Mr. Wolf, estão aqui os Logs:
ComboFix
HijackThis
ComboFix
ComboFix 09-01-21.04 - Vitor 2009-01-24 1:46:57.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1046.18.2047.1098 [GMT -2:00]
Executando de: c:\users\Vitor\Desktop\ComboFix.exe
Comandos utilizados :: c:\users\Vitor\Desktop\CFScript.txt
* Criado um novo ponto de restauro
FILE ::
c:\program files\desktop.ini
H:\setup.exe
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\desktop.ini
.
(((((((((((((((( Arquivos/Ficheiros criados de 2008-12-24 to 2009-01-24 ))))))))))))))))))))))))))))
.
2009-01-23 23:14 . 2009-01-23 23:33 96,976 --a------ c:\windows\System32\drivers\klin.dat
2009-01-23 23:14 . 2009-01-23 23:33 87,855 --a------ c:\windows\System32\drivers\klick.dat
2009-01-23 23:13 . 2009-01-23 23:13 <DIR> d-------- c:\program files\Kaspersky Lab
2009-01-23 23:13 . 2009-01-24 01:49 12,947,232 --ahs---- c:\windows\System32\drivers\fidbox.dat
2009-01-23 23:13 . 2009-01-23 23:34 55,592 --ahs---- c:\windows\System32\drivers\fidbox.idx
2009-01-23 23:05 . 2009-01-23 23:05 <DIR> d-------- c:\program files\Trend Micro
2009-01-23 22:58 . 2009-01-23 22:58 <DIR> d-------- c:\users\Vitor\AppData\Roaming\Malwarebytes
2009-01-23 22:58 . 2009-01-23 22:58 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-01-23 22:58 . 2009-01-23 22:58 <DIR> d-------- c:\programdata\Malwarebytes
2009-01-23 22:58 . 2009-01-23 22:58 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-23 22:58 . 2009-01-14 16:11 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-01-23 22:58 . 2009-01-14 16:11 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-01-23 21:17 . 2008-08-17 08:33 678,408 --a------ c:\windows\System32\gpprefcl.dll
2009-01-23 21:17 . 2008-10-21 23:22 2,048 --a------ c:\windows\System32\tzres.dll
2009-01-23 21:15 . 2008-10-31 23:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2009-01-23 21:15 . 2008-08-28 01:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2009-01-23 21:15 . 2008-08-28 01:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2009-01-23 21:15 . 2008-08-28 01:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2009-01-23 21:15 . 2008-11-01 01:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll
2009-01-23 21:14 . 2008-10-21 03:25 1,645,568 --a------ c:\windows\System32\connect.dll
2009-01-23 21:14 . 2008-10-22 01:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2009-01-23 21:04 . 2008-04-17 02:36 171,136 -rahs---- C:\grldr
2009-01-13 17:37 . 2008-12-16 00:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
2008-12-29 12:59 . 2008-12-29 12:59 <DIR> dr-h----- c:\users\Vitor\AppData\Roaming\SecuROM
2008-12-26 20:21 . 2008-12-26 20:21 <DIR> d-------- c:\program files\NYKO
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-24 01:36 --------- d-----w c:\programdata\Kaspersky Lab
2009-01-24 01:19 --------- d-----w c:\program files\DVD Shrink
2009-01-24 01:06 --------- d-----w c:\users\Vitor\AppData\Roaming\uTorrent
2009-01-24 01:06 --------- d-----w c:\program files\Windows Mail
2009-01-23 20:16 --------- d-----w c:\programdata\DVD Shrink
2009-01-15 02:19 --------- d-----w c:\programdata\Microsoft Help
2008-12-28 15:26 --------- d-----w c:\users\Vitor\AppData\Roaming\Vso
2008-12-14 14:38 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-14 14:38 --------- d-----w c:\program files\CyberLink
2008-12-14 14:37 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-13 20:10 --------- d-----w c:\program files\Microsoft Games for Windows - LIVE
2008-12-13 19:53 --------- d-----w c:\programdata\NVIDIA
2008-12-13 19:49 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-13 19:49 --------- d-----w c:\program files\AGEIA Technologies
2008-12-06 12:04 --------- d-----w c:\program files\CCleaner
2008-12-02 12:13 453,152 ----a-w c:\windows\System32\nvuninst.exe
2008-12-02 01:36 2,568 --sha-w c:\windows\System32\KGyGaAvL.sys
2008-11-26 14:59 --------- d-----w c:\programdata\TrackMania
2008-11-12 22:32 12,288 ----a-w c:\windows\impborl.dll
2008-11-10 22:15 103,736 ----a-w c:\windows\System32\PnkBstrB.exe
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe
2008-10-28 19:41 14,303,392 ----a-w c:\windows\System32\xlive.dll
2008-10-28 19:41 13,643,936 ----a-w c:\windows\System32\xlivefnt.dll
2008-10-02 23:46 47,360 ----a-w c:\users\Vitor\AppData\Roaming\pcouffin.sys
2008-07-18 00:41 9,759 ----a-w c:\program files\megacubo_log.log
.
