Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
digoep

Malware - Análise de log

Recommended Posts

Olá!

To com um virus/Malware/algo no meu pc que tá comprometendo algumas funções.. não consigo acessar alguns sites de Banco, o meu "Pesquisar" do Windows não funciona e só aparece o cachorrinho, e as vezes quando fecho o Mozilla ele abre novamente sozinho tentando abrir um site, algo como getinfo.com..

Já passei todos anti virus possiveis, ad aware, spy hunter e nada funciona.. a única coisa que ele detecta é um cookie atdmt..

Fiz o procedimento certo para abrir um novo tópico, porém NÃO consegui usar o dds.. ele abre a janela preta, porém não abre os dois arquivos de texto que deveriam abrir.. a seguir, o log do gmer e do Malwerebyte's..

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-01-11 12:34:24

Windows 5.1.2600 Service Pack 3

Running: gmer.exe; Driver: C:\DOCUME~1\Carmen\CONFIG~1\Temp\kxpyrfog.sys

---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF766787E]

SSDT spbi.sys ZwEnumerateKey [0xF74F5CA2]

SSDT spbi.sys ZwEnumerateValueKey [0xF74F6030]

SSDT spbi.sys ZwOpenKey [0xF74D70C0]

SSDT spbi.sys ZwQueryKey [0xF74F6108]

SSDT spbi.sys ZwQueryValueKey [0xF74F5F88]

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF7667BFE]

INT 0x63 ? 8A191BF8

INT 0x63 ? 8A191BF8

INT 0x63 ? 89FBFF00

INT 0x63 ? 89FBFF00

INT 0x63 ? 8A191BF8

INT 0x84 ? 89FBFF00

INT 0x94 ? 8A191BF8

INT 0x94 ? 8A191BF8

INT 0x94 ? 8A191BF8

INT 0x94 ? 8A191BF8

INT 0x94 ? 89FBFF00

INT 0x94 ? 8A191BF8

INT 0xA4 ? 89FBFF00

INT 0xB4 ? 89FBFF00

---- Kernel code sections - GMER 1.0.15 ----

? spbi.sys O sistema não pode encontrar o arquivo especificado. !

.text USBPORT.SYS!DllUnload BAD3B8AC 5 Bytes JMP 89FBF4E0

.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 + 1 BAC3F4D1 47 Bytes [9F, DF, AC, 0D, 41, 8C, 25, ...]

? C:\WINDOWS\System32\Drivers\dtscsi.sys O arquivo já está sendo usado por outro processo.

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A2062D8

IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7508C4C] spbi.sys

IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7508CA0] spbi.sys

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74D8040] spbi.sys

IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74D813C] spbi.sys

IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74D80BE] spbi.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74D87FC] spbi.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74D86D2] spbi.sys

IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 89FBF5E0

IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F74E8048] spbi.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A1901F8

Device \Driver\usbuhci \Device\USBPDO-0 89FBE1F8

Device \Driver\usbuhci \Device\USBPDO-1 89FBE1F8

Device \Driver\usbuhci \Device\USBPDO-2 89FBE1F8

Device \Driver\PCI_PNP6058 \Device\00000046 spbi.sys

Device \Driver\PCI_PNP6058 \Device\00000046 spbi.sys

Device \Driver\usbehci \Device\USBPDO-3 8A0651F8

Device \Driver\usbehci \Device\USBPDO-4 8A0651F8

Device \Driver\usbuhci \Device\USBPDO-5 89FBE1F8

Device \Driver\usbuhci \Device\USBPDO-6 89FBE1F8

Device \Driver\Ftdisk \Device\HarddiskVolume1 8A2041F8

Device \Driver\usbuhci \Device\USBPDO-7 89FBE1F8

Device \Driver\Cdrom \Device\CdRom0 8A0461F8

Device \Driver\Cdrom \Device\CdRom1 8A0461F8

Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-12 [F7849B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device \Driver\atapi \Device\Ide\IdePort0 [F7849B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device \Driver\atapi \Device\Ide\IdePort1 [F7849B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device \Driver\atapi \Device\Ide\IdePort2 [F7849B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device \Driver\atapi \Device\Ide\IdePort3 [F7849B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-7 [F7849B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device \Driver\atapi \Device\Ide\IdePort4 [F7849B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device \Driver\atapi \Device\Ide\IdePort5 [F7849B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device \Driver\usbuhci \Device\USBFDO-0 89FBE1F8

Device \Driver\usbuhci \Device\USBFDO-1 89FBE1F8

Device \Driver\usbuhci \Device\USBFDO-2 89FBE1F8

Device \Driver\usbehci \Device\USBFDO-3 8A0651F8

Device \Driver\usbuhci \Device\USBFDO-4 89FBE1F8

Device \Driver\Ftdisk \Device\FtControl 8A2041F8

Device \Driver\usbuhci \Device\USBFDO-5 89FBE1F8

Device \Driver\usbuhci \Device\USBFDO-6 89FBE1F8

Device \Driver\usbehci \Device\USBFDO-7 8A0651F8

Device \Driver\dtscsi \Device\Scsi\dtscsi1Port6Path0Target0Lun0 8A0431F8

Device \Driver\dtscsi \Device\Scsi\dtscsi1 8A0431F8

Device \FileSystem\Cdfs \Cdfs 89FD31F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x19 0x66 0xB7 0x82 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Arquivos de programas\DAEMON Tools\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x12 0x41 0x19 0x6A ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xB8 0x5D 0x2F 0x79 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x19 0x66 0xB7 0x82 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Arquivos de programas\DAEMON Tools\

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x12 0x41 0x19 0x6A ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xB8 0x5D 0x2F 0x79 ...

---- EOF - GMER 1.0.15 ----

do Malware..

Malwarebytes' Anti-Malware 1.41

Versão do banco de dados: 3166

Windows 5.1.2600 Service Pack 3

11/1/2010 14:29:04

mbam-log-2010-01-11 (14-29-04).txt

Tipo de Verificação: Completa (C:\|)

Objetos verificados: 224501

Tempo decorrido: 27 minute(s), 4 second(s)

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 1

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 2

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

Chaves do Registro infectadas:

HKEY_CLASSES_ROOT\CLSID\{67406c94-40ea-093f-a925-1aa3ef4183f2} (Trojan.ATRAPS) -> Quarantined and deleted successfully.

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

Arquivos infectados:

C:\WINDOWS\didulist (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\wbtemp2.txt (Malware.Trace) -> Quarantined and deleted successfully.

Caso alguém tenha uma dica de como posso fazer funcionar o dds, aceito sugestões

:)

Grato

Rodrigo

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • O problema não foi baixar o DDS, eu baixei ele, executei, apareceu a tela preta, porém depois da tela preta não apareceram os relatórios que deveriam aparecer. Baixei mais de uma vez ele, executei no modo de segurança e não surgiu os relatórios. Se ajudar, segue um relatório do HijackThis:

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 14:59:44, on 13/1/2010

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v8.00 (8.00.6001.18702)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\Arquivos de programas\Bonjour\mDNSResponder.exe

    C:\Arquivos de programas\Java\jre6\bin\jqs.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\WINDOWS\System32\snmp.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Arquivos de programas\Canon\CAL\CALMAIN.exe

    C:\WINDOWS\system32\wbem\wmiapsrv.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\RTHDCPL.EXE

    C:\WINDOWS\system32\RUNDLL32.EXE

    C:\Arquivos de programas\Java\jre6\bin\jusched.exe

    C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

    C:\Arquivos de programas\iTunes\iTunesHelper.exe

    C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

    C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

    C:\Arquivos de programas\Rainlendar2\Rainlendar2.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\WINDOWS\system32\rundll32.exe

    C:\windows\netaps\sysinternals.exe

    C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

    C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

    C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

    C:\Arquivos de programas\iPod\bin\iPodService.exe

    C:\windows\netaps\sysinternals.exe

    C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

    C:\Arquivos de programas\Mozilla Firefox\firefox.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\digo\Utilitários\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

    O1 - Hosts: visanet.com.br

    O1 - Hosts: 198.106.42.124# SpyBo t search and Destroy

    O1 - Hosts: 198.106.42.124 www.visanet.com.br

    O1 - Hosts: 198.106.42.124 www.bancoreal.com.br

    O1 - Hosts: 198.106.42.124 real.com.br

    O1 - Hosts: 198.106.42.124 www.real.com.br

    O1 - Hosts: 198.106.42.124 www.itau.com.br

    O1 - Hosts: 198.106.42.124 itau.com.br

    O1 - Hosts: 198.106.42.124 www.itaupersonnalite.com.br

    O1 - Hosts: 198.106.42.124 itaupersonnalite.com.br

    O1 - Hosts: 198.106.42.124 www.itauprivatebank.com.br

    O1 - Hosts: 198.106.42.124 itauprivatebank.com.br

    O1 - Hosts: 198.106.42.124 www.bb.com.br

    O1 - Hosts: 198.106.42.124 bb.com.br

    O1 - Hosts: 198.106.42.124 www.bb.gov.br

    O1 - Hosts: 198.106.42.124 bb.gov.br

    O1 - Hosts: 198.106.42.124 bradesco.com.br

    O1 - Hosts: 198.106.42.124 www.bradesco.com.br

    O1 - Hosts: 198.106.42.124 www.bradescoprime.com.br

    O1 - Hosts: 198.106.42.124 bradescoprime.com.br

    O1 - Hosts: 198.106.42.124 bradescojuridico.com.br

    O1 - Hosts: 198.106.42.124 www.checktudo.com.br

    O1 - Hosts: 198.106.42.124 checktudo.com.br

    O1 - Hosts: 198.106.42.124 www.infoseg.gov.br

    O1 - Hosts: 198.106.42.124 infoseg.gov.br

    O1 - Hosts: 198.106.42.124 www.bradescojuridico.com.br

    O1 - Hosts: 198.106.42.124 santander.com.br

    O1 - Hosts: 198.106.42.124 www.santander.com.br

    O1 - Hosts: 198.106.42.124 banespa.com.br

    O1 - Hosts: 198.106.42.124 www.nossacaixa.com.br

    O1 - Hosts: 198.106.42.124 nossacaixa.com.br

    O1 - Hosts: 198.106.42.124 www.unibanco.com.br

    O1 - Hosts: 198.106.42.124 unibanco.com.br

    O1 - Hosts: 198.106.42.124 www.banespa.com.br

    O1 - Hosts: 198.106.42.124 www.itauprivatebank.com.br

    O1 - Hosts: 198.106.42.124 itauprivatebank.com.br

    O1 - Hosts: 198.106.42.124 cetelem.com.br

    O1 - Hosts: 198.106.42.124 www.cetelem.com.br

    O1 - Hosts: 198.106.42.124 citibank.com.br

    O1 - Hosts: 198.106.42.124 www.citibank.com.br

    O1 - Hosts: 198.106.42.124 www.cartaobndes.gov.br

    O1 - Hosts: 198.106.42.124 cartaobndes.gov.br

    O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - (no file)

    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

    O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

    O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

    O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - (no file)

    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

    O4 - HKLM\..\Run: [Ad-Watch] C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

    O4 - HKLM\..\RunOnce: [KB955759] rundll32.exe apphelp.dll,ShimFlushCache

    O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

    O4 - HKCU\..\Run: [Rainlendar2] C:\Arquivos de programas\Rainlendar2\Rainlendar2.exe

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [spooler de Impressão] C:\WINDOWS\system32\rundll32.exe C:\windows\netaps\windll.dll update

    O4 - HKCU\..\Run: [serviço de Indexação Windows] C:\windows\netaps\sysinternals.exe

    O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

    O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

    O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office12\EXCEL.EXE/3000

    O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\Office12\REFIEBAR.DLL

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1210173210187

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

    O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - https://imagem.caixa.gov.br/cab/gbpdist.cab

    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

    O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

    O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - (no file)

    O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - (no file)

    O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe (file missing)

    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe (file missing)

    O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe (file missing)

    O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Arquivos de programas\Canon\CAL\CALMAIN.exe

    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

    O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe

    O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

    O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

    --

    End of file - 12049 bytes

    Detalhe que eu tinha o avast instalado, mas o malware/virus que eu tenho conseguiu "desinstalar" ele..

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    O problema não foi baixar o DDS

    Eu não disse que esse era o problema, apenas siga minhas instruções. Baixe o DDS do link alternativo, execute-o e poste os logs.

    Obs: Não use serviços bancários por hora.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Esse é o meu problema, eu executo o DDS e os logs NÃO APARECEM. Usei o Link Alternativo, baixei pelo I.E, Mozilla, Google Chrome, executei e não aparece o log. E já não estava mais conseguindo nem acessar o site da Caixa direito.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Esse é o meu problema, eu executo o DDS e os logs NÃO APARECEM. Usei o Link Alternativo, baixei pelo I.E, Mozilla, Google Chrome, executei e não aparece o log.

    Ok. Apenas para explicar, apesar dos dois links apontarem para o 'mesmo' programa, não é bem assim, em um link ele tem uma extensão e no alternativo tem outra, isso serve para caso um não funcione corretamente, mas já que os dois links não funcionaram vamos dar continuidade com o que temos.

    E já não estava mais conseguindo nem acessar o site da Caixa direito.

