Logo Hardware.com.br
Eduardo Alex
Eduardo Alex Novo Membro Registrado
41 Mensagens 0 Curtidas

Pedido de Análise de log.

#1 Por Eduardo Alex 07/12/2010 - 23:57
Olá, formatei a máquina alguns dias atrás, e ontem alguns programas parecem ter sido danificados não podendo mais ser executados, executei o combofix e ele exibiu a mensagem de que encontrou um 'rootkit' em execução e precisava reiniciar a máquina;
E além de alguns programas não estarem mais funcionando corretamente, não está sendo possível reinstalar antivirus (avg), o programa fecha automaticamente antes de a instalação se iniciar,
segue log do hijackthis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:52:57, on 7/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Eduardo\Meus documentos\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2776682
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.codecguide.com/
R3 - URLSearchHook: BrotherSoft Extreme Toolbar - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Arquivos de programas\BrotherSoft_Extreme\tbBrot.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Arquivos de programas\ConduitEngine\ConduitEngine.dll
O2 - BHO: BrotherSoft Extreme Toolbar - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Arquivos de programas\BrotherSoft_Extreme\tbBrot.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: BrotherSoft Extreme Toolbar - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Arquivos de programas\BrotherSoft_Extreme\tbBrot.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Arquivos de programas\ConduitEngine\ConduitEngine.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Documents and Settings\Eduardo\Meus documentos\Downloads\utorrent.exe"
O4 - HKUS\S-1-5-21-1220945662-2049760794-682003330-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'postgres')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: PostgreSQL Server 8.4 (postgresql-8.4) - PostgreSQL Global Development Group - C:/Arquivos de programas/PostgreSQL/8.4/bin/pg_ctl.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe

--
End of file - 6254 bytes

Grato desde já, abraços õ/
Klash
Klash Highlander Registrado
9.2K Mensagens 763 Curtidas
#2 Por Klash
07/12/2010 - 23:59
Abra o HiJackThis, clica em "Do a system scan only", selecione as entradas:

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Arquivos de programas\ConduitEngine\ConduitEngine.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Arquivos de programas\ConduitEngine\ConduitEngine.dll


Clica em Fix Cheked.

__________________________________________________

*Baixe o MalwareBytes Anti-Malware.
http://www.malwarebytes.org/mbam.php
*Instale o aplicativo.
*Atualiza-o
*Clique em "Verificação completa".
*Quando terminar o scan, e algum "malware" for detectado, clique em "Exibir resultado", e depois clique em "remover selecionados".
*Abrirá um Relatório automático, Copia e cole aqui.
*Todas as infecções serão enviadas para quarentena, e alguns poderão exigir que faça a reinicialização do sistema.
Eduardo Alex
Eduardo Alex Novo Membro Registrado
41 Mensagens 0 Curtidas
#3 Por Eduardo Alex
08/12/2010 - 07:06
Relatório do MalwareBytes Anti-Malware:
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Versão da Base de Dados: 5265

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/12/2010 06:52:21
mbam-log-2010-12-08 (06-52-21).txt

Tipo de Verificação: Verificação Completa (C:\|F:\|)
Objetos escaneados: 349325
Tempo decorrido: 3 hora(s), 0 minuto(s), 21 segundo(s)

Processos de Memória Infectados: 0
Módulos de Memória Infectados: 0
Chaves de Registro Infectadas: 1
Valores de Registro Infectados: 0
Itens de Dados no Registro Infectados: 0
Pastas Infectadas: 0
Arquivos Infectados: 21

Processos de Memória Infectados:
(Não foram detectados ítens maliciosos)

Módulos de Memória Infectados:
(Não foram detectados ítens maliciosos)

Chaves de Registro Infectadas:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AMSINT32 (Virus.Sality) -> Quarantined and deleted successfully.

Valores de Registro Infectados:
(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Infectados:
(Não foram detectados ítens maliciosos)

Pastas Infectadas:
(Não foram detectados ítens maliciosos)

Arquivos Infectados:
c:\vvbir.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\arquivos de programas\Last.fm\killer.exe (Worm.Koobface) -> Quarantined and deleted successfully.
c:\documents and settings\Eduardo\meus documentos\Restaure\animes\Pictures\athena asamiya kof.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\documents and settings\Eduardo\meus documentos\Restaure\animes\Pictures\chrno crusadewallp.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\documents and settings\Eduardo\meus documentos\Restaure\animes\Pictures\urusei_yatsura.png (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\documents and settings\Eduardo\meus documentos\Restaure\animes\Pictures\cdz\cdz(13).jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\documents and settings\Eduardo\meus documentos\Restaure\animes\Pictures\cdz\saint_seiyaadrf.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\mtawek.pif.vir (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\F\cbma.pif.vir (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1e5a3524-c60a-463f-bf5e-a43530e4e014}\RP55\A0069581.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1e5a3524-c60a-463f-bf5e-a43530e4e014}\RP55\A0069589.exe (Worm.Koobface) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1e5a3524-c60a-463f-bf5e-a43530e4e014}\RP57\A0078821.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.
f:\bysn.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.
f:\ostha.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
f:\system volume information\_restore{1e5a3524-c60a-463f-bf5e-a43530e4e014}\RP55\A0069548.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.
f:\system volume information\_restore{1e5a3524-c60a-463f-bf5e-a43530e4e014}\RP57\A0078823.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.
f:\system volume information\_restore{1e5a3524-c60a-463f-bf5e-a43530e4e014}\RP59\A0079771.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
f:\system volume information\_restore{1e5a3524-c60a-463f-bf5e-a43530e4e014}\RP59\A0079872.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
f:\system volume information\_restore{8cf69e86-739a-48c7-ab49-c50fc710ad77}\RP36\A0023502.dll (Backdoor.Turkojan) -> Quarantined and deleted successfully.
f:\system volume information\_restore{8cf69e86-739a-48c7-ab49-c50fc710ad77}\RP36\A0023503.dll (Backdoor.Turkojan) -> Quarantined and deleted successfully.
f:\Setupz\conversões, video e musica etc\tmpgenc dvd author with divx authoring 3.1.2.176\Keygen.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
eepSkyBlue">
Eduardo Alex
Eduardo Alex Novo Membro Registrado
41 Mensagens 0 Curtidas
#5 Por Eduardo Alex
08/12/2010 - 11:35
Na primeira execução do combofix, ele acusou novamente a presença de rootkit e requisitou a reinicialização do sistema, após isso procedeu a execução normalmente,
não sei se precisa do log, vou postar por via das dúvidas:
ComboFix 10-12-07.04 - Eduardo 08/12/2010 9:53.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1527.1158 [GMT -2:00]
Executando de: c:\documents and settings\Eduardo\Meus documentos\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

F:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AMSINT32
-------\Service_amsint32


(((((((((((((((( Arquivos/Ficheiros criados de 2010-11-08 to 2010-12-08 ))))))))))))))))))))))))))))
.

2010-12-08 02:05 . 2010-12-08 02:05 -------- d-----w- c:\documents and settings\Eduardo\Dados de aplicativos\Malwarebytes
2010-12-08 02:05 . 2010-11-29 19:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-08 02:05 . 2010-12-08 02:05 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes
2010-12-08 02:05 . 2010-12-08 02:05 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware
2010-12-08 02:05 . 2010-11-29 19:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-07 19:53 . 2008-04-14 02:20 26624 ----a-w- c:\documents and settings\LocalService\Dados de aplicativos\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-12-07 13:56 . 2010-12-07 13:56 -------- d-----w- C:\found.000
2010-12-07 00:14 . 2010-12-07 00:14 -------- d-----w- c:\windows\l2schemas
2010-12-07 00:14 . 2010-12-07 00:14 -------- d-----w- c:\windows\system32\bits
2010-12-06 14:52 . 2010-12-06 14:52 -------- d-----w- c:\arquivos de programas\Windows Media Connect 2
2010-12-06 14:48 . 2010-12-06 14:50 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-12-05 22:51 . 2010-11-02 21:36 359016 ----a-w- c:\windows\vncutil.exe
2010-12-05 22:51 . 2010-11-02 21:36 54888 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2010-12-05 22:51 . 2010-11-02 21:36 129640 ----a-w- c:\windows\RtkAudioService.exe
2010-12-05 22:51 . 2009-11-18 09:17 1395800 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2010-12-05 22:51 . 2009-11-18 09:16 1691480 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2010-12-04 19:44 . 2010-12-04 19:44 -------- d-----w- c:\arquivos de programas\Ares
2010-12-03 21:55 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-12-03 11:18 . 2010-12-07 16:33 -------- d-----w- c:\arquivos de programas\JDownloader
2010-12-03 11:14 . 2010-12-03 11:14 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java
2010-12-03 10:37 . 2010-12-03 10:37 -------- d-----w- c:\windows\Sun
2010-12-03 10:34 . 2010-09-15 04:29 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-03 10:33 . 2010-12-03 11:13 -------- d-----w- c:\arquivos de programas\Java
2010-12-02 18:50 . 2010-12-02 18:50 -------- d-----w- c:\arquivos de programas\uTorrent
2010-12-02 18:49 . 2010-12-07 23:06 -------- d-----w- c:\documents and settings\Eduardo\Dados de aplicativos\uTorrent
2010-12-01 14:37 . 2010-12-01 14:38 -------- d-----w- c:\arquivos de programas\eMule
2010-12-01 12:15 . 2010-12-01 12:15 -------- d-sh--w- c:\documents and settings\Eduardo\PrivacIE
2010-12-01 09:09 . 2010-12-01 09:09 -------- d-----w- c:\documents and settings\LocalService\Configurações locais\Dados de aplicativos\Google
2010-12-01 03:05 . 2010-12-01 03:05 -------- d-----w- c:\documents and settings\Eduardo\Configurações locais\Dados de aplicativos\Conduit
2010-12-01 03:05 . 2010-12-01 12:15 -------- d-----w- c:\documents and settings\Eduardo\Configurações locais\Dados de aplicativos\BrotherSoft_Extreme
2010-12-01 03:05 . 2010-12-01 03:05 -------- d-----w- c:\arquivos de programas\Conduit
2010-12-01 03:05 . 2010-12-07 10:28 -------- d-----w- c:\arquivos de programas\BrotherSoft_Extreme
2010-11-30 20:33 . 2010-11-30 20:33 -------- d-----w- c:\documents and settings\Eduardo\Dados de aplicativos\IrfanView
2010-11-30 20:17 . 2010-11-30 20:17 -------- d-----w- C:\OnGame
2010-11-30 19:55 . 2010-11-30 19:55 -------- d-----w- c:\documents and settings\NetworkService\Configurações locais\Dados de aplicativos\Google
2010-11-30 19:50 . 2010-12-01 14:55 -------- d-----w- c:\documents and settings\Eduardo\Configurações locais\Dados de aplicativos\Temp
2010-11-30 19:50 . 2010-11-30 19:50 -------- d-----w- c:\documents and settings\postgres\Configurações locais\Dados de aplicativos\Google
2010-11-30 19:50 . 2010-12-05 15:01 -------- d-----w- c:\documents and settings\Eduardo\Configurações locais\Dados de aplicativos\Google
2010-11-30 19:50 . 2010-11-30 19:50 -------- d-----w- c:\documents and settings\Eduardo\Dados de aplicativos\ProgSense
2010-11-30 19:50 . 2010-11-30 19:56 -------- d-----w- c:\arquivos de programas\Google
2010-11-30 19:50 . 2010-11-30 20:04 -------- d-----w- C:\downloads
2010-11-30 19:50 . 2010-11-30 19:50 -------- d-----w- c:\documents and settings\Eduardo\Dados de aplicativos\GrabPro
2010-11-30 19:50 . 2010-11-30 19:56 -------- d-----w- c:\documents and settings\Eduardo\Configurações locais\Dados de aplicativos\OpenCandy
2010-11-30 19:50 . 2010-11-30 19:50 -------- d-----w- c:\documents and settings\Eduardo\Dados de aplicativos\OpenCandy
2010-11-30 19:50 . 2010-11-30 20:16 -------- d-----w- c:\documents and settings\Eduardo\Dados de aplicativos\Orbit
2010-11-30 14:40 . 2010-11-30 14:40 -------- d-----w- c:\documents and settings\Eduardo\Configurações locais\Dados de aplicativos\Identities
2010-11-30 12:36 . 2010-11-30 12:36 -------- d-----w- c:\windows\system32\XPSViewer
2010-11-30 12:36 . 2010-11-30 12:36 -------- d-----w- c:\arquivos de programas\MSBuild
2010-11-30 12:35 . 2010-11-30 12:35 -------- d-----w- c:\arquivos de programas\Reference Assemblies
2010-11-30 12:34 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-11-30 12:33 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-11-30 12:33 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-11-30 12:33 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-11-30 12:33 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-11-30 12:33 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-11-30 12:33 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-11-30 12:33 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-11-30 12:33 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-11-30 12:33 . 2010-11-30 12:34 -------- d-----w- C:\6cba1b965888f9e351af246a76
2010-11-30 12:17 . 2010-11-30 12:17 -------- d-----w- c:\arquivos de programas\MSXML 6.0
2010-11-30 12:13 . 2010-11-30 12:13 -------- d-sh--w- c:\documents and settings\postgres\IETldCache
2010-11-30 12:13 . 2010-11-30 12:13 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-11-30 12:13 . 2010-11-30 12:13 -------- d-sh--w- c:\documents and settings\Eduardo\IETldCache
2010-11-30 12:05 . 2010-05-06 10:34 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-11-30 12:05 . 2010-05-06 10:34 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-11-30 12:05 . 2010-05-06 10:34 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-11-30 12:05 . 2010-05-06 10:34 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-11-30 12:05 . 2010-05-06 10:34 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-11-30 12:05 . 2010-05-06 10:34 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-11-30 12:05 . 2010-05-06 10:34 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-11-30 12:03 . 2010-12-07 00:14 -------- d-----w- c:\windows\system32\pt-BR
2010-11-30 12:03 . 2010-11-30 12:04 -------- dc-h--w- c:\windows\ie8
2010-11-30 11:24 . 2010-12-07 00:09 -------- d-----w- c:\windows\ServicePackFiles
2010-11-30 11:16 . 2004-08-04 00:29 25471 ------w- c:\windows\system32\drivers\watv10nt.sys
2010-11-30 11:16 . 2004-08-04 00:29 22271 ------w- c:\windows\system32\drivers\watv06nt.sys
2010-11-30 11:16 . 2004-08-04 00:29 11935 ------w- c:\windows\system32\drivers\wadv11nt.sys
2010-11-30 11:16 . 2004-08-04 00:29 11871 ------w- c:\windows\system32\drivers\wadv09nt.sys
2010-11-30 11:16 . 2004-08-04 00:29 11807 ------w- c:\windows\system32\drivers\wadv07nt.sys
2010-11-30 11:16 . 2004-08-04 00:29 11295 ------w- c:\windows\system32\drivers\wadv08nt.sys
2010-11-30 11:10 . 2004-08-04 02:36 701440 ------w- c:\windows\system32\drivers\ati2mtag.sys
2010-11-30 09:49 . 2008-06-14 17:34 272384 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-11-30 09:49 . 2008-06-14 17:34 272384 ------w- c:\windows\system32\drivers\bthport.sys
2010-11-30 09:45 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-11-30 09:43 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-11-30 09:43 . 2009-11-21 15:58 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-11-30 09:43 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-11-30 09:40 . 2009-10-15 16:32 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-11-30 09:40 . 2009-10-15 16:32 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-11-30 09:39 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2010-11-30 09:39 . 2010-02-17 16:07 2194176 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-11-30 09:39 . 2009-03-06 14:20 286208 -c----w- c:\windows\system32\dllcache\pdh.dll
2010-11-30 09:39 . 2009-02-09 11:25 111104 -c----w- c:\windows\system32\dllcache\services.exe
2010-11-30 09:39 . 2009-02-09 10:53 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2010-11-30 09:39 . 2009-02-09 10:53 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2010-11-30 09:39 . 2009-02-09 10:53 683520 -c----w- c:\windows\system32\dllcache\advapi32.dll
2010-11-30 09:39 . 2009-06-25 08:27 732672 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2010-11-30 09:39 . 2009-02-09 10:53 730624 -c----w- c:\windows\system32\dllcache\ntdll.dll
2010-11-30 09:39 . 2009-02-09 10:53 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-11-30 09:39 . 2010-02-16 19:07 2150400 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-11-30 09:39 . 2010-02-16 19:07 2028544 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-11-30 09:34 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-11-30 09:31 . 2008-10-15 16:36 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-11-30 09:28 . 2008-04-21 21:15 216064 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-11-30 09:26 . 2010-12-07 20:20 -------- d--h--w- c:\windows\$hf_mig$
2010-11-30 00:06 . 2010-11-30 00:06 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Last.fm
2010-11-29 23:30 . 2010-12-06 01:53 -------- d-----w- c:\documents and settings\Eduardo\Configurações locais\Dados de aplicativos\Last.fm
2010-11-29 23:30 . 2010-11-30 18:21 -------- d-----w- c:\arquivos de programas\Last.fm
2010-11-29 22:15 . 2010-11-30 00:22 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!
2010-11-29 22:14 . 2010-11-29 22:14 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live
2010-11-29 22:13 . 2010-12-08 01:48 -------- d-----w- c:\documents and settings\Eduardo\Tracing
2010-11-29 22:01 . 2010-11-29 22:01 -------- d-----w- c:\arquivos de programas\Microsoft
2010-11-29 22:01 . 2010-11-29 22:01 -------- d-----w- c:\arquivos de programas\Windows Live SkyDrive
2010-11-29 22:00 . 2010-11-29 22:08 -------- d-----w- c:\arquivos de programas\Windows Live
2010-11-29 21:49 . 2010-11-29 21:49 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Windows Live
2010-11-29 21:36 . 2007-10-12 17:14 1374232 ----a-w- c:\windows\system32\D3DCompiler_36.dll
2010-11-29 21:29 . 2010-11-29 21:35 -------- d--h--w- c:\windows\msdownld.tmp
2010-11-29 21:29 . 2010-11-29 21:29 -------- d-----w- c:\windows\Logs
2010-11-29 21:09 . 2010-12-01 03:05 -------- d-----w- c:\documents and settings\Eduardo\Dados de aplicativos\GetRightToGo
2010-11-29 16:56 . 2010-11-29 16:56 -------- d-sh--w- c:\documents and settings\Eduardo\UserData
2010-11-29 13:10 . 2003-09-03 04:28 724992 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2010-11-29 13:10 . 2003-09-03 04:27 69715 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2010-11-29 13:10 . 2003-09-03 04:26 266240 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2010-11-29 13:10 . 2003-09-03 04:26 192512 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2010-11-29 13:10 . 2003-09-03 04:25 5632 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2010-11-29 13:10 . 2010-11-29 13:10 311428 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-06 15:15 . 2010-11-02 08:50 90112 ----a-w- c:\windows\DUMP2b8f.tmp
2010-12-06 14:59 . 2010-11-02 08:50 90112 ----a-w- c:\windows\DUMP2ecb.tmp
2010-11-28 17:24 . 2010-11-06 17:25 135168 ----a-w- c:\windows\IFinst27.exe
2010-11-02 21:36 . 2010-11-02 13:47 1903208 ----a-w- c:\windows\SkyTel.exe
2010-11-02 21:36 . 2010-11-02 13:47 154216 ----a-w- c:\windows\SOUNDMAN.EXE
2010-11-02 21:36 . 2010-11-02 13:47 891496 ----a-w- c:\windows\system32\RTSndMgr.CPL
2010-11-02 21:36 . 2010-11-02 13:47 1489512 ----a-w- c:\windows\RtlUpd.exe
2010-11-02 21:36 . 2010-11-02 13:47 9721960 ----a-w- c:\windows\RTLCPL.EXE
2010-11-02 21:36 . 2010-11-02 13:47 6188648 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2010-11-02 21:36 . 2010-11-02 13:47 19580520 ----a-w- c:\windows\RTHDCPL.EXE
2010-11-02 21:35 . 2010-11-02 13:47 2180712 ----a-w- c:\windows\MicCal.exe
2010-11-02 21:35 . 2010-11-02 13:47 285288 ----a-w- c:\windows\system32\ALSNDMGR.CPL
2010-11-02 21:35 . 2010-11-02 13:47 2815592 ----a-w- c:\windows\ALCWZRD.EXE
2010-11-02 21:35 . 2010-11-02 13:47 137832 ----a-w- c:\windows\ALCMTR.EXE
2010-10-28 12:46 . 2010-11-02 13:47 1251944 ----a-w- c:\windows\RtlExUpd.dll
2010-09-15 06:50 . 2010-11-07 19:08 472808 ----a-w- c:\windows\system32\deployJava1.dll
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{51a86bb3-6602-4c85-92a5-130ee4864f13}"= "c:\arquivos de programas\BrotherSoft_Extreme\tbBrot.dll" [2010-09-12 3863136]

[HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51a86bb3-6602-4c85-92a5-130ee4864f13}]
2010-09-12 17:02 3863136 ----a-w- c:\arquivos de programas\BrotherSoft_Extreme\tbBrot.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{51a86bb3-6602-4c85-92a5-130ee4864f13}"= "c:\arquivos de programas\BrotherSoft_Extreme\tbBrot.dll" [2010-09-12 3863136]

[HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{51A86BB3-6602-4C85-92A5-130EE4864F13}"= "c:\arquivos de programas\BrotherSoft_Extreme\tbBrot.dll" [2010-09-12 3863136]

[HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\documents and settings\Eduardo\Meus documentos\Downloads\utorrent.exe" [2010-12-07 395128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-11-08 1333784]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-11-08 3590680]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-11-08 3562008]
"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-05-14 322280]
"RTHDCPL"="RTHDCPL.EXE" [2010-11-02 19580520]
"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Arquivos de programas\\IrfanView\\i_view32.exe"=
"c:\\WINDOWS\\system32\\NeroCheck.exe"=
"c:\\WINDOWS\\SkyTel.EXE"=
"f:\\Games\\epsxe170\\ePSXe.exe"=
"c:\\Arquivos de programas\\Ahead\\Nero StartSmart\\NeroStartSmart.exe"=
"c:\\Arquivos de programas\\Java\\jre6\\bin\\jqs.exe"=
"c:\\Arquivos de programas\\Ahead\\nero\\nero.exe"=
"c:\\WINDOWS\\system32\\igfxtray.exe"=
"c:\\WINDOWS\\RTHDCPL.EXE"=
"c:\\Arquivos de programas\\Oi Velox\\Modem\\TG508.exe"=
"c:\\WINDOWS\\ALCMTR.EXE"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Arquivos comuns\\Java\\Java Update\\jusched.exe"=
"c:\\Arquivos de programas\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Arquivos de programas\\Ares\\Ares.exe"=
"c:\\WINDOWS\\system32\\hkcmd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Eduardo\\Meus documentos\\Downloads\\utorrent.exe"=

R2 postgresql-8.4;PostgreSQL Server 8.4;C:/Arquivos de programas/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Arquivos de programas/PostgreSQL/8.4/data" -w --> C:/Arquivos de programas/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]
S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [30/11/2010 17:50 214000]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [5/12/2010 20:51 1691480]

--- =Outros Serviços/Drivers Na Memória ---

*NewlyCreated* - AMSINT32
.
Conteúdo da pasta 'Tarefas Agendadas'

2010-12-08 c:\windows\Tasks\GlaryInitialize.job
- c:\arquivos de programas\Glary Utilities\initialize.exe [2010-11-03 12:47]

2010-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-11-30 19:50]

2010-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-11-30 19:50]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2776682
uInternet Connection Wizard,ShellNext = hxxp://www.codecguide.com/
FF - ProfilePath - c:\documents and settings\Eduardo\Dados de aplicativos\Mozilla\Firefox\Profiles\esyid9vs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2776682&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - BrotherSoft Extreme Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/
FF - component: c:\documents and settings\Eduardo\Dados de aplicativos\Mozilla\Firefox\Profiles\esyid9vs.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Eduardo\Dados de aplicativos\Mozilla\Firefox\Profiles\esyid9vs.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Eduardo\Dados de aplicativos\Mozilla\Firefox\Profiles\esyid9vs.default\extensions\engine@conduit.com\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Eduardo\Dados de aplicativos\Mozilla\Firefox\Profiles\esyid9vs.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\arquivos de programas\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\arquivos de programas\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Java Quick Starter: [EMAIL="jqs@sun.com"]jqs@sun.com[/EMAIL] - c:\arquivos de programas\Java\jre6\lib\deploy\jqs\ff
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Metal3D: {48e23fba-bb14-4745-b768-382150cd83fb} - c:\documents and settings\Eduardo\Dados de aplicativos\Mozilla\Firefox\Profiles\esyid9vs.default\extensions\{48e23fba-bb14-4745-b768-382150cd83fb}
FF - Extension: glowygreen: [EMAIL="glowygreen-ff3-30@glowplug.bitasylum.net"]glowygreen-ff3-30@glowplug.bitasylum.net[/EMAIL] - c:\documents and settings\Eduardo\Dados de aplicativos\Mozilla\Firefox\Profiles\esyid9vs.default\extensions\glowygreen-ff3-30@glowplug.bitasylum.net
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Eduardo\Dados de aplicativos\Mozilla\Firefox\Profiles\esyid9vs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: BrotherSoft Extreme Community Toolbar: {51a86bb3-6602-4c85-92a5-130ee4864f13} - c:\documents and settings\Eduardo\Dados de aplicativos\Mozilla\Firefox\Profiles\esyid9vs.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}
FF - Extension: Conduit Engine : [EMAIL="engine@conduit.com"]engine@conduit.com[/EMAIL] - c:\documents and settings\Eduardo\Dados de aplicativos\Mozilla\Firefox\Profiles\esyid9vs.default\extensions\engine@conduit.com
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\documents and settings\Eduardo\Dados de aplicativos\Mozilla\Firefox\Profiles\esyid9vs.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Extension: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - c:\documents and settings\Eduardo\Dados de aplicativos\Mozilla\Firefox\Profiles\esyid9vs.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-08 10:05
Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\postgresql-8.4]
"ImagePath"="C:/Arquivos de programas/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Arquivos de programas/PostgreSQL/8.4/data\" -w"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\postgresql-8.4]
"ImagePath"="C:/Arquivos de programas/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Arquivos de programas/PostgreSQL/8.4/data\" -w"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'explorer.exe'(2796)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\arquivos de programas\Java\jre6\bin\jqs.exe
c:\arquivos de programas\PostgreSQL\8.4\bin\pg_ctl.exe
c:\arquivos de programas\PostgreSQL\8.4\bin\postgres.exe
c:\arquivos de programas\PostgreSQL\8.4\bin\postgres.exe
c:\arquivos de programas\PostgreSQL\8.4\bin\postgres.exe
c:\arquivos de programas\PostgreSQL\8.4\bin\postgres.exe
c:\arquivos de programas\PostgreSQL\8.4\bin\postgres.exe
c:\arquivos de programas\PostgreSQL\8.4\bin\postgres.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\docume~1\postgres\CONFIG~1\Temp\suhkv.exe
c:\docume~1\postgres\CONFIG~1\Temp\w85c90.exe
.
**************************************************************************
.
Tempo para conclusão: 2010-12-08 10:12:59 - Máquina reiniciou
ComboFix-quarantined-files.txt 2010-12-08 12:12
ComboFix2.txt 2010-12-07 22:53

Pré-execução: 12 pasta(s) 39.372.181.504 bytes disponíveis
Pós execução: 13 pasta(s) 39.350.554.624 bytes disponíveis

- - End Of File - - 48EEC299A40F898578E74C6833E79AF4
Como recomendado, baixei o Trojan remover, porém não foi possível atualizá-lo, segue o print do problema:
http://img222.imageshack.us/img222/8080/errodh.jpg

Tentei com diferentes servidores, e minha conexão com internet estava funcionando normalmente.

Então prossegui com o scan sem o update, ele encontrou um arquivo relacionado ao 'autorun.inf', selecionei a terceira opção (recomendada)
o sistema foi reiniciado e o trojan remover informou ter concluído a análise;
eepSkyBlue">
Wings
Wings Cyber Highlander Registrado
20.3K Mensagens 1.2K Curtidas
#8 Por Wings
08/12/2010 - 13:50
Não consegue pq o sistema ainda está contaminado.

*Abra o bloco de notas e cole nele o código abaixo:

File::
c:\docume~1\postgres\CONFIG~1\Temp\suhkv.exe
c:\docume~1\postgres\CONFIG~1\Temp\w85c90.exe
Driver::
AMSINT32

*Salve o arquivo no desktop como CFScript.txt
*Arraste o arquivo para o Combofix conforme ilustração abaixo:

b2ea2c6367.gif

*Não use o mouse e o teclado enquanto o combofix estiver em execução!!