((((((((((((((((((((((((((((( snapshot@2009-01-24_ 1.16.46,07 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-24 01:37:08 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-01-24 03:16:02 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-01-24 03:16:02 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2009-01-24 01:37:13 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-01-24 03:16:08 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2009-01-24 03:08:29 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-01-24 03:37:38 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-01-24 03:08:29 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-24 03:37:38 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-24 03:08:29 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-24 03:37:38 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"RGSC"="f:\gtaiv\Rockstar Games Social Club\RGSCLauncher.exe" [2008-12-13 306088]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 77824]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"Launch LCDMon"="c:\program files\Common Files\Logitech\LCD Manager\LCDMon.exe" [2007-04-26 774168]
"Launch LGDCore"="c:\program files\Common Files\Logitech\G-series Software\LGDCore.exe" [2007-04-26 1132056]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-02 13683232]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-02 92704]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-29 c:\windows\RtHDVCpl.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=G G
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2008-06-11 22:43 640376 c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
--a------ 2008-06-12 02:25 37232 c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
--a------ 2008-08-14 07:58 611712 c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
--a------ 2005-07-12 19:23 454144 c:\program files\SlySoft\AnyDVD\AnyDVD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-09-03 21:12 111936 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-08-29 22:44 133104 c:\users\Vitor\AppData\Local\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-08-11 17:30 249856 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-09-09 00:02 289576 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 12:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 16:09 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2007-02-07 17:24 71216 c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{45F2B7C3-F498-49C9-8C76-951404CD8921}"= c:\program files\Windows Live\Messenger\wlcsdk.exe:Windows Live Messenger (Phone)
"{CD8D5489-06E0-4193-94C6-3B40118F06FF}"= UDP:c:\program files\Windows Live\Messenger\msnmsgr.exe:Windows Live Messenger
"{DA012B90-AA8B-4001-ACC0-2CF8F3FD01FA}"= TCP:c:\program files\Windows Live\Messenger\msnmsgr.exe:Windows Live Messenger
"{8A825AAB-34F7-4A53-A82D-3CE63D7AEEAD}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{14CAD06E-F22A-4B7C-81BF-EB4340DB07BA}"= c:\program files\Cyberlink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"TCP Query User{486B3613-3F78-47B9-BC78-975C9D895A87}e:\\softwares\\utorrent extreme le (multi).exe"= UDP:e:\softwares\utorrent extreme le (multi).exe:uTorrent Extreme LE (Multi)
"UDP Query User{E2204E45-12E0-4FAB-9B35-A67C6A737FCF}e:\\softwares\\utorrent extreme le (multi).exe"= TCP:e:\softwares\utorrent extreme le (multi).exe:uTorrent Extreme LE (Multi)
"{7A8A1A38-954F-4A26-801F-4751EDA10128}"= UDP:c:\program files\Megacubo\megacubo.exe:MegaCubo
"{DBB87510-9481-44C2-BA1C-ABE95CF1428E}"= TCP:c:\program files\Megacubo\megacubo.exe:MegaCubo
"{BF68E5C6-DE0F-4B4C-88D8-94D7236311BF}"= UDP:c:\program files\Megacubo\megasrv.exe:MiniFly
