 00:03 . 2011-12-30 17:24 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-07 00:02 . 2011-12-30 17:24 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-07 00:01 . 2011-12-30 17:24 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-07 00:01 . 2011-12-30 17:24 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-03-07 00:01 . 2011-12-30 17:24 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-03-07 00:01 . 2011-12-30 17:24 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-06 23:58 . 2011-12-30 17:24 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-03-01 10:59 . 2008-04-13 21:21 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-03-01 10:59 . 2008-04-13 21:20 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 10:59 . 2008-04-13 21:20 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-29 14:09 . 2008-04-13 21:20 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:09 . 2008-04-13 21:20 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2008-04-13 20:55 385024 ----a-w- c:\windows\system32\html.iec
2012-05-03 04:54 . 2011-10-10 01:09 97208 ----a-w- c:\arquivos de programas\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
.
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
.
[-] 2001-09-28 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2001-09-28 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[-] 2008-04-13 . D3D4832B494CBF9A87CF86D7517013CB . 25088 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
.
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
.
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
.
[-] 2001-09-28 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2001-09-28 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[-] 2009-05-02 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2009-05-02 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2008-04-13 . 572AEDA840986672DA2BB9D4183E2AA9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2008-04-13 . 572AEDA840986672DA2BB9D4183E2AA9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\browser.dll
.
[-] 2008-04-13 . 9607142710D3B64AB7FCCE4BE4E30D37 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2008-04-13 . 9607142710D3B64AB7FCCE4BE4E30D37 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lsass.exe
.
[-] 2008-04-13 . B199C4F441DDAB10253ABC0AC4858BFF . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2008-04-13 . B199C4F441DDAB10253ABC0AC4858BFF . 198144 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netman.dll
.
[-] 2008-04-13 21:20 . D3F8E8DBE93A80440CAC78B305B40A67 . 821760 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[-] 2008-04-13 21:20 . D3F8E8DBE93A80440CAC78B305B40A67 . 821760 . . [2001.12.4414.700] . . c:\windows\system32\dllcache\comres.dll
.
[-] 2008-04-13 . F0F5EEF8C4B0444E6E4D8E09F7A8F0A8 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-13 . F0F5EEF8C4B0444E6E4D8E09F7A8F0A8 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\dllcache\qmgr.dll
.
[-] 2009-05-03 . B5AE6227853C4B6A723567A8DEF68F03 . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-05-03 . B5AE6227853C4B6A723567A8DEF68F03 . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
.
[-] 2009-05-03 . 38867483E0CB504BB8F277E05729881E . 111104 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-05-03 . 38867483E0CB504BB8F277E05729881E . 111104 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
.
[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[-] 2008-04-13 . AF1D9AE15C11163F576DF6ED6194B53C . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe
.
[-] 2008-04-13 . 71D440F79B711627B12B567FB2EADB42 . 509952 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-04-13 . 71D440F79B711627B12B567FB2EADB42 . 509952 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\winlogon.exe
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
.
[-] 2010-08-23 . 6CF079A582D64AC2BF7932F323F76BD2 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2010-08-23 . 6CF079A582D64AC2BF7932F323F76BD2 . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2010-08-23 . 3976FAE773878603E12188B29B86FD69 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[-] 2008-04-13 . 085C5892D9C1E19B3CEFD1B79F5BBF13 . 617472 . . [5.82] . . c:\windows\$NtUninstallKB2296011$\comctl32.dll
[-] 2008-04-13 . 3356DF9145BC1AD45B43C528F9F7527C . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2001-09-28 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
.
[-] 2008-04-13 . 554798AAD881736DFC4D08C572DECD7A . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2008-04-13 . 554798AAD881736DFC4D08C572DECD7A . 62464 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\cryptsvc.dll
.
[-] 2009-05-02 02:35 . 58586EB44E6FD9A711943647C8451741 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2009-05-02 02:35 . 58586EB44E6FD9A711943647C8451741 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
.
[-] 2008-04-13 . 05C621EAA979D33A12F3B510FF4C6F9F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2008-04-13 . 05C621EAA979D33A12F3B510FF4C6F9F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\imm32.dll
.