*Cole o relatório C:\combofix.txt
Eduardo Alex
Eduardo Alex Novo Membro Registrado
41 Mensagens 0 Curtidas
#9 Por Eduardo Alex
08/12/2010 - 15:00
ComboFix 10-12-07.04 - Eduardo 08/12/2010 14:32:59.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1527.1163 [GMT -2:00]
Executando de: c:\documents and settings\Eduardo\Desktop\ComboFix.exe
Comandos utilizados :: c:\documents and settings\Eduardo\Desktop\CFScript.txt

FILE ::
"c:\docume~1\postgres\CONFIG~1\Temp\suhkv.exe"
"c:\docume~1\postgres\CONFIG~1\Temp\w85c90.exe"
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

F:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AMSINT32
-------\Service_amsint32


(((((((((((((((( Arquivos/Ficheiros criados de 2010-11-08 to 2010-12-08 ))))))))))))))))))))))))))))
.

2010-12-08 12:35 . 2010-12-08 16:46 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP
2010-12-08 12:21 . 2006-06-19 14:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-12-08 12:21 . 2006-05-25 16:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-12-08 12:21 . 2005-08-26 02:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-12-08 12:21 . 2003-02-02 21:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-12-08 12:21 . 2002-03-06 02:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-12-08 12:21 . 2010-12-08 12:22 -------- d-----w- c:\arquivos de programas\Trojan Remover
2010-12-08 12:21 . 2010-12-08 12:21 -------- d-----w- c:\documents and settings\Eduardo\Dados de aplicativos\Simply Super Software
2010-12-08 12:21 . 2010-12-08 12:21 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Simply Super Software
2010-12-08 02:05 . 2010-12-08 02:05 -------- d-----w- c:\documents and settings\Eduardo\Dados de aplicativos\Malwarebytes
2010-12-08 02:05 . 2010-11-29 19:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-08 02:05 . 2010-12-08 02:05 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes
2010-12-08 02:05 . 2010-12-08 02:05 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware
2010-12-08 02:05 . 2010-11-29 19:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-07 19:53 . 2008-04-14 02:20 26624 ----a-w- c:\documents and settings\LocalService\Dados de aplicativos\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-12-07 13:56 . 2010-12-07 13:56 -------- d-----w- C:\found.000
2010-12-07 00:14 . 2010-12-07 00:14 -------- d-----w- c:\windows\l2schemas
2010-12-07 00:14 . 2010-12-07 00:14 -------- d-----w- c:\windows\system32\bits
2010-12-06 14:52 . 2010-12-06 14:52 -------- d-----w- c:\arquivos de programas\Windows Media Connect 2
2010-12-06 14:48 . 2010-12-06 14:50 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-12-05 22:51 . 2010-11-02 21:36 359016 ----a-w- c:\windows\vncutil.exe
2010-12-05 22:51 . 2010-11-02 21:36 54888 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2010-12-05 22:51 . 2010-11-02 21:36 129640 ----a-w- c:\windows\RtkAudioService.exe
2010-12-05 22:51 . 2009-11-18 09:17 1395800 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2010-12-05 22:51 . 2009-11-18 09:16 1691480 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2010-12-04 19:44 . 2010-12-04 19:44 -------- d-----w- c:\arquivos de programas\Ares
2010-12-03 21:55 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-12-03 11:18 . 2010-12-08 15:37 -------- d-----w- c:\arquivos de programas\JDownloader
2010-12-03 11:14 . 2010-12-03 11:14 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java
2010-12-03 10:37 . 2010-12-03 10:37 -------- d-----w- c:\windows\Sun
2010-12-03 10:34 . 2010-09-15 04:29 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-03 10:33 . 2010-12-03 11:13 -------- d-----w- c:\arquivos de programas\Java
2010-12-02 18:50 . 2010-12-02 18:50 -------- d-----w- c:\arquivos de programas\uTorrent
2010-12-02 18:49 . 2010-12-07 23:06 -------- d-----w- c:\documents and settings\Eduardo\Dados de aplicativos\uTorrent
2010-12-01 14:37 . 2010-12-01 14:38 -------- d-----w- c:\arquivos de programas\eMule
2010-12-01 12:15 . 2010-12-01 12:15 -------- d-sh--w- c:\documents and settings\Eduardo\PrivacIE
2010-12-01 09:09 . 2010-12-01 09:09 -------- d-----w- c:\documents and settings\LocalService\Configurações locais\Dados de aplicativos\Google
2010-12-01 03:05 . 2010-12-01 03:05 -------- d-----w- c:\documents and settings\Eduardo\Configurações locais\Dados de aplicativos\Conduit
2010-12-01 03:05 . 2010-12-01 12:15 -------- d-----w- c:\documents and settings\Eduardo\Configurações locais\Dados de aplicativos\BrotherSoft_Extreme
2010-12-01 03:05 . 2010-12-01 03:05 -------- d-----w- c:\arquivos de programas\Conduit
2010-12-01 03:05 . 2010-12-07 10:28 -------- d-----w- c:\arquivos de programas\BrotherSoft_Extreme
2010-11-30 20:33 . 2010-11-30 20:33 -------- d-----w- c:\documents and settings\Eduardo\Dados de aplicativos\IrfanView
2010-11-30 20:17 . 2010-11-30 20:17 -------- d-----w- C:\OnGame
2010-11-30 19:55 . 2010-11-30 19:55 -------- d-----w- c:\documents and settings\NetworkService\Configurações locais\Dados de aplicativos\Google
2010-11-30 19:50 . 2010-12-01 14:55 -------- d-----w- c:\documents and settings\Eduardo\Configurações locais\Dados de aplicativos\Temp
2010-11-30 19:50 . 2010-11-30 19:50 -------- d-----w- c:\documents and settings\postgres\Configurações locais\Dados de aplicativos\Google
2010-11-30 19:50 . 2010-12-05 15:01 -------- d-----w- c:\documents and settings\Eduardo\Configurações locais\Dados de aplicativos\Google
2010-11-30 19:50 . 2010-11-30 19:50 -------- d-----w- c:\documents and settings\Eduardo\Dados de aplicativos\ProgSense
2010-11-30 19:50 . 2010-11-30 19:56 -------- d-----w- c:\arquivos de programas\Google
2010-11-30 19:50 . 2010-11-30 20:04 -------- d-----w- C:\downloads
2010-11-30 19:50 . 2010-11-30 19:50 -------- d-----w- c:\documents and settings\Eduardo\Dados de aplicativos\GrabPro
2010-11-30 19:50 . 2010-11-30 19:56 -------- d-----w- c:\documents and settings\Eduardo\Configurações locais\Dados de aplicativos\OpenCandy
2010-11-30 19:50 . 2010-11-30 19:50 -------- d-----w- c:\documents and settings\Eduardo\Dados de aplicativos\OpenCandy
2010-11-30 19:50 . 2010-11-30 20:16 -------- d-----w- c:\documents and settings\Eduardo\Dados de aplicativos\Orbit
2010-11-30 14:40 . 2010-11-30 14:40 -------- d-----w- c:\documents and settings\Eduardo\Configurações locais\Dados de aplicativos\Identities
2010-11-30 12:36 . 2010-11-30 12:36 -------- d-----w- c:\windows\system32\XPSViewer
2010-11-30 12:36 . 2010-11-30 12:36 -------- d-----w- c:\arquivos de programas\MSBuild
2010-11-30 12:35 . 2010-11-30 12:35 -------- d-----w- c:\arquivos de programas\Reference Assemblies
2010-11-30 12:34 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-11-30 12:33 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-11-30 12:33 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-11-30 12:33 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-11-30 12:33 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-11-30 12:33 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-11-30 12:33 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-11-30 12:33 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-11-30 12:33 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-11-30 12:33 . 2010-11-30 12:34 -------- d-----w- C:\6cba1b965888f9e351af246a76
2010-11-30 12:17 . 2010-11-30 12:17 -------- d-----w- c:\arquivos de programas\MSXML 6.0
2010-11-30 12:13 . 2010-11-30 12:13 -------- d-sh--w- c:\documents and settings\postgres\IETldCache
2010-11-30 12:13 . 2010-11-30 12:13 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-11-30 12:13 . 2010-11-30 12:13 -------- d-sh--w- c:\documents and settings\Eduardo\IETldCache
2010-11-30 12:05 . 2010-05-06 10:34 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-11-30 12:05 . 2010-05-06 10:34 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-11-30 12:05 . 2010-05-06 10:34 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-11-30 12:05 . 2010-05-06 10:34 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-11-30 12:05 . 2010-05-06 10:34 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-11-30 12:05 . 2010-05-06 10:34 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-11-30 12:05 . 2010-05-06 10:34 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-11-30 12:03 . 2010-12-07 00:14 -------- d-----w- c:\windows\system32\pt-BR
2010-11-30 12:03 . 2010-11-30 12:04 -------- dc-h--w- c:\windows\ie8
2010-11-30 11:24 . 2010-12-07 00:09 -------- d-----w- c:\windows\ServicePackFiles
2010-11-30 11:16 . 2004-08-04 00:29 25471 ------w- c:\windows\system32\drivers\watv10nt.sys
2010-11-30 11:16 . 2004-08-04 00:29 22271 ------w- c:\windows\system32\drivers\watv06nt.sys
2010-11-30 11:16 . 2004-08-04 00:29 11935 ------w- c:\windows\system32\drivers\wadv11nt.sys
2010-11-30 11:16 . 2004-08-04 00:29 11871 ------w- c:\windows\system32\drivers\wadv09nt.sys
2010-11-30 11:16 . 2004-08-04 00:29 11807 ------w- c:\windows\system32\drivers\wadv07nt.sys
2010-11-30 11:16 . 2004-08-04 00:29 11295 ------w- c:\windows\system32\drivers\wadv08nt.sys
2010-11-30 11:10 . 2004-08-04 02:36 701440 ------w- c:\windows\system32\drivers\ati2mtag.sys
2010-11-30 09:49 . 2008-06-14 17:34 272384 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-11-30 09:49 . 2008-06-14 17:34 272384 ------w- c:\windows\system32\drivers\bthport.sys
2010-11-30 09:45 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-11-30 09:43 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-11-30 09:43 . 2009-11-21 15:58 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-11-30 09:43 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-11-30 09:40 . 2009-10-15 16:32 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-11-30 09:40 . 2009-10-15 16:32 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-11-30 09:39 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2010-11-30 09:39 . 2010-02-17 16:07 2194176 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-11-30 09:39 . 2009-03-06 14:20 286208 -c----w- c:\windows\system32\dllcache\pdh.dll
2010-11-30 09:39 . 2009-02-09 11:25 111104 -c----w- c:\windows\system32\dllcache\services.exe
2010-11-30 09:39 . 2009-02-09 10:53 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2010-11-30 09:39 . 2009-02-09 10:53 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2010-11-30 09:39 . 2009-02-09 10:53 683520 -c----w- c:\windows\system32\dllcache\advapi32.dll
2010-11-30 09:39 . 2009-06-25 08:27 732672 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2010-11-30 09:39 . 2009-02-09 10:53 730624 -c----w- c:\windows\system32\dllcache\ntdll.dll
2010-11-30 09:39 . 2009-02-09 10:53 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-11-30 09:39 . 2010-02-16 19:07 2150400 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-11-30 09:39 . 2010-02-16 19:07 2028544 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-11-30 09:34 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-11-30 09:31 . 2008-10-15 16:36 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-11-30 09:28 . 2008-04-21 21:15 216064 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-11-30 09:26 . 2010-12-07 20:20 -------- d--h--w- c:\windows\$hf_mig$
2010-11-30 00:06 . 2010-11-30 00:06 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Last.fm
2010-11-29 23:30 . 2010-12-06 01:53 -------- d-----w- c:\documents and settings\Eduardo\Configurações locais\Dados de aplicativos\Last.fm
2010-11-29 23:30 . 2010-11-30 18:21 -------- d-----w- c:\arquivos de programas\Last.fm
2010-11-29 22:15 . 2010-11-30 00:22 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!
2010-11-29 22:14 . 2010-11-29 22:14 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live
2010-11-29 22:13 . 2010-12-08 15:32 -------- d-----w- c:\documents and settings\Eduardo\Tracing
2010-11-29 22:01 . 2010-11-29 22:01 -------- d-----w- c:\arquivos de programas\Microsoft
2010-11-29 22:01 . 2010-11-29 22:01 -------- d-----w- c:\arquivos de programas\Windows Live SkyDrive
2010-11-29 22:00 . 2010-11-29 22:08 -------- d-----w- c:\arquivos de programas\Windows Live
2010-11-29 21:49 . 2010-11-29 21:49 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Windows Live
2010-11-29 21:36 . 2007-10-12 17:14 1374232 ----a-w- c:\windows\system32\D3DCompiler_36.dll
2010-11-29 21:29 . 2010-11-29 21:35 -------- d--h--w- c:\windows\msdownld.tmp

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-06 15:15 . 2010-11-02 08:50 90112 ----a-w- c:\windows\DUMP2b8f.tmp
2010-12-06 14:59 . 2010-11-02 08:50 90112 ----a-w- c:\windows\DUMP2ecb.tmp
2010-11-28 17:24 . 2010-11-06 17:25 135168 ----a-w- c:\windows\IFinst27.exe
2010-11-02 21:36 . 2010-11-02 13:47 1903208 ----a-w- c:\windows\SkyTel.exe
2010-11-02 21:36 . 2010-11-02 13:47 154216 ----a-w- c:\windows\SOUNDMAN.EXE
2010-11-02 21:36 . 2010-11-02 13:47 891496 ----a-w- c:\windows\system32\RTSndMgr.CPL
2010-11-02 21:36 . 2010-11-02 13:47 1489512 ----a-w- c:\windows\RtlUpd.exe
2010-11-02 21:36 . 2010-11-02 13:47 9721960 ----a-w- c:\windows\RTLCPL.EXE
2010-11-02 21:36 . 2010-11-02 13:47 6188648 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2010-11-02 21:36 . 2010-11-02 13:47 19580520 ----a-w- c:\windows\RTHDCPL.EXE
2010-11-02 21:35 . 2010-11-02 13:47 2180712 ----a-w- c:\windows\MicCal.exe
2010-11-02 21:35 . 2010-11-02 13:47 285288 ----a-w- c:\windows\system32\ALSNDMGR.CPL
2010-11-02 21:35 . 2010-11-02 13:47 2815592 ----a-w- c:\windows\ALCWZRD.EXE
2010-11-02 21:35 . 2010-11-02 13:47 137832 ----a-w- c:\windows\ALCMTR.EXE
2010-10-28 12:46 . 2010-11-02 13:47 1251944 ----a-w- c:\windows\RtlExUpd.dll
2010-09-15 06:50 . 2010-11-07 19:08 472808 ----a-w- c:\windows\system32\deployJava1.dll
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{51a86bb3-6602-4c85-92a5-130ee4864f13}"= "c:\arquivos de programas\BrotherSoft_Extreme\tbBrot.dll" [2010-09-12 3863136]

[HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51a86bb3-6602-4c85-92a5-130ee4864f13}]
2010-09-12 17:02 3863136 ----a-w- c:\arquivos de programas\BrotherSoft_Extreme\tbBrot.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{51a86bb3-6602-4c85-92a5-130ee4864f13}"= "c:\arquivos de programas\BrotherSoft_Extreme\tbBrot.dll" [2010-09-12 3863136]

[HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{51A86BB3-6602-4C85-92A5-130EE4864F13}"= "c:\arquivos de programas\BrotherSoft_Extreme\tbBrot.dll" [2010-09-12 3863136]

[HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\documents and settings\Eduardo\Meus documentos\Downloads\utorrent.exe" [2010-12-07 395128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-11-08 1333784]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-11-08 5827096]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-11-08 3562008]
"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-05-14 322280]
"RTHDCPL"="RTHDCPL.EXE" [2010-11-02 19580520]
"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"TrojanScanner"="c:\arquivos de programas\Trojan Remover\Trjscan.exe" [2010-11-24 1233856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Arquivos de programas\\IrfanView\\i_view32.exe"=
"c:\\WINDOWS\\system32\\NeroCheck.exe"=
"c:\\WINDOWS\\SkyTel.EXE"=
"f:\\Games\\epsxe170\\ePSXe.exe"=
"c:\\Arquivos de programas\\Ahead\\Nero StartSmart\\NeroStartSmart.exe"=
"c:\\Arquivos de programas\\Java\\jre6\\bin\\jqs.exe"=
"c:\\Arquivos de programas\\Ahead\\nero\\nero.exe"=
"c:\\WINDOWS\\system32\\igfxtray.exe"=
"c:\\WINDOWS\\RTHDCPL.EXE"=
"c:\\Arquivos de programas\\Oi Velox\\Modem\\TG508.exe"=
"c:\\WINDOWS\\ALCMTR.EXE"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Arquivos comuns\\Java\\Java Update\\jusched.exe"=
"c:\\Arquivos de programas\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Arquivos de programas\\Ares\\Ares.exe"=
"c:\\WINDOWS\\system32\\hkcmd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Eduardo\\Meus documentos\\Downloads\\utorrent.exe"=

R2 postgresql-8.4;PostgreSQL Server 8.4;C:/Arquivos de programas/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Arquivos de programas/PostgreSQL/8.4/data" -w --> C:/Arquivos de programas/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]
S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [30/11/2010 17:50 214000]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [5/12/2010 20:51 1691480]

--- =Outros Serviços/Drivers Na Memória ---

*NewlyCreated* - AMSINT32
*Deregistered* - trutil
.
Conteúdo da pasta 'Tarefas Agendadas'

2010-12-08 c:\windows\Tasks\GlaryInitialize.job
- c:\arquivos de programas\Glary Utilities\initialize.exe [2010-11-03 12:47]

2010-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-11-30 19:50]

2010-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-11-30 19:50]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2776682
uInternet Connection Wizard,ShellNext = hxxp://www.codecguide.com/
FF - ProfilePath - c:\documents and settings\Eduardo\Dados de aplicativos\Mozilla\Firefox\Profiles\esyid9vs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2776682&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - BrotherSoft Extreme Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/
FF - component: c:\documents and settings\Eduardo\Dados de aplicativos\Mozilla\Firefox\Profiles\esyid9vs.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Eduardo\Dados de aplicativos\Mozilla\Firefox\Profiles\esyid9vs.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Eduardo\Dados de aplicativos\Mozilla\Firefox\Profiles\esyid9vs.default\extensions\engine@conduit.com\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Eduardo\Dados de aplicativos\Mozilla\Firefox\Profiles\esyid9vs.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\arquivos de programas\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\arquivos de programas\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Java Quick Starter: [email]jqs@sun.com[/email] - c:\arquivos de programas\Java\jre6\lib\deploy\jqs\ff
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Metal3D: {48e23fba-bb14-4745-b768-382150cd83fb} - c:\documents and settings\Eduardo\Dados de aplicativos\Mozilla\Firefox\Profiles\esyid9vs.default\extensions\{48e23fba-bb14-4745-b768-382150cd83fb}
FF - Extension: glowygreen: [email]glowygreen-ff3-30@glowplug.bitasylum.net[/email] - c:\documents and settings\Eduardo\Dados de aplicativos\Mozilla\Firefox\Profiles\esyid9vs.default\extensions\glowygreen-ff3-30@glowplug.bitasylum.net
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Eduardo\Dados de aplicativos\Mozilla\Firefox\Profiles\esyid9vs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: BrotherSoft Extreme Community Toolbar: {51a86bb3-6602-4c85-92a5-130ee4864f13} - c:\documents and settings\Eduardo\Dados de aplicativos\Mozilla\Firefox\Profiles\esyid9vs.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}
FF - Extension: Conduit Engine : [email]engine@conduit.com[/email] - c:\documents and settings\Eduardo\Dados de aplicativos\Mozilla\Firefox\Profiles\esyid9vs.default\extensions\engine@conduit.com
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\documents and settings\Eduardo\Dados de aplicativos\Mozilla\Firefox\Profiles\esyid9vs.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Extension: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - c:\documents and settings\Eduardo\Dados de aplicativos\Mozilla\Firefox\Profiles\esyid9vs.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-08 14:45
Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\postgresql-8.4]
"ImagePath"="C:/Arquivos de programas/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Arquivos de programas/PostgreSQL/8.4/data\" -w"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\postgresql-8.4]
"ImagePath"="C:/Arquivos de programas/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Arquivos de programas/PostgreSQL/8.4/data\" -w"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'explorer.exe'(1064)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\arquivos de programas\Java\jre6\bin\jqs.exe
c:\arquivos de programas\PostgreSQL\8.4\bin\pg_ctl.exe
c:\arquivos de programas\PostgreSQL\8.4\bin\postgres.exe
c:\arquivos de programas\PostgreSQL\8.4\bin\postgres.exe
c:\arquivos de programas\PostgreSQL\8.4\bin\postgres.exe
c:\arquivos de programas\PostgreSQL\8.4\bin\postgres.exe
c:\arquivos de programas\PostgreSQL\8.4\bin\postgres.exe
c:\arquivos de programas\PostgreSQL\8.4\bin\postgres.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\docume~1\postgres\CONFIG~1\Temp\aqvtfo.exe
.
**************************************************************************
.
Tempo para conclusão: 2010-12-08 14:52:51 - Máquina reiniciou
ComboFix-quarantined-files.txt 2010-12-08 16:52
ComboFix2.txt 2010-12-08 12:12
ComboFix3.txt 2010-12-07 22:53

Pré-execução: 12 pasta(s) 39.041.855.488 bytes disponíveis
Pós execução: 13 pasta(s) 39.028.772.864 bytes disponíveis

- - End Of File - - DF65311BA3466B2E4FEA15A39008A394
eepSkyBlue">
Eduardo Alex
Eduardo Alex Novo Membro Registrado
41 Mensagens 0 Curtidas
#11 Por Eduardo Alex
08/12/2010 - 15:19
Logfile of random's system information tool 1.08 (written by random/random)
Run by Eduardo at 2010-12-08 15:16:22
Microsoft Windows XP Professional Service Pack 3
System drive C: has 37 GB (49%) free of 76 GB
Total RAM: 1527 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:16:30, on 8/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Eduardo\Desktop\RSIT.exe
C:\Arquivos de programas\trend micro\Eduardo.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2776682
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.codecguide.com/
R3 - URLSearchHook: BrotherSoft Extreme Toolbar - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Arquivos de programas\BrotherSoft_Extreme\tbBrot.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BrotherSoft Extreme Toolbar - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Arquivos de programas\BrotherSoft_Extreme\tbBrot.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: BrotherSoft Extreme Toolbar - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Arquivos de programas\BrotherSoft_Extreme\tbBrot.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Arquivos de programas\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [uTorrent] "C:\Documents and Settings\Eduardo\Meus documentos\Downloads\utorrent.exe"
O4 - HKUS\S-1-5-21-1220945662-2049760794-682003330-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'postgres')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: PostgreSQL Server 8.4 (postgresql-8.4) - PostgreSQL Global Development Group - C:/Arquivos de programas/PostgreSQL/8.4/bin/pg_ctl.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe

--
End of file - 6208 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GlaryInitialize.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51a86bb3-6602-4c85-92a5-130ee4864f13}]
BrotherSoft Extreme Toolbar - C:\Arquivos de programas\BrotherSoft_Extreme\tbBrot.dll [2010-09-12 3863136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Auxiliar de Conexão do Windows Live - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll [2010-11-20 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-11-20 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{51a86bb3-6602-4c85-92a5-130ee4864f13} - BrotherSoft Extreme Toolbar - C:\Arquivos de programas\BrotherSoft_Extreme\tbBrot.dll [2010-09-12 3863136]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-03 208952]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-11-08 1333784]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-11-08 5827096]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-11-08 3562008]
"SunJavaUpdateSched"=C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe [2010-05-14 322280]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2010-11-02 19580520]
"Adobe Reader Speed Launcher"=C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"TrojanScanner"=C:\Arquivos de programas\Trojan Remover\Trjscan.exe [2010-11-24 1233856]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=C:\Documents and Settings\Eduardo\Meus documentos\Downloads\utorrent.exe [2010-12-07 395128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-10-30 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\wamp\bin\apache\Apache2.2.11\bin\httpd.exe"="C:\wamp\bin\apache\Apache2.2.11\bin\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Assistente para transferência de arquivos e configurações"
"C:\Arquivos de programas\IrfanView\i_view32.exe"="C:\Arquivos de programas\IrfanView\i_view32.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\NeroCheck.exe"="C:\WINDOWS\system32\NeroCheck.exe:*:Enabled:ipsec"
"C:\WINDOWS\SkyTel.EXE"="C:\WINDOWS\SkyTel.EXE:*:Enabled:ipsec"
"F:\Games\epsxe170\ePSXe.exe"="F:\Games\epsxe170\ePSXe.exe:*:Enabled:ipsec"
"C:\Arquivos de programas\Ahead\Nero StartSmart\NeroStartSmart.exe"="C:\Arquivos de programas\Ahead\Nero StartSmart\NeroStartSmart.exe:*:Enabled:ipsec"
"C:\Arquivos de programas\Java\jre6\bin\jqs.exe"="C:\Arquivos de programas\Java\jre6\bin\jqs.exe:*:Enabled:ipsec"
"C:\Arquivos de programas\Ahead\nero\nero.exe"="C:\Arquivos de programas\Ahead\nero\nero.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\igfxtray.exe"="C:\WINDOWS\system32\igfxtray.exe:*:Enabled:ipsec"
"C:\WINDOWS\RTHDCPL.EXE"="C:\WINDOWS\RTHDCPL.EXE:*:Enabled:ipsec"
"C:\Arquivos de programas\Oi Velox\Modem\TG508.exe"="C:\Arquivos de programas\Oi Velox\Modem\TG508.exe:*:Enabled:ipsec"
"C:\WINDOWS\ALCMTR.EXE"="C:\WINDOWS\ALCMTR.EXE:*:Enabled:ipsec"
"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"="C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe:*:Enabled:ipsec"
"C:\Arquivos de programas\Google\Update\GoogleUpdate.exe"="C:\Arquivos de programas\Google\Update\GoogleUpdate.exe:*:Enabled:ipsec"
"C:\Arquivos de programas\Ares\Ares.exe"="C:\Arquivos de programas\Ares\Ares.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\hkcmd.exe"="C:\WINDOWS\system32\hkcmd.exe:*:Enabled:ipsec"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\Eduardo\Meus documentos\Downloads\utorrent.exe"="C:\Documents and Settings\Eduardo\Meus documentos\Downloads\utorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-12-08 15:16:22 ----D---- C:\rsit
2010-12-08 15:16:22 ----D---- C:\Arquivos de programas\trend micro
2010-12-08 14:52:52 ----A---- C:\ComboFix.txt
2010-12-08 10:35:16 ----AD---- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP
2010-12-08 10:21:55 ----A---- C:\WINDOWS\system32\ztvunrar36.dll
2010-12-08 10:21:55 ----A---- C:\WINDOWS\system32\ztvunace26.dll
2010-12-08 10:21:55 ----A---- C:\WINDOWS\system32\ztvcabinet.dll
2010-12-08 10:21:55 ----A---- C:\WINDOWS\system32\UNRAR3.dll
2010-12-08 10:21:55 ----A---- C:\WINDOWS\system32\unacev2.dll
2010-12-08 10:21:54 ----D---- C:\Documents and Settings\Eduardo\Dados de aplicativos\Simply Super Software
2010-12-08 10:21:54 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Simply Super Software
2010-12-08 10:21:54 ----D---- C:\Arquivos de programas\Trojan Remover
2010-12-08 00:05:32 ----D---- C:\Documents and Settings\Eduardo\Dados de aplicativos\Malwarebytes
2010-12-08 00:05:25 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-12-08 00:05:24 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes
2010-12-08 00:05:21 ----D---- C:\Arquivos de programas\Malwarebytes' Anti-Malware
2010-12-08 00:05:21 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-12-07 23:17:30 ----D---- C:\Arquivos de programas\Adobe
2010-12-07 20:17:16 ----A---- C:\Boot.bak
2010-12-07 20:17:08 ----RASHD---- C:\cmdcons
2010-12-07 20:11:52 ----A---- C:\WINDOWS\zip.exe
2010-12-07 20:11:52 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-12-07 20:11:52 ----A---- C:\WINDOWS\SWSC.exe
2010-12-07 20:11:52 ----A---- C:\WINDOWS\SWREG.exe
2010-12-07 20:11:52 ----A---- C:\WINDOWS\sed.exe
2010-12-07 20:11:52 ----A---- C:\WINDOWS\PEV.exe
2010-12-07 20:11:52 ----A---- C:\WINDOWS\NIRCMD.exe
2010-12-07 20:11:52 ----A---- C:\WINDOWS\MBR.exe
2010-12-07 20:11:52 ----A---- C:\WINDOWS\grep.exe
2010-12-07 20:05:52 ----D---- C:\WINDOWS\ERDNT
2010-12-07 20:05:36 ----AD---- C:\Qoobox
2010-12-07 11:56:20 ----D---- C:\found.000
2010-12-07 00:25:15 ----D---- C:\WINDOWS\Prefetch
2010-12-06 22:29:05 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-12-06 22:28:57 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-12-06 22:28:38 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-12-06 22:28:21 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2010-12-06 22:28:14 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-12-06 22:28:08 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-12-06 22:28:01 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-12-06 22:27:54 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-12-06 22:27:46 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-12-06 22:27:38 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-12-06 22:27:32 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-12-06 22:27:24 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-12-06 22:27:14 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-12-06 22:27:05 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-12-06 22:26:55 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-12-06 22:26:44 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-12-06 22:26:37 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-12-06 22:26:29 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-12-06 22:26:11 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-12-06 22:25:52 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-12-06 22:25:40 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-12-06 22:25:27 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-12-06 22:25:11 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-12-06 22:24:54 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-12-06 22:24:34 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-12-06 22:24:25 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-12-06 22:24:18 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-12-06 22:24:07 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-12-06 22:24:01 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-12-06 22:23:54 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-12-06 22:23:46 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-12-06 22:23:38 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2010-12-06 22:23:27 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-12-06 22:23:17 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-12-06 22:22:54 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2010-12-06 22:22:45 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$
2010-12-06 22:22:39 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-12-06 22:22:16 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2010-12-06 22:22:10 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-12-06 22:22:02 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2010-12-06 22:21:55 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2010-12-06 22:21:47 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2010-12-06 22:21:40 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2010-12-06 22:21:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-12-06 22:21:26 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2010-12-06 22:21:19 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2010-12-06 22:20:53 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-12-06 22:20:40 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-12-06 22:20:29 ----HDC---- C:\WINDOWS\$NtUninstallKB973687_1$
2010-12-06 22:20:22 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2010-12-06 22:20:14 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2010-12-06 22:20:07 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2010-12-06 22:19:55 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-12-06 22:19:45 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2010-12-06 22:19:38 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2010-12-06 22:19:31 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2010-12-06 22:19:25 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2010-12-06 22:19:18 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2010-12-06 22:19:11 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2010-12-06 22:19:03 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-12-06 22:14:48 ----D---- C:\WINDOWS\system32\bits
2010-12-06 22:14:48 ----D---- C:\WINDOWS\l2schemas
2010-12-06 22:03:46 ----D---- C:\WINDOWS\network diagnostic
2010-12-06 21:57:24 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2010-12-06 21:27:50 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2010-12-06 21:27:33 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2010-12-06 21:27:16 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2010-12-06 21:26:45 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2010-12-06 13:06:50 ----D---- C:\WINDOWS\Minidump
2010-12-06 12:53:13 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$
2010-12-06 12:52:29 ----N---- C:\WINDOWS\system32\spmsg.dll
2010-12-06 12:52:28 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2010-12-06 12:52:08 ----D---- C:\Arquivos de programas\Windows Media Connect 2
2010-12-06 12:51:35 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2010-12-06 12:50:13 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2010-12-06 12:48:12 ----D---- C:\WINDOWS\system32\drivers\UMDF
2010-12-06 12:48:01 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2010-12-06 11:52:20 ----A---- C:\WINDOWS\n02.ini
2010-12-05 20:51:50 ----A---- C:\WINDOWS\vncutil.exe
2010-12-05 20:51:43 ----A---- C:\WINDOWS\system32\RtkCoInstXP.dll
2010-12-05 20:51:43 ----A---- C:\WINDOWS\RtkAudioService.exe
2010-12-05 20:51:31 ----A---- C:\WINDOWS\system32\drivers\Monfilt.sys
2010-12-05 20:51:22 ----A---- C:\WINDOWS\system32\drivers\Ambfilt.sys
2010-12-04 17:44:22 ----D---- C:\Arquivos de programas\Ares
2010-12-03 19:55:34 ----A---- C:\WINDOWS\system32\drivers\usbccgp.sys
2010-12-03 09:18:56 ----D---- C:\Arquivos de programas\JDownloader
2010-12-03 09:14:49 ----D---- C:\Arquivos de programas\Arquivos comuns\Java
2010-12-03 09:13:57 ----A---- C:\WINDOWS\system32\javaws.exe
2010-12-03 09:13:57 ----A---- C:\WINDOWS\system32\javaw.exe
2010-12-03 09:13:57 ----A---- C:\WINDOWS\system32\java.exe
2010-12-03 08:37:43 ----D---- C:\WINDOWS\Sun
2010-12-03 08:33:32 ----D---- C:\Arquivos de programas\Java
2010-12-02 16:50:39 ----D---- C:\Arquivos de programas\uTorrent
2010-12-02 16:49:38 ----D---- C:\Documents and Settings\Eduardo\Dados de aplicativos\uTorrent
2010-12-01 12:37:37 ----D---- C:\Arquivos de programas\eMule
2010-12-01 01:05:44 ----D---- C:\Arquivos de programas\Conduit
2010-12-01 01:05:39 ----D---- C:\Arquivos de programas\ConduitEngine
2010-12-01 01:05:33 ----D---- C:\Arquivos de programas\BrotherSoft_Extreme
2010-11-30 18:33:41 ----D---- C:\Documents and Settings\Eduardo\Dados de aplicativos\IrfanView
2010-11-30 18:17:46 ----D---- C:\OnGame
2010-11-30 17:50:30 ----D---- C:\Documents and Settings\Eduardo\Dados de aplicativos\ProgSense
2010-11-30 17:50:26 ----D---- C:\Arquivos de programas\Google
2010-11-30 17:50:16 ----D---- C:\downloads
2010-11-30 17:50:16 ----D---- C:\Documents and Settings\Eduardo\Dados de aplicativos\GrabPro
2010-11-30 17:50:08 ----D---- C:\Documents and Settings\Eduardo\Dados de aplicativos\OpenCandy
2010-11-30 17:50:04 ----D---- C:\Documents and Settings\Eduardo\Dados de aplicativos\Orbit
2010-11-30 13:44:18 ----HDC---- C:\WINDOWS\$NtUninstallKB970430_0$
2010-11-30 13:43:37 ----HDC---- C:\WINDOWS\$NtUninstallKB961118_0$
2010-11-30 13:36:47 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2010-11-30 13:36:30 ----HDC---- C:\WINDOWS\$NtUninstallKB971737_0$
2010-11-30 12:15:46 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Windows Genuine Advantage
2010-11-30 11:23:16 ----AT---- C:\WINDOWS\system32\NeroCheck.exe097D5329
2010-11-30 11:23:16 ----A---- C:\WINDOWS\system32\NeroCheck.exe.1BA719345FFB882A
2010-11-30 10:36:52 ----D---- C:\WINDOWS\system32\XPSViewer
2010-11-30 10:36:26 ----D---- C:\Arquivos de programas\MSBuild
2010-11-30 10:36:15 ----D---- C:\WINDOWS\system32\en-US
2010-11-30 10:35:53 ----D---- C:\Arquivos de programas\Reference Assemblies
2010-11-30 10:33:41 ----N---- C:\WINDOWS\system32\prntvpt.dll
2010-11-30 10:33:40 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2010-11-30 10:33:39 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2010-11-30 10:33:38 ----D---- C:\6cba1b965888f9e351af246a76
2010-11-30 10:17:44 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2010-11-30 10:17:33 ----D---- C:\Arquivos de programas\MSXML 6.0
2010-11-30 10:06:04 ----D---- C:\WINDOWS\ie8updates
2010-11-30 10:04:50 ----D---- C:\WINDOWS\WBEM
2010-11-30 10:03:11 ----HDC---- C:\WINDOWS\ie8
2010-11-30 10:03:11 ----D---- C:\WINDOWS\system32\pt-BR
2010-11-30 09:51:15 ----A---- C:\WINDOWS\system32\MRT.INI
2010-11-30 09:41:35 ----A---- C:\WINDOWS\system32\MRT.exe
2010-11-30 09:34:39 ----HDC---- C:\WINDOWS\$NtUninstallKB980218_0$
2010-11-30 09:34:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2010-11-30 09:34:25 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2010-11-30 09:34:15 ----HDC---- C:\WINDOWS\$NtUninstallKB959426_0$
2010-11-30 09:34:07 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2010-11-30 09:34:00 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2010-11-30 09:33:53 ----HDC---- C:\WINDOWS\$NtUninstallKB960859_0$
2010-11-30 09:33:45 ----HDC---- C:\WINDOWS\$NtUninstallKB971468_0$
2010-11-30 09:33:11 ----HDC---- C:\WINDOWS\$NtUninstallKB979683_0$
2010-11-30 09:32:56 ----HDC---- C:\WINDOWS\$NtUninstallKB935448$
2010-11-30 09:32:49 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-11-30 09:32:43 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2010-11-30 09:32:38 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-11-30 09:32:31 ----HDC---- C:\WINDOWS\$NtUninstallKB980232_0$
2010-11-30 09:32:23 ----HDC---- C:\WINDOWS\$NtUninstallKB981350$
2010-11-30 09:32:10 ----HDC---- C:\WINDOWS\$NtUninstallKB955759_0$
2010-11-30 09:32:02 ----HDC---- C:\WINDOWS\$NtUninstallKB974318_0$
2010-11-30 09:31:52 ----HDC---- C:\WINDOWS\$NtUninstallKB969059_0$
2010-11-30 09:31:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593_0$
2010-11-30 09:31:33 ----HDC---- C:\WINDOWS\$NtUninstallKB961503_0$
2010-11-30 09:31:26 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2010-11-30 09:31:19 ----HDC---- C:\WINDOWS\$NtUninstallKB978037_0$
2010-11-30 09:31:11 ----HDC---- C:\WINDOWS\$NtUninstallKB975713_0$
2010-11-30 09:31:04 ----HDC---- C:\WINDOWS\$NtUninstallKB971657_0$
2010-11-30 09:30:57 ----HDC---- C:\WINDOWS\$NtUninstallKB978338_0$
2010-11-30 09:30:50 ----HDC---- C:\WINDOWS\$NtUninstallKB960225_0$