"{C194E323-C4CC-43C4-BD97-5C7E6C8F7231}"= TCP:c:\program files\Megacubo\megasrv.exe:MiniFly
"TCP Query User{D3132ACB-4593-47ED-8937-42C5A871F197}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{D80DFC09-A530-44B0-9098-4F8CF7B03FB2}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"{5468A518-5C96-4DE0-ABAF-F6F6A9E8D7A2}"= UDP:f:\combat arms\NMService.exe:Nexon Messenger Core
"{CBAED970-70B7-49A7-A331-BC3C528D8F88}"= TCP:f:\combat arms\NMService.exe:Nexon Messenger Core
"{3D7D9D76-F389-477B-BE06-B68A6E4E6EEC}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{AAB89148-AB81-497B-A288-5FC92BF50E1C}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{67BEF49E-9B5D-40DA-8DEA-0FC682D56FF7}c:\\program files\\itunes\\itunes.exe"= UDP:c:\program files\itunes\itunes.exe:itunes.exe
"UDP Query User{BFDC5FFA-896D-4741-83E8-AB521548D8D6}c:\\program files\\itunes\\itunes.exe"= TCP:c:\program files\itunes\itunes.exe:itunes.exe
"TCP Query User{F4036CBE-1FFC-4E13-AE18-30EB8BF83C5A}f:\\tmnationsforever\\tmforever.exe"= UDP:f:\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{741B090A-34BB-43E2-9657-3A8ABC7F2BF8}f:\\tmnationsforever\\tmforever.exe"= TCP:f:\tmnationsforever\tmforever.exe:TmForever
"{F8765CD6-DA9C-453D-810E-521A8556BFAF}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{BAEBF20A-6377-4BEC-A943-E59E6AEA0923}f:\\dirt\\dirt.exe"= UDP:f:\dirt\dirt.exeiRT Executable
"UDP Query User{E9DC9D41-D2FE-4706-961A-A0181649A2A7}f:\\dirt\\dirt.exe"= TCP:f:\dirt\dirt.exeiRT Executable
"{BDF98E38-781F-4D41-A683-7597F484BB7D}"= UDP:f:\combat arms\CombatArms.exe:Combat Arms
"{1FA124EC-B577-4765-AF66-6A649FE92EDA}"= TCP:f:\combat arms\CombatArms.exe:Combat Arms
"{D07C47F1-8EA0-4465-8EF4-91A7A70E7579}"= UDP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{6CC1F483-1726-4EF7-8751-003568B2E68A}"= TCP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"TCP Query User{5EE6B33A-A412-40F4-908E-6C3F6152E946}f:\\brothers in arms - hell's highway\\binaries\\biahh.exe"= UDP:f:\brothers in arms - hell's highway\binaries\biahh.exe:biahh
"UDP Query User{DC63C3C7-3358-479D-B0FE-0BA41658A40E}f:\\brothers in arms - hell's highway\\binaries\\biahh.exe"= TCP:f:\brothers in arms - hell's highway\binaries\biahh.exe:biahh
"{D1923F52-F103-40BC-B845-9F9B48BD1057}"= UDP:5353:Adobe CSI CS4
"{ECA5D712-DC69-461C-8DD6-16026CED59F4}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{0591F257-0BA9-436E-94B1-C2A130F5280C}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"TCP Query User{A30CCC35-DD29-48ED-83D2-104503F5A869}c:\\users\\vitor\\appdata\\local\\google\\chrome\\application\\chrome.exe"= UDP:c:\users\vitor\appdata\local\google\chrome\application\chrome.exe:chrome.exe
"UDP Query User{FF717EE5-8451-440D-961F-32786CFE0839}c:\\users\\vitor\\appdata\\local\\google\\chrome\\application\\chrome.exe"= TCP:c:\users\vitor\appdata\local\google\chrome\application\chrome.exe:chrome.exe
"TCP Query User{6882C393-0B64-45B5-A05C-B2F627741E1A}f:\\tmnationsforever\\tmforever.exe"= UDP:f:\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{2D5C746E-94B2-498E-9366-D02EB9FA2E2C}f:\\tmnationsforever\\tmforever.exe"= TCP:f:\tmnationsforever\tmforever.exe:TmForever
"TCP Query User{AE92A91F-08AF-4566-8189-6FB39CA597BC}f:\\brothers in arms - hell's highway\\binaries\\biahh.exe"= UDP:f:\brothers in arms - hell's highway\binaries\biahh.exe:biahh
"UDP Query User{48E9445E-C1C6-4DAA-B30E-735633523494}f:\\brothers in arms - hell's highway\\binaries\\biahh.exe"= TCP:f:\brothers in arms - hell's highway\binaries\biahh.exe:biahh