    Como disse anteriormente, não tente mais acessar seu banco, você está sendo redirecionado a uma página falsa com intuito de roubar suas senhas bancárias. Caso já tenha feito algum procedimento, informe ao seu banco do ocorrido e troque suas senhas de acesso.

    Leia as instruções contidas neste link:

    Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

    1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

    [*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

    • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
    • Clique em "OK" ao EULA.
    • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

    [*]O ComboFix será executado, por favor seja paciente e aguarde. [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

    NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

    NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

    • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
    • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
    • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Passei o ComboFix.. o relatório:

    ComboFix 10-01-13.07 - Carmen 13/01/2010 21:52:23.1.4 - x86

    Microsoft Windows XP Home Edition 5.1.2600.3.1252.55.1046.18.3067.2388 [GMT -3:00]

    Executando de: c:\digo\ComboFix.exe

    .

    ADS - drivers: deleted 220 bytes in 2 streams.

    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    C:\CARMEN-A2095CD3.txt

    c:\docume~1\Carmen\CONFIG~1\Temp\msseces.exe

    C:\driver.bat

    c:\windows\netaps

    c:\windows\netaps\outlook.exe

    c:\windows\netaps\sysinternals.exe

    c:\windows\netaps\windll.dll

    c:\windows\netaps\Windll.log

    c:\windows\system32\owner.exe

    c:\windows\system32\twain_32.dll

    .

    (((((((((((((((( Arquivos/Ficheiros criados de 2009-12-14 to 2010-01-14 ))))))))))))))))))))))))))))

    .

    2010-01-09 17:26 . 2010-01-09 18:58 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Symantec Shared

    2010-01-09 17:22 . 2010-01-09 18:58 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Norton

    2010-01-09 17:22 . 2010-01-09 17:22 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Symantec

    2010-01-09 17:22 . 2010-01-09 17:22 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NortonInstaller

    2009-12-25 20:51 . 2009-12-25 20:51 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Malwarebytes

    2009-12-25 20:45 . 2009-12-25 20:45 -------- d-sh--w- c:\documents and settings\Administrador\IETldCache

    2009-12-25 20:30 . 2006-03-02 12:00 82501 -c--a-w- c:\windows\system32\dllcache\bckg.dll

    2009-12-25 06:52 . 2009-10-10 01:31 315408 ----a-w- c:\windows\system32\drivers\1255231.sys

    2009-12-25 06:22 . 2009-12-25 06:22 -------- d-----w- c:\documents and settings\Carmen\Dados de aplicativos\VSRevoGroup

    2009-12-24 22:00 . 2009-12-24 22:00 52224 ----a-w- c:\documents and settings\Carmen\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

    2009-12-24 22:00 . 2009-12-24 22:00 117760 ----a-w- c:\documents and settings\Carmen\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

    2009-12-24 22:00 . 2009-12-24 22:00 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SUPERAntiSpyware.com

    2009-12-24 22:00 . 2009-12-24 22:00 65024 ----a-r- c:\documents and settings\Carmen\Dados de aplicativos\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe

    2009-12-24 22:00 . 2009-12-24 22:00 5120 ----a-r- c:\documents and settings\Carmen\Dados de aplicativos\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe

    2009-12-24 22:00 . 2009-12-24 22:00 18944 ----a-r- c:\documents and settings\Carmen\Dados de aplicativos\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe

    2009-12-24 21:59 . 2010-01-08 14:25 -------- d-----w- c:\arquivos de programas\SUPERAntiSpyware

    2009-12-24 21:59 . 2009-12-24 21:59 -------- d-----w- c:\documents and settings\Carmen\Dados de aplicativos\SUPERAntiSpyware.com

    2009-12-24 21:59 . 2009-12-24 21:59 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard

    2009-12-24 21:42 . 2009-12-24 21:42 -------- d-----w- c:\arquivos de programas\VS Revo Group

    2009-12-24 00:06 . 2009-12-24 00:06 43520 ----a-w- c:\windows\system32\bie.exe

    2009-12-22 04:48 . 2009-06-30 12:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys

    2009-12-22 04:48 . 2009-12-22 04:48 -------- d-----w- c:\arquivos de programas\Panda Security

    2009-12-22 01:34 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll

    2009-12-22 01:29 . 2009-12-22 01:51 -------- dc-h--w- c:\windows\ie8

    2009-12-17 04:52 . 2009-12-17 04:53 -------- d-----w- C:\Kaspersky

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2010-01-14 00:48 . 2009-11-04 21:49 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

    2010-01-13 01:27 . 2008-06-05 02:24 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

    2010-01-10 18:50 . 2009-12-01 18:33 79488 ----a-w- c:\documents and settings\Carmen\Dados de aplicativos\Sun\Java\jre1.6.0_17\gtapi.dll

    2010-01-07 17:45 . 2009-06-23 00:13 6296864 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\Resources.dll

    2009-12-26 10:42 . 2006-03-02 12:00 82394 ----a-w- c:\windows\system32\perfc016.dat

    2009-12-26 10:42 . 2006-03-02 12:00 475504 ----a-w- c:\windows\system32\perfh016.dat

    2009-12-25 06:25 . 2009-08-10 03:10 -------- d-----w- c:\arquivos de programas\MessengerPlus! 3

    2009-12-23 23:46 . 2009-06-23 00:13 862040 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\threatwork.exe

    2009-12-23 23:46 . 2009-06-23 00:13 206944 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\lavamessage.dll

    2009-12-23 23:46 . 2009-06-23 00:13 390288 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\lavalicense.dll

    2009-12-23 23:46 . 2009-10-14 23:44 537576 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\aawapi.dll

    2009-12-23 23:46 . 2009-06-23 00:13 370744 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\UpdateManager.dll

    2009-12-23 23:46 . 2009-06-23 00:13 194104 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\Savapibridge.dll

    2009-12-23 23:45 . 2009-06-23 00:12 933120 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\CEAPI.dll

    2009-12-23 23:45 . 2009-06-23 00:11 816272 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe

    2009-12-23 23:45 . 2009-06-23 00:11 822904 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe

    2009-12-23 23:45 . 2009-06-23 00:11 1643272 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\Ad-Aware.exe

    2009-12-23 23:45 . 2009-06-23 00:10 788880 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\AAWTray.exe

    2009-12-23 23:45 . 2009-06-23 00:10 1181328 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\AAWService.exe

    2009-12-22 00:13 . 2008-05-20 17:00 -------- d-----w- c:\arquivos de programas\Bonjour

    2009-12-15 23:49 . 2008-09-21 23:51 -------- d-----w- c:\arquivos de programas\3GP Player

    2009-12-02 22:59 . 2009-12-02 22:59 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Alwil Software

    2009-12-02 22:48 . 2008-05-08 05:21 -------- d-----w- c:\arquivos de programas\eMule

    2009-11-30 20:27 . 2008-05-08 05:24 38848 ----a-w- c:\windows\system32\avastSS.scr

    2009-11-30 20:26 . 2008-05-08 05:24 150624 ----a-w- c:\windows\system32\aswBoot.exe

    2009-11-30 20:16 . 2009-12-02 22:59 269904 ----a-w- c:\windows\system32\drivers\aswSnx.sys

    2009-11-30 20:16 . 2009-12-02 22:59 186064 ----a-w- c:\windows\system32\drivers\aswNdis.sys

    2009-11-30 20:15 . 2008-05-08 05:24 46544 ----a-w- c:\windows\system32\drivers\aswTdi.sys

    2009-11-30 20:14 . 2008-05-08 05:24 149840 ----a-w- c:\windows\system32\drivers\aswSP.sys

    2009-11-30 20:12 . 2008-05-08 05:24 23248 ----a-w- c:\windows\system32\drivers\aswRdr.sys

    2009-11-30 20:11 . 2008-05-08 05:24 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys

    2009-11-30 20:11 . 2008-05-08 05:24 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys

    2009-11-30 20:11 . 2008-05-08 05:24 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

    2009-11-30 20:11 . 2008-05-08 05:24 27728 ----a-w- c:\windows\system32\drivers\aavmker4.sys

    2009-11-28 19:05 . 2008-05-30 05:24 -------- d-----w- c:\documents and settings\Carmen\Dados de aplicativos\Vso

    2009-11-22 02:28 . 2009-11-22 01:50 -------- d-----w- c:\arquivos de programas\Enigma Software Group

    2009-11-21 23:45 . 2009-06-16 00:09 163728 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\ShellExt.dll

    2009-11-21 23:45 . 2009-06-16 00:08 327000 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\RPAPI.dll

    2009-11-21 23:45 . 2009-06-16 00:08 87496 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\PrivacyClean.dll

    2009-11-21 23:45 . 2009-09-22 00:07 641632 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\AutoLaunch.exe

    2009-11-21 15:58 . 2006-03-02 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll

    2009-11-07 13:55 . 2009-11-06 11:03 598 ----a-w- C:\fsys.bat

    2009-10-29 07:42 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

    2009-10-28 23:47 . 2009-10-28 23:47 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

    2009-10-28 23:47 . 2009-10-28 23:47 93360 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys

    2009-10-28 23:47 . 2009-10-28 23:47 554280 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\sbap.dll

    2009-10-28 23:47 . 2009-06-16 00:09 15880 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\lsdelete.exe

    2009-10-28 23:47 . 2009-04-02 04:31 15880 ----a-w- c:\windows\system32\lsdelete.exe

    2009-10-28 23:47 . 2009-10-28 23:47 212480 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\VipreBridge.dll

    2009-10-28 23:47 . 2009-10-28 23:47 283944 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\Vipre.dll

    2009-10-28 23:47 . 2009-10-28 23:47 1223976 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\SBTE.dll

    2009-10-28 23:47 . 2009-10-28 23:47 242984 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\SBRE.dll

    2009-10-22 18:40 . 2008-12-24 22:43 30504 ----a-w- c:\windows\system32\drivers\GbpKm.sys

    2009-10-21 05:39 . 2006-03-02 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll

    2009-10-21 05:39 . 2006-03-02 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll

    2009-10-20 16:20 . 2006-03-02 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys

    2007-03-13 22:20 . 2008-05-20 16:53 35979 -c--a-w- c:\arquivos de programas\Photoshop CS3 Read Me.html

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* entradas vazias e legítimas por defeito não são mostradas.

    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]

    "Rainlendar2"="c:\arquivos de programas\Rainlendar2\Rainlendar2.exe" [2006-10-28 981504]

    "SUPERAntiSpyware"="c:\arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-08 2002160]

    "msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

    "Google Update"="c:\documents and settings\Carmen\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2010-01-13 135664]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "RTHDCPL"="RTHDCPL.EXE" [2007-09-17 16132608]

    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-16 8491008]

    "nwiz"="nwiz.exe" [2007-09-16 1626112]

    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-16 81920]

    "NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

    "SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2008-12-17 136600]

    "GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

    "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-03 188416]

    "Ad-Watch"="c:\arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe" [2009-12-23 788880]

    "Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

    "QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2009-09-05 417792]

    "iTunesHelper"="c:\arquivos de programas\iTunes\iTunesHelper.exe" [2009-09-09 305440]

    "PWRISOVM.EXE"="c:\arquivos de programas\PowerISO\PWRISOVM.EXE" [2008-01-20 217088]

    "Malwarebytes Anti-Malware (reboot)"="c:\arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "PcSync"="c:\arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\arquivos de programas\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

    2009-09-03 17:21 548352 ----a-w- c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

    BootExecute REG_MULTI_SZ masterx autocheck autochk *\0lsdelete

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

    @="Service"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

    "Google Update"="c:\documents and settings\Carmen\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]

    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    "c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

    "c:\\Arquivos de programas\\eMule\\emule.exe"=

    "c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

    "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=

    "c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

    "c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

    "c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

    "c:\\Arquivos de programas\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=

    "c:\\Arquivos de programas\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=

    "c:\\Arquivos de programas\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=

    "c:\\Arquivos de programas\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=

    "c:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Nero Web\\SetupX.exe"=

    "c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

    "c:\\Arquivos de programas\\iTunes\\iTunes.exe"=

    "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

    "c:\\Arquivos de programas\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

    "7768:TCP"= 7768:TCP:BitComet 7768 TCP

    "7768:UDP"= 7768:UDP:BitComet 7768 UDP

    R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2/12/2009 19:59 186064]

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/4/2009 21:07 64288]

    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [22/12/2009 01:48 28552]

    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2/12/2009 19:59 269904]

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/5/2008 02:24 149840]

    R1 SASDIFSV;SASDIFSV;c:\arquivos de programas\SUPERAntiSpyware\sasdifsv.sys [16/12/2009 16:26 9968]

    R1 SASKUTIL;SASKUTIL;c:\arquivos de programas\SUPERAntiSpyware\SASKUTIL.SYS [16/12/2009 16:26 74480]

    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/5/2008 02:24 19024]

    R3 SASENUM;SASENUM;c:\arquivos de programas\SUPERAntiSpyware\SASENUM.SYS [16/12/2009 16:27 7408]

    S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/5/2008 20:15 717296]

    S1 12552311;12552311;c:\windows\system32\DRIVERS\12552311.sys --> c:\windows\system32\DRIVERS\12552311.sys [?]