2010-11-30 09:30:43 ----HDC---- C:\WINDOWS\$NtUninstallKB972270_0$
2010-11-30 09:30:35 ----HDC---- C:\WINDOWS\$NtUninstallKB974112_0$
2010-11-30 09:29:49 ----HDC---- C:\WINDOWS\$NtUninstallKB956572_0$
2010-11-30 09:29:35 ----HDC---- C:\WINDOWS\$NtUninstallKB956844_0$
2010-11-30 09:29:28 ----HDC---- C:\WINDOWS\$NtUninstallKB961501_0$
2010-11-30 09:29:11 ----HDC---- C:\WINDOWS\$NtUninstallKB975561_0$
2010-11-30 09:29:02 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2010-11-30 09:28:56 ----HDC---- C:\WINDOWS\$NtUninstallKB973869_0$
2010-11-30 09:28:49 ----HDC---- C:\WINDOWS\$NtUninstallKB975025_0$
2010-11-30 09:28:43 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2010-11-30 09:28:32 ----HDC---- C:\WINDOWS\$NtUninstallKB952004_0$
2010-11-30 09:28:24 ----HDC---- C:\WINDOWS\$NtUninstallKB974571_0$
2010-11-30 09:28:15 ----HDC---- C:\WINDOWS\$NtUninstallKB975560_0$
2010-11-30 09:28:06 ----HDC---- C:\WINDOWS\$NtUninstallKB973507_0$
2010-11-30 09:27:59 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-11-30 09:27:46 ----HDC---- C:\WINDOWS\$NtUninstallKB973687_0$
2010-11-30 09:27:39 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2010-11-30 09:27:33 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$
2010-11-30 09:27:27 ----HDC---- C:\WINDOWS\$NtUninstallKB978601_0$
2010-11-30 09:27:16 ----HDC---- C:\WINDOWS\$NtUninstallKB979559_0$
2010-11-30 09:27:07 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2010-11-30 09:26:58 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-11-30 09:26:19 ----HDC---- C:\WINDOWS\$NtUninstallKB967715_0$
2010-11-30 09:26:05 ----HDC---- C:\WINDOWS\$NtUninstallKB974392_0$
2010-11-30 09:25:58 ----HDC---- C:\WINDOWS\$NtUninstallKB977914_0$
2010-11-30 09:25:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2010-11-30 09:25:22 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-11-30 09:25:10 ----HDC---- C:\WINDOWS\$NtUninstallKB978542_0$
2010-11-30 09:25:00 ----HDC---- C:\WINDOWS\$NtUninstallKB970238_0$
2010-11-30 09:24:53 ----HDC---- C:\WINDOWS\$NtUninstallKB979309_0$
2010-11-30 09:24:46 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-11-30 09:24:40 ----HDC---- C:\WINDOWS\$NtUninstallKB979482_0$
2010-11-30 09:24:33 ----HDC---- C:\WINDOWS\$NtUninstallKB978706_0$
2010-11-30 09:24:15 ----D---- C:\WINDOWS\ServicePackFiles
2010-11-30 09:24:12 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2010-11-30 09:24:06 ----HDC---- C:\WINDOWS\$NtUninstallKB901190$
2010-11-30 09:23:58 ----HDC---- C:\WINDOWS\$NtUninstallKB960803_0$
2010-11-30 09:23:50 ----HDC---- C:\WINDOWS\$NtUninstallKB973815_0$
2010-11-30 09:23:40 ----HDC---- C:\WINDOWS\$NtUninstallKB975562_0$
2010-11-30 09:23:25 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$
2010-11-30 09:23:15 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2010-11-30 09:23:04 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2010-11-30 09:22:51 ----HDC---- C:\WINDOWS\$NtUninstallKB979402_WM9L$
2010-11-30 09:22:41 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_0$
2010-11-30 09:21:59 ----HDC---- C:\WINDOWS\$NtUninstallKB982381$
2010-11-30 09:21:41 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2010-11-30 09:21:28 ----HDC---- C:\WINDOWS\$NtUninstallKB923561_0$
2010-11-30 09:21:21 ----HDC---- C:\WINDOWS\$NtUninstallKB975467_0$
2010-11-30 09:20:47 ----HDC---- C:\WINDOWS\$NtUninstallKB968389_0$
2010-11-30 09:16:10 ----N---- C:\WINDOWS\system32\drivers\watv10nt.sys
2010-11-30 09:16:10 ----N---- C:\WINDOWS\system32\drivers\watv06nt.sys
2010-11-30 09:16:09 ----N---- C:\WINDOWS\system32\drivers\wadv11nt.sys
2010-11-30 09:16:09 ----N---- C:\WINDOWS\system32\drivers\wadv09nt.sys
2010-11-30 09:16:09 ----N---- C:\WINDOWS\system32\drivers\wadv08nt.sys
2010-11-30 09:16:09 ----N---- C:\WINDOWS\system32\drivers\wadv07nt.sys
2010-11-30 09:15:59 ----N---- C:\WINDOWS\system32\drivers\slwdmsup.sys
2010-11-30 09:15:59 ----N---- C:\WINDOWS\system32\drivers\slnthal.sys
2010-11-30 09:15:59 ----N---- C:\WINDOWS\system32\drivers\slntamr.sys
2010-11-30 09:15:59 ----N---- C:\WINDOWS\system32\drivers\slnt7554.sys
2010-11-30 09:15:57 ----N---- C:\WINDOWS\system32\drivers\s3gnbm.sys
2010-11-30 09:15:56 ----N---- C:\WINDOWS\system32\drivers\recagent.sys
2010-11-30 09:15:52 ----N---- C:\WINDOWS\system32\drivers\nv4_mini.sys
2010-11-30 09:15:52 ----N---- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2010-11-30 09:15:50 ----N---- C:\WINDOWS\system32\drivers\mtxparhm.sys
2010-11-30 09:15:49 ----N---- C:\WINDOWS\system32\drivers\mtlstrm.sys
2010-11-30 09:15:49 ----N---- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2010-11-30 09:15:45 ----N---- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2010-11-30 09:15:18 ----N---- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2010-11-30 09:15:18 ----N---- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2010-11-30 09:15:18 ----N---- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2010-11-30 09:10:18 ----N---- C:\WINDOWS\system32\drivers\atinxsxx.sys
2010-11-30 09:10:18 ----N---- C:\WINDOWS\system32\drivers\atinxbxx.sys
2010-11-30 09:10:18 ----N---- C:\WINDOWS\system32\drivers\atintuxx.sys
2010-11-30 09:10:18 ----N---- C:\WINDOWS\system32\drivers\atinttxx.sys
2010-11-30 09:10:18 ----N---- C:\WINDOWS\system32\drivers\atinsnxx.sys
2010-11-30 09:10:18 ----N---- C:\WINDOWS\system32\drivers\atinrvxx.sys
2010-11-30 09:10:18 ----N---- C:\WINDOWS\system32\drivers\atinraxx.sys
2010-11-30 09:10:18 ----N---- C:\WINDOWS\system32\drivers\atinpdxx.sys
2010-11-30 09:10:18 ----N---- C:\WINDOWS\system32\drivers\atinmdxx.sys
2010-11-30 09:10:18 ----N---- C:\WINDOWS\system32\drivers\atinbtxx.sys
2010-11-30 09:10:18 ----N---- C:\WINDOWS\system32\drivers\ati2mtag.sys
2010-11-30 09:10:17 ----N---- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2010-11-30 09:10:17 ----N---- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2010-11-30 09:10:17 ----N---- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2010-11-30 09:10:17 ----N---- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2010-11-30 09:10:17 ----N---- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2010-11-30 09:10:17 ----N---- C:\WINDOWS\system32\drivers\ati1snxx.sys
2010-11-30 09:10:17 ----N---- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2010-11-30 09:10:17 ----N---- C:\WINDOWS\system32\drivers\ati1raxx.sys
2010-11-30 09:10:17 ----N---- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2010-11-30 09:10:17 ----N---- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2010-11-30 09:10:17 ----N---- C:\WINDOWS\system32\drivers\ati1btxx.sys
2010-11-30 07:49:15 ----N---- C:\WINDOWS\system32\drivers\bthport.sys
2010-11-30 07:30:50 ----N---- C:\WINDOWS\system32\tzchange.exe
2010-11-30 07:26:34 ----D---- C:\WINDOWS\system32\PreInstall
2010-11-30 07:26:32 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2010-11-30 07:26:32 ----HD---- C:\WINDOWS\$hf_mig$
2010-11-30 07:14:53 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2010-11-29 22:06:32 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Last.fm
2010-11-29 21:30:34 ----D---- C:\Arquivos de programas\Last.fm
2010-11-29 20:15:15 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!
2010-11-29 20:14:36 ----D---- C:\Arquivos de programas\Messenger Plus! Live
2010-11-29 20:04:15 ----RSD---- C:\WINDOWS\assembly
2010-11-29 20:03:16 ----D---- C:\WINDOWS\Microsoft.NET
2010-11-29 20:01:28 ----D---- C:\Arquivos de programas\Microsoft
2010-11-29 20:01:08 ----D---- C:\Arquivos de programas\Windows Live SkyDrive
2010-11-29 20:00:37 ----D---- C:\Arquivos de programas\Windows Live
2010-11-29 19:49:22 ----D---- C:\Arquivos de programas\Arquivos comuns\Windows Live
2010-11-29 19:42:59 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2010-11-29 19:37:41 ----A---- C:\WINDOWS\system32\XAudio2_7.dll
2010-11-29 19:37:41 ----A---- C:\WINDOWS\system32\XAPOFX1_5.dll
2010-11-29 19:37:41 ----A---- C:\WINDOWS\system32\xactengine3_7.dll
2010-11-29 19:37:40 ----A---- C:\WINDOWS\system32\d3dx11_43.dll
2010-11-29 19:37:40 ----A---- C:\WINDOWS\system32\d3dcsx_43.dll
2010-11-29 19:37:40 ----A---- C:\WINDOWS\system32\D3DCompiler_43.dll
2010-11-29 19:37:39 ----A---- C:\WINDOWS\system32\D3DX9_43.dll
2010-11-29 19:37:39 ----A---- C:\WINDOWS\system32\d3dx10_43.dll
2010-11-29 19:37:38 ----A---- C:\WINDOWS\system32\XAudio2_6.dll
2010-11-29 19:37:38 ----A---- C:\WINDOWS\system32\XAPOFX1_4.dll
2010-11-29 19:37:37 ----A---- C:\WINDOWS\system32\xactengine3_6.dll
2010-11-29 19:37:36 ----A---- C:\WINDOWS\system32\X3DAudio1_7.dll
2010-11-29 19:37:35 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2010-11-29 19:37:34 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2010-11-29 19:37:34 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll
2010-11-29 19:37:30 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll
2010-11-29 19:37:29 ----A---- C:\WINDOWS\system32\d3dx11_42.dll
2010-11-29 19:37:29 ----A---- C:\WINDOWS\system32\d3dx10_42.dll
2010-11-29 19:37:28 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2010-11-29 19:37:27 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2010-11-29 19:37:27 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2010-11-29 19:37:25 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2010-11-29 19:37:24 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2010-11-29 19:37:24 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2010-11-29 19:37:22 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2010-11-29 19:37:21 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2010-11-29 19:37:21 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2010-11-29 19:37:21 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2010-11-29 19:37:20 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2010-11-29 19:37:19 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2010-11-29 19:37:19 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2010-11-29 19:37:19 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2010-11-29 19:37:19 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2010-11-29 19:37:17 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2010-11-29 19:37:17 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2010-11-29 19:37:14 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2010-11-29 19:37:13 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2010-11-29 19:37:13 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2010-11-29 19:37:11 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2010-11-29 19:37:10 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2010-11-29 19:37:10 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2010-11-29 19:37:09 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2010-11-29 19:37:08 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2010-11-29 19:37:07 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2010-11-29 19:37:07 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2010-11-29 19:37:07 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2010-11-29 19:37:06 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2010-11-29 19:37:04 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2010-11-29 19:37:03 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2010-11-29 19:37:02 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2010-11-29 19:37:02 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2010-11-29 19:37:01 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2010-11-29 19:37:00 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2010-11-29 19:36:59 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2010-11-29 19:36:59 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2010-11-29 19:36:58 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2010-11-29 19:36:57 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2010-11-29 19:36:56 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2010-11-29 19:36:56 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2010-11-29 19:36:55 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2010-11-29 19:36:54 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2010-11-29 19:36:54 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2010-11-29 19:36:53 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2010-11-29 19:36:53 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2010-11-29 19:36:52 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2010-11-29 19:36:52 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2010-11-29 19:36:51 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2010-11-29 19:36:47 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2010-11-29 19:36:47 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2010-11-29 19:36:44 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2010-11-29 19:36:43 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2010-11-29 19:36:42 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2010-11-29 19:36:41 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2010-11-29 19:36:40 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2010-11-29 19:36:40 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2010-11-29 19:36:40 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2010-11-29 19:36:39 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2010-11-29 19:36:39 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2010-11-29 19:36:37 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2010-11-29 19:36:37 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2010-11-29 19:36:36 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2010-11-29 19:36:35 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2010-11-29 19:36:34 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2010-11-29 19:36:34 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2010-11-29 19:36:33 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2010-11-29 19:36:31 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2010-11-29 19:36:30 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2010-11-29 19:36:30 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2010-11-29 19:36:29 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2010-11-29 19:36:29 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2010-11-29 19:36:25 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2010-11-29 19:29:11 ----HD---- C:\WINDOWS\msdownld.tmp
2010-11-29 19:29:02 ----D---- C:\WINDOWS\Logs
2010-11-29 19:09:28 ----D---- C:\Documents and Settings\Eduardo\Dados de aplicativos\GetRightToGo
2010-11-29 18:26:14 ----D---- C:\Documents and Settings\Eduardo\Dados de aplicativos\Macromedia
2010-11-27 22:02:31 ----A---- C:\WINDOWS\system32\ptpusb.dll
2010-11-27 22:02:28 ----A---- C:\WINDOWS\system32\ptpusd.dll
2010-11-27 22:02:24 ----A---- C:\WINDOWS\system32\drivers\usbscan.sys
2010-11-27 07:40:20 ----A---- C:\WINDOWS\system32\ZipDll.dll
2010-11-27 07:40:20 ----A---- C:\WINDOWS\system32\UnzDll.dll
2010-11-27 07:40:20 ----A---- C:\WINDOWS\system32\opencrypto.dll
2010-11-27 07:40:20 ----A---- C:\WINDOWS\system32\libeay32.dll
2010-11-27 07:40:19 ----A---- C:\WINDOWS\system32\LightMsg_oi_velox.dll
2010-11-27 07:40:19 ----A---- C:\WINDOWS\system32\GETCPU.DLL
2010-11-27 07:39:38 ----A---- C:\WINDOWS\system32\lightLib1.dll
2010-11-27 07:39:37 ----D---- C:\Arquivos de programas\Oi Velox
2010-11-21 07:53:34 ----A---- C:\WINDOWS\system32\drivers\hidusb.sys
2010-11-20 14:06:48 ----A---- C:\WINDOWS\system32\wmpns.dll
2010-11-17 22:13:06 ----D---- C:\Config.Msi
2010-11-17 21:17:18 ----D---- C:\WINDOWS\system32\NtmsData
2010-11-16 23:23:37 ----D---- C:\Restaure
2010-11-13 18:39:06 ----A---- C:\WINDOWS\NeroDigital.ini
2010-11-13 18:36:38 ----A---- C:\WINDOWS\system32\TwnLib20.dll
2010-11-13 18:36:34 ----N---- C:\WINDOWS\system32\TwnLib4.dll
2010-11-13 18:36:34 ----N---- C:\WINDOWS\system32\ImagXRA7.dll
2010-11-13 18:36:34 ----N---- C:\WINDOWS\system32\ImagXR7.dll
2010-11-13 18:36:34 ----N---- C:\WINDOWS\system32\ImagXpr7.dll
2010-11-13 18:36:34 ----N---- C:\WINDOWS\system32\ImagX7.dll
2010-11-13 18:36:32 ----N---- C:\WINDOWS\system32\picn20.dll
2010-11-13 18:36:29 ----D---- C:\Arquivos de programas\Arquivos comuns\Ahead
2010-11-13 18:36:29 ----A---- C:\WINDOWS\system32\NeroCheck.exe
2010-11-13 18:36:25 ----D---- C:\Arquivos de programas\Ahead