"{7C2129A2-DE67-4969-A76C-D2B8BBC16CDE}"= UDP:f:\gtaiv\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{E1C70464-D453-423A-80D1-2815E0F1EF42}"= TCP:f:\gtaiv\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{CA779F86-068F-4A56-8A0E-D3F2D6D5D261}"= UDP:f:\gtaiv\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{05BDB9DC-8474-4F86-85FE-16689B4F3449}"= TCP:f:\gtaiv\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"TCP Query User{8D9D24A5-3D31-496B-BA06-5DDDFFB1EB03}f:\\gtaiv\\grand theft auto iv\\gtaiv.exe"= UDP:f:\gtaiv\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
"UDP Query User{D6554E2D-9AC8-4684-8797-B1B135DFA6BA}f:\\gtaiv\\grand theft auto iv\\gtaiv.exe"= TCP:f:\gtaiv\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
"TCP Query User{D82DAF75-491D-4525-BBA7-5A191988786E}f:\\guitar hero iii\\gh3.exe"= UDP:f:\guitar hero iii\gh3.exe:Guitar Hero III
"UDP Query User{C4691B3E-0080-45BD-95A5-CB6F73A0E3FE}f:\\guitar hero iii\\gh3.exe"= TCP:f:\guitar hero iii\gh3.exe:Guitar Hero III
"TCP Query User{397AE185-889C-4EE4-B3E0-7F1E21A0E08A}f:\\guitar hero aerosmith\\guitar hero aerosmith.exe"= UDP:f:\guitar hero aerosmith\guitar hero aerosmith.exe:Guitar Hero: Aerosmith
"UDP Query User{8D4C03A2-B90A-4FFE-8D74-3EA7FCE4D922}f:\\guitar hero aerosmith\\guitar hero aerosmith.exe"= TCP:f:\guitar hero aerosmith\guitar hero aerosmith.exe:Guitar Hero: Aerosmith
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [2007-10-24 32272]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [2007-10-16 20496]
R4 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2006-11-02 17:51:58 13560]
R4 TimerStop;TimerStop;c:\windows\System32\TimerStop.sys [2008-10-27 4096]
S0 OemBiosDevice;Royalty OEM Bios Extension;c:\windows\System32\drivers\royal.sys [2008-11-13 240128]
S4 gupdate1c8f57561018344;Google Update Service (gupdate1c8f57561018344);c:\program files\Google\Update\GoogleUpdate.exe [2008-08-03 133104]
--- ---
*Deregistered* - sptd
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
Conteúdo da pasta 'Tarefas Agendadas'
2009-01-24 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-08-29 22:44]
2009-01-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-166006492-1750611433-2166632835-1000.job
- c:\users\Vitor\AppData\Local\Google\Update\GoogleUpdate.exe [2008-08-29 22:44]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.terra.com.br/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {6C518058-25C2-4B12-9639-BFB7058B3151} = 200.204.0.10 200.204.0.138
FF - ProfilePath - c:\users\Vitor\AppData\Roaming\Mozilla\Firefox\Profiles\panj3qq1.default\
FF - prefs.js: browser.search.selectedEngine - YouTube Video Search
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - component: c:\users\Vitor\AppData\Roaming\Mozilla\Firefox\Profiles\panj3qq1.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - component: c:\users\Vitor\AppData\Roaming\Mozilla\Firefox\Profiles\panj3qq1.default\extensions\piclens@cooliris.com\components\piclensstub.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-24 01:49:39
Windows 6.0.6001 Service Pack 1 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
- - - - - - - > 'winlogon.exe'(776)
c:\progra~1\KASPER~1\KASPER~1.0\r3hook.dll
- - - - - - - > 'lsass.exe'(728)
c:\progra~1\KASPER~1\KASPER~1.0\r3hook.dll
.
Tempo para conclusão: 2009-01-24 1:52:55
ComboFix-quarantined-files.txt 2009-01-24 03:52:53
ComboFix2.txt 2009-01-24 03:19:13
Pré-execução: 17.316.319.232 bytes disponíveis
Pós execução: 16,127,422,464 bytes disponíveis
254 --- E O F --- 2009-01-23 23:18:13
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1046.18.2047.1098 [GMT -2:00]
Executando de: c:\users\Vitor\Desktop\ComboFix.exe
Comandos utilizados :: c:\users\Vitor\Desktop\CFScript.txt
* Criado um novo ponto de restauro
FILE ::
c:\program files\desktop.ini
H:\setup.exe
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\desktop.ini
.