[-] 2009-05-02 . 03DA51CE83B0D693A10C91B139BBD221 . 1030656 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[-] 2009-05-02 . 03DA51CE83B0D693A10C91B139BBD221 . 1030656 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
.
[-] 2008-04-13 . 1E47527C69E79ECC13326BFB2E178394 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2008-04-13 . 1E47527C69E79ECC13326BFB2E178394 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\linkinfo.dll
.
[-] 2008-04-13 . 5F6337EAC9EA401AA0F9040CB6F16C80 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2008-04-13 . 5F6337EAC9EA401AA0F9040CB6F16C80 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lpk.dll
.
[-] 2008-04-13 . 63C2A8E1E33C8C714F11C91400F291E0 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2008-04-13 . 63C2A8E1E33C8C714F11C91400F291E0 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\dllcache\msvcrt.dll
[-] 2008-04-13 . 25E2B1C5D3CE1EC3517C755A1FCD3B0E . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2001-09-28 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
.
[-] 2009-05-02 . 5265EA72F599CF8277A34780F6369B60 . 247808 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2009-05-02 . 5265EA72F599CF8277A34780F6369B60 . 247808 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
.
[-] 2008-04-13 . 49897D67B04E62F8E59EB8B1C7DF7072 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2008-04-13 . 49897D67B04E62F8E59EB8B1C7DF7072 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netlogon.dll
.
[-] 2008-04-13 . C008BBC88156E0EE109C7FF445CD9555 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2008-04-13 . C008BBC88156E0EE109C7FF445CD9555 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\powrprof.dll
.
[-] 2008-04-13 . 879E802EF4EF2405014B170EA41E552B . 184832 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2008-04-13 . 879E802EF4EF2405014B170EA41E552B . 184832 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\scecli.dll
.
[-] 2008-04-13 . 39FD0DD101277F7261C7D602462C9A95 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2008-04-13 . 39FD0DD101277F7261C7D602462C9A95 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfc.dll
.
[-] 2008-04-13 . ED2D69CD4B0EBE37EFE11D4DC4ABC68F . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2008-04-13 . ED2D69CD4B0EBE37EFE11D4DC4ABC68F . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\svchost.exe
.
[-] 2008-04-13 . FEFA8CEBD17A788FDCB9A1C78311AFC3 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2008-04-13 . FEFA8CEBD17A788FDCB9A1C78311AFC3 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\tapisrv.dll
.
[-] 2008-04-13 . 54907DB28872A7A6D3EE2B4747A23828 . 579072 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2008-04-13 . 54907DB28872A7A6D3EE2B4747A23828 . 579072 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll
.
[-] 2008-04-13 . A7EA40F680163808D96F89B4FF991876 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
.
[-] 2008-04-13 . 1FA3C4B2D7E35176E65FB69AB597B0F0 . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2008-04-13 . 1FA3C4B2D7E35176E65FB69AB597B0F0 . 82432 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2_32.dll
.
[-] 2008-04-13 . 6832C2FB8F0D4E97B850BC6515A49633 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2008-04-13 . 6832C2FB8F0D4E97B850BC6515A49633 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2help.dll
.
[-] 2008-04-13 . 064EC7FF5F58B928C3E119402977FA6D . 1035776 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-13 . 064EC7FF5F58B928C3E119402977FA6D . 1035776 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe
.
[-] 2008-04-13 . B01DFF9DDE3A5155D7121BF813AC6DB0 . 150528 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-04-13 . B01DFF9DDE3A5155D7121BF813AC6DB0 . 150528 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regedit.exe
.
[-] 2010-04-16 . B441EF945AD4B44661A8D257D9032D44 . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll
[-] 2010-04-16 . B441EF945AD4B44661A8D257D9032D44 . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll
[-] 2010-04-16 . 68C76F0EC31E693F7A6E262FF7AA4F9E . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
[-] 2008-04-13 . A380011155FA92E1B374D9EA7FFA20CD . 406016 . . [1.0420.2600.5512] . . c:\windows\$NtUninstallKB981322$\usp10.dll
.
[-] 2008-04-14 . 9B1CCC2EB2E18985A9153A983E335AAF . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll
[-] 2008-04-14 . 9B1CCC2EB2E18985A9153A983E335AAF . 4096 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\ksuser.dll
.