    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe [24/9/2009 08:17 1181328]

    S3 hid8103;hid8103;c:\windows\system32\drivers\hid8103.sys [4/7/2008 21:20 31128]

    .

    Conteúdo da pasta 'Tarefas Agendadas'

    2010-01-14 c:\windows\Tasks\Ad-Aware Update (Daily 1).job

    - c:\arquivos de programas\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 23:45]

    2010-01-14 c:\windows\Tasks\Ad-Aware Update (Daily 2).job

    - c:\arquivos de programas\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 23:45]

    2010-01-14 c:\windows\Tasks\Ad-Aware Update (Daily 3).job

    - c:\arquivos de programas\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 23:45]

    2010-01-14 c:\windows\Tasks\Ad-Aware Update (Daily 4).job

    - c:\arquivos de programas\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 23:45]

    2010-01-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job

    - c:\arquivos de programas\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 23:45]

    2010-01-08 c:\windows\Tasks\AppleSoftwareUpdate.job

    - c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34]

    .

    .

    ------- Scan Suplementar -------

    .

    uStart Page = about:blank

    uInternet Settings,ProxyOverride = *.local

    IE: E&xport to Microsoft Excel - c:\arquiv~1\MICROS~3\Office12\EXCEL.EXE/3000

    DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://imagem.caixa.gov.br/cab/gbpdist.cab

    FF - ProfilePath - c:\documents and settings\Carmen\Dados de aplicativos\Mozilla\Firefox\Profiles\60o3eaur.default\

    FF - prefs.js: browser.search.selectedEngine - DAEMON Search

    FF - prefs.js: browser.startup.homepage -

    FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\np-mswmp.dll

    FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npmozax.dll

    FF - plugin: c:\arquivos de programas\VistaCodecPack\rm\browser\plugins\nppl3260.dll

    FF - plugin: c:\arquivos de programas\VistaCodecPack\rm\browser\plugins\nprpjplug.dll

    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----

    c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

    .

    - - - - ORFÃOS REMOVIDOS - - - -

    ShellIconOverlayIdentifiers-{8AB81E72-CB2F-11D3-8D3B-AC2F34F1FA3C} - (no file)

    HKCU-Run-Spooler de Impressão - c:\windows\netaps\windll.dll

    HKCU-Run-Serviço de Indexação Windows - c:\windows\netaps\sysinternals.exe

    ShellExecuteHooks-{E37CB5F0-51F5-4395-A808-5FA49E399003} - (no file)

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2010-01-13 21:55

    Windows 5.1.2600 Service Pack 3 NTFS

    Procurando processos ocultos ...

    Procurando entradas auto inicializáveis ocultas ...

    Procurando ficheiros/arquivos ocultos ...

    Varredura completada com sucesso

    arquivos/ficheiros ocultos: 0

    **************************************************************************

    .

    --------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

    [HKEY_USERS\S-1-5-21-1343024091-838170752-839522115-1004\Software\SecuROM\License information*]

    "datasecu"=hex:89,2a,44,64,6b,ca,d8,e6,ef,6f,79,aa,6f,e3,42,9f,41,b4,ac,86,06,

    38,5e,84,85,56,26,aa,f0,0d,98,61,be,2a,b7,bc,51,72,5a,07,bc,84,dc,76,78,20,\

    "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

    .

    --------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

    - - - - - - - > 'winlogon.exe'(608)

    c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

    c:\windows\system32\WININET.dll

    .

    Tempo para conclusão: 2010-01-13 21:56:55

    ComboFix-quarantined-files.txt 2010-01-14 00:56

    Pré-execução: 18 pasta(s) 321.038.229.504 bytes disponíveis

    Pós execução: 20 pasta(s) 321.351.147.520 bytes disponíveis

    WindowsXP-KB310994-SP2-Home-BootDisk-PTB.exe

    [boot loader]

    timeout=2

    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

    [operating systems]

    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

    - - End Of File - - F89DE5F478DDF4BD6ECC44368CB0F924

    obs: a função "Pesquisar" do windows que tinha sumido, e só aparecia o cachorro, voltou a funcionar!!!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Configure o Windows para mostrar todos os arquivos

    Acesse este site: http://virustotal.com/

    Em File to upload coloque: c:\windows\system32\dllcache\bckg.dll

    Em seguida clique em Submit

    Repita o mesmo procedimento para o arquivo: c:\windows\system32\drivers\1255231.sys

    Copie e poste o resultado destes exames.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Log do bckg:

    Antivírus Versão Última Atualização Resultado

    a-squared 4.5.0.41 2009.11.17 -

    AhnLab-V3 5.0.0.2 2009.11.16 -

    AntiVir 7.9.1.65 2009.11.16 -

    Antiy-AVL 2.0.3.7 2009.11.16 -

    Authentium 5.2.0.5 2009.11.17 -

    Avast 4.8.1351.0 2009.11.16 -

    AVG 8.5.0.425 2009.11.16 -

    BitDefender 7.2 2009.11.17 -

    CAT-QuickHeal 10.00 2009.11.16 -

    ClamAV 0.94.1 2009.11.17 -

    Comodo 2962 2009.11.17 -

    DrWeb 5.0.0.12182 2009.11.17 -

    eSafe 7.0.17.0 2009.11.16 -

    eTrust-Vet 35.1.7123 2009.11.16 -

    F-Prot 4.5.1.85 2009.11.16 -

    F-Secure 9.0.15370.0 2009.11.11 -

    Fortinet 3.120.0.0 2009.11.16 -

    GData 19 2009.11.17 -

    Ikarus T3.1.1.74.0 2009.11.17 -

    Jiangmin 11.0.800 2009.11.16 -

    K7AntiVirus 7.10.897 2009.11.16 -

    Kaspersky 7.0.0.125 2009.11.17 -

    McAfee 5804 2009.11.16 -

    McAfee+Artemis 5804 2009.11.16 -

    McAfee-GW-Edition 6.8.5 2009.11.17 -

    Microsoft 1.5202 2009.11.16 -

    NOD32 4613 2009.11.16 -

    Norman 6.03.02 2009.11.16 -

    nProtect 2009.1.8.0 2009.11.16 -

    Panda 10.0.2.2 2009.11.16 -

    PCTools 7.0.3.5 2009.11.16 -

    Prevx 3.0 2009.11.17 -

    Rising 22.22.01.01 2009.11.17 -

    Sophos 4.47.0 2009.11.17 -

    Sunbelt 3.2.1858.2 2009.11.12 -

    Symantec 1.4.4.12 2009.11.17 -

    TheHacker 6.5.0.2.071 2009.11.16 -

    TrendMicro 9.0.0.1003 2009.11.16 -

    VBA32 3.12.10.11 2009.11.15 -

    ViRobot 2009.11.16.2039 2009.11.16 -

    VirusBuster 4.6.5.0 2009.11.16 -

    Informações adicionais

    File size: 82501 bytes

    MD5 : 42797755b62159c60c75aa8a241c5331

    SHA1 : 22d0a212153469bb941fdee3d704faca33c6e29c

    SHA256: 85cfb355d8552f82cf551e60883eb03eb0026efc25127f9866db077fa8a6b346

    PEInfo: PE Structure information

    ( base data )

    entrypointaddress.: 0x1044B

    timedatestamp.....: 0x3B96AB8D (Thu Sep 6 00:47:41 2001)

    machinetype.......: 0x14C (Intel I386)

    ( 4 sections )

    name viradd virsiz rawdsiz ntrpy md5

    .text 0x1000 0x10305 0x10400 6.54 5a11ba9a53b7f53970d7dfa98be20254

    .data 0x12000 0x2B04 0x2A00 4.46 16792962c8a29fd4a409a524450fd909

    .rsrc 0x15000 0x3A0 0x400 3.07 63608f93b9e82dd4d11550549a1b82d0

    .reloc 0x16000 0xAE8 0xC00 5.32 aaa4b3c48eba72825f11f2dfe9acabe5

    ( 8 imports )

    > comctl32.dll: -

    > gdi32.dll: DeleteDC, CreateDIBSection, GetDIBits, SetPaletteEntries, GetSystemPaletteEntries, GetDeviceCaps, CreateCompatibleDC, SetDIBColorTable, CreatePalette, SelectObject, SetBkMode, SetTextColor, GetNearestPaletteIndex, RealizePalette, BitBlt, GetStockObject, SelectPalette, DeleteObject

    > kernel32.dll: GetSystemInfo, InterlockedExchange, FreeLibrary, HeapFree, GetProcessHeap, HeapAlloc, GetCurrentThreadId, HeapDestroy, DeleteCriticalSection, GetTickCount, SetEvent, LeaveCriticalSection, EnterCriticalSection, WaitForSingleObject, CloseHandle, InitializeCriticalSection, Sleep, FindResourceW, LoadResource, LockResource, GetUserDefaultLangID, InterlockedDecrement, InterlockedIncrement

    > msvcrt.dll: srand, _ftol, __dllonexit, _adjust_fdiv, malloc, _initterm, free, _onexit, memset, _purecall, memcpy, rand

    > uniansi.dll: SendMessageW, LoadIconW, GetClassInfoExW, RegisterClassExW, CreateWindowExW, PostMessageW, lstrcatW, wsprintfW, CreateDialogParamW, PlaySoundW, lstrlenW, lstrcpyW, LoadCursorW, ConvertMessage, DefWindowProcW, SetWindowsHookExW, GetObjectW, DrawTextW, CreateEventW, FormatMessageW, GetWindowLongW, SetWindowLongW, SetDlgItemTextW, GetDlgItemTextW

    > user32.dll: InvalidateRect, DestroyWindow, IsWindow, EnableWindow, UpdateWindow, SetWindowPos, GetSystemMetrics, GetWindowRect, EndDialog, SetCursor, SetTimer, CallNextHookEx, ScreenToClient, UnhookWindowsHookEx, GetActiveWindow, EndPaint, GetFocus, IsWindowEnabled, GetCursorPos, BeginPaint, MessageBoxW, GetCapture, GetDC, ReleaseDC, ReleaseCapture, ClientToScreen, SetCapture, ClipCursor, SetForegroundWindow, GetParent, ShowWindow, GetDlgItem, SetFocus, PostMessageA, KillTimer, ShowCursor

    > zoneclim.dll: ZShellResourceManager, ZClient2PlayerRoom, ZGetGameGlobalPointer, ZSetGameGlobalPointer, ZCRoomGameTerminated, ZGetClientGlobalPointer, ZCRoomSendMessage, ZShellDataStoreUI, ZShellGameShell, ZCRoomExit, ZShellCreateGraphicalAccessibility, ZIsLayoutRTL, ZCRoomGetPlayerInfo, ZIsSoundOn, ZShellZoneShell, ZCreateFontIndirect

    > zonelibm.dll: ZRandom

    ( 1 exports )

    > ZoneClientExit, ZoneClientGameAddKibitzer, ZoneClientGameDelete, ZoneClientGameNew, ZoneClientGameProcessMessage, ZoneClientGameRemoveKibitzer, ZoneClientInternalName, ZoneClientMain, ZoneClientMessageHandler, ZoneClientName, ZoneClientVersion, ZoneGameDllDelete, ZoneGameDllInit

    TrID : File type identification

    Win32 Executable Generic (42.3%)

    Win32 Dynamic Link Library (generic) (37.6%)

    Generic Win/DOS Executable (9.9%)

    DOS Executable Generic (9.9%)

    Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

    ssdeep: 1536:DCUCCxXlX4p1rAtUdvWLawwQsD9e2yjvnO2I1Gtt/pRxQT1t:2UCC1SDrLdvglK9ehOSRRmTz

    PEiD : Armadillo v1.xx - v2.xx

    RDS : NSRL Reference Data Set

    ( Microsoft )

    Applications, Platforms, Servers: bckg.dllMSDN Disc 2041: bckg.dllMSDN Disc 2443: bckg.dllMSDN Disc 2443.1: bckg.dllMSDN Disc 2443.2: bckg.dllMSDN Disc 2443.4: bckg.dllWindows XP Home Edition: bckg.dll