======List of files/folders modified in the last 1 months======

2010-12-08 15:16:22 ----RD---- C:\Arquivos de programas
2010-12-08 14:52:55 ----D---- C:\WINDOWS\system32\drivers
2010-12-08 14:52:20 ----D---- C:\WINDOWS\Temp
2010-12-08 14:50:07 ----D---- C:\WINDOWS\system32\CatRoot2
2010-12-08 14:45:27 ----D---- C:\WINDOWS
2010-12-08 14:45:27 ----A---- C:\WINDOWS\system.ini
2010-12-08 14:45:09 ----D---- C:\WINDOWS\system32\drivers\etc
2010-12-08 14:41:15 ----D---- C:\WINDOWS\system32\config
2010-12-08 14:38:19 ----D---- C:\WINDOWS\system32
2010-12-08 14:38:19 ----D---- C:\WINDOWS\AppPatch
2010-12-08 14:38:17 ----D---- C:\Arquivos de programas\Arquivos comuns
2010-12-08 14:31:45 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-12-07 23:21:10 ----SHD---- C:\WINDOWS\Installer
2010-12-07 23:18:20 ----D---- C:\Arquivos de programas\Arquivos comuns\Adobe
2010-12-07 23:18:19 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Adobe
2010-12-07 20:52:22 ----D---- C:\WINDOWS\repair
2010-12-07 20:17:16 ----RASH---- C:\boot.ini
2010-12-07 18:21:02 ----HD---- C:\WINDOWS\inf
2010-12-07 18:13:34 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-12-07 08:29:38 ----D---- C:\WINDOWS\SoftwareDistribution
2010-12-07 08:20:39 ----A---- C:\WINDOWS\OEWABLog.txt
2010-12-07 00:25:30 ----A---- C:\WINDOWS\setuplog.txt
2010-12-07 00:24:17 ----D---- C:\WINDOWS\system32\Setup
2010-12-07 00:24:16 ----D---- C:\WINDOWS\system32\wbem
2010-12-07 00:24:14 ----RSD---- C:\WINDOWS\Fonts
2010-12-07 00:23:19 ----D---- C:\WINDOWS\security
2010-12-06 22:29:08 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-12-06 22:29:08 ----D---- C:\WINDOWS\system32\CatRoot
2010-12-06 22:27:49 ----D---- C:\Arquivos de programas\Outlook Express
2010-12-06 22:26:59 ----D---- C:\Arquivos de programas\Movie Maker
2010-12-06 22:19:21 ----D---- C:\Arquivos de programas\Messenger
2010-12-06 22:15:43 ----D---- C:\WINDOWS\WinSxS
2010-12-06 22:15:29 ----D---- C:\WINDOWS\ehome
2010-12-06 22:15:26 ----D---- C:\WINDOWS\system32\inetsrv
2010-12-06 22:15:26 ----D---- C:\WINDOWS\Help
2010-12-06 22:15:25 ----D---- C:\WINDOWS\ime
2010-12-06 22:14:49 ----D---- C:\WINDOWS\system32\usmt
2010-12-06 22:14:49 ----D---- C:\Arquivos de programas\Internet Explorer
2010-12-06 22:14:48 ----D---- C:\WINDOWS\PeerNet
2010-12-06 22:08:47 ----D---- C:\WINDOWS\system32\Restore
2010-12-06 22:08:47 ----D---- C:\WINDOWS\system32\npp
2010-12-06 22:08:44 ----D---- C:\WINDOWS\msagent
2010-12-06 22:08:41 ----D---- C:\WINDOWS\srchasst
2010-12-06 22:08:32 ----D---- C:\Arquivos de programas\NetMeeting
2010-12-06 22:08:29 ----D---- C:\WINDOWS\system32\Com
2010-12-06 22:08:25 ----D---- C:\Arquivos de programas\Windows Media Player
2010-12-06 22:08:24 ----D---- C:\Arquivos de programas\Windows NT
2010-12-06 22:08:16 ----D---- C:\Arquivos de programas\Arquivos comuns\System
2010-12-06 22:07:31 ----D---- C:\WINDOWS\system32\oobe
2010-12-06 22:07:28 ----D---- C:\WINDOWS\system
2010-12-06 22:01:12 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-12-06 13:15:28 ----A---- C:\WINDOWS\DUMP2b8f.tmp
2010-12-06 12:59:50 ----A---- C:\WINDOWS\DUMP2ecb.tmp
2010-12-06 12:52:17 ----A---- C:\WINDOWS\win.ini
2010-12-06 12:48:12 ----D---- C:\WINDOWS\system32\LogFiles
2010-12-05 20:53:22 ----D---- C:\WINDOWS\system32\RTCOM
2010-12-03 08:27:14 ----D---- C:\Arquivos de programas\Glary Utilities
2010-12-03 08:27:13 ----SD---- C:\WINDOWS\Tasks
2010-12-03 08:20:32 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Sun
2010-12-02 00:14:37 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-11-30 17:58:19 ----D---- C:\Documents and Settings\Eduardo\Dados de aplicativos\Notepad++
2010-11-30 17:58:12 ----D---- C:\Arquivos de programas\Notepad++
2010-11-30 12:40:51 ----SD---- C:\Documents and Settings\Eduardo\Dados de aplicativos\Microsoft
2010-11-30 10:34:29 ----D---- C:\WINDOWS\system32\spool
2010-11-30 10:04:27 ----D---- C:\WINDOWS\Media
2010-11-30 09:14:20 ----D---- C:\Arquivos de programas\Mozilla Firefox
2010-11-30 08:40:26 ----D---- C:\WINDOWS\Debug
2010-11-29 20:01:14 ----SD---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft
2010-11-29 20:01:14 ----D---- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared
2010-11-29 20:00:20 ----D---- C:\WINDOWS\pchealth
2010-11-29 19:37:44 ----D---- C:\WINDOWS\system32\DirectX
2010-11-29 11:11:22 ----HD---- C:\Arquivos de programas\InstallShield Installation Information
2010-11-28 15:24:27 ----A---- C:\WINDOWS\IFinst27.exe
2010-11-18 07:21:05 ----D---- C:\Documents and Settings
2010-11-17 22:33:24 ----D---- C:\WINDOWS\Registration
2010-11-17 21:57:32 ----D---- C:\Documents and Settings\Eduardo\Dados de aplicativos\GlarySoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
R1 intelppm;Driver de Processador Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40448]
R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-10-18 30720]
R3 catchme;catchme; \??\C:\DOCUME~1\Eduardo\CONFIG~1\Temp\catchme.sys []
R3 HDAudBus;Driver de Barramento Microsoft UAA para High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-10-30 5851488]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2010-11-02 6188648]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 mbr;mbr; \??\C:\DOCUME~1\Eduardo\CONFIG~1\Temp\mbr.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 JavaQuickStarterService;Java Quick Starter; C:\Arquivos de programas\Java\jre6\bin\jqs.exe [2010-09-15 153376]
R2 postgresql-8.4;PostgreSQL Server 8.4; C:/Arquivos de programas/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Arquivos de programas/PostgreSQL/8.4/data -w []
S2 gupdate;Google Update Service (gupdate); C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [2010-11-30 214000]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 wampapache;wampapache; c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe [2008-12-10 102460]
S3 wampmysqld;wampmysqld; c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe [2009-06-17 6652544]
S3 WMPNetworkSvc;Serviço de Compartilhamento de Rede do Windows Media Player; C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe [2006-11-02 914944]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
eepSkyBlue">
Wings
Wings Cyber Highlander Registrado
20.3K Mensagens 1.2K Curtidas
#12 Por Wings
08/12/2010 - 15:27
1.
*Abra o bloco de notas e cole nele o código abaixo:

File::
c:\docume~1\postgres\CONFIG~1\Temp\aqvtfo.exe
Driver::
AMSINT32
*Salve o arquivo no desktop como CFScript.txt
*Arraste o arquivo para o Combofix conforme ilustração abaixo:

Imagem

*Não use o mouse e o teclado enquanto o combofix estiver em execução!!

*Cole o relatório C:\combofix.txt

2.
*Baixe o Dr.WebCureit e salve-o no desktop
*Execute-o, clique [Opções] e altere o idioma para "Português"
*Selecione a opção [X]Verificação completa e clique na seta para iniciar o scan
*Ao finalizar, clique [Ficheiro] > [Guardar lista de relatórios]
*Salve no desktop
*Cole o relatório
Eduardo Alex
Eduardo Alex Novo Membro Registrado
41 Mensagens 0 Curtidas
#13 Por Eduardo Alex
09/12/2010 - 07:11
O log do Dr.Web ficou muito grande e não é possível postá-lo, nem anexar, como devo enviá-lo?


Segue log do combofix:

ComboFix 10-12-07.06 - Eduardo 08/12/2010 16:55:46.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1527.1153 [GMT -2:00]
Executando de: c:\documents and settings\Eduardo\Desktop\ComboFix.exe
Comandos utilizados :: c:\documents and settings\Eduardo\Desktop\CFScript.txt

FILE ::
"c:\docume~1\postgres\CONFIG~1\Temp\aqvtfo.exe"
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
F:\Autorun.inf
F:\dvaao.pif
F:\hmcwvc.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AMSINT32
-------\Service_amsint32


(((((((((((((((( Arquivos/Ficheiros criados de 2010-11-08 to 2010-12-08 ))))))))))))))))))))))))))))
.

2010-12-08 18:27 . 2010-12-08 18:27 103140 --sh--r- C:\cxiym.exe
2010-12-08 17:16 . 2010-12-08 17:16 -------- d-----w- C:\rsit
2010-12-08 17:16 . 2010-12-08 17:16 -------- d-----w- c:\arquivos de programas\trend micro
2010-12-08 12:35 . 2010-12-08 16:48 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP
2010-12-08 12:21 . 2006-06-19 14:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-12-08 12:21 . 2006-05-25 16:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-12-08 12:21 . 2005-08-26 02:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-12-08 12:21 . 2003-02-02 21:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-12-08 12:21 . 2002-03-06 02:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-12-08 12:21 . 2010-12-08 12:22 -------- d-----w- c:\arquivos de programas\Trojan Remover
2010-12-08 12:21 . 2010-12-08 12:21 -------- d-----w- c:\documents and settings\Eduardo\Dados de aplicativos\Simply Super Software
2010-12-08 12:21 . 2010-12-08 12:21 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Simply Super Software
2010-12-08 02:05 . 2010-12-08 02:05 -------- d-----w- c:\documents and settings\Eduardo\Dados de aplicativos\Malwarebytes
2010-12-08 02:05 . 2010-11-29 19:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-08 02:05 . 2010-12-08 02:05 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes
2010-12-08 02:05 . 2010-12-08 02:05 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware
2010-12-08 02:05 . 2010-11-29 19:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-07 19:53 . 2008-04-14 02:20 26624 ----a-w- c:\documents and settings\LocalService\Dados de aplicativos\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-12-07 13:56 . 2010-12-07 13:56 -------- d-----w- C:\found.000
2010-12-07 00:14 . 2010-12-07 00:14 -------- d-----w- c:\windows\l2schemas
2010-12-07 00:14 . 2010-12-07 00:14 -------- d-----w- c:\windows\system32\bits
2010-12-06 14:52 . 2010-12-06 14:52 -------- d-----w- c:\arquivos de programas\Windows Media Connect 2
2010-12-06 14:48 . 2010-12-06 14:50 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-12-05 22:51 . 2010-11-02 21:36 359016 ----a-w- c:\windows\vncutil.exe
2010-12-05 22:51 . 2010-11-02 21:36 54888 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2010-12-05 22:51 . 2010-11-02 21:36 129640 ----a-w- c:\windows\RtkAudioService.exe
2010-12-05 22:51 . 2009-11-18 09:17 1395800 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2010-12-05 22:51 . 2009-11-18 09:16 1691480 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2010-12-04 19:44 . 2010-12-04 19:44 -------- d-----w- c:\arquivos de programas\Ares
2010-12-03 21:55 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-12-03 11:18 . 2010-12-08 15:37 -------- d-----w- c:\arquivos de programas\JDownloader
2010-12-03 11:14 . 2010-12-03 11:14 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java
2010-12-03 10:37 . 2010-12-03 10:37 -------- d-----w- c:\windows\Sun
2010-12-03 10:34 . 2010-09-15 04:29 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-03 10:33 . 2010-12-03 11:13 -------- d-----w- c:\arquivos de programas\Java
2010-12-02 18:50 . 2010-12-02 18:50 -------- d-----w- c:\arquivos de programas\uTorrent
2010-12-02 18:49 . 2010-12-07 23:06 -------- d-----w- c:\documents and settings\Eduardo\Dados de aplicativos\uTorrent
2010-12-01 14:37 . 2010-12-01 14:38 -------- d-----w- c:\arquivos de programas\eMule
2010-12-01 12:15 . 2010-12-01 12:15 -------- d-sh--w- c:\documents and settings\Eduardo\PrivacIE
2010-12-01 09:09 . 2010-12-01 09:09 -------- d-----w- c:\documents and settings\LocalService\Configurações locais\Dados de aplicativos\Google
2010-12-01 03:05 . 2010-12-01 03:05 -------- d-----w- c:\documents and settings\Eduardo\Configurações locais\Dados de aplicativos\Conduit
2010-12-01 03:05 . 2010-12-01 12:15 -------- d-----w- c:\documents and settings\Eduardo\Configurações locais\Dados de aplicativos\BrotherSoft_Extreme
2010-12-01 03:05 . 2010-12-01 03:05 -------- d-----w- c:\arquivos de programas\Conduit
2010-12-01 03:05 . 2010-12-07 10:28 -------- d-----w- c:\arquivos de programas\BrotherSoft_Extreme
2010-11-30 20:33 . 2010-11-30 20:33 -------- d-----w- c:\documents and settings\Eduardo\Dados de aplicativos\IrfanView
2010-11-30 20:17 . 2010-11-30 20:17 -------- d-----w- C:\OnGame
2010-11-30 19:55 . 2010-11-30 19:55 -------- d-----w- c:\documents and settings\NetworkService\Configurações locais\Dados de aplicativos\Google
2010-11-30 19:50 . 2010-12-01 14:55 -------- d-----w- c:\documents and settings\Eduardo\Configurações locais\Dados de aplicativos\Temp
2010-11-30 19:50 . 2010-11-30 19:50 -------- d-----w- c:\documents and settings\postgres\Configurações locais\Dados de aplicativos\Google
2010-11-30 19:50 . 2010-12-05 15:01 -------- d-----w- c:\documents and settings\Eduardo\Configurações locais\Dados de aplicativos\Google
2010-11-30 19:50 . 2010-11-30 19:50 -------- d-----w- c:\documents and settings\Eduardo\Dados de aplicativos\ProgSense
2010-11-30 19:50 . 2010-11-30 19:56 -------- d-----w- c:\arquivos de programas\Google
2010-11-30 19:50 . 2010-11-30 20:04 -------- d-----w- C:\downloads
2010-11-30 19:50 . 2010-11-30 19:50 -------- d-----w- c:\documents and settings\Eduardo\Dados de aplicativos\GrabPro
2010-11-30 19:50 . 2010-11-30 19:56 -------- d-----w- c:\documents and settings\Eduardo\Configurações locais\Dados de aplicativos\OpenCandy
2010-11-30 19:50 . 2010-11-30 19:50 -------- d-----w- c:\documents and settings\Eduardo\Dados de aplicativos\OpenCandy
2010-11-30 19:50 . 2010-11-30 20:16 -------- d-----w- c:\documents and settings\Eduardo\Dados de aplicativos\Orbit
2010-11-30 14:40 . 2010-11-30 14:40 -------- d-----w- c:\documents and settings\Eduardo\Configurações locais\Dados de aplicativos\Identities
2010-11-30 12:36 . 2010-11-30 12:36 -------- d-----w- c:\windows\system32\XPSViewer
2010-11-30 12:36 . 2010-11-30 12:36 -------- d-----w- c:\arquivos de programas\MSBuild
2010-11-30 12:35 . 2010-11-30 12:35 -------- d-----w- c:\arquivos de programas\Reference Assemblies
2010-11-30 12:34 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-11-30 12:33 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-11-30 12:33 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-11-30 12:33 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-11-30 12:33 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-11-30 12:33 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-11-30 12:33 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-11-30 12:33 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-11-30 12:33 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-11-30 12:33 . 2010-11-30 12:34 -------- d-----w- C:\6cba1b965888f9e351af246a76
2010-11-30 12:17 . 2010-11-30 12:17 -------- d-----w- c:\arquivos de programas\MSXML 6.0
2010-11-30 12:13 . 2010-11-30 12:13 -------- d-sh--w- c:\documents and settings\postgres\IETldCache
2010-11-30 12:13 . 2010-11-30 12:13 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-11-30 12:13 . 2010-11-30 12:13 -------- d-sh--w- c:\documents and settings\Eduardo\IETldCache
2010-11-30 12:05 . 2010-05-06 10:34 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-11-30 12:05 . 2010-05-06 10:34 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-11-30 12:05 . 2010-05-06 10:34 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-11-30 12:05 . 2010-05-06 10:34 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-11-30 12:05 . 2010-05-06 10:34 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-11-30 12:05 . 2010-05-06 10:34 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-11-30 12:05 . 2010-05-06 10:34 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-11-30 12:03 . 2010-12-07 00:14 -------- d-----w- c:\windows\system32\pt-BR
2010-11-30 12:03 . 2010-11-30 12:04 -------- dc-h--w- c:\windows\ie8
2010-11-30 11:24 . 2010-12-07 00:09 -------- d-----w- c:\windows\ServicePackFiles
2010-11-30 11:16 . 2004-08-04 00:29 25471 ------w- c:\windows\system32\drivers\watv10nt.sys
2010-11-30 11:16 . 2004-08-04 00:29 22271 ------w- c:\windows\system32\drivers\watv06nt.sys
2010-11-30 11:16 . 2004-08-04 00:29 11935 ------w- c:\windows\system32\drivers\wadv11nt.sys
2010-11-30 11:16 . 2004-08-04 00:29 11871 ------w- c:\windows\system32\drivers\wadv09nt.sys
2010-11-30 11:16 . 2004-08-04 00:29 11807 ------w- c:\windows\system32\drivers\wadv07nt.sys
2010-11-30 11:16 . 2004-08-04 00:29 11295 ------w- c:\windows\system32\drivers\wadv08nt.sys
2010-11-30 11:10 . 2004-08-04 02:36 701440 ------w- c:\windows\system32\drivers\ati2mtag.sys
2010-11-30 09:49 . 2008-06-14 17:34 272384 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-11-30 09:49 . 2008-06-14 17:34 272384 ------w- c:\windows\system32\drivers\bthport.sys
2010-11-30 09:45 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-11-30 09:43 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-11-30 09:43 . 2009-11-21 15:58 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-11-30 09:43 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-11-30 09:40 . 2009-10-15 16:32 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-11-30 09:40 . 2009-10-15 16:32 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-11-30 09:39 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2010-11-30 09:39 . 2010-02-17 16:07 2194176 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-11-30 09:39 . 2009-03-06 14:20 286208 -c----w- c:\windows\system32\dllcache\pdh.dll
2010-11-30 09:39 . 2009-02-09 11:25 111104 -c----w- c:\windows\system32\dllcache\services.exe
2010-11-30 09:39 . 2009-02-09 10:53 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2010-11-30 09:39 . 2009-02-09 10:53 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2010-11-30 09:39 . 2009-02-09 10:53 683520 -c----w- c:\windows\system32\dllcache\advapi32.dll
2010-11-30 09:39 . 2009-06-25 08:27 732672 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2010-11-30 09:39 . 2009-02-09 10:53 730624 -c----w- c:\windows\system32\dllcache\ntdll.dll
2010-11-30 09:39 . 2009-02-09 10:53 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-11-30 09:39 . 2010-02-16 19:07 2150400 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-11-30 09:39 . 2010-02-16 19:07 2028544 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-11-30 09:34 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-11-30 09:31 . 2008-10-15 16:36 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-11-30 09:28 . 2008-04-21 21:15 216064 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-11-30 09:26 . 2010-12-07 20:20 -------- d--h--w- c:\windows\$hf_mig$
2010-11-30 00:06 . 2010-11-30 00:06 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Last.fm
2010-11-29 23:30 . 2010-12-06 01:53 -------- d-----w- c:\documents and settings\Eduardo\Configurações locais\Dados de aplicativos\Last.fm
2010-11-29 23:30 . 2010-11-30 18:21 -------- d-----w- c:\arquivos de programas\Last.fm
2010-11-29 22:15 . 2010-11-30 00:22 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!
2010-11-29 22:14 . 2010-11-29 22:14 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live
2010-11-29 22:13 . 2010-12-08 15:32 -------- d-----w- c:\documents and settings\Eduardo\Tracing
2010-11-29 22:01 . 2010-11-29 22:01 -------- d-----w- c:\arquivos de programas\Microsoft
2010-11-29 22:01 . 2010-11-29 22:01 -------- d-----w- c:\arquivos de programas\Windows Live SkyDrive
2010-11-29 22:00 . 2010-11-29 22:08 -------- d-----w- c:\arquivos de programas\Windows Live