[-] 2008-04-13 . 4E486ADFE3A0B9ED0EB0639902E9F64F . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2008-04-13 . 4E486ADFE3A0B9ED0EB0639902E9F64F . 15360 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe
.
[-] 2009-07-27 . 49E3691B7B320381D264D3D9950620AE . 135168 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll
[-] 2009-07-27 . 49E3691B7B320381D264D3D9950620AE . 135168 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll
[-] 2008-04-13 . 8FB4E8C957C22458452EBE96C36F1D94 . 135168 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB971029$\shsvcs.dll
.
[-] 2008-04-13 . 4423787F4261EE43B7341429AF0CBB77 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2008-04-13 . 4423787F4261EE43B7341429AF0CBB77 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll
.
[-] 2008-04-13 . 3DBE0D011E911AADFB6ED17EDC525066 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2008-04-13 . 3DBE0D011E911AADFB6ED17EDC525066 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wscntfy.exe
.
[-] 2008-04-13 . 568DF6E220B431A92B57C4C3BD97870D . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2008-04-13 . 568DF6E220B431A92B57C4C3BD97870D . 129024 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\xmlprov.dll
.
[-] 2008-04-13 . A8CDC8DECE4735B86BBEF28460996C30 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2008-04-13 . A8CDC8DECE4735B86BBEF28460996C30 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\eventlog.dll
.
[-] 2008-04-13 . 698F9583D1EB213B09F12DD5826A46E2 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2008-04-13 . 698F9583D1EB213B09F12DD5826A46E2 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfcfiles.dll
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
.
[-] 2008-04-13 . 70870E16BA3E1B4336C53F483D67FF25 . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2008-04-13 . 70870E16BA3E1B4336C53F483D67FF25 . 59904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regsvc.dll
.
[-] 2008-04-13 . 9C2C97DF8224061D9F7EE18BCA61B02E . 193536 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2008-04-13 . 9C2C97DF8224061D9F7EE18BCA61B02E . 193536 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\schedsvc.dll
.
[-] 2008-04-13 . 4424AE68E670D1270F5026E1AF417933 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2008-04-13 . 4424AE68E670D1270F5026E1AF417933 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ssdpsrv.dll
.
[-] 2008-04-13 . 0F4DB70DCE17B9DC1A5D835B1A5EE469 . 296960 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2008-04-13 . 0F4DB70DCE17B9DC1A5D835B1A5EE469 . 296960 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\termsrv.dll
.
[-] 2008-04-13 . 4059795B00B6B23B7814018D2FBB84FB . 346624 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[-] 2008-04-13 . 4059795B00B6B23B7814018D2FBB84FB . 346624 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\hnetcfg.dll
.
[-] 2008-04-13 . 27683D3EE8FCB7E620B25C8A84B329D6 . 172032 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2008-04-13 . 27683D3EE8FCB7E620B25C8A84B329D6 . 172032 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\appmgmts.dll
.
[-] 2001-09-28 . EBD5CF43AD9526EAB9B2A15A54760EA9 . 11904 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[-] 2008-04-13 15:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\dllcache\aec.sys
[-] 2008-04-13 15:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
.
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
.
[-] 2010-09-18 07:18 . 7E9E27D39EAC36D2E6B1023F9CA915E2 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
[-] 2010-09-18 06:53 . EBA8BC5C21D8EAB3997CC47D9212BACB . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
[-] 2010-09-18 06:53 . EBA8BC5C21D8EAB3997CC47D9212BACB . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll
[-] 2008-04-13 21:20 . DAE8EC624824A8AD8660C2EF5F1ECE0B . 927504 . . [4.1.0.61] . . c:\windows\$NtUninstallKB2387149$\mfc40u.dll
.
[-] 2008-04-13 . 1DCE231F3E55B71B66AA0B7B8FD9BD97 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2008-04-13 . 1DCE231F3E55B71B66AA0B7B8FD9BD97 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\msgsvc.dll
.
[-] 2009-05-02 02:31 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2009-05-02 02:31 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
.
