Vírus: iexplore.exe como processo do sistema

mkjuan · #1 6 de novembro de 2008, 02:16

Eu não posso parecer para fechar iexplore.exe, mesmo quando não há nenhum explorador das janelas abertas. Os anúncios sempre aparecem de vez em quando. Também ouço vozes ad / ruídos de fundo. É chato e eu me sinto como o desempenho do sistema tinha abrandado. Please help. Este é o meu log HijackThis:

Logfile do HijackThis v1.99.1
Scan saved at 4:15:28, em 11/6/2008
Plataforma: Windows XP SP3 (WinNT 5/01/2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Executando processos:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Alwil Software \ Avast4 \ aswUpdSv.exe
C: \ Program Files \ Alwil Software \ Avast4 \ ashServ.exe
C: \ WINDOWS \ Explorer.EXE
C: \ Program Files \ ASUS \ Ai Suite \ AiNap \ AiNap.exe
C: \ Program Files \ Common Files \ Ulead Systems \ AutoDetector \ monitor.exe
C: \ WINDOWS \ RTHDCPL.EXE
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ ASUS \ AASP \ 1.00.61 \ aaCenter.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ PROGRA ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ Program Files \ Nokia \ Nokia PC Suite 6 \ PcSync2.exe
C: \ PROGRA ~ 1 \ common ~ 1 \ Nokia \ MPAPI \ MPAPI3s.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Program Files \ Bonjour \ mDNSResponder.exe
C: \ WINDOWS \ system32 \ nvsvc32.exe
C: \ WINDOWS \ system32 \ PSIService.exe
C: \ Program Files \ Viewpoint \ Common \ ViewpointService.exe
C: \ Program Files \ Common Files \ pcsuite \ Services \ ServiceLayer.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Program Files \ Alwil Software \ Avast4 \ ashMaiSv.exe
C: \ Program Files \ Alwil Software \ Avast4 \ ashWebSv.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Arquivos de Programas \ Winamp \ winamp.exe
C: \ Program Files \ Real \ RealPlayer \ RealPlay.exe
C: \ WINDOWS \ system32 \ s1S8Dh6X.exe
C: \ Arquivos de Programas \ Internet Explorer \ iexplore.exe
C: \ Arquivos de Programas \ Internet Explorer \ iexplore.exe
C: \ Program Files \ HijackThis \ HijackThis.exe
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: IE2EMBHO Class - (0A0DDBD3-6641-40B9-873F-BBDD26D6C14E) - C: \ Program Files \ easyMule \ modules \ IE2EM.dll
O2 - BHO: RealPlayer Download e Record Plugin para o Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \ Program Files \ Real \ RealPlayer \ rpbrowserrecordplugin.dll
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no arquivo)
O4 - HKLM \ .. \ Run: [PHIME2002ASync] C: \ WINDOWS \ System32 \ IME \ TINTLGNT \ TINTSETP.EXE / SYNC
O4 - HKLM \ .. \ Run: [PHIME2002A] C: \ WINDOWS \ System32 \ IME \ TINTLGNT \ TINTSETP.EXE / IMEName
O4 - HKLM \ .. \ Run: [Ai Nap] "C: \ Program Files \ ASUS \ Ai Suite \ AiNap \ AiNap.exe"
O4 - HKLM \ .. \ Run: [CPU Power Monitor] "C: \ Program Files \ ASUS \ Ai Suite \ AiGear3 \ CpuPowerMonitor.exe"
O4 - HKLM \ .. \ Run: [Cpu Level Up help] C: \ Program Files \ ASUS \ Ai Suite \ CpuLevelUpHelp.exe
O4 - HKLM \ .. \ Run: [ASUS Energy Saving] "C: \ Program Files \ ASUS \ Ai Suite \ energysaving \ PwSave.exe"
O4 - HKLM \ .. \ Run: [Ulead AutoDetector v2] C: \ Program Files \ Common Files \ Ulead Systems \ AutoDetector \ monitor.exe
O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM \ .. \ Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [NvMediaCenter] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Arquivos de Programas \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [NSLauncher] C: \ Program Files \ Nokia \ Nokia Software Launcher \ NSLauncher.exe / startup
O4 - HKLM \ .. \ Run: [avast!] C: \ PROGRA ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp.exe
O4 - HKCU \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKLM \ .. \ Run: [\ \ MING3 \ EPSON Stylus C120 Series] C: \ WINDOWS \ system32 \ spool \ DRIVERS \ W32X86 \ 3 \ E_FATIC CA.EXE / FU "C: \ DOCUME ~ 1 \ MKJ \ LOCALS ~ 1 \ Temp \ E_S13.tmp "/ EF" HKCU "
O4 - HKCU \ .. \ Run: [PcSync] C: \ Program Files \ Nokia \ Nokia PC Suite 6 \ PcSync2.exe / NoDialog
O8 - Extra context menu item: Add to Google Photos Screensa & ver - res: / / C: \ WINDOWS \ system32 \ GPhotos.scr/200
O8 - Extra context menu item: Download do easyMule - C: \ Program Files easyMule \ \ IE2EM.htm
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ Network Diagnostic \ xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @ Xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ Network Diagnostic \ xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O10 - Unknown file em Winsock LSP: C: \ Program Files \ bonjour \ mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International *
O16 - DPF: (0CCA191D-13A6-4E29-B746-314DEE697D83) (Facebook Photo Uploader 5 Control) -- http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://www.update.microsoft.com/wind...?1224821007296
O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl Class) -- http://www.update.microsoft.com/micr...?1224825458984
O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: livecall - (828030A1-22C1-4009-854F-8E305202313F) - C: \ PROGRA ~ 1 \ MSNMES ~ 1 \ MSGRAP ~ 1.DLL
O18 - Protocol: msnim - (828030A1-22C1-4009-854F-8E305202313F) - C: \ PROGRA ~ 1 \ MSNMES ~ 1 \ MSGRAP ~ 1.DLL
O20 - Winlogon Notify: dimsntfy -% SystemRoot% \ System32 \ dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C: \ WINDOWS \ system32 \ WgaLogon.dll
O21 - SSODL: WPDShServiceObj - (AAA288BA-9A4C-45B0-95D7-94D524869DB5) - C: \ WINDOWS \ system32 \ WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C: \ Program Files \ Alwil Software \ Avast4 \ ashMaiSv.exe "/ service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C: \ Program Files \ Alwil Software \ Avast4 \ ashWebSv.exe "/ service (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C: \ Program Files \ Bonjour \ mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C: \ WINDOWS \ system32 \ PSIService.exe
O23 - Service: ServiceLayer - Nokia. - C: \ Program Files \ Common Files \ pcsuite \ Services \ ServiceLayer.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C: \ Program Files \ Viewpoint \ Common \ ViewpointService.exe

**evilfantasy** · #2 6 de novembro de 2008, 09:37

Baixar CCleaner Slim e guardá-la para o seu desktop.
Quando o arquivo foi salvo, vá para o seu desktop e dê um duplo clique sobre ccsetupxxx_slim.exe
Siga as instruções para instalar o programa.
Complete a instalação em seguida:

Dê um duplo clique no CCleaner atalho na área de trabalho para iniciar o programa.
Clique sobre a Opções bloco de esquerda, em seguida, escolha Cookies.
- Sob Excluir cookies para, Realce quaisquer cookies que você gostaria de manter permanentemente
- Clique na seta direita > para movê-las para o "Cookies" para manter janela.
Vá em Opções > Avançado unverificar Apenas apagar arquivos no Windows Temp pastas com mais de 48 horas
Clique Limpador à esquerda, em seguida, Executar Cleaner sobre o direito de executar o programa.
Importante: Certifique-se de que TODOS janelas do navegador estão fechados antes de escolher Executar Cleaner
Cuidado: Não é recomendado que você use o "Registro" recurso a menos que você esteja muito familiarizado com o registro.
Sair CCleaner depois de ter concluído o seu processo.

----------

Agora, instale a nova versão do HijackThis e postar o log dele.

Baixar TrendMicro HijackThis.exe (HJT) ao desktop.

Dê um duplo clique sobre HJTInstall.
Clique sobre a Instalar botão.
Será automaticamente no lugar HJT C: \ Program Files \ TrendMicro \ HijackThis \ HijackThis.exe.
Após a instalação, HijackThis deve abrir para você.
Clique sobre a Faça um sistema de digitalizar e salvar um arquivo de log botão
HijackThis fará a varredura e, em seguida, será aberto um log no Bloco de Notas.
Copie e cole todo o conteúdo do log em sua postagem.
Não HijackThis correção tem nada ainda. A maior parte do que ele encontra serão inofensivos ou até mesmo necessária.

mkjuan · #3 6 de novembro de 2008, 16:19

Corri o CCleaner e reinstalou a versão nova do HiJackThis.