    Log do 1255231.sys

    Antivírus Versão Última Atualização Resultado

    a-squared 4.5.0.48 2010.01.12 -

    AhnLab-V3 5.0.0.2 2010.01.12 -

    AntiVir 7.9.1.134 2010.01.12 -

    Antiy-AVL 2.0.3.7 2010.01.12 -

    Authentium 5.2.0.5 2010.01.12 -

    Avast 4.8.1351.0 2010.01.11 -

    AVG 9.0.0.725 2010.01.12 -

    BitDefender 7.2 2010.01.12 -

    CAT-QuickHeal 10.00 2010.01.12 -

    ClamAV 0.94.1 2010.01.12 -

    Comodo 3558 2010.01.12 -

    DrWeb 5.0.1.12222 2010.01.12 -

    eSafe 7.0.17.0 2010.01.12 -

    eTrust-Vet 35.2.7232 2010.01.12 -

    F-Prot 4.5.1.85 2010.01.12 -

    F-Secure 9.0.15370.0 2010.01.12 -

    Fortinet 4.0.14.0 2010.01.12 -

    GData 19 2010.01.12 -

    Ikarus T3.1.1.80.0 2010.01.12 -

    Jiangmin 13.0.900 2010.01.12 -

    K7AntiVirus 7.10.944 2010.01.11 -

    Kaspersky 7.0.0.125 2010.01.12 -

    McAfee 5859 2010.01.12 -

    McAfee+Artemis 5859 2010.01.12 -

    McAfee-GW-Edition 6.8.5 2010.01.12 -

    Microsoft 1.5302 2010.01.12 -

    NOD32 4765 2010.01.12 -

    Norman 6.04.03 2010.01.12 -

    nProtect 2009.1.8.0 2010.01.12 -

    Panda 10.0.2.2 2010.01.12 -

    PCTools 7.0.3.5 2010.01.12 -

    Prevx 3.0 2010.01.12 -

    Rising 22.30.01.03 2010.01.12 -

    Sophos 4.49.0 2010.01.12 -

    Sunbelt 3.2.1858.2 2010.01.12 -

    Symantec 20091.2.0.41 2010.01.12 -

    TheHacker 6.5.0.3.148 2010.01.12 -

    TrendMicro 9.120.0.1004 2010.01.12 -

    VBA32 3.12.12.1 2010.01.12 -

    ViRobot 2010.1.12.2132 2010.01.12 -

    VirusBuster 5.0.21.0 2010.01.12 -

    Informações adicionais

    File size: 315408 bytes

    MD5 : 66ef49622baa18e4d4f1fe4bae1d51b8

    SHA1 : 0c2651ff9f5661ae124408c457f6c8ac20f0c9cb

    SHA256: d30daffafc29919c891c8952fc27890d735e4368c706ef452aa86b8b05cd7884

    PEInfo: PE Structure information

    ( base data )

    entrypointaddress.: 0x47F74

    timedatestamp.....: 0x4ACF8E96 (Fri Oct 9 21:27:18 2009)

    machinetype.......: 0x14C (Intel I386)

    ( 8 sections )

    name viradd virsiz rawdsiz ntrpy md5

    .text 0x1000 0x35CFA 0x35E00 6.47 9a7eefd58ad95fe8d5b70c60d7dbfab8

    .rdata 0x37000 0x1B0C 0x1C00 4.33 73b61928f8e12f4f916480bda327c099

    .data 0x39000 0x2F28 0x1200 4.57 8350b3b3633ca9115c344945a45b982f

    PAGE 0x3C000 0x7FB2 0x8000 6.40 bb40a61b814b4557d8c39edee6f0aac9

    PAGEDATA 0x44000 0x7C 0x200 1.63 6bd37e74ff04ea7dd3acc28377576bd0

    INIT 0x45000 0x5CBA 0x5E00 6.23 2b080f8d8901d746417a5bf231350b7a

    .rsrc 0x4B000 0x390 0x400 3.09 eb200494a33d110578b627973a75f667

    .reloc 0x4C000 0x4074 0x4200 6.51 adb7d789269c15c154718ccba5b0ad66

    ( 3 imports )

    > fltmgr.sys: FltWriteFile, FltGetRequestorProcess, FltGetFileNameInformation, FltParseFileNameInformation, FltIsDirectory, FltSetStreamContext, FltEnumerateVolumeInformation, FltGetStreamHandleContext, FltGetStreamContext, FltCreateSystemVolumeInformationFolder, FltSetInformationFile, FltGetVolumeContext, FltGetVolumeGuidName, FltEnumerateVolumes, FltReleaseFileNameInformation, FltGetFileNameInformationUnsafe, FltBuildDefaultSecurityDescriptor, FltCreateCommunicationPort, FltFreeSecurityDescriptor, FltSendMessage, FltCloseClientPort, FltCloseCommunicationPort, FltAllocatePoolAlignedWithTag, FltReadFile, FltFreePoolAlignedWithTag, FltAllocateCallbackData, FltLockUserBuffer, FltFreeCallbackData, FltPerformSynchronousIo, FltFreeGenericWorkItem, FltRegisterFilter, FltStartFiltering, FltGetDestinationFileNameInformation, FltGetContexts, FltSetStreamHandleContext, FltCancelFileOpen, FltFlushBuffers, FltSetCallbackDataDirty, FltGetRequestorProcessId, FltGetInstanceContext, FltGetVolumeProperties, FltAllocateContext, FltReleaseContext, FltQueryVolumeInformation, FltGetDiskDeviceObject, FltSetInstanceContext, FltAllocateGenericWorkItem, FltQueueGenericWorkItem, FltSetVolumeContext, FltObjectReference, FltGetVolumeName, FltCreateFile, FltGetVolumeFromFileObject, FltClose, FltUnregisterFilter, FltInitializePushLock, FltReferenceFileNameInformation, FltAcquirePushLockShared, FltDeletePushLock, FltAcquirePushLockExclusive, FltReleasePushLock, FltObjectDereference, FltReleaseContexts, FltQueryInformationFile

    > hal.dll: KfLowerIrql, KeAcquireInStackQueuedSpinLock, KeReleaseInStackQueuedSpinLock, ExAcquireFastMutex, ExReleaseFastMutex, KeQueryPerformanceCounter, KeGetCurrentIrql, KfRaiseIrql

    > ntoskrnl.exe: IoQueueWorkItem, IoAllocateWorkItem, ZwOpenProcess, MmHighestUserAddress, RtlEqualUnicodeString, RtlEnumerateGenericTableWithoutSplayingAvl, _vsnwprintf, ZwEnumerateKey, ZwSetValueKey, ZwCreateFile, ZwDeleteKey, RtlIntegerToUnicodeString, ZwCreateKey, RtlUnicodeStringToInteger, FsRtlCheckLockForReadAccess, IoIsOperationSynchronous, KeClearEvent, ZwFlushVirtualMemory, RtlHashUnicodeString, KeSetPriorityThread, KeUnstackDetachProcess, ZwUnmapViewOfSection, ZwMapViewOfSection, KeStackAttachProcess, ZwCreateSection, MmUnsecureVirtualMemory, ExReInitializeRundownProtection, ObfReferenceObject, MmSecureVirtualMemory, IoUnregisterPlugPlayNotification, IoGetDeviceObjectPointer, IoRegisterPlugPlayNotification, SeTokenType, SeCreateClientSecurity, SeImpersonateClientEx, IoDeviceObjectType, IoBuildSynchronousFsdRequest, IoDeleteDevice, IoDeleteSymbolicLink, IoUnregisterShutdownNotification, ExGetPreviousMode, IoFreeMdl, MmUnlockPages, MmProbeAndLockPages, IoAllocateMdl, IoRegisterShutdownNotification, IoCreateSymbolicLink, IoCreateDevice, KeQueryInterruptTime, _stricmp, ZwQuerySystemInformation, KeDelayExecutionThread, strncmp, ZwQueryInformationProcess, KeServiceDescriptorTable, KeAddSystemServiceTable, PsLookupProcessByProcessId, IoGetBaseFileSystemDeviceObject, ZwOpenFile, ObQueryNameString, ObOpenObjectByName, strncpy, IoAllocateIrp, IoGetStackLimits, ObReferenceObjectByPointer, SeQueryAuthenticationIdToken, SeCaptureSubjectContext, PsDereferenceImpersonationToken, RtlCopySid, SeQueryInformationToken, PsReferenceImpersonationToken, PsReferencePrimaryToken, PsIsThreadTerminating, PsThreadType, PsProcessType, _allrem, MmUserProbeAddress, CmRegisterCallback, CmUnRegisterCallback, RtlGetVersion, PsGetVersion, ZwDeleteValueKey, ZwEnumerateValueKey, _allshl, InterlockedIncrement, InterlockedDecrement, InterlockedExchangeAdd, PsGetProcessId, IoThreadToProcess, PsLookupThreadByThreadId, ZwTerminateProcess, ProbeForRead, SeExports, NtBuildNumber, ZwQuerySection, RtlNumberGenericTableElementsAvl, swprintf, IoGetAttachedDeviceReference, PsRemoveCreateThreadNotifyRoutine, PsSetCreateThreadNotifyRoutine, PsSetCreateProcessNotifyRoutine, RtlSetDaclSecurityDescriptor, RtlGetAce, RtlAddAccessAllowedAce, RtlCreateAcl, RtlCreateSecurityDescriptor, ProbeForWrite, ZwSetInformationObject, ZwQueryObject, KeGetRecommendedSharedDataAlignment, KeNumberProcessors, KeInsertQueueApc, KeInitializeApc, IoIsSystemThread, NtQueryInformationProcess, RtlNtStatusToDosError, RtlAnsiStringToUnicodeString, ZwAllocateVirtualMemory, ZwFreeVirtualMemory, KeQueryTimeIncrement, KeTickCount, NtQueryInformationAtom, KeBugCheckEx, _allmul, _alldiv, KeWaitForMultipleObjects, IoGetRelatedDeviceObject, ObOpenObjectByPointer, IoFreeWorkItem, KeSetEvent, ExRundownCompleted, KeGetCurrentThread, ExInitializeRundownProtection, RtlUpcaseUnicodeChar, RtlUpperChar, PsCreateSystemThread, PsTerminateSystemThread, ExWaitForRundownProtectionRelease, ExReleaseRundownProtection, ExAcquireRundownProtection, KeInitializeEvent, IoBuildDeviceIoControlRequest, KeWaitForSingleObject, ZwOpenKey, ZwQueryValueKey, ZwClose, IoDriverObjectType, ObReferenceObjectByName, RtlLengthSid, MmIsAddressValid, RtlGetElementGenericTableAvl, RtlEnumerateGenericTableAvl, RtlDeleteElementGenericTableAvl, RtlLookupElementGenericTableAvl, RtlUpcaseUnicodeString, InitSafeBootMode, IoGetCurrentProcess, PsInitialSystemProcess, MmMapLockedPagesSpecifyCache, memmove, IoGetTopLevelIrp, RtlInitializeSid, RtlSubAuthoritySid, _wcsnicmp, PsGetThreadId, PsGetCurrentThreadId, FsRtlIsNameInExpression, KeQuerySystemTime, PsGetCurrentProcessId, IoFileObjectType, ObReferenceObjectByHandle, ObfDereferenceObject, RtlAppendUnicodeStringToString, RtlCopyUnicodeString, RtlAppendUnicodeToString, RtlInitializeGenericTableAvl, RtlInsertElementGenericTableAvl, RtlImageNtHeader, ExDeletePagedLookasideList, ExDeleteNPagedLookasideList, ExInitializePagedLookasideList, ExInitializeNPagedLookasideList, RtlCompareUnicodeString, IofCompleteRequest, IofCallDriver, IoWMIRegistrationControl, RtlCompareMemory, RtlInitUnicodeString, MmGetSystemRoutineAddress, memset, memcpy, IoWMIWriteEvent, ExFreePoolWithTag, ExAllocatePoolWithTag, InterlockedPushEntrySList, SeReleaseSubjectContext, InterlockedPopEntrySList, RtlUnwind

    ( 0 exports )

    TrID : File type identification

    Win64 Executable Generic (87.2%)

    Win32 Executable Generic (8.6%)

    Generic Win/DOS Executable (2.0%)

    DOS Executable Generic (2.0%)

    Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

    ssdeep: 6144:dtSiy0lFHPMXyNyNw71VtA4lEs7w92+L/6yeR6aPqmKw7h:dtSLxysNE1Vjw92+muaCmFh

    PEiD : -

    RDS : NSRL Reference Data Set

    -

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • LOG DO DDS

    Após passar o ComboFix, o DDS rodou e criou os logs!