[-] 2008-04-13 21:20 . 209683D85036AAA4E4D8CA732FA51A2B . 437248 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2008-04-13 21:20 . 209683D85036AAA4E4D8CA732FA51A2B . 437248 . . [5.1.2400.5512] . . c:\windows\system32\dllcache\ntmssvc.dll
.
[-] 2008-04-13 . E3C0A6F5732C9E9B2BD2FD3D0AFCEB87 . 186368 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2008-04-13 . E3C0A6F5732C9E9B2BD2FD3D0AFCEB87 . 186368 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\upnphost.dll
.
[-] 2008-04-13 . 24713AE49611471DF8924D5FF562883D . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2008-04-13 . 24713AE49611471DF8924D5FF562883D . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\dsound.dll
.
[-] 2008-04-13 . 22DCF487731B84C57807F85E16044073 . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[-] 2008-04-13 . 22DCF487731B84C57807F85E16044073 . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\dllcache\d3d9.dll
.
[-] 2008-04-13 . B948C29C72073A7B8C9D822C66F9FADA . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2008-04-13 . B948C29C72073A7B8C9D822C66F9FADA . 279552 . . [5.03.2600.5512] . . c:\windows\system32\dllcache\ddraw.dll
.
[-] 2008-04-13 21:20 . 30A6FA4B34A2EC96CDFE2BA3B69233C0 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2008-04-13 21:20 . 30A6FA4B34A2EC96CDFE2BA3B69233C0 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\olepro32.dll
.
[-] 2008-04-13 . 84A41B2B978AB366873CDB289118786C . 40960 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2008-04-13 . 84A41B2B978AB366873CDB289118786C . 40960 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\perfctrs.dll
.
[-] 2008-04-13 . 5383E4C03D7AAE01AA653E756CF20D2E . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[-] 2008-04-13 . 5383E4C03D7AAE01AA653E756CF20D2E . 18944 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\version.dll
.
[-] 2008-04-13 . 4423787F4261EE43B7341429AF0CBB77 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2008-04-13 . 4423787F4261EE43B7341429AF0CBB77 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll
.
[-] 2008-04-13 . E41419F44AC35DD414D436479A0ED211 . 176128 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
[-] 2008-04-13 . E41419F44AC35DD414D436479A0ED211 . 176128 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\w32time.dll
.
[-] 2008-04-13 . 8BCDAECAB7BC90E116ED6BB104EEDBEC . 334336 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
[-] 2008-04-13 . 8BCDAECAB7BC90E116ED6BB104EEDBEC . 334336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wiaservc.dll
.
[-] 2008-04-13 . F70CCB59E0A325896D679A4935E4F835 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
[-] 2008-04-13 . F70CCB59E0A325896D679A4935E4F835 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\midimap.dll
.
[-] 2008-04-13 . 889A287A7B2393109EA6847AA68CD4E9 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
[-] 2008-04-13 . 889A287A7B2393109EA6847AA68CD4E9 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\rasadhlp.dll
.
((((((((((((((((((((((((((((( SnapShot@2012-05-17_22.21.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2001-09-28 11:00 . 2012-05-17 21:57 49586 c:\windows\system32\perfc016.dat
+ 2001-09-28 11:00 . 2012-05-20 23:58 49586 c:\windows\system32\perfc016.dat
- 2001-09-28 11:00 . 2012-05-17 21:57 40836 c:\windows\system32\perfc009.dat
+ 2001-09-28 11:00 . 2012-05-20 23:58 40836 c:\windows\system32\perfc009.dat
+ 2001-09-28 11:00 . 2012-05-20 23:58 347294 c:\windows\system32\perfh016.dat
- 2001-09-28 11:00 . 2012-05-17 21:57 347294 c:\windows\system32\perfh016.dat
+ 2001-09-28 11:00 . 2012-05-20 23:58 314508 c:\windows\system32\perfh009.dat
- 2001-09-28 11:00 . 2012-05-17 21:57 314508 c:\windows\system32\perfh009.dat
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 123536 ----a-w- c:\arquivos de programas\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\arquivos de programas\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"ares"="c:\arquivos de programas\Ares\Ares.exe" [2010-10-27 1015808]
"Free Download Manager"="c:\arquivos de programas\Free Download Manager\fdm.exe" [2011-06-08 3797039]
"Skype"="c:\arquivos de programas\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
"ATIPTA"="c:\arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-10 344064]
"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"avast"="c:\arquivos de programas\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
"ZSSnp211"="c:\windows\ZSSnp211.exe" [2007-04-06 57344]
"Domino"="c:\windows\Domino.exe" [2006-08-18 49152]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
"DWQueuedReporting"="c:\arquiv~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\explorer.exe,"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]
2012-01-11 18:01 726360 ----a-w- c:\arquivos de programas\GbPlugin\gbiehcef.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Arquivos de programas\\Winamp\\winamp.exe"=
"c:\\Arquivos de programas\\Ares\\Ares.exe"=
"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=
"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
.