Logfile da Trend Micro HijackThis v2.0.2
Scan saved at 6:18:15, em 11/6/2008
Plataforma: Windows XP SP3 (WinNT 5/01/2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Executando processos:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Alwil Software \ Avast4 \ aswUpdSv.exe
C: \ Program Files \ Alwil Software \ Avast4 \ ashServ.exe
C: \ WINDOWS \ Explorer.EXE
C: \ Program Files \ ASUS \ Ai Suite \ AiNap \ AiNap.exe
C: \ Program Files \ Common Files \ Ulead Systems \ AutoDetector \ monitor.exe
C: \ WINDOWS \ RTHDCPL.EXE
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ ASUS \ AASP \ 1.00.61 \ aaCenter.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ PROGRA ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Program Files \ Bonjour \ mDNSResponder.exe
C: \ WINDOWS \ system32 \ nvsvc32.exe
C: \ WINDOWS \ system32 \ PSIService.exe
C: \ Program Files \ Viewpoint \ Common \ ViewpointService.exe
C: \ Program Files \ Common Files \ pcsuite \ Services \ ServiceLayer.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Program Files \ Alwil Software \ Avast4 \ ashMaiSv.exe
C: \ Program Files \ Alwil Software \ Avast4 \ ashWebSv.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ s1S8Dh6X.exe
C: \ Arquivos de Programas \ Adobe \ Reader 8.0 \ Reader \ AcroRd32.exe
C: \ PROGRA ~ 1 \ COMMON ~ 1 \ PCSuite \ DATALA ~ 1 \ DATALA ~ 1.EXE
C: \ WINDOWS \ system32 \ conime.exe
C: \ Program Files \ CCleaner \ CCleaner.exe
C: \ Arquivos de Programas \ Internet Explorer \ iexplore.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: IE2EMBHO Class - (0A0DDBD3-6641-40B9-873F-BBDD26D6C14E) - C: \ Program Files \ easyMule \ modules \ IE2EM.dll
O2 - BHO: RealPlayer Download e Record Plugin para o Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \ Program Files \ Real \ RealPlayer \ rpbrowserrecordplugin.dll
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no arquivo)
O4 - HKLM \ .. \ Run: [PHIME2002ASync] C: \ WINDOWS \ System32 \ IME \ TINTLGNT \ TINTSETP.EXE / SYNC
O4 - HKLM \ .. \ Run: [PHIME2002A] C: \ WINDOWS \ System32 \ IME \ TINTLGNT \ TINTSETP.EXE / IMEName
O4 - HKLM \ .. \ Run: [Ai Nap] "C: \ Program Files \ ASUS \ Ai Suite \ AiNap \ AiNap.exe"
O4 - HKLM \ .. \ Run: [CPU Power Monitor] "C: \ Program Files \ ASUS \ Ai Suite \ AiGear3 \ CpuPowerMonitor.exe"
O4 - HKLM \ .. \ Run: [Cpu Level Up help] C: \ Program Files \ ASUS \ Ai Suite \ CpuLevelUpHelp.exe
O4 - HKLM \ .. \ Run: [ASUS Energy Saving] "C: \ Program Files \ ASUS \ Ai Suite \ energysaving \ PwSave.exe"
O4 - HKLM \ .. \ Run: [Ulead AutoDetector v2] C: \ Program Files \ Common Files \ Ulead Systems \ AutoDetector \ monitor.exe
O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM \ .. \ Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [NvMediaCenter] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Arquivos de Programas \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [NSLauncher] C: \ Program Files \ Nokia \ Nokia Software Launcher \ NSLauncher.exe / startup
O4 - HKLM \ .. \ Run: [avast!] C: \ PROGRA ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp.exe
O4 - HKCU \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKLM \ .. \ Run: [\ \ MING3 \ EPSON Stylus C120 Series] C: \ WINDOWS \ system32 \ spool \ DRIVERS \ W32X86 \ 3 \ E_FATIC CA.EXE / FU "C: \ DOCUME ~ 1 \ MKJ \ LOCALS ~ 1 \ Temp \ E_S13.tmp "/ EF" HKCU "
O4 - HKCU \ .. \ Run: [PcSync] C: \ Program Files \ Nokia \ Nokia PC Suite 6 \ PcSync2.exe / NoDialog
O4 - HKLM \ .. \ Run: [Uniblue RegistryBooster 2009] C: \ Program Files \ Uniblue \ RegistryBooster \ / nosplash /
O4 - HKUS \ S-1-5-19 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ System32 \ CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ System32 \ CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ System32 \ CTFMON.EXE (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ System32 \ CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa & ver - res: / / C: \ WINDOWS \ system32 \ GPhotos.scr/200
O8 - Extra context menu item: Download do easyMule - C: \ Program Files easyMule \ \ IE2EM.htm
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @ Xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø15 - ESC Trusted Zone: http:// *. update.microsoft.com
O16 - DPF: (0CCA191D-13A6-4E29-B746-314DEE697D83) (Facebook Photo Uploader 5 Control) -- http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://www.update.microsoft.com/wind...?1224821007296
O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl Class) -- http://www.update.microsoft.com/micr...?1224825458984
O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C: \ Program Files \ Bonjour \ mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C: \ WINDOWS \ system32 \ PSIService.exe
O23 - Service: ServiceLayer - Nokia. - C: \ Program Files \ Common Files \ pcsuite \ Services \ ServiceLayer.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C: \ Program Files \ Viewpoint \ Common \ ViewpointService.exe
--
End of file - 7422 bytes

Qual é o próximo passo?

Obrigado por sua ajuda.

**evilfantasy** · #4 6 de novembro de 2008, 16:53

Ficheiros suspeitos para digitalizar

Por favor, vá para VirSCAN.org LIVRE digitalizar serviço on-line
(Se mais de um arquivo digitalizado necessidades que deve ser feito separadamente e registra destacados para cada uma)

1. Copie e cole o seguinte caminho para o arquivo Ficheiros suspeitos para digitalizar caixa na parte superior da página.

Código:

C: \ WINDOWS \ system32 \ s1S8Dh6X.exe

2. Ao fazer o upload do site, clique uma vez dentro da janela ao lado Percorrer.
3. Imprensa Ctrl + V no teclado (ambos ao mesmo tempo) para colar o caminho do arquivo para a janela.
4. Clique sobre a Enviar botão.
Isto irá realizar uma varredura em vários vírus diferentes motores.
Seu arquivo será possivelmente entrou em uma fila que normalmente demora menos de um minuto para limpar.
Importante: Espere para todos os motores a varredura completa.
5. Assim que a varredura é terminada role para baixo e clique no botão Copiar para a Área de Transferência botão. Isso irá copiar o link do relatório para a prancheta.
6. Cole o conteúdo do Clipboard na sua próxima resposta.

mkjuan · #5 6 nov 2008, 17:19

Aqui está a informação da prancheta para o s1S8Dh6X.exe arquivo.

Informações do arquivo Nome do arquivo: Tamanho s1S8Dh6X.exeFile: 62.464 byteFile Tipo: PE32 executável para o MS Windows (GUI) Intel 80386 32-bitMD5: 895f4e2eed5a30e317460e66989042d0SHA1: Veja os resultados 8d133ba222ce2d511ff28d900586e79041a8b4cfScanner Scanner: Scanner de 8% (3 / 39) encontrou malware! Time: 2008 / 11/06 19:15:08 (EST)Scanner

Motor de Ver Sig Ver Sig Data Scan resultado Tempoa-squared4.0.0.232008.11.032008-11-03--
1.832AhnLab V32008.11.07.012008.11.072008-11-07--
0.987AntiVir7.9.0.267.1.0.492008-11-06--
1.503Antiy2.0.1820081106.15602992008-11-06--
0.122Arcavir1.0.52008110611442008-11-06--
1.227Authentium5.1.12008110611422008-11-06--
1.367AVAST! 3.0.1081106-02008-11-06--
0.725AVG7.5.52.442270.9.0/17722008-11-06Clicker.TXO
1.691BitDefender7.60825.20709477.217192008-11-07--
3.401CA EFP () 9.0.0.14331.6.61952008-11-06--
7.230ClamAV0.9485842008-11-07--
0.021Comodo2.112.0.0.6992008-11-06--
0.422CP Secure1.1.0.7152008.11.062008-11-06--
6.447Dr.Web4.44.0.91702008.11.062008-11-06--
3.465ewido4.0.0.22008.11.062008-11-06--
3.024F-Prot4.4.4.56200811062008-11-06--
1.293F-Secure5.51.61002008.11.06.112008-11-06--
3.681Fortinet2.81-3.1179.6922008-11-06--
0.215GData19.1393/19.94200811072008-11-07--
2.739IkarusT3.1.01.452008.11.06.718072008-11-06--
3.517JiangMin11.0.7062008.11.062008-11-06--
1.312Kaspersky5.5.102008.11.062008-11-06--
0.034KingSoft2008.9.8.182008.11.6.202008-11-06--
0.690McAfee5.3.0054262008-11-06--
2.352Microsoft1.41042008.11.072008-11-07--
8.785mks_vir2.012008.11.062008-11-06--
2.720Norman5.93.015.93.002008-11-06--
5.480nProtect2008-11-06,0023828662008-11-06--
5.379Panda9.05.012008.11.062008-11-06--
3.744Quick Heal9.502008.09.122008-09-12--
2.520Rising20.021.02.32.002008-11-06--
3.054Sophos2.80.04.352008-11-07Mal / Generic-CZ
1.881Sunbelt3.1.1783.223742008-11-04--
1.058Symantec1.3.0.2420081106.0042008-11-06Infostealer
0.046The Hacker6.3.1.1v001432008-11-06--
0.445Trend Micro8.700-10045.642.172008-11-06--
0.028VBA323.12.8.920081106.17172008-11-06--
1.390ViRobot200811052008.11.052008-11-05--
0.398VirusBuster4.5.11.1010.90.27/6712492008-11-06--
0.876Thanks

mkjuan · #6 6 de novembro de 2008, 17:30

http://virscan.org/report/3510c11282...b9674c0c1.html

thats o link para o arquivo digitalizado.

**evilfantasy** · #7 6 de novembro de 2008, 17:39

Download ComboFix por subcategorias de um dos links abaixo. Certifique-se de guardá-lo para o topo Desktop.

Link # 1
Link # 2

** Nota: É importante que ele é guardado directamente para o seu desktop

Feche todos os browsers abertos. (Firefox, Internet Explorer, etc) antes de iniciar ComboFix.

Temporariamente desabilitar seu antivírus, E qualquer antispyware proteção em tempo real antes realizar uma varredura. Clique este link para ver uma lista de programas de segurança que devem ser desativados e como desativá-los.

Dê um clique duplo combofix.exe e siga as instruções.

Para sistemas Windows XP instalar o Console de recuperação:

- Se você estiver usando o Windows XP e ainda não tem o Console de recuperação instalado, verifique sua conexão de Internet está ativa (se possível) e clique em Sim.
- Se por algum motivo seu Internet não está funcionando clique Não.
-- Se você não estiver usando o Windows XP, você não será solicitado.
- Quando solicitado a aceitar o EULA clique OK.
- Aceitar da Microsoft EULA (Clique Sim).
- Quando dizem que o RC está instalado corretamente clique SIM para continuar a varredura de malware.

Quando terminar ComboFix irá produzir um log para você.
Publicar a Log ComboFix na sua próxima resposta.

Importante: Não mouseclick ComboFix da janela enquanto ele está sendo executado. Isso pode fazer com que a barraca.