    DDS (Ver_09-12-01.01) - NTFSx86

    Run by Carmen at 22:32:13,04 on qua 13/01/2010

    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11

    Microsoft Windows XP Home Edition 5.1.2600.3.1252.55.1046.18.3067.2207 [GMT -3:00]

    AV: avast! Internet Security *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    FW: avast! Internet Security *disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch

    svchost.exe

    C:\WINDOWS\System32\svchost.exe -k netsvcs

    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

    svchost.exe

    svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    svchost.exe

    C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\Arquivos de programas\Bonjour\mDNSResponder.exe

    C:\Arquivos de programas\Java\jre6\bin\jqs.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\WINDOWS\System32\snmp.exe

    C:\WINDOWS\system32\svchost.exe -k imgsvc

    C:\WINDOWS\Explorer.EXE

    C:\Arquivos de programas\Canon\CAL\CALMAIN.exe

    C:\WINDOWS\system32\wbem\wmiapsrv.exe

    C:\WINDOWS\RTHDCPL.EXE

    C:\WINDOWS\system32\RUNDLL32.EXE

    C:\Arquivos de programas\Java\jre6\bin\jusched.exe

    C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

    C:\Arquivos de programas\iTunes\iTunesHelper.exe

    C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

    C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

    C:\Arquivos de programas\Rainlendar2\Rainlendar2.exe

    C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

    C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

    C:\Documents and Settings\Carmen\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

    C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

    C:\Arquivos de programas\iPod\bin\iPodService.exe

    C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Arquivos de programas\Mozilla Firefox\firefox.exe

    C:\digo\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = about:blank

    uInternet Settings,ProxyOverride = *.local

    BHO: Facilitador de Leitor de Link Adobe PDF: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelper.dll

    BHO: {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - No File

    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\arquivos de programas\real\realplayer\rpbrowserrecordplugin.dll

    BHO: Click-to-Call BHO: {5c255c8a-e604-49b4-9d64-90988571cecb} - c:\arquivos de programas\windows live\messenger\wlchtc.dll

    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\arquivos de programas\microsoft office\office12\GrooveShellExtensions.dll

    BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\arquivos de programas\java\jre6\bin\ssv.dll

    BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

    BHO: {C41A1C0E-EA6C-11D4-B1B8-444553540003} - No File

    BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll

    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

    uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\arquivos de programas\arquivos comuns\ahead\lib\NMBgMonitor.exe"

    uRun: [Rainlendar2] c:\arquivos de programas\rainlendar2\Rainlendar2.exe

    uRun: [sUPERAntiSpyware] c:\arquivos de programas\superantispyware\SUPERAntiSpyware.exe

    uRun: [msnmsgr] "c:\arquivos de programas\windows live\messenger\msnmsgr.exe" /background

    uRun: [Google Update] "c:\documents and settings\carmen\configurações locais\dados de aplicativos\google\update\GoogleUpdate.exe" /c

    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

    mRun: [RTHDCPL] RTHDCPL.EXE

    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

    mRun: [nwiz] nwiz.exe /install

    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

    mRun: [NeroFilterCheck] c:\arquivos de programas\arquivos comuns\ahead\lib\NeroCheck.exe

    mRun: [sunJavaUpdateSched] "c:\arquivos de programas\java\jre6\bin\jusched.exe"

    mRun: [GrooveMonitor] "c:\arquivos de programas\microsoft office\office12\GrooveMonitor.exe"

    mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe

    mRun: [Ad-Watch] c:\arquivos de programas\lavasoft\ad-aware\AAWTray.exe

    mRun: [Adobe Reader Speed Launcher] "c:\arquivos de programas\adobe\reader 8.0\reader\Reader_sl.exe"

    mRun: [QuickTime Task] "c:\arquivos de programas\quicktime\qttask.exe" -atboottime

    mRun: [iTunesHelper] "c:\arquivos de programas\itunes\iTunesHelper.exe"

    mRun: [PWRISOVM.EXE] c:\arquivos de programas\poweriso\PWRISOVM.EXE

    mRun: [Malwarebytes Anti-Malware (reboot)] "c:\arquivos de programas\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

    dRun: [PcSync] c:\arquivos de programas\nokia\nokia pc suite 6\PcSync2.exe /NoDialog

    IE: E&xport to Microsoft Excel - c:\arquiv~1\micros~3\office12\EXCEL.EXE/3000

    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\arquiv~1\micros~3\office12\ONBttnIE.dll

    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~3\office12\REFIEBAR.DLL

    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1210173210187

    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

    DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

    DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://imagem.caixa.gov.br/cab/gbpdist.cab

    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\arquivos de programas\microsoft office\office12\GrooveSystemServices.dll

    Notify: !SASWinLogon - c:\arquivos de programas\superantispyware\SASWINLO.dll

    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - No File

    STS: {A3717295-941D-416F-9384-ED1736729F1C} - No File

    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\arquivos de programas\microsoft office\office12\GrooveShellExtensions.dll

    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\arquivos de programas\superantispyware\SASSEH.DLL

    Hosts: 198.106.43.92# SpyBo t search and Destroy

    Hosts: 198.106.43.92 www.visanet.com.br

    Hosts: 198.106.43.92 www.bancoreal.com.br

    Hosts: 198.106.43.92 real.com.br

    Hosts: 198.106.43.92 www.real.com.br

    Note: multiple HOSTS entries found. Please refer to Attach.txt

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\carmen\dadosd~1\mozilla\firefox\profiles\60o3eaur.default\

    FF - prefs.js: browser.search.selectedEngine - DAEMON Search

    FF - prefs.js: browser.startup.homepage -

    FF - plugin: c:\arquivos de programas\mozilla firefox\plugins\npmozax.dll

    FF - plugin: c:\arquivos de programas\vistacodecpack\rm\browser\plugins\nppl3260.dll

    FF - plugin: c:\arquivos de programas\vistacodecpack\rm\browser\plugins\nprpjplug.dll

    FF - plugin: c:\documents and settings\carmen\configuraã§ãµes locais\dados de aplicativos\google\update\1.2.183.13\npGoogleOneClick8.dll

    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

    FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

    FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

    FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----

    c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

    c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

    ============= SERVICES / DRIVERS ===============

    R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2009-12-2 186064]

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-1 64288]

    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-12-22 28552]

    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2009-12-2 269904]

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-5-8 149840]

    R1 SASDIFSV;SASDIFSV;c:\arquivos de programas\superantispyware\sasdifsv.sys [2009-12-16 9968]

    R1 SASKUTIL;SASKUTIL;c:\arquivos de programas\superantispyware\SASKUTIL.SYS [2009-12-16 74480]

    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-5-8 19024]

    R3 SASENUM;SASENUM;c:\arquivos de programas\superantispyware\SASENUM.SYS [2009-12-16 7408]

    S1 12552311;12552311;c:\windows\system32\drivers\12552311.sys --> c:\windows\system32\drivers\12552311.sys [?]

    S2 avast! Antivirus;avast! Antivirus;"c:\arquivos de programas\alwil software\avast5\avastsvc.exe" --> c:\arquivos de programas\alwil software\avast5\AvastSvc.exe [?]

    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\arquivos de programas\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328]

    S3 avast! Mail Scanner;avast! Mail Scanner;"c:\arquivos de programas\alwil software\avast5\avastsvc.exe" --> c:\arquivos de programas\alwil software\avast5\AvastSvc.exe [?]

    S3 avast! Web Scanner;avast! Web Scanner;"c:\arquivos de programas\alwil software\avast5\avastsvc.exe" --> c:\arquivos de programas\alwil software\avast5\AvastSvc.exe [?]

    S3 hid8103;hid8103;c:\windows\system32\drivers\hid8103.sys [2008-7-4 31128]

    =============== Created Last 30 ================

    2010-01-14 00:49:52 0 d-sha-r- C:\cmdcons

    2010-01-14 00:48:52 77312 ----a-w- c:\windows\MBR.exe

    2010-01-14 00:48:52 261632 ----a-w- c:\windows\PEV.exe

    2010-01-14 00:48:52 161792 ----a-w- c:\windows\SWREG.exe

    2010-01-14 00:48:51 98816 ----a-w- c:\windows\sed.exe

    2010-01-14 00:46:04 0 d-----w- C:\ComboFix

    2010-01-11 22:21:38 7 ----a-w- c:\windows\didulist

    2010-01-09 17:26:01 0 d-----w- c:\arquivos de programas\arquivos comuns\Symantec Shared

    2010-01-09 17:22:21 0 d-----w- c:\docume~1\alluse~1\dadosd~1\Symantec

    2010-01-09 17:22:21 0 d-----w- c:\docume~1\alluse~1\dadosd~1\Norton

    2010-01-09 17:22:19 0 d-----w- c:\docume~1\alluse~1\dadosd~1\NortonInstaller

    2010-01-09 08:32:37 0 d-----w- c:\windows\pss

    2009-12-25 06:52:29 315408 ----a-w- c:\windows\system32\drivers\1255231.sys

    2009-12-25 06:22:55 0 d-----w- c:\docume~1\carmen\dadosd~1\VSRevoGroup

    2009-12-24 22:00:09 0 d-----w- c:\docume~1\alluse~1\dadosd~1\SUPERAntiSpyware.com

    2009-12-24 21:59:57 0 d-----w- c:\docume~1\carmen\dadosd~1\SUPERAntiSpyware.com

    2009-12-24 21:59:57 0 d-----w- c:\arquivos de programas\SUPERAntiSpyware

    2009-12-24 21:59:41 0 d-----w- c:\arquivos de programas\arquivos comuns\Wise Installation Wizard

    2009-12-24 21:42:40 0 d-----w- c:\arquivos de programas\VS Revo Group

    2009-12-24 00:06:45 43520 ----a-w- c:\windows\system32\bie.exe

    2009-12-22 04:48:43 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys

    2009-12-22 04:48:08 0 d-----w- c:\arquivos de programas\Panda Security

    2009-12-22 01:34:52 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll

    2009-12-22 01:29:42 0 dc-h--w- c:\windows\ie8

    2009-12-17 04:52:44 0 d-----w- C:\Kaspersky

    ==================== Find3M ====================

    2009-12-26 10:42:27 82394 ----a-w- c:\windows\system32\perfc016.dat

    2009-12-26 10:42:27 475504 ----a-w- c:\windows\system32\perfh016.dat

    2009-11-30 20:16:49 269904 ----a-w- c:\windows\system32\drivers\aswSnx.sys

    2009-11-30 20:16:29 186064 ----a-w- c:\windows\system32\drivers\aswNdis.sys

    2009-11-07 13:55:45 598 ----a-w- C:\fsys.bat

    2009-10-29 07:42:04 916480 ------w- c:\windows\system32\wininet.dll

    2009-10-28 23:47:35 15880 ----a-w- c:\windows\system32\lsdelete.exe

    2009-10-21 05:39:39 75776 ----a-w- c:\windows\system32\strmfilt.dll

    2009-10-21 05:39:39 25088 ----a-w- c:\windows\system32\httpapi.dll

    2007-03-13 22:20:26 35979 -c--a-w- c:\arquivos de programas\Photoshop CS3 Read Me.html

    ============= FINISH: 22:32:25,67 ===============

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-12-01.01)

    Microsoft Windows XP Home Edition

    Boot Device: \Device\HarddiskVolume1

    Install Date: 7/5/2008 10:12:47

    System Uptime: 13/1/2010 21:58:09 (1 hours ago)

    Motherboard: Intel Corporation | | DG33BU

    Processor: Intel® Core2 Quad CPU Q6700 @ 2.66GHz | J1PR | 2666/266mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 466 GiB total, 299,322 GiB free.

    D: is CDROM ()

    F: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}

    Description: Nokia E65

    Device ID: ROOT\WPD\0000

    Manufacturer: Nokia

    Name: Nokia E65

    PNP Device ID: ROOT\WPD\0000

    Service: WUDFRd

    ==== System Restore Points ===================

    RP571: 8/1/2010 12:58:24 - Ponto de verificação do sistema

    RP572: 9/1/2010 16:44:56 - Ponto de verificação do sistema

    RP573: 10/1/2010 19:23:28 - Ponto de verificação do sistema

    RP574: 11/1/2010 21:54:33 - Ponto de verificação do sistema

    RP575: 12/1/2010 22:24:55 - Software Distribution Service 3.0

    RP576: 13/1/2010 14:57:35 - Software Distribution Service 3.0

    ==== Hosts File Hijack ======================

    Hosts: 198.106.43.92# SpyBo t search and Destroy

    Hosts: 198.106.43.92 www.visanet.com.br

    Hosts: 198.106.43.92 www.bancoreal.com.br

    Hosts: 198.106.43.92 real.com.br

    Hosts: 198.106.43.92 www.real.com.br

    Hosts: 198.106.43.92 www.itau.com.br

    Hosts: 198.106.43.92 itau.com.br

    Hosts: 198.106.43.92 www.itaupersonnalite.com.br

    Hosts: 198.106.43.92 itaupersonnalite.com.br

    Hosts: 198.106.43.92 www.itauprivatebank.com.br

    Hosts: 198.106.43.92 itauprivatebank.com.br

    Hosts: 198.106.43.92 www.bb.com.br

    Hosts: 198.106.43.92 bb.com.br

    Hosts: 198.106.43.92 www.bb.gov.br

    Hosts: 198.106.43.92 bb.gov.br

    Hosts: 198.106.43.92 bradesco.com.br

    Hosts: 198.106.43.92 www.bradesco.com.br

    Hosts: 198.106.43.92 www.bradescoprime.com.br

    Hosts: 198.106.43.92 bradescoprime.com.br

    Hosts: 198.106.43.92 bradescojuridico.com.br

    Hosts: 198.106.43.92 www.checktudo.com.br

    Hosts: 198.106.43.92 checktudo.com.br

    Hosts: 198.106.43.92 www.infoseg.gov.br

    Hosts: 198.106.43.92 infoseg.gov.br

    Hosts: 198.106.43.92 www.bradescojuridico.com.br

    Hosts: 198.106.43.92 santander.com.br

    Hosts: 198.106.43.92 www.santander.com.br

    Hosts: 198.106.43.92 banespa.com.br

    Hosts: 198.106.43.92 www.nossacaixa.com.br

    Hosts: 198.106.43.92 nossacaixa.com.br

    Hosts: 198.106.43.92 www.unibanco.com.br

    Hosts: 198.106.43.92 unibanco.com.br

    Hosts: 198.106.43.92 www.banespa.com.br

    Hosts: 198.106.43.92 www.itauprivatebank.com.br

    Hosts: 198.106.43.92 itauprivatebank.com.br

    Hosts: 198.106.43.92 cetelem.com.br

    Hosts: 198.106.43.92 www.cetelem.com.br

    Hosts: 198.106.43.92 citibank.com.br

    Hosts: 198.106.43.92 www.citibank.com.br

    Hosts: 198.106.43.92 www.cartaobndes.gov.br

    Hosts: 198.106.43.92 cartaobndes.gov.br

    ==== Installed Programs ======================

    Ad-Aware

    Adobe Anchor Service CS3

    Adobe Asset Services CS3

    Adobe Bridge CS3

    Adobe Bridge Start Meeting

    Adobe Camera Raw 4.0

    Adobe CMaps

    Adobe Color - Photoshop Specific

    Adobe Color Common Settings

    Adobe Color EU Extra Settings

    Adobe Color JA Extra Settings

    Adobe Color NA Recommended Settings

    Adobe Default Language CS3

    Adobe Device Central CS3

    Adobe ExtendScript Toolkit 2

    Adobe Flash Player 10 ActiveX

    Adobe Flash Player 10 Plugin

    Adobe Fonts All

    Adobe Help Viewer CS3

    Adobe Linguistics CS3

    Adobe PDF Library Files

    Adobe Photoshop CS3

    Adobe Reader 8.1.5 - Português

    Adobe Setup

    Adobe Shockwave Player 11.5

    Adobe Stock Photos CS3

    Adobe Type Support

    Adobe Update Manager CS3

    Adobe Version Cue CS3 Client

    Adobe WinSoft Linguistics Plugin

    Adobe XMP Panels CS3

    Apple Application Support

    Apple Mobile Device Support

    Apple Software Update

    Applian FLV Player

    Arquivo do WinRAR

    Assistente de Conexão do Windows Live

    µTorrent

    Atualização Crítica para o Windows Media Player 11 (KB959772)