(((((((((((((((( Arquivos/Ficheiros criados de 2008-12-24 to 2009-01-24 ))))))))))))))))))))))))))))
.
2009-01-23 23:14 . 2009-01-23 23:33 96,976 --a------ c:\windows\System32\drivers\klin.dat
2009-01-23 23:14 . 2009-01-23 23:33 87,855 --a------ c:\windows\System32\drivers\klick.dat
2009-01-23 23:13 . 2009-01-23 23:13 <DIR> d-------- c:\program files\Kaspersky Lab
2009-01-23 23:13 . 2009-01-24 01:49 12,947,232 --ahs---- c:\windows\System32\drivers\fidbox.dat
2009-01-23 23:13 . 2009-01-23 23:34 55,592 --ahs---- c:\windows\System32\drivers\fidbox.idx
2009-01-23 23:05 . 2009-01-23 23:05 <DIR> d-------- c:\program files\Trend Micro
2009-01-23 22:58 . 2009-01-23 22:58 <DIR> d-------- c:\users\Vitor\AppData\Roaming\Malwarebytes
2009-01-23 22:58 . 2009-01-23 22:58 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-01-23 22:58 . 2009-01-23 22:58 <DIR> d-------- c:\programdata\Malwarebytes
2009-01-23 22:58 . 2009-01-23 22:58 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-23 22:58 . 2009-01-14 16:11 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-01-23 22:58 . 2009-01-14 16:11 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-01-23 21:17 . 2008-08-17 08:33 678,408 --a------ c:\windows\System32\gpprefcl.dll
2009-01-23 21:17 . 2008-10-21 23:22 2,048 --a------ c:\windows\System32\tzres.dll
2009-01-23 21:15 . 2008-10-31 23:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2009-01-23 21:15 . 2008-08-28 01:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2009-01-23 21:15 . 2008-08-28 01:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2009-01-23 21:15 . 2008-08-28 01:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2009-01-23 21:15 . 2008-11-01 01:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll
2009-01-23 21:14 . 2008-10-21 03:25 1,645,568 --a------ c:\windows\System32\connect.dll
2009-01-23 21:14 . 2008-10-22 01:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2009-01-23 21:04 . 2008-04-17 02:36 171,136 -rahs---- C:\grldr
2009-01-13 17:37 . 2008-12-16 00:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
2008-12-29 12:59 . 2008-12-29 12:59 <DIR> dr-h----- c:\users\Vitor\AppData\Roaming\SecuROM
2008-12-26 20:21 . 2008-12-26 20:21 <DIR> d-------- c:\program files\NYKO
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-24 01:36 --------- d-----w c:\programdata\Kaspersky Lab
2009-01-24 01:19 --------- d-----w c:\program files\DVD Shrink
2009-01-24 01:06 --------- d-----w c:\users\Vitor\AppData\Roaming\uTorrent
2009-01-24 01:06 --------- d-----w c:\program files\Windows Mail
2009-01-23 20:16 --------- d-----w c:\programdata\DVD Shrink
2009-01-15 02:19 --------- d-----w c:\programdata\Microsoft Help
2008-12-28 15:26 --------- d-----w c:\users\Vitor\AppData\Roaming\Vso
2008-12-14 14:38 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-14 14:38 --------- d-----w c:\program files\CyberLink
2008-12-14 14:37 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-13 20:10 --------- d-----w c:\program files\Microsoft Games for Windows - LIVE
2008-12-13 19:53 --------- d-----w c:\programdata\NVIDIA
2008-12-13 19:49 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-13 19:49 --------- d-----w c:\program files\AGEIA Technologies
2008-12-06 12:04 --------- d-----w c:\program files\CCleaner
2008-12-02 12:13 453,152 ----a-w c:\windows\System32\nvuninst.exe
2008-12-02 01:36 2,568 --sha-w c:\windows\System32\KGyGaAvL.sys
2008-11-26 14:59 --------- d-----w c:\programdata\TrackMania
2008-11-12 22:32 12,288 ----a-w c:\windows\impborl.dll
2008-11-10 22:15 103,736 ----a-w c:\windows\System32\PnkBstrB.exe
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe
2008-10-28 19:41 14,303,392 ----a-w c:\windows\System32\xlive.dll
2008-10-28 19:41 13,643,936 ----a-w c:\windows\System32\xlivefnt.dll
2008-10-02 23:46 47,360 ----a-w c:\users\Vitor\AppData\Roaming\pcouffin.sys
2008-07-18 00:41 9,759 ----a-w c:\program files\megacubo_log.log
.