Lembre-se de reativar a sua protecção antivírus e antispyware ComboFix quando estiver completa.

mkjuan · #8 6 de novembro de 2008, 17:57

ComboFix Log

ComboFix 08-11-05.02 - MKJ 2008-11-06 19:51:34.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3144 [GMT -5:00]
Executando de: C: \ Documents and Settings \ MKJ \ Desktop \ ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2008/10/07 a 2008/11/07 ))))))))))) ))))))))))))))))))))
.
2008-11-06 18:15. 2008-11-06 18:15 d -------- C: \ Arquivos de programas \ CCleaner
2008-11-06 03:51. 2008-11-06 03:51 d -------- C: \ Arquivos de Programas \ Trend Micro
2008-11-06 03:22. 2008-11-06 03:22 d -------- C: \ Arquivos de programas \ Alwil Software
2008-11-06 02:10. 2008-11-06 02:10 d -------- C: \ Arquivos de programas \ Reference Assemblies
2008-11-06 02:07. <DIR> 2008-11-06 02:07 dr-h ----- C: \ AHCache
2008-11-05 23:11. 2008-11-06 02:12 d -------- C: \ Documents and Settings \ MKJ \ Application Data \ Uniblue
2008-11-05 22:05. 2008-11-05 22:05 d -------- C: \ Documents and Settings \ Administrador \ Application Data \ Malwarebytes
2008-11-05 22:04. 2008-11-05 22:04 d -------- C: \ Documents and Settings \ Administrator
2008-11-05 16:34. 2008-11-05 16:34 d -------- C: \ Arquivos de Programas \ Xanga Uploader
2008-11-05 16:34. 2008-11-05 16:34 d -------- C: \ Documents and Settings \ MKJ \ Application Data \. Xuploader
2008-11-05 16:08. 2008-11-05 16:08 d -------- C: \ Arquivos de programas \ Malwarebytes 'Anti-Malware
2008-11-05 16:08. 2008-11-05 16:08 d -------- C: \ Documents and Settings \ MKJ Dados de aplicativos \ Malwarebytes
2008-11-05 16:08. 2008-11-05 16:08 d -------- C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes
2008-11-05 16:08. 2008-10-22 16:10 38.496 - a ------ c: \ windows \ system32 \ mbamswissarmy.sys
2008-11-05 16:08. 2008-10-22 16:10 15.504 - a ------ c: \ windows \ system32 \ mbam.sys
2008-11-05 15:38. 2008-11-05 15:38 62.464 - a ------ c: \ windows \ system32 \ s1S8Dh6X.exe
2008-11-01 16:18. 2008-11-01 16:18 d -------- C: \ WINDOWS \ system32 \ IOSUBSYS
2008-11-01 16:18. 2008-11-01 16:18 d -------- C: \ Arquivos de programas \ Google
2008-10-28 02:00. 2008-10-28 02:00 d -------- C: \ Arquivos de programas \ MSXML 4.0
2008-10-28 01:19. 2008-10-28 01:19 d -------- C: \ Documents and Settings \ MKJ \ Application Data \ Nokia
2008-10-28 01:19. 2008-10-28 01:19 d -------- C: \ Documents and Settings \ MKJ Dados de aplicativos \ DataLayer
2008-10-28 01:18. 2008-10-30 05:43 d -------- C: \ Documents and Settings \ MKJ \ Phone Browser
2008-10-28 00:55. 2008-10-28 00:55 d -------- C: \ Documents and Settings \ MKJ \ Application Data \ DivX
2008-10-28 00:54. 2008-10-28 00:54 d -------- C: \ Arquivos de Programas \ Windows Media Components
2008-10-28 00:54. 2005-06-10 09:43 73.728 - a ------ c: \ windows \ system32 \ ISUSPM.cpl
2008-10-28 00:50. 2008-10-28 00:50 d -------- C: \ Arquivos de Programas \ DIFX
2008-10-28 00:50. 2008-10-28 00:50 d -------- C: \ Arquivos de programas \ Arquivos comuns \ Nokia
2008-10-28 00:50. 2008-10-28 00:58 d -------- C: \ Documents and Settings \ MKJ \ Application Data \ PC Suite
2008-10-28 00:50. 2008-10-28 00:58 d -------- C: \ Documents and Settings \ All Users \ Application Data \ PC Suite
2008-10-28 00:50. 2008-10-28 00:50 d -------- C: \ Documents and Settings \ All Users \ Application Data \ Downloaded Installations
2008-10-28 00:50. 2006-05-29 07:26 127,488 - a ------ c: \ windows \ system32 \ nmwcd.sys
2008-10-28 00:50. 2006-05-29 07:26 50,688 - a ------ c: \ windows \ system32 \ nmwcdcls.dll
2008-10-28 00:50. 2006-05-29 07:26 30,720 - a ------ c: \ windows \ system32 \ nmwcdcocls.dll
2008-10-28 00:50. 2006-05-29 07:26 13,312 - a ------ c: \ windows \ system32 \ nmwcdcm.sys
2008-10-28 00:50. 2006-05-29 07:26 13,312 - a ------ c: \ windows \ system32 \ nmwcdcj.sys
2008-10-28 00:50. 2006-05-29 07:26 8,704 - a ------ c: \ windows \ system32 \ nmwcdc.sys
2008-10-28 00:50. 2006-05-29 07:26 4,608 - a ------ c: \ windows \ system32 \ nmwcdlog.dll
2008-10-28 00:49. 2008-10-28 00:49 d -------- C: \ WINDOWS \ Downloaded Installations
2008-10-28 00:49. 2008-10-28 00:51 d -------- C: \ Arquivos de programas \ Nokia
2008-10-28 00:49. 2008-10-28 00:50 d -------- C: \ Arquivos de programas \ Arquivos comuns \ PCSuite
2008-10-27 23:54. 2008-10-27 23:54 d -------- C: \ Documents and Settings \ All Users \ Dados de aplicativos \ EPSON
2008-10-27 21:55. 2008-10-27 21:55 d -------- C: \ Arquivos de programas \ Ventrilo
2008-10-27 21:55. 2008-10-27 21:55 d -------- C: \ Arquivos de programas \ Arquivos comuns \ Wise Installation Wizard
2008-10-27 21:55. 2008-10-27 21:56 d -------- C: \ Documents and Settings \ MKJ Dados de aplicativos \ Ventrilo
2008-10-27 21:13. 2008-11-06 19:50 160,100 - a ------ c: \ windows \ system32 \ nvapps.xml
2008-10-27 21:05. 2008-11-05 16:09 <DIR> da ------ C: \ Documents and Settings \ All Users \ Application Data \ TEMP
2008-10-26 23:48. 2008-11-06 05:29 d -------- C: \ Arquivos de Programas \ easyMule
2008-10-26 13:53. 2008-10-26 13:53 d -------- C: \ Documents and Settings \ MKJ Dados de aplicativos \ Viewpoint
2008-10-25 19:37. 2008-10-25 19:37 d -------- C: \ Arquivos de programas \ iPod
2008-10-25 19:37. 2008-10-25 19:37 d -------- C: \ Documents and Settings \ MKJ \ Application Data \ Apple Computer
2008-10-25 19:37. 2008-04-17 12:12 107.368 - a ------ c: \ windows \ system32 \ GEARAspi.dll
2008-10-25 19:37. 2008-04-17 12:12 15.464 - a ------ c: \ windows \ system32 \ GEARAspiWDM.sys
2008-10-25 19:36. 2008-10-25 19:36 d -------- C: \ Arquivos de programas \ QuickTime
2008-10-25 19:36. 2008-10-25 19:37 d -------- C: \ Arquivos de programas \ iTunes
2008-10-25 19:36. 2008-10-25 19:36 d -------- C: \ Arquivos de programas \ Bonjour
2008-10-25 19:36. 2008-10-25 19:36 d -------- C: \ Arquivos de programas \ Apple Software Update
2008-10-25 19:36. 2008-10-25 19:36 d -------- C: \ Documents and Settings \ All Users \ Application Data \ Apple Computer
2008-10-25 19:36. 2008-10-25 19:37 d -------- C: \ Documents and Settings \ All Users \ Application Data \ (3276BE95_AF08_429F_A64F_CA64CB79BCF6)
2008-10-25 19:35. 2008-10-25 19:36 d -------- C: \ Arquivos de programas \ Arquivos comuns \ Apple
2008-10-25 19:35. 2008-10-25 19:35 d -------- C: \ Documents and Settings \ All Users \ Application Data \ Apple
2008-10-24 18:11. 2007-07-30 18:19 271.224 - a ------ c: \ windows \ system32 \ mucltui.dll
2008-10-24 18:11. 2007-07-30 18:19 30.072 - a ------ c: \ windows \ system32 \ mucltui.dll.mui
2008-10-24 15:39. 2008-10-24 15:39 d -------- C: \ Documents and Settings \ All Users \ Dados de aplicativos \ Blizzard
2008-10-24 14:24. 2008-10-24 14:24 d -------- C: \ Arquivos de Programas \ Real
2008-10-24 14:24. 2008-10-24 14:24 d -------- C: \ Arquivos de programas \ Arquivos comuns \ xing compartilhada
2008-10-24 14:24. 2008-10-24 14:24 d -------- C: \ Arquivos de programas \ Arquivos comuns \ Real
2008-10-24 14:07. 2008-10-24 14:07 d -------- C: \ Documents and Settings \ MKJ \ Logs
2008-10-24 13:59. 2008-10-24 13:59 d -------- C: \ Arquivos Históricos
2008-10-24 10:05. 2008-10-27 21:15 d -------- C: \ WINDOWS \ nView
2008-10-24 10:05. 2008-01-10 01:30 442.368-ra ------ c: \ windows \ system32 \ nvusmb.exe
2008-10-24 10:05. 2008-03-06 15:23 442.368 - a ------ c: \ windows \ system32 \ NVUNINST.EXE
2008-10-24 10:05. 2008-03-19 04:04 442.368 - a ------ c: \ windows \ system32 \ nvudisp.exe
2008-10-24 10:05. 2007-09-27 22:32 356.352-ra ------ c: \ windows \ system32 \ nvusmu.exe
2008-10-24 10:05. 2008-01-03 17:26 17.737 - a ------ c: \ windows \ system32 \ nvdisp.nvu
2008-10-24 10:05. 2007-10-12 03:53 13.312-ra ------ c: \ windows \ system32 \ drivers \ nvsmu.sys
2008-10-24 10:05. 2007-12-07 03:12 5.836 - a ------ c: \ windows \ system32 \ nvnrm.nvu
2008-10-24 10:05. 2008-01-16 17:17 3.948-ra ------ c: \ windows \ system32 \ drivers \ nvphy.bin
2008-10-24 10:05. 2007-12-07 01:34 2.016-ra ------ c: \ windows \ system32 \ nvsmb.nvu
2008-10-24 10:05. 2007-09-12 01:14 659-ra ------ c: \ windows \ system32 \ nvsmu.nvu
2008-10-24 10:04. 2008-10-23 22:44 35.647 - a ------ c: \ windows \ Ascd_log.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-06 10:37 --------- d ----- wc: \ Program Files \ AIMTunes
2008-11-04 21:36 --------- d ----- wc: \ Arquivos de Programas \ World of Warcraft
2008-10-28 05:55 --------- d ----- wc: \ Program Files \ Common Files \ Ulead Systems
2008-10-28 05:55 --------- d ----- wc: \ Documents and Settings \ MKJ Dados de aplicativos \ Ulead Systems
2008-10-28 05:54 --------- d ----- wc: \ Program Files \ Ulead Systems
2008-10-28 05:54 --------- d ----- wc: \ Documents and Settings \ All Users \ Dados de aplicativos \ Ulead Systems
2008-10-28 05:53 --------- d - h - wc: \ Arquivos de programas \ InstallShield Installation Information
2008-10-28 05:02 --------- d ----- wc: \ Arquivos de programas \ Arquivos comuns \ Adobe
2008-10-24 19:24 499.712 ---- aw C: \ WINDOWS \ system32 \ msvcp71.dll
2008-10-24 19:24 348.160 ---- aw C: \ WINDOWS \ system32 \ msvcr71.dll
2008-10-24 14:51 --------- d ----- wc: \ Arquivos de programas \ microsoft frontpage
2008-10-24 07:55 --------- d ----- wc: \ Program Files \ MSN Messenger
2008-10-24 06:09 --------- d ----- wc: \ Arquivos de Programas \ Microsoft CAPICOM 2.1.0.2
2008-10-24 05:44 --------- d ----- wc: \ Arquivos de Programas \ Winamp
2008-10-24 05:44 --------- d ----- wc: \ Documents and Settings \ MKJ \ Application Data \ Winamp
2008-10-24 05:40 --------- d ----- wc: \ Documents and Settings \ MKJ \ Application Data \ acccore
2008-10-24 05:39 --------- d ----- wc: \ Program Files \ AIM6
2008-10-24 05:39 --------- d ----- wc: \ Documents and Settings \ All Users \ Dados de aplicativos \ AOL Downloads
2008-10-24 05:38 --------- d ----- wc: \ Program Files \ Viewpoint
2008-10-24 05:38 --------- d ----- wc: \ Program Files \ Common Files \ AOL
2008-10-24 05:38 --------- d ----- wc: \ Documents and Settings \ All Users \ Dados de aplicativos \ Viewpoint
2008-10-24 05:38 --------- d ----- wc: \ Documents and Settings \ All Users \ Dados de aplicativos \ AOL OCP
2008-10-24 05:38 --------- d ----- wc: \ Documents and Settings \ All Users \ Application Data \ AOL
2008-10-24 05:38 --------- d ----- wc: \ Documents and Settings \ All Users \ Dados de aplicativos acccore
2008-10-24 05:32 --------- d ----- wc: \ Arquivos de programas \ Arquivos comuns \ Blizzard Entertainment
2008-10-24 05:20 --------- d ----- wc: \ Arquivos de Programas \ Windows Media Connect 2
2008-10-24 05:10 --------- d ----- wc: \ Program Files \ DivX
2008-10-24 05:08 --------- d ----- wc: \ Program Files \ DefilerPak
2008-10-24 04:37 --------- d ----- wc: \ Program Files \ Realtek
2008-10-24 04:33 --------- d ----- wc: \ Documents and Settings \ All Users \ Application Data \ Symantec
2008-10-24 04:18 --------- d ----- wc: \ Program Files \ Common Files \ Symantec Shared
2008-10-24 03:58 --------- d ----- wc: \ Documents and Settings \ All Users \ Application Data \ InstallShield
2008-10-24 03:57 --------- d ----- wc: \ Program Files \ Common Files \ InstallShield
2008-10-24 03:54 --------- d ----- wc: \ Documents and Settings \ All Users \ Application Data \ Corel
2008-10-24 03:33 --------- d ----- wc: \ Program Files \ ASUS
2008/10/24 03:08 315,392 ---- aw C: \ WINDOWS \ HideWin.exe
2008-10-24 03:08 --------- d ----- wc: \ Arquivos de Programas \ perfil
2008-10-24 00:18 2.302.017 ---- aw C: \ WINDOWS \ system32 \ GPhotos.scr
2008-09-23 22:46 245.408 ---- aw C: \ WINDOWS \ system32 \ unicows.dll
2008/09/15 12:12 1.846.400 ---- aw C: \ Windows \ system32 \ win32k.sys
2008-09-08 10:41 333.824 ---- aw C: \ WINDOWS \ system32 \ drivers \ srv.sys
2008-08-29 14:18 87.336 ---- aw C: \ WINDOWS \ system32 \ dns-SD.EXE
2008-08-29 13:53 61.440 ---- aw C: \ WINDOWS \ system32 \ dnssd.dll