    Atualização de Segurança para o Windows Media Player (KB952069)

    Atualização de Segurança para o Windows Media Player (KB954155)

    Atualização de Segurança para o Windows Media Player (KB968816)

    Atualização de Segurança para o Windows Media Player (KB973540)

    Atualização de Segurança para o Windows Media Player 11 (KB936782)

    Atualização de Segurança para o Windows Media Player 11 (KB954154)

    Atualização de Segurança para Windows Internet Explorer 7 (KB938127-v2)

    Atualização de Segurança para Windows Internet Explorer 7 (KB950759)

    Atualização de Segurança para Windows Internet Explorer 7 (KB953838)

    Atualização de Segurança para Windows Internet Explorer 7 (KB956390)

    Atualização de Segurança para Windows Internet Explorer 7 (KB958215)

    Atualização de Segurança para Windows Internet Explorer 7 (KB960714)

    Atualização de Segurança para Windows Internet Explorer 7 (KB961260)

    Atualização de Segurança para Windows Internet Explorer 7 (KB963027)

    Atualização de Segurança para Windows Internet Explorer 7 (KB969897)

    Atualização de Segurança para Windows Internet Explorer 8 (KB971961)

    Atualização de Segurança para Windows Internet Explorer 8 (KB976325)

    Atualização de Segurança para Windows XP (KB923561)

    Atualização de Segurança para Windows XP (KB923789)

    Atualização de Segurança para Windows XP (KB938464)

    Atualização de Segurança para Windows XP (KB941569)

    Atualização de Segurança para Windows XP (KB946648)

    Atualização de Segurança para Windows XP (KB950760)

    Atualização de Segurança para Windows XP (KB950762)

    Atualização de Segurança para Windows XP (KB950974)

    Atualização de Segurança para Windows XP (KB951066)

    Atualização de Segurança para Windows XP (KB951376-v2)

    Atualização de Segurança para Windows XP (KB951376)

    Atualização de Segurança para Windows XP (KB951698)

    Atualização de Segurança para Windows XP (KB951748)

    Atualização de Segurança para Windows XP (KB952004)

    Atualização de Segurança para Windows XP (KB952954)

    Atualização de Segurança para Windows XP (KB953839)

    Atualização de Segurança para Windows XP (KB954211)

    Atualização de Segurança para Windows XP (KB954459)

    Atualização de Segurança para Windows XP (KB954600)

    Atualização de Segurança para Windows XP (KB955069)

    Atualização de Segurança para Windows XP (KB956391)

    Atualização de Segurança para Windows XP (KB956572)

    Atualização de Segurança para Windows XP (KB956744)

    Atualização de Segurança para Windows XP (KB956802)

    Atualização de Segurança para Windows XP (KB956803)

    Atualização de Segurança para Windows XP (KB956841)

    Atualização de Segurança para Windows XP (KB956844)

    Atualização de Segurança para Windows XP (KB957095)

    Atualização de Segurança para Windows XP (KB957097)

    Atualização de Segurança para Windows XP (KB958644)

    Atualização de Segurança para Windows XP (KB958687)

    Atualização de Segurança para Windows XP (KB958690)

    Atualização de Segurança para Windows XP (KB958869)

    Atualização de Segurança para Windows XP (KB959426)

    Atualização de Segurança para Windows XP (KB960225)

    Atualização de Segurança para Windows XP (KB960715)

    Atualização de Segurança para Windows XP (KB960803)

    Atualização de Segurança para Windows XP (KB960859)

    Atualização de Segurança para Windows XP (KB961371)

    Atualização de Segurança para Windows XP (KB961373)

    Atualização de Segurança para Windows XP (KB961501)

    Atualização de Segurança para Windows XP (KB968537)

    Atualização de Segurança para Windows XP (KB969059)

    Atualização de Segurança para Windows XP (KB969898)

    Atualização de Segurança para Windows XP (KB969947)

    Atualização de Segurança para Windows XP (KB970238)

    Atualização de Segurança para Windows XP (KB970430)

    Atualização de Segurança para Windows XP (KB971486)

    Atualização de Segurança para Windows XP (KB971557)

    Atualização de Segurança para Windows XP (KB971633)

    Atualização de Segurança para Windows XP (KB971657)

    Atualização de Segurança para Windows XP (KB972270)

    Atualização de Segurança para Windows XP (KB973346)

    Atualização de Segurança para Windows XP (KB973354)

    Atualização de Segurança para Windows XP (KB973507)

    Atualização de Segurança para Windows XP (KB973525)

    Atualização de Segurança para Windows XP (KB973869)

    Atualização de Segurança para Windows XP (KB973904)

    Atualização de Segurança para Windows XP (KB974112)

    Atualização de Segurança para Windows XP (KB974318)

    Atualização de Segurança para Windows XP (KB974392)

    Atualização de Segurança para Windows XP (KB974571)

    Atualização de Segurança para Windows XP (KB975025)

    Atualização de Segurança para Windows XP (KB975467)

    Atualização para Windows Internet Explorer 8 (KB975364)

    Atualização para Windows XP (KB942763)

    Atualização para Windows XP (KB951072-v2)

    Atualização para Windows XP (KB951978)

    Atualização para Windows XP (KB955759)

    Atualização para Windows XP (KB955839)

    Atualização para Windows XP (KB961503)

    Atualização para Windows XP (KB967715)

    Atualização para Windows XP (KB968389)

    Atualização para Windows XP (KB971737)

    Atualização para Windows XP (KB973687)

    Atualização para Windows XP (KB973815)

    BS.Player FREE powered by AdVantage

    Canon Camera Access Library

    Canon Camera Support Core Library

    Canon Digital Camera Solution Disk 34 Guía de iniciación al software

    Canon G.726 WMP-Decoder

    Canon Guía del usuario de impresión directa

    Canon MovieEdit Task for ZoomBrowser EX

    Canon PowerShot A470 Guía del usuario de la cámara

    Canon RAW Image Task for ZoomBrowser EX

    Canon Utilities CameraWindow

    Canon Utilities CameraWindow DC

    Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX

    Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX

    Canon Utilities EOS Utility

    Canon Utilities MyCamera

    Canon Utilities MyCamera DC

    Canon Utilities PhotoStitch

    Canon Utilities RemoteCapture Task for ZoomBrowser EX

    Canon Utilities ZoomBrowser EX

    Canon ZoomBrowser EX Memory Card Utility

    CCleaner

    ConvertXtoDVD 2.1.13.217

    DVD Shrink 3.2

    eMule

    Ferramenta de Carregamento do Windows Live

    Foxit Reader

    Free Mp3 Wma Converter V 1.81

    Free Video to Mp3 Converter version 3.1

    Google Chrome

    Google Earth

    Grand Theft Auto IV

    High Definition Audio Driver Package - KB888111

    HijackThis 2.0.2

    Hitman Blood Money

    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

    Hotfix for Windows Media Format 11 SDK (KB929399)

    Hotfix para o Windows Media Player 11 (KB939683)

    Hotfix para Windows Internet Explorer 7 (KB947864)

    Hotfix para Windows XP (KB952287)

    Hotfix para Windows XP (KB957201)

    Hotfix para Windows XP (KB961118)

    Hotfix para Windows XP (KB970653-v3)

    Hotfix para Windows XP (KB976098-v2)

    hp deskjet 3420 series

    hp deskjet 3420 series (Remover somente)

    Intel® Management Engine Interface

    Intel® PRO Network Connections 12.1.12.0

    iPhone Configuration Utility

    iTunes

    Java 6 Update 11

    Java 6 Update 3

    Java 6 Update 5

    Java 6 Update 7

    KB408682

    Magic ISO Maker v5.3 (build 0221)

    Malwarebytes' Anti-Malware

    Mario Forever v 2.16 !

    Microsoft .NET Framework 1.1

    Microsoft .NET Framework 1.1 Brazilian Portuguese Language Pack

    Microsoft .NET Framework 1.1 Security Update (KB953297)

    Microsoft .NET Framework 2.0 Language Pack - ESN

    Microsoft .NET Framework 2.0 Language Pack - PTB

    Microsoft .NET Framework 2.0 Service Pack 2

    Microsoft .NET Framework 3.0 Service Pack 2

    Microsoft .NET Framework 3.5 SP1

    Microsoft Application Error Reporting

    Microsoft Choice Guard

    Microsoft Compression Client Pack 1.0 for Windows XP

    Microsoft Games for Windows - LIVE

    Microsoft Games for Windows - LIVE Redistributable

    Microsoft Internationalized Domain Names Mitigation APIs

    Microsoft National Language Support Downlevel APIs

    Microsoft Office 2007 Service Pack 2 (SP2)

    Microsoft Office Access MUI (Portuguese (Brazil)) 2007

    Microsoft Office Enterprise 2007

    Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

    Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

    Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

    Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

    Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

    Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

    Microsoft Office Proof (English) 2007

    Microsoft Office Proof (Portuguese (Brazil)) 2007

    Microsoft Office Proof (Spanish) 2007

    Microsoft Office Proofing (Portuguese (Brazil)) 2007

    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

    Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

    Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

    Microsoft Office Word MUI (Portuguese (Brazil)) 2007

    Microsoft Silverlight

    Microsoft Software Update for Web Folders (Portuguese (Brazil)) 12

    Microsoft User-Mode Driver Framework Feature Pack 1.5

    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

    Microsoft Visual C++ 2005 Redistributable

    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

    Mozilla Firefox (3.5.7)

    MSVCRT

    MSXML 4.0 SP2 (KB936181)

    MSXML 4.0 SP2 (KB954430)

    MSXML 4.0 SP2 (KB973688)

    MSXML 4.0 SP2 Parser and SDK

    MSXML 6.0 Parser (KB925673)

    Nero 7 Essentials

    neroxml

    Nokia Connectivity Cable Driver

    Nokia PC Suite

    NVIDIA Drivers

    Panda ActiveScan 2.0

    Paquete de idioma de Microsoft .NET Framework 2.0 - ESN

    PC Connectivity Solution

    PDF Settings

    PowerDVD

    PowerISO

    Pro Evolution Soccer 2009

    Pro Evolution Soccer 2010

    PS TO PC CONVERTER

    QuickTime

    Rainlendar2 (remove only)

    RealPlayer

    Realtek High Definition Audio Driver

    Recurso de Multa v1.0

    Revo Uninstaller 1.85

    Rockstar Games Social Club

    Security Update for 2007 Microsoft Office System (KB969559)

    Security Update for 2007 Microsoft Office System (KB973704)

    Security Update for Microsoft Office Excel 2007 (KB973593)

    Security Update for Microsoft Office Outlook 2007 (KB972363)

    Security Update for Microsoft Office PowerPoint 2007 (KB957789)

    Security Update for Microsoft Office Publisher 2007 (KB969693)

    Security Update for Microsoft Office system 2007 (972581)

    Security Update for Microsoft Office system 2007 (KB969613)

    Security Update for Microsoft Office system 2007 (KB974234)

    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

    Security Update for Microsoft Office Word 2007 (KB969604)

    Segoe UI

    SpyHunter

    SUPERAntiSpyware Free Edition

    Tony Hawks Pro Skater 4

    Uninstall 1.0.0.1

    upapp

    Update for 2007 Microsoft Office System (KB967642)

    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

    Update for Microsoft Office InfoPath 2007 (KB976416)

    Update for Outlook 2007 Junk Email Filter (kb977839)

    Vista Codec Package

    Visual C++ 2008 x86 Runtime - (v9.0.30729)

    Visual C++ 2008 x86 Runtime - v9.0.30729.01

    VobSub v2.23 (Remove Only)

    WebFldrs XP

    Winamp

    Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2)

    Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)

    Windows Internet Explorer 8

    Windows Live Call

    Windows Live Communications Platform

    Windows Live Essentials

    Windows Live Messenger

    Windows Live OneCare safety scanner

    Windows Media Format 11 runtime

    Windows Media Player 11

    Windows Media Player Firefox Plugin

    Windows Presentation Foundation

    Windows XP Service Pack 3

    XML Paper Specification Shared Components Pack 1.0

    ==== End Of File ===========================

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Execute e poste novo log do ComboFix, por gentileza.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Log do ComboFix

    ComboFix 10-01-13.07 - Carmen 16/01/2010 22:30:22.3.4 - x86

    Microsoft Windows XP Home Edition 5.1.2600.3.1252.55.1046.18.3067.2619 [GMT -3:00]

    Executando de: c:\digo\Utilitários\ComboFix.exe

    AV: avast! antivirus 4.8.1368 [VPS 100116-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    FW: avast! Internet Security *disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}

    .