((((((((((((((((((((((((((((( snapshot@2009-01-24_ 1.16.46,07 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-24 01:37:08 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-01-24 03:16:02 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-01-24 03:16:02 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2009-01-24 01:37:13 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-01-24 03:16:08 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2009-01-24 03:08:29 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-01-24 03:37:38 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-01-24 03:08:29 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-24 03:37:38 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-24 03:08:29 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-24 03:37:38 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"RGSC"="f:\gtaiv\Rockstar Games Social Club\RGSCLauncher.exe" [2008-12-13 306088]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 77824]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"Launch LCDMon"="c:\program files\Common Files\Logitech\LCD Manager\LCDMon.exe" [2007-04-26 774168]
"Launch LGDCore"="c:\program files\Common Files\Logitech\G-series Software\LGDCore.exe" [2007-04-26 1132056]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-02 13683232]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-02 92704]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-29 c:\windows\RtHDVCpl.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=G G
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2008-06-11 22:43 640376 c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
--a------ 2008-06-12 02:25 37232 c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
--a------ 2008-08-14 07:58 611712 c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
--a------ 2005-07-12 19:23 454144 c:\program files\SlySoft\AnyDVD\AnyDVD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-09-03 21:12 111936 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-08-29 22:44 133104 c:\users\Vitor\AppData\Local\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-08-11 17:30 249856 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-09-09 00:02 289576 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 12:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 16:09 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2007-02-07 17:24 71216 c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{45F2B7C3-F498-49C9-8C76-951404CD8921}"= c:\program files\Windows Live\Messenger\wlcsdk.exe:Windows Live Messenger (Phone)
"{CD8D5489-06E0-4193-94C6-3B40118F06FF}"= UDP:c:\program files\Windows Live\Messenger\msnmsgr.exe:Windows Live Messenger
"{DA012B90-AA8B-4001-ACC0-2CF8F3FD01FA}"= TCP:c:\program files\Windows Live\Messenger\msnmsgr.exe:Windows Live Messenger
"{8A825AAB-34F7-4A53-A82D-3CE63D7AEEAD}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{14CAD06E-F22A-4B7C-81BF-EB4340DB07BA}"= c:\program files\Cyberlink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"TCP Query User{486B3613-3F78-47B9-BC78-975C9D895A87}e:\\softwares\\utorrent extreme le (multi).exe"= UDP:e:\softwares\utorrent extreme le (multi).exe:uTorrent Extreme LE (Multi)
"UDP Query User{E2204E45-12E0-4FAB-9B35-A67C6A737FCF}e:\\softwares\\utorrent extreme le (multi).exe"= TCP:e:\softwares\utorrent extreme le (multi).exe:uTorrent Extreme LE (Multi)
"{7A8A1A38-954F-4A26-801F-4751EDA10128}"= UDP:c:\program files\Megacubo\megacubo.exe:MegaCubo
"{DBB87510-9481-44C2-BA1C-ABE95CF1428E}"= TCP:c:\program files\Megacubo\megacubo.exe:MegaCubo
"{BF68E5C6-DE0F-4B4C-88D8-94D7236311BF}"= UDP:c:\program files\Megacubo\megasrv.exe:MiniFly
"{C194E323-C4CC-43C4-BD97-5C7E6C8F7231}"= TCP:c:\program files\Megacubo\megasrv.exe:MiniFly
"TCP Query User{D3132ACB-4593-47ED-8937-42C5A871F197}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{D80DFC09-A530-44B0-9098-4F8CF7B03FB2}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"{5468A518-5C96-4DE0-ABAF-F6F6A9E8D7A2}"= UDP:f:\combat arms\NMService.exe:Nexon Messenger Core