2008/08/26 07:24 826,368 ---- aw C: \ Windows \ system32 \ wininet.dll
2008-08-14 10:09 2.145.280 ---- aw C: \ WINDOWS \ system32 \ ntoskrnl.exe
2008-08-14 09:33 2.023.936 ---- aw C: \ WINDOWS \ system32 \ ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Nota * entradas vazias & legit entradas padrão não são mostrados
REGEDIT4
[HKEY_LOCAL_MACHINE \ ~ \ Browser Helper Objects \ (0A0DDBD3-6641-40B9-873F-BBDD26D6C14E)]
2008-10-23 02:37 147928 - a ------ C: \ Arquivos de Programas \ easyMule \ modules \ IE2EM.dll
[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ actuais ntVersion \ Run]
"CTFMON.EXE" = "c: \ windows \ system32 \ ctfmon.exe" [2008-04-13 15360]
"\ \ MING3 \ EPSON Stylus C120 Series "=" c: \ windows \ system32 \ spool \ DRIVERS \ W32X86 \ 3 \ E_FATICCA.EXE "[2007-03-12 182272]
"PcSync" = "C: \ Program Files \ Nokia \ Nokia PC Suite 6 \ PcSync2.exe" [2006-06-27 1449984]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"PHIME2002ASync" = "c: \ windows \ system32 \ DRIVERS \ jusched.exe" [2004-08-04 455168]
"PHIME2002A" = "c: \ windows \ system32 \ DRIVERS \ TIN TSETP.EXE" [2004-08-04 455168]
"Ai Nap" = "c: \ Program Files \ ASUS \ Ai Suite \ AiNap \ ainap.exe" [2008-01-28 1413120]
"CPU Power Monitor" = "c: \ Program Files \ ASUS \ Ai Suite \ AiGear3 \ CpuPowerMonitor.exe" [2008-01-09 627200]
"Cpu Level Up help" = "c: \ Program Files \ ASUS \ Ai Suite \ CpuLevelUpHelp.exe" [2007-11-30 881152]
"ASUS Energy Saving" = "c: \ Program Files \ ASUS \ Ai Suite \ energysaving \ PwSave.exe" [2008-01-28 1352704]
"Ulead AutoDetector v2" = "c: \ Program Files \ Common Files \ Ulead Systems \ AutoDetector \ Monitor.exe" [2006-11-29 90112]
"SunJavaUpdateSched" = "c: \ Program Files \ Common Files \ Real \ ccApp.exe" [2008-10-24 185872]
"QuickTime Task" = "C: \ Program Files \ QuickTime \ qttask.exe" [2008-09-06 413696]
"iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2008-10-01 289576]
"NvCplDaemon" = "c: \ windows \ system32 \ ctfmon.exe" [2008-01-03 13508608]
"NvMediaCenter" = "c: \ windows \ system32 \ NVMcTray. Dll" [2008-01-03 86016]
"Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" [2008-01-11 39792]
"NSLauncher" = "C: \ Program Files \ Nokia \ Nokia Software Launcher \ NSLauncher.exe" [2006-11-28 2658304]
"avast!" = "c: \ progra ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp. exe" [2008-07-19 78008]
"SMSERIAL" = "SkyTel.EXE" [2008-05-07 C: \ WINDOWS \ SOUNDMAN.EXE]
"nwiz" = "nwiz.exe" [2008-01-03 C: \ WINDOWS \ system32 \ nwiz.exe]
[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"CTFMON.EXE" = "c: \ windows \ system32 \ CTFMON.EXE" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ drivers32]
"msacm.dvacm" = c: \ progra ~ 1 \ common ~ 1 \ ULEADS ~ 1 \ Vio \ Dvacm.acm
"msacm.divxa32" = DivXa32.acm
"msacm.ulmp3acm" = "c: \ progra ~ 1 \ COMMON ~ 1 \ ULEADS ~ 1 \ MPEG \ ulmp3acm.acm
"msacm.mpegacm" = "c: \ progra ~ 1 \ COMMON ~ 1 \ ULEADS ~ 1 \ MPEG \ mpegacm.acm
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ dotnet3.exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ dotnet3 [1] exe.]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ dotnet3 [2] exe.]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ dotnetfx.exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ dotnetfx3.exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ dotnetfx30SP1setup.exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ dotnetfx30SP1setup [1]. Exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ dotnetfx30SP1setup [2]. Exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ dotnetfx35.exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ dotnetfx35setup.exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ dotnetfx35setup [1]. Exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ dotnetfx35setup [2]. Exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ dotnetfx35 [1] exe.]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ dotnetfx35 [2] exe.]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ dotnetfx3setup.exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ dotnetfx3setup [1]. Exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ dotnetfx3setup [2]. Exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ dotnetfx3 [1] exe.]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ dotnetfx3 [2] exe.]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ dotnetfx3_ia64.exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ dotnetfx3_ia64 [1] exe.]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ dotnetfx3_ia64 [2] exe.]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ dotnetfx3_x64.exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ dotnetfx3_x64 [1] exe.]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ dotnetfx3_x64 [2] exe.]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ dotnetfx [1]. Exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ dotnetfx [2]. Exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ NetFx20SP1_ia64.exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ NetFx20SP1_ia64 [1]. Exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ NetFx20SP1_ia64 [2] exe.]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ NetFx20SP1_x64.exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ NetFx20SP1_x64 [1]. Exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ NetFx20SP1_x64 [2] exe.]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ NetFx20SP1_x86.exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ NetFx20SP1_x86 [1] exe.]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ NetFx20SP1_x86 [2] exe.]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ NetFx20SP2_ia64.exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ NetFx20SP2_ia64 [1]. Exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ NetFx20SP2_ia64 [2] exe.]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ NetFx20SP2_x64.exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ NetFx20SP2_x64 [1]. Exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ NetFx20SP2_x64 [2] exe.]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ NetFx20SP2_x86.exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ NetFx20SP2_x86 [1] exe.]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ NetFx20SP2_x86 [2] exe.]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ NetFx30SP1_x64.exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ NetFx30SP1_x64 [1]. Exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ NetFx30SP1_x64 [2] exe.]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ NetFx30SP1_x86.exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ NetFx30SP1_x86 [1] exe.]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ NetFx30SP1_x86 [2] exe.]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ netfx35_ia64.exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ NetFx35_ia64 [1]. Exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ NetFx35_ia64 [2] exe.]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ netfx35_x64.exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ NetFx35_x64 [1]. Exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ NetFx35_x64 [2] exe.]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ netfx35_x86.exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ NetFx35_x86 [1] exe.]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ NetFx35_x86 [2] exe.]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ NetFx64.exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ NetFx64 [1]. Exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ NetFx64 [2] exe.]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ system32 \ \ Sessmgr.exe" =
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" =
"c: \ \ Program Files \ \ Common Files \ AOL \ \ Loader \ \ aolload.exe" =
"c: \ \ Arquivos de Programas \ \ AIM6 \ \ aim6.exe" =
"c: \ \ Arquivos de Programas \ \ World of Warcraft \ \ WoW-2.3.0-enUS-downloader.exe" =
"c: \ \ Arquivos de Programas \ \ MSN Messenger \ \ msnmsgr.exe" =
"c: \ \ Arquivos de Programas \ \ MSN Messenger \ \ livecall.exe" =
"c: \ \ Arquivos de Programas \ \ Bonjour \ \ mDNSResponder.exe" =
"c: \ \ Arquivos de Programas \ \ iTunes \ \ iTunes.exe" =
"c: \ \ Program Files \ \ easyMule \ \ emule.exe" =
[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List]
"3724: TCP" = 3724: TCP: Blizzard Downloader: 3724
"12178: TCP" = 12178: TCP: BitComet 12178 TCP
"12178: UDP" = 12178: UDP: BitComet 12178 UDP
R1 aswSP; avast! Self Protection; c: \ windows \ system32 \ drivers \ aswSP.sys [2008-07-19 78416]
R2 aswFsBlk; aswFsBlk; c: \ windows \ system32 \ DRIVERS \ aswF sBlk.sys [2008-07-19 20560]
R2 Viewpoint Manager Service; Viewpoint Manager Service; c: \ Program Files \ Viewpoint \ Common \ ViewpointService.exe [2007-01-04 24652]
R3 NVHDA; serviço NVidia Driver High Definition Audio; c: \ windows \ system32 \ drivers \ nvhda32.sys [2008-05-04 38560]
.
Conteúdo da 'Tarefas agendadas' pasta
2008/11/01 c: \ windows \ Tasks \ AppleSoftwareUpdate.job
- C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe [2008-07-30 11:34]
2008/11/06 c: \ windows \ Tasks \ At1.job
- C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38]
2008/11/06 c: \ windows \ Tasks \ At10.job
- C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38]
2008/11/06 c: \ windows \ Tasks \ At11.job
- C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38]
2008/11/06 c: \ windows \ Tasks \ At12.job
- C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38]
2008/11/06 c: \ windows \ Tasks \ At13.job
- C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38]
2008/11/06 c: \ windows \ Tasks \ At14.job
- C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38]
2008/11/06 c: \ windows \ Tasks \ At15.job
- C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38]
2008/11/06 c: \ windows \ Tasks \ At16.job
- C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38]
2008/11/06 c: \ windows \ Tasks \ At17.job
- C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38]
2008/11/06 c: \ windows \ Tasks \ At18.job
- C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38]
2008/11/06 c: \ windows \ Tasks \ At19.job
- C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38]
2008/11/06 c: \ windows \ Tasks \ At2.job
- C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38]
2008/11/07 c: \ windows \ Tasks \ At20.job
- C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38]
2008/11/06 c: \ windows \ Tasks \ At21.job
- C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38]
2008/11/06 c: \ windows \ Tasks \ At22.job
- C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38]
2008/11/06 c: \ windows \ Tasks \ At23.job
- C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38]
2008/11/06 c: \ windows \ Tasks \ At24.job
- C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38]
2008/11/06 c: \ windows \ Tasks \ At3.job
- C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38]
2008/11/06 c: \ windows \ Tasks \ At4.job
- C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38]
2008/11/06 c: \ windows \ Tasks \ At5.job
- C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38]
2008/11/06 c: \ windows \ Tasks \ At6.job
- C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38]
2008/11/06 c: \ windows \ Tasks \ At7.job
- C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38]
2008/11/06 c: \ windows \ Tasks \ At8.job
- C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38]
2008/11/06 c: \ windows \ Tasks \ At9.job
- C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38]
.
- - - - ÓRFÃOS REMOVIDO - - - --
HKCU-Run-Uniblue RegistryBooster 2009 - C: \ Program Files \ Uniblue \ RegistryBooster \ RegistryBooster.exe
MSConfigStartUp-Uniblue RegistryBooster 2009 - c: \ Program Files \ Uniblue \ RegistryBooster \ MsnMsgr.Exe