    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    C:\cleanup.exe

    c:\docume~1\Carmen\CONFIG~1\Temp\msseces.exe

    .

    (((((((((((((((( Arquivos/Ficheiros criados de 2009-12-17 to 2010-01-17 ))))))))))))))))))))))))))))

    .

    2010-01-17 01:18 . 2010-01-17 01:18 3708 ----a-w- C:\backup.reg

    2010-01-17 01:18 . 2010-01-17 01:18 574 ----a-w- C:\cleanup.bat

    2010-01-17 01:18 . 2010-01-17 01:18 135168 ----a-w- C:\zip.exe

    2010-01-09 17:26 . 2010-01-09 18:58 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Symantec Shared

    2010-01-09 17:22 . 2010-01-09 18:58 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Norton

    2010-01-09 17:22 . 2010-01-09 17:22 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Symantec

    2010-01-09 17:22 . 2010-01-09 17:22 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NortonInstaller

    2009-12-25 20:51 . 2009-12-25 20:51 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Malwarebytes

    2009-12-25 20:45 . 2009-12-25 20:45 -------- d-sh--w- c:\documents and settings\Administrador\IETldCache

    2009-12-25 20:30 . 2006-03-02 12:00 82501 -c--a-w- c:\windows\system32\dllcache\bckg.dll

    2009-12-25 06:52 . 2009-10-10 01:31 315408 ----a-w- c:\windows\system32\drivers\1255231.sys

    2009-12-25 06:22 . 2009-12-25 06:22 -------- d-----w- c:\documents and settings\Carmen\Dados de aplicativos\VSRevoGroup

    2009-12-24 22:00 . 2009-12-24 22:00 52224 ----a-w- c:\documents and settings\Carmen\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

    2009-12-24 22:00 . 2010-01-14 05:04 117760 ----a-w- c:\documents and settings\Carmen\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

    2009-12-24 22:00 . 2009-12-24 22:00 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SUPERAntiSpyware.com

    2009-12-24 22:00 . 2009-12-24 22:00 65024 ----a-r- c:\documents and settings\Carmen\Dados de aplicativos\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe

    2009-12-24 22:00 . 2009-12-24 22:00 5120 ----a-r- c:\documents and settings\Carmen\Dados de aplicativos\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe

    2009-12-24 22:00 . 2009-12-24 22:00 18944 ----a-r- c:\documents and settings\Carmen\Dados de aplicativos\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe

    2009-12-24 21:59 . 2010-01-08 14:25 -------- d-----w- c:\arquivos de programas\SUPERAntiSpyware

    2009-12-24 21:59 . 2009-12-24 21:59 -------- d-----w- c:\documents and settings\Carmen\Dados de aplicativos\SUPERAntiSpyware.com

    2009-12-24 21:59 . 2009-12-24 21:59 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard

    2009-12-24 21:42 . 2009-12-24 21:42 -------- d-----w- c:\arquivos de programas\VS Revo Group

    2009-12-24 00:06 . 2009-12-24 00:06 43520 ----a-w- c:\windows\system32\bie.exe

    2009-12-22 04:48 . 2009-06-30 12:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys

    2009-12-22 04:48 . 2009-12-22 04:48 -------- d-----w- c:\arquivos de programas\Panda Security

    2009-12-22 01:34 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll

    2009-12-22 01:29 . 2009-12-22 01:51 -------- dc-h--w- c:\windows\ie8

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2010-01-14 00:48 . 2009-11-04 21:49 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

    2010-01-13 01:27 . 2008-06-05 02:24 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

    2010-01-10 18:50 . 2009-12-01 18:33 79488 ----a-w- c:\documents and settings\Carmen\Dados de aplicativos\Sun\Java\jre1.6.0_17\gtapi.dll

    2010-01-07 17:45 . 2009-06-23 00:13 6296864 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\Resources.dll

    2009-12-26 10:42 . 2006-03-02 12:00 82394 ----a-w- c:\windows\system32\perfc016.dat

    2009-12-26 10:42 . 2006-03-02 12:00 475504 ----a-w- c:\windows\system32\perfh016.dat

    2009-12-25 06:25 . 2009-08-10 03:10 -------- d-----w- c:\arquivos de programas\MessengerPlus! 3

    2009-12-23 23:46 . 2009-06-23 00:13 862040 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\threatwork.exe

    2009-12-23 23:46 . 2009-06-23 00:13 206944 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\lavamessage.dll

    2009-12-23 23:46 . 2009-06-23 00:13 390288 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\lavalicense.dll

    2009-12-23 23:46 . 2009-10-14 23:44 537576 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\aawapi.dll

    2009-12-23 23:46 . 2009-06-23 00:13 370744 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\UpdateManager.dll

    2009-12-23 23:46 . 2009-06-23 00:13 194104 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\Savapibridge.dll

    2009-12-23 23:45 . 2009-06-23 00:12 933120 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\CEAPI.dll

    2009-12-23 23:45 . 2009-06-23 00:11 816272 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe

    2009-12-23 23:45 . 2009-06-23 00:11 822904 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe

    2009-12-23 23:45 . 2009-06-23 00:11 1643272 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\Ad-Aware.exe

    2009-12-23 23:45 . 2009-06-23 00:10 788880 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\AAWTray.exe

    2009-12-23 23:45 . 2009-06-23 00:10 1181328 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\AAWService.exe

    2009-12-22 00:13 . 2008-05-20 17:00 -------- d-----w- c:\arquivos de programas\Bonjour

    2009-12-15 23:49 . 2008-09-21 23:51 -------- d-----w- c:\arquivos de programas\3GP Player

    2009-12-02 22:59 . 2009-12-02 22:59 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Alwil Software

    2009-12-02 22:48 . 2008-05-08 05:21 -------- d-----w- c:\arquivos de programas\eMule

    2009-11-30 20:16 . 2009-12-02 22:59 269904 ----a-w- c:\windows\system32\drivers\aswSnx.sys

    2009-11-30 20:16 . 2009-12-02 22:59 186064 ----a-w- c:\windows\system32\drivers\aswNdis.sys

    2009-11-28 19:05 . 2008-05-30 05:24 -------- d-----w- c:\documents and settings\Carmen\Dados de aplicativos\Vso

    2009-11-24 23:54 . 2008-05-08 05:24 1280480 ----a-w- c:\windows\system32\aswBoot.exe

    2009-11-24 23:51 . 2008-05-08 05:24 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys

    2009-11-24 23:50 . 2008-05-08 05:24 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys

    2009-11-24 23:50 . 2008-05-08 05:24 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys

    2009-11-24 23:50 . 2008-05-08 05:24 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

    2009-11-24 23:49 . 2008-05-08 05:24 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys

    2009-11-24 23:48 . 2008-05-08 05:24 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys

    2009-11-24 23:47 . 2008-05-08 05:24 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys

    2009-11-24 23:47 . 2008-05-08 05:24 97480 ----a-w- c:\windows\system32\avastSS.scr

    2009-11-22 02:28 . 2009-11-22 01:50 -------- d-----w- c:\arquivos de programas\Enigma Software Group

    2009-11-21 23:45 . 2009-06-16 00:09 163728 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\ShellExt.dll

    2009-11-21 23:45 . 2009-06-16 00:08 327000 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\RPAPI.dll

    2009-11-21 23:45 . 2009-06-16 00:08 87496 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\PrivacyClean.dll

    2009-11-21 23:45 . 2009-09-22 00:07 641632 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\AutoLaunch.exe

    2009-11-21 15:58 . 2006-03-02 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll

    2009-11-07 13:55 . 2009-11-06 11:03 598 ----a-w- C:\fsys.bat

    2009-10-29 07:42 . 2006-03-02 12:00 916480 ------w- c:\windows\system32\wininet.dll

    2009-10-28 23:47 . 2009-10-28 23:47 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

    2009-10-28 23:47 . 2009-10-28 23:47 93360 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys

    2009-10-28 23:47 . 2009-10-28 23:47 554280 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\sbap.dll

    2009-10-28 23:47 . 2009-06-16 00:09 15880 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\lsdelete.exe

    2009-10-28 23:47 . 2009-04-02 04:31 15880 ----a-w- c:\windows\system32\lsdelete.exe

    2009-10-28 23:47 . 2009-10-28 23:47 212480 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\VipreBridge.dll

    2009-10-28 23:47 . 2009-10-28 23:47 283944 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\Vipre.dll

    2009-10-28 23:47 . 2009-10-28 23:47 1223976 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\SBTE.dll

    2009-10-28 23:47 . 2009-10-28 23:47 242984 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\SBRE.dll

    2009-10-22 18:40 . 2008-12-24 22:43 30504 ----a-w- c:\windows\system32\drivers\GbpKm.sys

    2009-10-21 05:39 . 2006-03-02 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll

    2009-10-21 05:39 . 2006-03-02 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll

    2009-10-20 16:20 . 2006-03-02 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys

    2007-03-13 22:20 . 2008-05-20 16:53 35979 -c--a-w- c:\arquivos de programas\Photoshop CS3 Read Me.html

    .

    ((((((((((((((((((((((((((((( SnapShot@2010-01-14_00.55.32 )))))))))))))))))))))))))))))))))))))))))

    .

    + 2010-01-17 01:28 . 2010-01-17 01:28 16384 c:\windows\Temp\Perflib_Perfdata_704.dat

    + 2010-01-17 01:28 . 2010-01-17 01:28 16384 c:\windows\Temp\Perflib_Perfdata_6c4.dat

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* entradas vazias e legítimas por defeito não são mostradas.

    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]

    "Rainlendar2"="c:\arquivos de programas\Rainlendar2\Rainlendar2.exe" [2006-10-28 981504]

    "SUPERAntiSpyware"="c:\arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-08 2002160]

    "msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

    "Google Update"="c:\documents and settings\Carmen\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2010-01-13 135664]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "RTHDCPL"="RTHDCPL.EXE" [2007-09-17 16132608]

    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-16 8491008]

    "nwiz"="nwiz.exe" [2007-09-16 1626112]

    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-16 81920]

    "NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

    "SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2008-12-17 136600]

    "GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

    "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-03 188416]

    "Ad-Watch"="c:\arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe" [2009-12-23 788880]

    "Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

    "QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2009-09-05 417792]

    "iTunesHelper"="c:\arquivos de programas\iTunes\iTunesHelper.exe" [2009-09-09 305440]

    "PWRISOVM.EXE"="c:\arquivos de programas\PowerISO\PWRISOVM.EXE" [2008-01-20 217088]

    "Malwarebytes Anti-Malware (reboot)"="c:\arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "PcSync"="c:\arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\arquivos de programas\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

    2009-09-03 17:21 548352 ----a-w- c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

    BootExecute REG_MULTI_SZ masterx autocheck autochk *\0lsdelete

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

    @="Service"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

    "Google Update"="c:\documents and settings\Carmen\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]

    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    "c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

    "c:\\Arquivos de programas\\eMule\\emule.exe"=

    "c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

    "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=

    "c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

    "c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

    "c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

    "c:\\Arquivos de programas\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=

    "c:\\Arquivos de programas\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=

    "c:\\Arquivos de programas\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=

    "c:\\Arquivos de programas\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=

    "c:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Nero Web\\SetupX.exe"=

    "c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

    "c:\\Arquivos de programas\\iTunes\\iTunes.exe"=

    "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

    "c:\\Arquivos de programas\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

    "7768:TCP"= 7768:TCP:BitComet 7768 TCP

    "7768:UDP"= 7768:UDP:BitComet 7768 UDP

    R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2/12/2009 19:59 186064]

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/4/2009 21:07 64288]

    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [22/12/2009 01:48 28552]

    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2/12/2009 19:59 269904]

    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [8/5/2008 02:24 114768]

    R1 SASDIFSV;SASDIFSV;c:\arquivos de programas\SUPERAntiSpyware\sasdifsv.sys [16/12/2009 16:26 9968]

    R1 SASKUTIL;SASKUTIL;c:\arquivos de programas\SUPERAntiSpyware\SASKUTIL.SYS [16/12/2009 16:26 74480]

    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/5/2008 02:24 20560]

    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe [24/9/2009 08:17 1181328]

    S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/5/2008 20:15 717296]

    S1 12552311;12552311;c:\windows\system32\DRIVERS\12552311.sys --> c:\windows\system32\DRIVERS\12552311.sys [?]