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [1/8/2011 22:38 42584]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [30/12/2011 14:24 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [30/12/2011 14:24 337880]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [29/3/2011 19:21 218688]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [30/12/2011 14:24 20696]
R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [1/8/2011 22:38 194904]
S1 MpKsl2fec59ea;MpKsl2fec59ea;\??\c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{6FFCE150-6025-407B-9557-FAED70ECF6AF}\MpKsl2fec59ea.sys --> c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{6FFCE150-6025-407B-9557-FAED70ECF6AF}\MpKsl2fec59ea.sys [?]
S1 MpKsl322e294b;MpKsl322e294b;\??\c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{DB412E0E-0BFC-4FF3-B96D-7DC4C0E825E5}\MpKsl322e294b.sys --> c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{DB412E0E-0BFC-4FF3-B96D-7DC4C0E825E5}\MpKsl322e294b.sys [?]
S1 MpKsl3411344a;MpKsl3411344a;\??\c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{D1B83032-3E10-43F5-BF07-852209A61264}\MpKsl3411344a.sys --> c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{D1B83032-3E10-43F5-BF07-852209A61264}\MpKsl3411344a.sys [?]
S1 MpKsl4c2eba57;MpKsl4c2eba57;\??\c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{64B088AC-5D26-4E08-B9FC-E22CA39E8067}\MpKsl4c2eba57.sys --> c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{64B088AC-5D26-4E08-B9FC-E22CA39E8067}\MpKsl4c2eba57.sys [?]
S1 MpKsl6995c9aa;MpKsl6995c9aa;\??\c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{CF29326A-11C1-40B0-B80D-2A8DE80D1A8A}\MpKsl6995c9aa.sys --> c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{CF29326A-11C1-40B0-B80D-2A8DE80D1A8A}\MpKsl6995c9aa.sys [?]
S1 MpKsl69c0aa9b;MpKsl69c0aa9b;\??\c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{D1B83032-3E10-43F5-BF07-852209A61264}\MpKsl69c0aa9b.sys --> c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{D1B83032-3E10-43F5-BF07-852209A61264}\MpKsl69c0aa9b.sys [?]
S1 MpKsl6d3be853;MpKsl6d3be853;\??\c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{3F4BA14D-D617-495C-932C-8A1AE6FF93F7}\MpKsl6d3be853.sys --> c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{3F4BA14D-D617-495C-932C-8A1AE6FF93F7}\MpKsl6d3be853.sys [?]
S1 MpKsl87d46c00;MpKsl87d46c00;\??\c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{D6591437-75B1-4645-B887-BC5E46055A58}\MpKsl87d46c00.sys --> c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{D6591437-75B1-4645-B887-BC5E46055A58}\MpKsl87d46c00.sys [?]
S1 MpKsl8bf504c5;MpKsl8bf504c5;\??\c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{610B20F1-6FFA-4287-A76B-B66BAF6FF73D}\MpKsl8bf504c5.sys --> c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{610B20F1-6FFA-4287-A76B-B66BAF6FF73D}\MpKsl8bf504c5.sys [?]
S1 MpKslbd2fc55f;MpKslbd2fc55f;\??\c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{4D5DB105-1BDA-498D-AA27-64737B3687DA}\MpKslbd2fc55f.sys --> c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{4D5DB105-1BDA-498D-AA27-64737B3687DA}\MpKslbd2fc55f.sys [?]