.
Scan Suplementar ------- -------
.
R0 -: HKCU-Main, Start Page = about: em branco
R1 -: HKCU-Internet Settings, ProxyOverride = *. local
O8 -: Add to Google Photos Screensa & ver - c: \ windows \ system32 \ GPhotos.scr/200
O8 -: Download do easyMule - c: \ Program Files \ easyMule \ IE2EM.htm
.
************************************************** ************************
CatchMe 0.3.1367 W2K/XP/Vista - rootkit / stealth malware detector por Gmer, http://www.gmer.net
Rootkit scan 2008-11-06 19:54:20
5/1/2600 Windows Service Pack 3 NTFS
digitalizar processos escondidos ...
escaneamento automático entradas escondidas ...
digitalizar os arquivos ocultos ...
varredura foi concluída com êxito
ficheiros ocultos: 0
************************************************** ************************
.
Tempo para conclusão: 2008-11-06 19:54:45
ComboFix-quarantined-files.txt 2008-11-07 00:54:42
Pre-Run: 41621639168 bytes free
Post-Run: 41699291136 bytes free
396 --- EOF --- 2008-10-28 07:00:21

**evilfantasy** · #9 6 de novembro de 2008, 18:28

Nota: as instruções abaixo foram criados especificamente para este usuário. Se você não é esse usuário, NÃO siga estas instruções, uma vez que poderia danificar o funcionamento de seu sistema

Excluir esses arquivos / pastas, como se segue:

1. Ir para Iniciar > Correr > Tipo Notepad.exe e clique em OK para abrir o Bloco de Notas.
Ele deve ser Notepad, Wordpad não.
2. Copie o código abaixo o texto na caixa de realce todo o texto e pressionar Ctrl + C

Código:

Killall:: Arquivo:: c: \ windows \ system32 \ s1S8Dh6X.exe c: \ windows \ Tasks \ At1.job c: \ windows \ Tasks \ At10.job c: \ windows \ Tasks \ At11.job c: \ windows \ Tasks \ At12.job c: \ windows \ Tasks \ At13.job c: \ windows \ Tasks \ At14.job c: \ windows \ Tasks \ At15.job c: \ windows \ Tasks \ At16.job c: \ windows \ Tasks \ At17.job c: \ windows \ Tasks \ At18.job c: \ windows \ Tasks \ At19.job c: \ windows \ Tasks \ At2.job c: \ windows \ Tasks \ At20.job c: \ windows \ Tasks \ At21.job c: \ windows \ Tasks \ At22.job c: \ windows \ Tasks \ At23.job c: \ windows \ Tasks \ At24.job c: \ windows \ Tasks \ At3.job c: \ windows \ Tasks \ At4.job c: \ windows \ Tasks \ At5.job c: \ windows \ Tasks \ At6.job c: \ windows \ Tasks \ At7.job c: \ windows \ Tasks \ At8.job c: \ windows \ Tasks \ At9.job

3. Vá até a janela e clique em Bloco de notas Editar > Colar
4. Em seguida, clique em Arquivo > Salvar
5. Nome do arquivo CFScript.txt - Salve o arquivo para o seu desktop
6. Em seguida, arraste o CFScript (mantenha o botão esquerdo do mouse ao arrastar o arquivo) e largá-la (liberar o botão esquerdo do mouse) em ComboFix.exe como você vê na imagem abaixo. Importante: Realize estas instruções cuidadosamente!

ComboFix irá começar a executar, basta seguir as instruções na tela.
Após o reboot (no caso ele pede para reiniciar), que irá produzir um log para você.
Post que log (Combofix.txt) em sua próxima resposta.