"{CBAED970-70B7-49A7-A331-BC3C528D8F88}"= TCP:f:\combat arms\NMService.exe:Nexon Messenger Core
"{3D7D9D76-F389-477B-BE06-B68A6E4E6EEC}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{AAB89148-AB81-497B-A288-5FC92BF50E1C}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{67BEF49E-9B5D-40DA-8DEA-0FC682D56FF7}c:\\program files\\itunes\\itunes.exe"= UDP:c:\program files\itunes\itunes.exe:itunes.exe
"UDP Query User{BFDC5FFA-896D-4741-83E8-AB521548D8D6}c:\\program files\\itunes\\itunes.exe"= TCP:c:\program files\itunes\itunes.exe:itunes.exe
"TCP Query User{F4036CBE-1FFC-4E13-AE18-30EB8BF83C5A}f:\\tmnationsforever\\tmforever.exe"= UDP:f:\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{741B090A-34BB-43E2-9657-3A8ABC7F2BF8}f:\\tmnationsforever\\tmforever.exe"= TCP:f:\tmnationsforever\tmforever.exe:TmForever
"{F8765CD6-DA9C-453D-810E-521A8556BFAF}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{BAEBF20A-6377-4BEC-A943-E59E6AEA0923}f:\\dirt\\dirt.exe"= UDP:f:\dirt\dirt.exeiRT Executable
"UDP Query User{E9DC9D41-D2FE-4706-961A-A0181649A2A7}f:\\dirt\\dirt.exe"= TCP:f:\dirt\dirt.exeiRT Executable
"{BDF98E38-781F-4D41-A683-7597F484BB7D}"= UDP:f:\combat arms\CombatArms.exe:Combat Arms
"{1FA124EC-B577-4765-AF66-6A649FE92EDA}"= TCP:f:\combat arms\CombatArms.exe:Combat Arms
"{D07C47F1-8EA0-4465-8EF4-91A7A70E7579}"= UDP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{6CC1F483-1726-4EF7-8751-003568B2E68A}"= TCP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"TCP Query User{5EE6B33A-A412-40F4-908E-6C3F6152E946}f:\\brothers in arms - hell's highway\\binaries\\biahh.exe"= UDP:f:\brothers in arms - hell's highway\binaries\biahh.exe:biahh
"UDP Query User{DC63C3C7-3358-479D-B0FE-0BA41658A40E}f:\\brothers in arms - hell's highway\\binaries\\biahh.exe"= TCP:f:\brothers in arms - hell's highway\binaries\biahh.exe:biahh
"{D1923F52-F103-40BC-B845-9F9B48BD1057}"= UDP:5353:Adobe CSI CS4
"{ECA5D712-DC69-461C-8DD6-16026CED59F4}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{0591F257-0BA9-436E-94B1-C2A130F5280C}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"TCP Query User{A30CCC35-DD29-48ED-83D2-104503F5A869}c:\\users\\vitor\\appdata\\local\\google\\chrome\\application\\chrome.exe"= UDP:c:\users\vitor\appdata\local\google\chrome\application\chrome.exe:chrome.exe
"UDP Query User{FF717EE5-8451-440D-961F-32786CFE0839}c:\\users\\vitor\\appdata\\local\\google\\chrome\\application\\chrome.exe"= TCP:c:\users\vitor\appdata\local\google\chrome\application\chrome.exe:chrome.exe
"TCP Query User{6882C393-0B64-45B5-A05C-B2F627741E1A}f:\\tmnationsforever\\tmforever.exe"= UDP:f:\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{2D5C746E-94B2-498E-9366-D02EB9FA2E2C}f:\\tmnationsforever\\tmforever.exe"= TCP:f:\tmnationsforever\tmforever.exe:TmForever
"TCP Query User{AE92A91F-08AF-4566-8189-6FB39CA597BC}f:\\brothers in arms - hell's highway\\binaries\\biahh.exe"= UDP:f:\brothers in arms - hell's highway\binaries\biahh.exe:biahh
"UDP Query User{48E9445E-C1C6-4DAA-B30E-735633523494}f:\\brothers in arms - hell's highway\\binaries\\biahh.exe"= TCP:f:\brothers in arms - hell's highway\binaries\biahh.exe:biahh
"{7C2129A2-DE67-4969-A76C-D2B8BBC16CDE}"= UDP:f:\gtaiv\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{E1C70464-D453-423A-80D1-2815E0F1EF42}"= TCP:f:\gtaiv\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{CA779F86-068F-4A56-8A0E-D3F2D6D5D261}"= UDP:f:\gtaiv\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{05BDB9DC-8474-4F86-85FE-16689B4F3449}"= TCP:f:\gtaiv\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"TCP Query User{8D9D24A5-3D31-496B-BA06-5DDDFFB1EB03}f:\\gtaiv\\grand theft auto iv\\gtaiv.exe"= UDP:f:\gtaiv\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
"UDP Query User{D6554E2D-9AC8-4684-8797-B1B135DFA6BA}f:\\gtaiv\\grand theft auto iv\\gtaiv.exe"= TCP:f:\gtaiv\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
"TCP Query User{D82DAF75-491D-4525-BBA7-5A191988786E}f:\\guitar hero iii\\gh3.exe"= UDP:f:\guitar hero iii\gh3.exe:Guitar Hero III
"UDP Query User{C4691B3E-0080-45BD-95A5-CB6F73A0E3FE}f:\\guitar hero iii\\gh3.exe"= TCP:f:\guitar hero iii\gh3.exe:Guitar Hero III