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-06 15:15 . 2010-11-02 08:50 90112 ----a-w- c:\windows\DUMP2b8f.tmp
2010-12-06 14:59 . 2010-11-02 08:50 90112 ----a-w- c:\windows\DUMP2ecb.tmp
2010-11-28 17:24 . 2010-11-06 17:25 135168 ----a-w- c:\windows\IFinst27.exe
2010-11-02 21:36 . 2010-11-02 13:47 1903208 ----a-w- c:\windows\SkyTel.exe
2010-11-02 21:36 . 2010-11-02 13:47 154216 ----a-w- c:\windows\SOUNDMAN.EXE
2010-11-02 21:36 . 2010-11-02 13:47 891496 ----a-w- c:\windows\system32\RTSndMgr.CPL
2010-11-02 21:36 . 2010-11-02 13:47 1489512 ----a-w- c:\windows\RtlUpd.exe
2010-11-02 21:36 . 2010-11-02 13:47 9721960 ----a-w- c:\windows\RTLCPL.EXE
2010-11-02 21:36 . 2010-11-02 13:47 6188648 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2010-11-02 21:36 . 2010-11-02 13:47 19580520 ----a-w- c:\windows\RTHDCPL.EXE
2010-11-02 21:35 . 2010-11-02 13:47 2180712 ----a-w- c:\windows\MicCal.exe
2010-11-02 21:35 . 2010-11-02 13:47 285288 ----a-w- c:\windows\system32\ALSNDMGR.CPL
2010-11-02 21:35 . 2010-11-02 13:47 2815592 ----a-w- c:\windows\ALCWZRD.EXE
2010-11-02 21:35 . 2010-11-02 13:47 137832 ----a-w- c:\windows\ALCMTR.EXE
2010-10-28 12:46 . 2010-11-02 13:47 1251944 ----a-w- c:\windows\RtlExUpd.dll
2010-09-15 06:50 . 2010-11-07 19:08 472808 ----a-w- c:\windows\system32\deployJava1.dll
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{51a86bb3-6602-4c85-92a5-130ee4864f13}"= "c:\arquivos de programas\BrotherSoft_Extreme\tbBrot.dll" [2010-09-12 3863136]

[HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51a86bb3-6602-4c85-92a5-130ee4864f13}]
2010-09-12 17:02 3863136 ----a-w- c:\arquivos de programas\BrotherSoft_Extreme\tbBrot.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{51a86bb3-6602-4c85-92a5-130ee4864f13}"= "c:\arquivos de programas\BrotherSoft_Extreme\tbBrot.dll" [2010-09-12 3863136]

[HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{51A86BB3-6602-4C85-92A5-130EE4864F13}"= "c:\arquivos de programas\BrotherSoft_Extreme\tbBrot.dll" [2010-09-12 3863136]

[HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-11-08 1333784]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-11-08 8063512]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-11-08 3562008]
"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-05-14 322280]
"RTHDCPL"="RTHDCPL.EXE" [2010-11-02 19580520]
"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 109488]
"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
"TrojanScanner"=c:\arquivos de programas\Trojan Remover\Trjscan.exe /boot

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Arquivos de programas\\IrfanView\\i_view32.exe"=
"c:\\WINDOWS\\system32\\NeroCheck.exe"=
"c:\\WINDOWS\\SkyTel.EXE"=
"f:\\Games\\epsxe170\\ePSXe.exe"=
"c:\\Arquivos de programas\\Ahead\\Nero StartSmart\\NeroStartSmart.exe"=
"c:\\Arquivos de programas\\Java\\jre6\\bin\\jqs.exe"=
"c:\\Arquivos de programas\\Ahead\\nero\\nero.exe"=
"c:\\WINDOWS\\system32\\igfxtray.exe"=
"c:\\WINDOWS\\RTHDCPL.EXE"=
"c:\\Arquivos de programas\\Oi Velox\\Modem\\TG508.exe"=
"c:\\WINDOWS\\ALCMTR.EXE"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Arquivos comuns\\Java\\Java Update\\jusched.exe"=
"c:\\Arquivos de programas\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Arquivos de programas\\Ares\\Ares.exe"=
"c:\\WINDOWS\\system32\\hkcmd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Eduardo\\Meus documentos\\Downloads\\utorrent.exe"=

R2 postgresql-8.4;PostgreSQL Server 8.4;C:/Arquivos de programas/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Arquivos de programas/PostgreSQL/8.4/data" -w --> C:/Arquivos de programas/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]
S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [30/11/2010 17:50 214000]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [5/12/2010 20:51 1691480]

--- =Outros Serviços/Drivers Na Memória ---

*NewlyCreated* - AMSINT32
.
Conteúdo da pasta 'Tarefas Agendadas'

2010-12-08 c:\windows\Tasks\GlaryInitialize.job
- c:\arquivos de programas\Glary Utilities\initialize.exe [2010-11-03 12:47]

2010-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-11-30 19:50]

2010-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-11-30 19:50]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2776682
uInternet Connection Wizard,ShellNext = hxxp://www.codecguide.com/
FF - ProfilePath - c:\documents and settings\Eduardo\Dados de aplicativos\Mozilla\Firefox\Profiles\esyid9vs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2776682&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - BrotherSoft Extreme Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/
FF - component: c:\documents and settings\Eduardo\Dados de aplicativos\Mozilla\Firefox\Profiles\esyid9vs.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Eduardo\Dados de aplicativos\Mozilla\Firefox\Profiles\esyid9vs.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Eduardo\Dados de aplicativos\Mozilla\Firefox\Profiles\esyid9vs.default\extensions\engine@conduit.com\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Eduardo\Dados de aplicativos\Mozilla\Firefox\Profiles\esyid9vs.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\arquivos de programas\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\arquivos de programas\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Java Quick Starter: [EMAIL="jqs@sun.com"]jqs@sun.com[/EMAIL] - c:\arquivos de programas\Java\jre6\lib\deploy\jqs\ff
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Metal3D: {48e23fba-bb14-4745-b768-382150cd83fb} - c:\documents and settings\Eduardo\Dados de aplicativos\Mozilla\Firefox\Profiles\esyid9vs.default\extensions\{48e23fba-bb14-4745-b768-382150cd83fb}
FF - Extension: glowygreen: [EMAIL="glowygreen-ff3-30@glowplug.bitasylum.net"]glowygreen-ff3-30@glowplug.bitasylum.net[/EMAIL] - c:\documents and settings\Eduardo\Dados de aplicativos\Mozilla\Firefox\Profiles\esyid9vs.default\extensions\glowygreen-ff3-30@glowplug.bitasylum.net
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Eduardo\Dados de aplicativos\Mozilla\Firefox\Profiles\esyid9vs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: BrotherSoft Extreme Community Toolbar: {51a86bb3-6602-4c85-92a5-130ee4864f13} - c:\documents and settings\Eduardo\Dados de aplicativos\Mozilla\Firefox\Profiles\esyid9vs.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}
FF - Extension: Conduit Engine : [EMAIL="engine@conduit.com"]engine@conduit.com[/EMAIL] - c:\documents and settings\Eduardo\Dados de aplicativos\Mozilla\Firefox\Profiles\esyid9vs.default\extensions\engine@conduit.com
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\documents and settings\Eduardo\Dados de aplicativos\Mozilla\Firefox\Profiles\esyid9vs.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Extension: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - c:\documents and settings\Eduardo\Dados de aplicativos\Mozilla\Firefox\Profiles\esyid9vs.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-08 17:07
Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\postgresql-8.4]
"ImagePath"="C:/Arquivos de programas/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Arquivos de programas/PostgreSQL/8.4/data\" -w"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\postgresql-8.4]
"ImagePath"="C:/Arquivos de programas/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Arquivos de programas/PostgreSQL/8.4/data\" -w"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'explorer.exe'(3588)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\arquivos de programas\Java\jre6\bin\jqs.exe
c:\arquivos de programas\PostgreSQL\8.4\bin\pg_ctl.exe
c:\arquivos de programas\PostgreSQL\8.4\bin\postgres.exe
c:\arquivos de programas\PostgreSQL\8.4\bin\postgres.exe
c:\arquivos de programas\PostgreSQL\8.4\bin\postgres.exe
c:\arquivos de programas\PostgreSQL\8.4\bin\postgres.exe
c:\arquivos de programas\PostgreSQL\8.4\bin\postgres.exe
c:\arquivos de programas\PostgreSQL\8.4\bin\postgres.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\docume~1\postgres\CONFIG~1\Temp\****.exe
.
**************************************************************************
.
Tempo para conclusão: 2010-12-08 17:15:52 - Máquina reiniciou
ComboFix-quarantined-files.txt 2010-12-08 19:15
ComboFix2.txt 2010-12-08 16:52
ComboFix3.txt 2010-12-08 12:12
ComboFix4.txt 2010-12-07 22:53

Pré-execução: 13 pasta(s) 38.855.184.384 bytes disponíveis
Pós execução: 14 pasta(s) 38.838.001.664 bytes disponíveis

- - End Of File - - 6F33E977F4F0729BCCDF5237BC37FAFB
eepSkyBlue">
Wings
Wings Cyber Highlander Registrado
20.3K Mensagens 1.2K Curtidas
#14 Por Wings
09/12/2010 - 11:34
1.
*Clique [Iniciar] > [Executar] > copie e cole: Combofix /uninstall

Imagem

*Clique [OK] > [Executar]
*Aguarde surgir a mensagem: "ComboFix está desinstalado"
*Clique [OK]

2.
*Delete o DrWebCureIt e seu relatório

3.
*Faça um scan online com o NOD32

Imagem

*Ao término cole o relatório criado em C:\Arquivos de programas\EsetOnlineScanner\log

Caso não consiga acessar o link para o scan online, recomendo que formate o PC pois, há uma contaminação pelo sality. Deve-se formatar todas as partições.
© 1999-2025 Hardware.com.br. Todos os direitos reservados.
Imagem do Modal