Nota: Não mouseclick ComboFix da janela enquanto ele está sendo executado. Isso pode fazer com que seu sistema de congelar

mkjuan · #10 6 de novembro de 2008, 18:37

ComboFix Log

ComboFix 08-11-05.02 - MKJ 2008-11-06 20:31:01.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2458 [GMT -5:00]
Executando de: C: \ Documents and Settings \ MKJ \ Desktop \ ComboFix.exe
Comandos utilizados:: C: \ Documents and Settings \ MKJ \ Desktop \ CFScript.txt
* Criado um novo ponto restaurar
FILE::
c: \ windows \ system32 \ s1S8Dh6X.exe
c: \ windows \ Tasks \ At1.job
c: \ windows \ Tasks \ At10.job
c: \ windows \ Tasks \ At11.job
c: \ windows \ Tasks \ At12.job
c: \ windows \ Tasks \ At13.job
c: \ windows \ Tasks \ At14.job
c: \ windows \ Tasks \ At15.job
c: \ windows \ Tasks \ At16.job
c: \ windows \ Tasks \ At17.job
c: \ windows \ Tasks \ At18.job
c: \ windows \ Tasks \ At19.job
c: \ windows \ Tasks \ At2.job
c: \ windows \ Tasks \ At20.job
c: \ windows \ Tasks \ At21.job
c: \ windows \ Tasks \ At22.job
c: \ windows \ Tasks \ At23.job
c: \ windows \ Tasks \ At24.job
c: \ windows \ Tasks \ At3.job
c: \ windows \ Tasks \ At4.job
c: \ windows \ Tasks \ At5.job
c: \ windows \ Tasks \ At6.job
c: \ windows \ Tasks \ At7.job
c: \ windows \ Tasks \ At8.job
c: \ windows \ Tasks \ At9.job
.
((((((((((((((((((((((((((((((((((((((( Outros Supressões ))))))))) ))))))))))))))))))))))))))))))))))))))))
.
c: \ windows \ system32 \ s1S8Dh6X.exe
c: \ windows \ Tasks \ At1.job
c: \ windows \ Tasks \ At10.job
c: \ windows \ Tasks \ At11.job
c: \ windows \ Tasks \ At12.job
c: \ windows \ Tasks \ At13.job
c: \ windows \ Tasks \ At14.job
c: \ windows \ Tasks \ At15.job
c: \ windows \ Tasks \ At16.job
c: \ windows \ Tasks \ At17.job
c: \ windows \ Tasks \ At18.job
c: \ windows \ Tasks \ At19.job
c: \ windows \ Tasks \ At2.job
c: \ windows \ Tasks \ At20.job
c: \ windows \ Tasks \ At21.job
c: \ windows \ Tasks \ At22.job
c: \ windows \ Tasks \ At23.job
c: \ windows \ Tasks \ At24.job
c: \ windows \ Tasks \ At3.job
c: \ windows \ Tasks \ At4.job
c: \ windows \ Tasks \ At5.job
c: \ windows \ Tasks \ At6.job
c: \ windows \ Tasks \ At7.job
c: \ windows \ Tasks \ At8.job
c: \ windows \ Tasks \ At9.job
.
((((((((((((((((((((((((( Files Created from 2008/10/07 a 2008/11/07 ))))))))))) ))))))))))))))))))))
.
2008-11-06 18:15. 2008-11-06 18:15 d -------- C: \ Arquivos de programas \ CCleaner
2008-11-06 03:51. 2008-11-06 03:51 d -------- C: \ Arquivos de Programas \ Trend Micro
2008-11-06 03:22. 2008-11-06 03:22 d -------- C: \ Arquivos de programas \ Alwil Software
2008-11-06 02:10. 2008-11-06 02:10 d -------- C: \ Arquivos de programas \ Reference Assemblies
2008-11-06 02:07. <DIR> 2008-11-06 02:07 dr-h ----- C: \ AHCache
2008-11-05 23:11. 2008-11-06 02:12 d -------- C: \ Documents and Settings \ MKJ \ Application Data \ Uniblue
2008-11-05 22:05. 2008-11-05 22:05 d -------- C: \ Documents and Settings \ Administrador \ Application Data \ Malwarebytes
2008-11-05 22:04. 2008-11-05 22:04 d -------- C: \ Documents and Settings \ Administrator
2008-11-05 16:34. 2008-11-05 16:34 d -------- C: \ Arquivos de Programas \ Xanga Uploader
2008-11-05 16:34. 2008-11-05 16:34 d -------- C: \ Documents and Settings \ MKJ \ Application Data \. Xuploader
2008-11-05 16:08. 2008-11-05 16:08 d -------- C: \ Arquivos de programas \ Malwarebytes 'Anti-Malware
2008-11-05 16:08. 2008-11-05 16:08 d -------- C: \ Documents and Settings \ MKJ Dados de aplicativos \ Malwarebytes
2008-11-05 16:08. 2008-11-05 16:08 d -------- C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes
2008-11-05 16:08. 2008-10-22 16:10 38.496 - a ------ c: \ windows \ system32 \ mbamswissarmy.sys
2008-11-05 16:08. 2008-10-22 16:10 15.504 - a ------ c: \ windows \ system32 \ mbam.sys
2008-11-01 16:18. 2008-11-01 16:18 d -------- C: \ WINDOWS \ system32 \ IOSUBSYS
2008-11-01 16:18. 2008-11-01 16:18 d -------- C: \ Arquivos de programas \ Google
2008-10-28 02:00. 2008-10-28 02:00 d -------- C: \ Arquivos de programas \ MSXML 4.0
2008-10-28 01:19. 2008-10-28 01:19 d -------- C: \ Documents and Settings \ MKJ \ Application Data \ Nokia
2008-10-28 01:19. 2008-10-28 01:19 d -------- C: \ Documents and Settings \ MKJ Dados de aplicativos \ DataLayer
2008-10-28 01:18. 2008-10-30 05:43 d -------- C: \ Documents and Settings \ MKJ \ Phone Browser
2008-10-28 00:55. 2008-10-28 00:55 d -------- C: \ Documents and Settings \ MKJ \ Application Data \ DivX
2008-10-28 00:54. 2008-10-28 00:54 d -------- C: \ Arquivos de Programas \ Windows Media Components
2008-10-28 00:54. 2005-06-10 09:43 73.728 - a ------ c: \ windows \ system32 \ ISUSPM.cpl
2008-10-28 00:50. 2008-10-28 00:50 d -------- C: \ Arquivos de Programas \ DIFX
2008-10-28 00:50. 2008-10-28 00:50 d -------- C: \ Arquivos de programas \ Arquivos comuns \ Nokia
2008-10-28 00:50. 2008-10-28 00:58 d -------- C: \ Documents and Settings \ MKJ \ Application Data \ PC Suite
2008-10-28 00:50. 2008-10-28 00:58 d -------- C: \ Documents and Settings \ All Users \ Application Data \ PC Suite
2008-10-28 00:50. 2008-10-28 00:50 d -------- C: \ Documents and Settings \ All Users \ Application Data \ Downloaded Installations
2008-10-28 00:50. 2006-05-29 07:26 127,488 - a ------ c: \ windows \ system32 \ nmwcd.sys
2008-10-28 00:50. 2006-05-29 07:26 50,688 - a ------ c: \ windows \ system32 \ nmwcdcls.dll
2008-10-28 00:50. 2006-05-29 07:26 30,720 - a ------ c: \ windows \ system32 \ nmwcdcocls.dll
2008-10-28 00:50. 2006-05-29 07:26 13,312 - a ------ c: \ windows \ system32 \ nmwcdcm.sys
2008-10-28 00:50. 2006-05-29 07:26 13,312 - a ------ c: \ windows \ system32 \ nmwcdcj.sys
2008-10-28 00:50. 2006-05-29 07:26 8,704 - a ------ c: \ windows \ system32 \ nmwcdc.sys
2008-10-28 00:50. 2006-05-29 07:26 4,608 - a ------ c: \ windows \ system32 \ nmwcdlog.dll
2008-10-28 00:49. 2008-10-28 00:49 d -------- C: \ WINDOWS \ Downloaded Installations
2008-10-28 00:49. 2008-10-28 00:51 d -------- C: \ Arquivos de programas \ Nokia
2008-10-28 00:49. 2008-10-28 00:50 d -------- C: \ Arquivos de programas \ Arquivos comuns \ PCSuite
2008-10-27 23:54. 2008-10-27 23:54 d -------- C: \ Documents and Settings \ All Users \ Dados de aplicativos \ EPSON
2008-10-27 21:55. 2008-10-27 21:55 d -------- C: \ Arquivos de programas \ Ventrilo
2008-10-27 21:55. 2008-10-27 21:55 d -------- C: \ Arquivos de programas \ Arquivos comuns \ Wise Installation Wizard
2008-10-27 21:55. 2008-10-27 21:56 d -------- C: \ Documents and Settings \ MKJ Dados de aplicativos \ Ventrilo
2008-10-27 21:13. 2008-11-06 20:34 160.100 - a ------ c: \ windows \ system32 \ nvapps.xml
2008-10-27 21:05. 2008-11-05 16:09 <DIR> da ------ C: \ Documents and Settings \ All Users \ Application Data \ TEMP
2008-10-26 23:48. 2008-11-06 05:29 d -------- C: \ Arquivos de Programas \ easyMule
2008-10-26 13:53. 2008-10-26 13:53 d -------- C: \ Documents and Settings \ MKJ Dados de aplicativos \ Viewpoint
2008-10-25 19:37. 2008-10-25 19:37 d -------- C: \ Arquivos de programas \ iPod
2008-10-25 19:37. 2008-10-25 19:37 d -------- C: \ Documents and Settings \ MKJ \ Application Data \ Apple Computer
2008-10-25 19:37. 2008-04-17 12:12 107.368 - a ------ c: \ windows \ system32 \ GEARAspi.dll
2008-10-25 19:37. 2008-04-17 12:12 15.464 - a ------ c: \ windows \ system32 \ GEARAspiWDM.sys
2008-10-25 19:36. 2008-10-25 19:36 d -------- C: \ Arquivos de programas \ QuickTime
2008-10-25 19:36. 2008-10-25 19:37 d -------- C: \ Arquivos de programas \ iTunes
2008-10-25 19:36. 2008-10-25 19:36 d -------- C: \ Arquivos de programas \ Bonjour
2008-10-25 19:36. 2008-10-25 19:36 d -------- C: \ Arquivos de programas \ Apple Software Update
2008-10-25 19:36. 2008-10-25 19:36 d -------- C: \ Documents and Settings \ All Users \ Application Data \ Apple Computer
2008-10-25 19:36. 2008-10-25 19:37 d -------- C: \ Documents and Settings \ All Users \ Application Data \ (3276BE95_AF08_429F_A64F_CA64CB79BCF6)
2008-10-25 19:35. 2008-10-25 19:36 d -------- C: \ Arquivos de programas \ Arquivos comuns \ Apple
2008-10-25 19:35. 2008-10-25 19:35 d -------- C: \ Documents and Settings \ All Users \ Application Data \ Apple
2008-10-24 18:11. 2007-07-30 18:19 271.224 - a ------ c: \ windows \ system32 \ mucltui.dll
2008-10-24 18:11. 2007-07-30 18:19 30.072 - a ------ c: \ windows \ system32 \ mucltui.dll.mui
2008-10-24 15:39. 2008-10-24 15:39 d -------- C: \ Documents and Settings \ All Users \ Dados de aplicativos \ Blizzard
2008-10-24 14:24. 2008-10-24 14:24 d -------- C: \ Arquivos de Programas \ Real