S1 MpKslcc0554f0;MpKslcc0554f0;\??\c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{11FF4C35-FD7A-42F8-A6E4-1FA505955E15}\MpKslcc0554f0.sys --> c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{11FF4C35-FD7A-42F8-A6E4-1FA505955E15}\MpKslcc0554f0.sys [?]
S1 MpKsle4a3abb1;MpKsle4a3abb1;\??\c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{A3B72758-850C-450A-AAB0-648FAF8DB66C}\MpKsle4a3abb1.sys --> c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{A3B72758-850C-450A-AAB0-648FAF8DB66C}\MpKsle4a3abb1.sys [?]
S1 MpKsle79dda38;MpKsle79dda38;\??\c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{CBAA547F-C1FB-4942-B89A-6A5BD4C36281}\MpKsle79dda38.sys --> c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{CBAA547F-C1FB-4942-B89A-6A5BD4C36281}\MpKsle79dda38.sys [?]
S1 MpKsle910ead3;MpKsle910ead3;\??\c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{9D8E76ED-872D-4EE7-99A1-ED40CD8DF0DD}\MpKsle910ead3.sys --> c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{9D8E76ED-872D-4EE7-99A1-ED40CD8DF0DD}\MpKsle910ead3.sys [?]
S1 MpKsle927250e;MpKsle927250e;\??\c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{79487D20-177E-4987-AC8F-BD93664F48EE}\MpKsle927250e.sys --> c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{79487D20-177E-4987-AC8F-BD93664F48EE}\MpKsle927250e.sys [?]
S1 MpKslf5990581;MpKslf5990581;\??\c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{64B088AC-5D26-4E08-B9FC-E22CA39E8067}\MpKslf5990581.sys --> c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{64B088AC-5D26-4E08-B9FC-E22CA39E8067}\MpKslf5990581.sys [?]
S1 MpKslf59da148;MpKslf59da148;\??\c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{35FB71AB-5B76-47DB-9A20-8FFA0F679BA2}\MpKslf59da148.sys --> c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{35FB71AB-5B76-47DB-9A20-8FFA0F679BA2}\MpKslf59da148.sys [?]
S1 MpKslf6bdbb71;MpKslf6bdbb71;\??\c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{17481A91-5867-4897-9599-ED2A451048E6}\MpKslf6bdbb71.sys --> c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{17481A91-5867-4897-9599-ED2A451048E6}\MpKslf6bdbb71.sys [?]
S1 MpKslfc5d925e;MpKslfc5d925e;\??\c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{EC3EC969-49CC-4C66-9323-58DF64B50F0C}\MpKslfc5d925e.sys --> c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{EC3EC969-49CC-4C66-9323-58DF64B50F0C}\MpKslfc5d925e.sys [?]
S2 SkypeUpdate;Skype Updater;c:\arquivos de programas\Skype\Updater\Updater.exe [29/2/2012 08:50 158856]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\e:\aplicativos\EVEREST portable\kerneld.wnt --> e:\aplicativos\EVEREST portable\kerneld.wnt [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe [3/5/2012 01:54 129976]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com.br/
IE: Baixar com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dllink.htm
IE: Baixar tudo com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlall.htm
IE: Baixar vídeo com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlfvideo.htm
IE: Download selecionado pelo Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlselected.htm
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\2l2p8cs4.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-20 21:06
Windows 5.1.2600 Service Pack 3 NTFS
.
Procurando processos ocultos ...
.
Procurando entradas auto inicializáveis ocultas ...
.
Procurando ficheiros/arquivos ocultos ...
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\e:\aplicativos\EVEREST portable\kerneld.wnt"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
.
- - - - - - - > 'winlogon.exe'(708)
c:\arquivos de programas\GbPlugin\gbiehcef.dll
.
- - - - - - - > 'explorer.exe'(5808)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\arquivos de programas\GbPlugin\gbiehcef.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Tempo para conclusão: 2012-05-20 21:10:08
ComboFix-quarantined-files.txt 2012-05-21 00:10
.
Pré-execução: 27 pasta(s) 43.999.948.800 bytes disponíveis
Pós execução: 28 pasta(s) 43.990.274.048 bytes disponíveis
.
- - End Of File - - C92D83145FE7D04153CCDD0BECE4C1E8