"TCP Query User{397AE185-889C-4EE4-B3E0-7F1E21A0E08A}f:\\guitar hero aerosmith\\guitar hero aerosmith.exe"= UDP:f:\guitar hero aerosmith\guitar hero aerosmith.exe:Guitar Hero: Aerosmith
"UDP Query User{8D4C03A2-B90A-4FFE-8D74-3EA7FCE4D922}f:\\guitar hero aerosmith\\guitar hero aerosmith.exe"= TCP:f:\guitar hero aerosmith\guitar hero aerosmith.exe:Guitar Hero: Aerosmith
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [2007-10-24 32272]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [2007-10-16 20496]
R4 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2006-11-02 17:51:58 13560]
R4 TimerStop;TimerStop;c:\windows\System32\TimerStop.sys [2008-10-27 4096]
S0 OemBiosDevice;Royalty OEM Bios Extension;c:\windows\System32\drivers\royal.sys [2008-11-13 240128]
S4 gupdate1c8f57561018344;Google Update Service (gupdate1c8f57561018344);c:\program files\Google\Update\GoogleUpdate.exe [2008-08-03 133104]
--- ---
*Deregistered* - sptd
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
Conteúdo da pasta 'Tarefas Agendadas'
2009-01-24 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-08-29 22:44]
2009-01-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-166006492-1750611433-2166632835-1000.job
- c:\users\Vitor\AppData\Local\Google\Update\GoogleUpdate.exe [2008-08-29 22:44]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.terra.com.br/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {6C518058-25C2-4B12-9639-BFB7058B3151} = 200.204.0.10 200.204.0.138
FF - ProfilePath - c:\users\Vitor\AppData\Roaming\Mozilla\Firefox\Profiles\panj3qq1.default\
FF - prefs.js: browser.search.selectedEngine - YouTube Video Search
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - component: c:\users\Vitor\AppData\Roaming\Mozilla\Firefox\Profiles\panj3qq1.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - component: c:\users\Vitor\AppData\Roaming\Mozilla\Firefox\Profiles\panj3qq1.default\extensions\piclens@cooliris.com\components\piclensstub.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-24 01:49:39
Windows 6.0.6001 Service Pack 1 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
- - - - - - - > 'winlogon.exe'(776)
c:\progra~1\KASPER~1\KASPER~1.0\r3hook.dll
- - - - - - - > 'lsass.exe'(728)
c:\progra~1\KASPER~1\KASPER~1.0\r3hook.dll
.
Tempo para conclusão: 2009-01-24 1:52:55
ComboFix-quarantined-files.txt 2009-01-24 03:52:53
ComboFix2.txt 2009-01-24 03:19:13
Pré-execução: 17.316.319.232 bytes disponíveis
Pós execução: 16,127,422,464 bytes disponíveis
254 --- E O F --- 2009-01-23 23:18:13
HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:00:49, on 24/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 8.0\avp.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 8.0\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [RGSC] F:\GTAIV\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: (no name) - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 8.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C518058-25C2-4B12-9639-BFB7058B3151}: NameServer = 200.204.0.10 200.204.0.138
O20 - AppInit_DLLs: G G
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 8.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c8f57561018344) (gupdate1c8f57561018344) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
--
End of file - 7102 bytes
Scan saved at 02:00:49, on 24/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 8.0\avp.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 8.0\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [RGSC] F:\GTAIV\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: (no name) - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 8.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C518058-25C2-4B12-9639-BFB7058B3151}: NameServer = 200.204.0.10 200.204.0.138
O20 - AppInit_DLLs: G G
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 8.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c8f57561018344) (gupdate1c8f57561018344) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
--
End of file - 7102 bytes