2008-10-24 14:24. 2008-10-24 14:24 d -------- C: \ Arquivos de programas \ Arquivos comuns \ xing compartilhada
2008-10-24 14:24. 2008-10-24 14:24 d -------- C: \ Arquivos de programas \ Arquivos comuns \ Real
2008-10-24 14:07. 2008-10-24 14:07 d -------- C: \ Documents and Settings \ MKJ \ Logs
2008-10-24 13:59. 2008-10-24 13:59 d -------- C: \ Arquivos Históricos
2008-10-24 10:05. 2008-10-27 21:15 d -------- C: \ WINDOWS \ nView
2008-10-24 10:05. 2008-01-10 01:30 442.368-ra ------ c: \ windows \ system32 \ nvusmb.exe
2008-10-24 10:05. 2008-03-06 15:23 442.368 - a ------ c: \ windows \ system32 \ NVUNINST.EXE
2008-10-24 10:05. 2008-03-19 04:04 442.368 - a ------ c: \ windows \ system32 \ nvudisp.exe
2008-10-24 10:05. 2007-09-27 22:32 356.352-ra ------ c: \ windows \ system32 \ nvusmu.exe
2008-10-24 10:05. 2008-01-03 17:26 17.737 - a ------ c: \ windows \ system32 \ nvdisp.nvu
2008-10-24 10:05. 2007-10-12 03:53 13.312-ra ------ c: \ windows \ system32 \ drivers \ nvsmu.sys
2008-10-24 10:05. 2007-12-07 03:12 5.836 - a ------ c: \ windows \ system32 \ nvnrm.nvu
2008-10-24 10:05. 2008-01-16 17:17 3.948-ra ------ c: \ windows \ system32 \ drivers \ nvphy.bin
2008-10-24 10:05. 2007-12-07 01:34 2.016-ra ------ c: \ windows \ system32 \ nvsmb.nvu
2008-10-24 10:05. 2007-09-12 01:14 659-ra ------ c: \ windows \ system32 \ nvsmu.nvu
2008-10-24 10:04. 2008-10-23 22:44 35.647 - a ------ c: \ windows \ Ascd_log.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-06 10:37 --------- d ----- wc: \ Program Files \ AIMTunes
2008-11-04 21:36 --------- d ----- wc: \ Arquivos de Programas \ World of Warcraft
2008-10-28 05:55 --------- d ----- wc: \ Program Files \ Common Files \ Ulead Systems
2008-10-28 05:55 --------- d ----- wc: \ Documents and Settings \ MKJ Dados de aplicativos \ Ulead Systems
2008-10-28 05:54 --------- d ----- wc: \ Program Files \ Ulead Systems
2008-10-28 05:54 --------- d ----- wc: \ Documents and Settings \ All Users \ Dados de aplicativos \ Ulead Systems
2008-10-28 05:53 --------- d - h - wc: \ Arquivos de programas \ InstallShield Installation Information
2008-10-28 05:02 --------- d ----- wc: \ Arquivos de programas \ Arquivos comuns \ Adobe
2008-10-24 19:24 499.712 ---- aw C: \ WINDOWS \ system32 \ msvcp71.dll
2008-10-24 19:24 348.160 ---- aw C: \ WINDOWS \ system32 \ msvcr71.dll
2008-10-24 14:51 --------- d ----- wc: \ Arquivos de programas \ microsoft frontpage
2008-10-24 07:55 --------- d ----- wc: \ Program Files \ MSN Messenger
2008-10-24 06:09 --------- d ----- wc: \ Arquivos de Programas \ Microsoft CAPICOM 2.1.0.2
2008-10-24 05:44 --------- d ----- wc: \ Arquivos de Programas \ Winamp
2008-10-24 05:44 --------- d ----- wc: \ Documents and Settings \ MKJ \ Application Data \ Winamp
2008-10-24 05:40 --------- d ----- wc: \ Documents and Settings \ MKJ \ Application Data \ acccore
2008-10-24 05:39 --------- d ----- wc: \ Program Files \ AIM6
2008-10-24 05:39 --------- d ----- wc: \ Documents and Settings \ All Users \ Dados de aplicativos \ AOL Downloads
2008-10-24 05:38 --------- d ----- wc: \ Program Files \ Viewpoint
2008-10-24 05:38 --------- d ----- wc: \ Program Files \ Common Files \ AOL
2008-10-24 05:38 --------- d ----- wc: \ Documents and Settings \ All Users \ Dados de aplicativos \ Viewpoint
2008-10-24 05:38 --------- d ----- wc: \ Documents and Settings \ All Users \ Dados de aplicativos \ AOL OCP
2008-10-24 05:38 --------- d ----- wc: \ Documents and Settings \ All Users \ Application Data \ AOL
2008-10-24 05:38 --------- d ----- wc: \ Documents and Settings \ All Users \ Dados de aplicativos acccore
2008-10-24 05:32 --------- d ----- wc: \ Arquivos de programas \ Arquivos comuns \ Blizzard Entertainment
2008-10-24 05:20 --------- d ----- wc: \ Arquivos de Programas \ Windows Media Connect 2
2008-10-24 05:10 --------- d ----- wc: \ Program Files \ DivX
2008-10-24 05:08 --------- d ----- wc: \ Program Files \ DefilerPak
2008-10-24 04:37 --------- d ----- wc: \ Program Files \ Realtek
2008-10-24 04:33 --------- d ----- wc: \ Documents and Settings \ All Users \ Application Data \ Symantec
2008-10-24 04:18 --------- d ----- wc: \ Program Files \ Common Files \ Symantec Shared
2008-10-24 03:58 --------- d ----- wc: \ Documents and Settings \ All Users \ Application Data \ InstallShield
2008-10-24 03:57 --------- d ----- wc: \ Program Files \ Common Files \ InstallShield
2008-10-24 03:54 --------- d ----- wc: \ Documents and Settings \ All Users \ Application Data \ Corel
2008-10-24 03:33 --------- d ----- wc: \ Program Files \ ASUS
2008/10/24 03:08 315,392 ---- aw C: \ WINDOWS \ HideWin.exe
2008-10-24 03:08 --------- d ----- wc: \ Arquivos de Programas \ perfil
2008-10-24 00:18 2.302.017 ---- aw C: \ WINDOWS \ system32 \ GPhotos.scr
2008-09-23 22:46 245.408 ---- aw C: \ WINDOWS \ system32 \ unicows.dll
2008/09/15 12:12 1.846.400 ---- aw C: \ Windows \ system32 \ win32k.sys
2008-09-08 10:41 333.824 ---- aw C: \ WINDOWS \ system32 \ drivers \ srv.sys
2008-08-29 14:18 87.336 ---- aw C: \ WINDOWS \ system32 \ dns-SD.EXE
2008-08-29 13:53 61.440 ---- aw C: \ WINDOWS \ system32 \ dnssd.dll
2008/08/26 07:24 826,368 ---- aw C: \ Windows \ system32 \ wininet.dll
2008-08-14 10:09 2.145.280 ---- aw C: \ WINDOWS \ system32 \ ntoskrnl.exe
2008-08-14 09:33 2.023.936 ---- aw C: \ WINDOWS \ system32 \ ntkrnlpa.exe
.
((((((((((((((((((((((((((((( Snapshot@2008-11-06_19.54.31.75 )))))))))) )))))))))))))))))))))))))))))))
.
- 2008-11-06 23:26:54 49.198 ---- aw C: \ WINDOWS \ system32 \ perfc009.dat
+ 2008-11-07 00:54:48 49.198 ---- aw C: \ WINDOWS \ system32 \ perfc009.dat
- 2008-11-06 23:26:54 390.094 ---- aw C: \ WINDOWS \ system32 \ perfh009.dat
+ 2008-11-07 00:54:48 390.094 ---- aw C: \ WINDOWS \ system32 \ perfh009.dat
+ 2008-11-07 01:33:47 16.384 ---- atw C: \ WINDOWS \ Temp \ Perflib_Perfdata_584.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Nota * entradas vazias & legit entradas padrão não são mostrados
REGEDIT4
[HKEY_LOCAL_MACHINE \ ~ \ Browser Helper Objects \ (0A0DDBD3-6641-40B9-873F-BBDD26D6C14E)]
2008-10-23 02:37 147928 - a ------ C: \ Arquivos de Programas \ easyMule \ modules \ IE2EM.dll
[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ actuais ntVersion \ Run]
"CTFMON.EXE" = "c: \ windows \ system32 \ ctfmon.exe" [2008-04-13 15360]
"\ \ MING3 \ EPSON Stylus C120 Series "=" c: \ windows \ system32 \ spool \ DRIVERS \ W32X86 \ 3 \ E_FATICCA.EXE "[2007-03-12 182272]
"PcSync" = "C: \ Program Files \ Nokia \ Nokia PC Suite 6 \ PcSync2.exe" [2006-06-27 1449984]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"PHIME2002ASync" = "c: \ windows \ system32 \ DRIVERS \ jusched.exe" [2004-08-04 455168]
"PHIME2002A" = "c: \ windows \ system32 \ DRIVERS \ TIN TSETP.EXE" [2004-08-04 455168]
"Ai Nap" = "c: \ Program Files \ ASUS \ Ai Suite \ AiNap \ ainap.exe" [2008-01-28 1413120]
"CPU Power Monitor" = "c: \ Program Files \ ASUS \ Ai Suite \ AiGear3 \ CpuPowerMonitor.exe" [2008-01-09 627200]
"Cpu Level Up help" = "c: \ Program Files \ ASUS \ Ai Suite \ CpuLevelUpHelp.exe" [2007-11-30 881152]
"ASUS Energy Saving" = "c: \ Program Files \ ASUS \ Ai Suite \ energysaving \ PwSave.exe" [2008-01-28 1352704]
"Ulead AutoDetector v2" = "c: \ Program Files \ Common Files \ Ulead Systems \ AutoDetector \ Monitor.exe" [2006-11-29 90112]
"SunJavaUpdateSched" = "c: \ Program Files \ Common Files \ Real \ ccApp.exe" [2008-10-24 185872]
"QuickTime Task" = "C: \ Program Files \ QuickTime \ qttask.exe" [2008-09-06 413696]
"iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2008-10-01 289576]
"NvCplDaemon" = "c: \ windows \ system32 \ ctfmon.exe" [2008-01-03 13508608]
"NvMediaCenter" = "c: \ windows \ system32 \ NVMcTray. Dll" [2008-01-03 86016]
"Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" [2008-01-11 39792]
"NSLauncher" = "C: \ Program Files \ Nokia \ Nokia Software Launcher \ NSLauncher.exe" [2006-11-28 2658304]
"SMSERIAL" = "SkyTel.EXE" [2008-05-07 C: \ WINDOWS \ SOUNDMAN.EXE]
"nwiz" = "nwiz.exe" [2008-01-03 C: \ WINDOWS \ system32 \ nwiz.exe]
[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"CTFMON.EXE" = "c: \ windows \ system32 \ CTFMON.EXE" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ drivers32]
"msacm.dvacm" = c: \ progra ~ 1 \ common ~ 1 \ ULEADS ~ 1 \ Vio \ Dvacm.acm
"msacm.divxa32" = DivXa32.acm
"msacm.ulmp3acm" = "c: \ progra ~ 1 \ COMMON ~ 1 \ ULEADS ~ 1 \ MPEG \ ulmp3acm.acm
"msacm.mpegacm" = "c: \ progra ~ 1 \ COMMON ~ 1 \ ULEADS ~ 1 \ MPEG \ mpegacm.acm
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ dotnet3.exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ dotnet3 [1] exe.]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ dotnet3 [2] exe.]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ dotnetfx.exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ dotnetfx3.exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ dotnetfx30SP1setup.exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ dotnetfx30SP1setup [1]. Exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ dotnetfx30SP1setup [2]. Exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ dotnetfx35.exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ dotnetfx35setup.exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ dotnetfx35setup [1]. Exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ dotnetfx35setup [2]. Exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ dotnetfx35 [1] exe.]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ dotnetfx35 [2] exe.]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ dotnetfx3setup.exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ dotnetfx3setup [1]. Exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ dotnetfx3setup [2]. Exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ dotnetfx3 [1] exe.]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ dotnetfx3 [2] exe.]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ dotnetfx3_ia64.exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ dotnetfx3_ia64 [1] exe.]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ dotnetfx3_ia64 [2] exe.]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ dotnetfx3_x64.exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ dotnetfx3_x64 [1] exe.]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ dotnetfx3_x64 [2] exe.]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ dotnetfx [1]. Exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ dotnetfx [2]. Exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ NetFx20SP1_ia64.exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ NetFx20SP1_ia64 [1]. Exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ NetFx20SP1_ia64 [2] exe.]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ NetFx20SP1_x64.exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ NetFx20SP1_x64 [1]. Exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ NetFx20SP1_x64 [2] exe.]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ NetFx20SP1_x86.exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ NetFx20SP1_x86 [1] exe.]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ NetFx20SP1_x86 [2] exe.]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ NetFx20SP2_ia64.exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ NetFx20SP2_ia64 [1]. Exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ NetFx20SP2_ia64 [2] exe.]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ NetFx20SP2_x64.exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ NetFx20SP2_x64 [1]. Exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ NetFx20SP2_x64 [2] exe.]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ NetFx20SP2_x86.exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ NetFx20SP2_x86 [1] exe.]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ NetFx20SP2_x86 [2] exe.]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ NetFx30SP1_x64.exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ NetFx30SP1_x64 [1]. Exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ NetFx30SP1_x64 [2] exe.]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ NetFx30SP1_x86.exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ NetFx30SP1_x86 [1] exe.]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ NetFx30SP1_x86 [2] exe.]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ netfx35_ia64.exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ NetFx35_ia64 [1]. Exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ NetFx35_ia64 [2] exe.]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ netfx35_x64.exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ NetFx35_x64 [1]. Exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ NetFx35_x64 [2] exe.]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ netfx35_x86.exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ NetFx35_x86 [1] exe.]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ NetFx35_x86 [2] exe.]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ NetFx64.exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ NetFx64 [1]. Exe]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows nt \ currentversion \ image file opções de execução \ NetFx64 [2] exe.]
"Debugger" = "c: \ windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ system32 \ \ Sessmgr.exe" =
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" =
"c: \ \ Program Files \ \ Common Files \ AOL \ \ Loader \ \ aolload.exe" =
"c: \ \ Arquivos de Programas \ \ AIM6 \ \ aim6.exe" =
"c: \ \ Arquivos de Programas \ \ World of Warcraft \ \ WoW-2.3.0-enUS-downloader.exe" =
"c: \ \ Arquivos de Programas \ \ MSN Messenger \ \ msnmsgr.exe" =
"c: \ \ Arquivos de Programas \ \ MSN Messenger \ \ livecall.exe" =
"c: \ \ Arquivos de Programas \ \ Bonjour \ \ mDNSResponder.exe" =
"c: \ \ Arquivos de Programas \ \ iTunes \ \ iTunes.exe" =
"c: \ \ Program Files \ \ easyMule \ \ emule.exe" =
[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List]
"3724: TCP" = 3724: TCP: Blizzard Downloader: 3724
"12178: TCP" = 12178: TCP: BitComet 12178 TCP
"12178: UDP" = 12178: UDP: BitComet 12178 UDP
R1 aswSP; avast! Self Protection; c: \ windows \ system32 \ drivers \ aswSP.sys [2008-07-19 78416]
R2 aswFsBlk; aswFsBlk; c: \ windows \ system32 \ DRIVERS \ aswF sBlk.sys [2008-07-19 20560]
R2 Viewpoint Manager Service; Viewpoint Manager Service; c: \ Program Files \ Viewpoint \ Common \ ViewpointService.exe [2007-01-04 24652]
R3 NVHDA; serviço NVidia Driver High Definition Audio; c: \ windows \ system32 \ drivers \ nvhda32.sys [2008-05-04 38560]
.
Conteúdo da 'Tarefas agendadas' pasta
2008/11/01 c: \ windows \ Tasks \ AppleSoftwareUpdate.job
- C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe [2008-07-30 11:34]
.
************************************************** ************************
CatchMe 0.3.1367 W2K/XP/Vista - rootkit / stealth malware detector por Gmer, http://www.gmer.net
Rootkit scan 2008-11-06 20:34:11
5/1/2600 Windows Service Pack 3 NTFS
digitalizar processos escondidos ...
escaneamento automático entradas escondidas ...
digitalizar os arquivos ocultos ...
varredura foi concluída com êxito
ficheiros ocultos: 0
************************************************** ************************
.
------------------------ Other Running Processes ----------------------- --
.
C: \ Program Files \ Alwil Software \ Avast4 \ aswUpdSv.exe
C: \ Program Files \ Alwil Software \ Avast4 \ ashServ.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Program Files \ Bonjour \ mDNSResponder.exe
c: \ windows \ system32 \ nvsvc32.exe
c: \ windows \ system32 \ PSIService.exe
c: \ Program Files \ ASUS \ AASP \ 1.00.61 \ aaCenter.exe
C: \ Program Files \ Alwil Software \ Avast4 \ ashMaiSv.exe
C: \ Program Files \ Alwil Software \ Avast4 \ ashWebSv.exe
c: \ windows \ system32 \ rundll32.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Program Files \ Common Files \ pcsuite \ Services \ ServiceLayer.exe
c: \ progra ~ 1 \ common ~ 1 \ Nokia \ MPAPI \ MPAPI3s.exe
.
************************************************** ************************
.
Tempo para conclusão: 2008-11-06 20:36:06 - Máquina reiniciou
ComboFix-quarantined-files.txt 2008-11-07 01:36:02
ComboFix2.txt 2008-11-07 00:54:46
Pre-Run: 41668276224 bytes free
Post-Run: 41678303232 bytes free
418 --- EOF --- 2008-10-28 07:00:21

Obrigado

Similar Threads
Fio	Thread Starter	Fórum	Respostas	Última postagem
System Idle Process inferior ou igual a 99 Cpu	sgonzalez90	Sistemas operativos Windows	4	6. De abril de 2009 14:50
System Idle Process - Gerenciador de Tarefas do Windows	pest79456	Sistemas operativos Windows	3	8. De fevereiro de 2009 09:20
Clicando, sinal sonoro e oculto iexplore.exe processo	ad hoc	Vírus, spyware e Segurança	5	7. De outubro de 2008 18:44
IEXPLORE.EXE sistema vírus? HijackThis log, por favor, dê uma olhada.	samDd	Vírus, spyware e Segurança	4	2008 Sep 29. 17:13
Problemas com popups e executando o processo iexplore	1carly1	Vírus, spyware e Segurança	3	15. De fevereiro de 2008 10:36