    S3 hid8103;hid8103;c:\windows\system32\drivers\hid8103.sys [4/7/2008 21:20 31128]

    S3 SASENUM;SASENUM;c:\arquivos de programas\SUPERAntiSpyware\SASENUM.SYS [16/12/2009 16:27 7408]

    .

    Conteúdo da pasta 'Tarefas Agendadas'

    2010-01-17 c:\windows\Tasks\Ad-Aware Update (Daily 1).job

    - c:\arquivos de programas\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 23:45]

    2010-01-17 c:\windows\Tasks\Ad-Aware Update (Daily 2).job

    - c:\arquivos de programas\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 23:45]

    2010-01-17 c:\windows\Tasks\Ad-Aware Update (Daily 3).job

    - c:\arquivos de programas\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 23:45]

    2010-01-17 c:\windows\Tasks\Ad-Aware Update (Daily 4).job

    - c:\arquivos de programas\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 23:45]

    2010-01-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job

    - c:\arquivos de programas\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 23:45]

    2010-01-15 c:\windows\Tasks\AppleSoftwareUpdate.job

    - c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34]

    .

    .

    ------- Scan Suplementar -------

    .

    uStart Page = about:blank

    uInternet Settings,ProxyOverride = *.local

    IE: E&xport to Microsoft Excel - c:\arquiv~1\MICROS~3\Office12\EXCEL.EXE/3000

    DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://imagem.caixa.gov.br/cab/gbpdist.cab

    FF - ProfilePath - c:\documents and settings\Carmen\Dados de aplicativos\Mozilla\Firefox\Profiles\60o3eaur.default\

    FF - prefs.js: browser.search.selectedEngine - DAEMON Search

    FF - prefs.js: browser.startup.homepage -

    FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\np-mswmp.dll

    FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npmozax.dll

    FF - plugin: c:\arquivos de programas\VistaCodecPack\rm\browser\plugins\nppl3260.dll

    FF - plugin: c:\arquivos de programas\VistaCodecPack\rm\browser\plugins\nprpjplug.dll

    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----

    c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

    .

    - - - - ORFÃOS REMOVIDOS - - - -

    HKLM-Run-avast! - c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe

    AddRemove-avast! - c:\arquivos de programas\Alwil Software\Avast4\aswRunDll.exe

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2010-01-16 22:34

    Windows 5.1.2600 Service Pack 3 NTFS

    Procurando processos ocultos ...

    Procurando entradas auto inicializáveis ocultas ...

    Procurando ficheiros/arquivos ocultos ...

    Varredura completada com sucesso

    arquivos/ficheiros ocultos: 0

    **************************************************************************

    .

    --------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

    [HKEY_USERS\S-1-5-21-1343024091-838170752-839522115-1004\Software\SecuROM\License information*]

    "datasecu"=hex:89,2a,44,64,6b,ca,d8,e6,ef,6f,79,aa,6f,e3,42,9f,41,b4,ac,86,06,

    38,5e,84,85,56,26,aa,f0,0d,98,61,be,2a,b7,bc,51,72,5a,07,bc,84,dc,76,78,20,\

    "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

    .

    --------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

    - - - - - - - > 'winlogon.exe'(600)

    c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

    c:\windows\system32\WININET.dll

    .

    Tempo para conclusão: 2010-01-16 22:36:06

    ComboFix-quarantined-files.txt 2010-01-17 01:36

    ComboFix2.txt 2010-01-16 07:19

    ComboFix3.txt 2010-01-14 00:56

    Pré-execução: 19 pasta(s) 320.581.660.672 bytes disponíveis

    Pós execução: 20 pasta(s) 320.548.536.320 bytes disponíveis

    - - End Of File - - 2CC02025B1F35741BC5D22143AB0CDC5

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Configure o Windows para mostrar todos os arquivos

    Acesse este site: http://virustotal.com/

    Em File to upload coloque: C:\zip.exe

    Em seguida clique em Submit

    Repita o mesmo procedimento para o arquivo C:\cleanup.bat

    Copie e poste o resultado deste exame.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • C:\zip.exe

    Antivírus Versão Última Atualização Resultado

    a-squared 4.5.0.48 2010.01.08 -

    AhnLab-V3 5.0.0.2 2010.01.08 -

    AntiVir 7.9.1.130 2010.01.08 -

    Antiy-AVL 2.0.3.7 2010.01.08 -

    Authentium 5.2.0.5 2010.01.08 -

    Avast 4.8.1351.0 2010.01.08 -

    BitDefender 7.2 2010.01.08 -

    CAT-QuickHeal 10.00 2010.01.08 -

    ClamAV 0.94.1 2010.01.08 -

    Comodo 3514 2010.01.08 Backdoor.Win32.GameThief.Nileage.cz

    DrWeb 5.0.1.12222 2010.01.08 -

    eSafe 7.0.17.0 2010.01.07 Win32.Banker

    eTrust-Vet 35.2.7226 2010.01.08 -

    F-Prot 4.5.1.85 2010.01.08 -

    F-Secure 9.0.15370.0 2010.01.08 -

    Fortinet 4.0.14.0 2010.01.08 -

    GData 19 2010.01.08 -

    Ikarus T3.1.1.80.0 2010.01.08 -

    Jiangmin 13.0.900 2010.01.08 -

    K7AntiVirus 7.10.942 2010.01.08 -

    Kaspersky 7.0.0.125 2010.01.08 -

    McAfee 5855 2010.01.08 -

    McAfee+Artemis 5855 2010.01.08 -

    McAfee-GW-Edition 6.8.5 2010.01.08 -

    Microsoft 1.5302 2010.01.08 -

    NOD32 4755 2010.01.08 -

    Norman 6.04.03 2010.01.08 -

    nProtect 2009.1.8.0 2010.01.08 -

    Panda 10.0.2.2 2010.01.08 -

    PCTools 7.0.3.5 2010.01.08 -

    Prevx 3.0 2010.01.08 -

    Rising 22.29.04.04 2010.01.08 -

    Sophos 4.49.0 2010.01.08 -

    Sunbelt 3.2.1858.2 2010.01.08 -

    Symantec 20091.2.0.41 2010.01.08 -

    TheHacker 6.5.0.3.142 2010.01.08 -

    TrendMicro 9.120.0.1004 2010.01.08 -

    VBA32 3.12.12.1 2010.01.06 -

    ViRobot 2010.1.8.2128 2010.01.08 -

    VirusBuster 5.0.21.0 2010.01.08 -

    Informações adicionais

    File size: 135168 bytes

    MD5 : db9b1cc34b35136f35e333de520c15f5

    SHA1 : 538bc7ab67c44c44e998bac022fefdddbaa1976f

    SHA256: f192a871ed2e942275aa3629351c08eb8383dedec7c10024fda9b642633685e1

    PEInfo: PE Structure information

    ( base data )

    entrypointaddress.: 0x40F805

    timedatestamp.....: 0x44A718FF (Sun Jul 2 02:53:19 2006)

    machinetype.......: 0x14C (Intel I386)

    ( 3 sections )

    name viradd virsiz rawdsiz ntrpy md5

    .text 0x1000 0x18F41 0x19000 6.71 919c27b65715df14629b6905d409f49a

    .rdata 0x1A000 0x5B08 0x6000 5.21 8757daad2bf5787fea551b4b676d14b7

    .data 0x20000 0x4E344 0x1000 2.92 db952e35d89797bd9d1679b749795711

    ( 0 imports )

    ( 0 exports )

    TrID : File type identification

    Win32 Executable MS Visual C++ (generic) (65.2%)

    Win32 Executable Generic (14.7%)

    Win32 Dynamic Link Library (generic) (13.1%)

    Generic Win/DOS Executable (3.4%)

    DOS Executable Generic (3.4%)

    ThreatExpert: http://www.threatexpert.com/report.aspx?md5=db9b1cc34b35136f35e333de520c15f5

    ssdeep: 3072:+yiIL2aUStYI4kOojhmlDUaKhVVXdD+mO3tefT:K2bukOkhK4aKhVVU

    PEiD : -

    CWSandbox: http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=db9b1cc34b35136f35e333de520c15f5

    RDS : NSRL Reference Data Set

    C:\cleanup.bat

    Antivírus Versão Última Atualização Resultado

    a-squared 4.5.0.43 2009.12.25 -

    AhnLab-V3 5.0.0.2 2009.12.25 -

    AntiVir 7.9.1.122 2009.12.24 -

    Antiy-AVL 2.0.3.7 2009.12.25 -

    Authentium 5.2.0.5 2009.12.25 -

    Avast 4.8.1351.0 2009.12.25 -

    AVG 8.5.0.430 2009.12.25 -

    BitDefender 7.2 2009.12.25 -

    CAT-QuickHeal 10.00 2009.12.24 -

    ClamAV 0.94.1 2009.12.25 -

    Comodo 3365 2009.12.25 -

    DrWeb 5.0.1.12222 2009.12.25 -

    eSafe 7.0.17.0 2009.12.24 -

    eTrust-Vet 35.1.7197 2009.12.25 -

    F-Prot 4.5.1.85 2009.12.25 -

    F-Secure 9.0.15370.0 2009.12.25 -

    Fortinet 4.0.14.0 2009.12.25 -

    GData 19 2009.12.25 -

    Ikarus T3.1.1.79.0 2009.12.25 -

    Jiangmin 13.0.900 2009.12.25 -

    K7AntiVirus 7.10.929 2009.12.24 -

    Kaspersky 7.0.0.125 2009.12.25 -

    McAfee 5842 2009.12.24 -

    McAfee+Artemis 5842 2009.12.24 -

    McAfee-GW-Edition 6.8.5 2009.12.25 -

    Microsoft 1.5302 2009.12.25 -

    NOD32 4716 2009.12.25 -

    Norman 6.04.03 2009.12.24 -

    nProtect 2009.1.8.0 2009.12.24 -

    Panda 10.0.2.2 2009.12.15 -

    PCTools 7.0.3.5 2009.12.25 -

    Prevx 3.0 2009.12.25 -

    Rising 22.27.04.04 2009.12.25 -

    Sophos 4.49.0 2009.12.25 -

    Sunbelt 3.2.1858.2 2009.12.25 -

    Symantec 1.4.4.12 2009.12.25 -

    TheHacker 6.5.0.3.110 2009.12.24 -

    TrendMicro 9.120.0.1004 2009.12.25 -

    VBA32 3.12.12.0 2009.12.25 BAT.KillFiles.NBK

    ViRobot 2009.12.24.2107 2009.12.24 -

    VirusBuster 5.0.21.0 2009.12.25 -

    Informações adicionais

    File size: 574 bytes

    MD5 : f729045a51896f374fee1ab23eb8fe7f

    SHA1 : 62890664667b1f3361eadf1d7c4bf61ae0477370

    SHA256: 40bf96d24a051c9fd666c603e29ce70e1dab97feea0406fd32a167bb44c2c8c6

    TrID : File type identification

    Unknown!

    ssdeep: 12:/kDDTGTHTAOoNk+fwHTnfCVDTqLRVcobWI5TXFT4EQrXr:MCroNkpR3bWWLQrXr

    PEiD : -

    RDS : NSRL Reference Data Set

    -

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Leia atentamente toda a instrução abaixo antes de executar o programa.

    Faça download do Kaspersky Removal Tool e salve em seu desktop.

    • Instale o programa normalmente, seguindo todas as instruções.
    • Uma pasta chamada Virus Removal Tool será criada no desktop.
    • Na tela do programa clique nas opções:
      • Meu computador
      • Hidden Startup objects
      • Disk boot sectors
      • System Memory

      [*]Clique no botão Start Scan.[*]Seja paciente, o scan é demorado![*]Conforme for scaneando provavelmente abrirá algumas janelas pequenas ao lado do relógio, não clique em nada.[*]Também há uma possibilidade de abrir uma janela maior contendo as seguintes opções:

      • Desinfection (quando possível)
      • Delete
      • Skip
    • Quando aparecer, marque primero a opção abaixo Apply to all objects e depois clique numa das opções acima.
    • Após completar tudo, clique no botão Reports, na janela que abrir nas opções acima deixe:
      • Autoscan
      • Group by result
      • All Events

      [*]Expanda Autoscan clicando no sinal ao lado de +[*]Expanda Result: Detected.[*]Clique com o botão direito do mouse e escolha Select all, e depois escolha Copy.[*]Atenção, ao fazer isso parece que o PC travou, mas não, aguarde uns minutos para liberar a memória.[*]Abra o Bloco de Notas e cole (ctrl + v)[*]Dê um nome para o arquivo e salve numa pasta de sua preferência.[*]Feche o resultado clicando no botão Exit.[*]Ao fazer isso será questionado se quer desinstalar a ferramenta, clique em Sim.[*]Reinicie o computador quando for pedido.[*]Poste o conteúdo desse arquivo em sua próxima resposta.

    OBSERVAÇÃO1:
    Atente para as janelas durante o scan elas possuem cores diferentes dependendo do risco. Portanto,

    • verde
      :
      baixo risco
    • amarelo
      :
      médio risco
    • vermelho
      :
      alto risco

    Antes de tomar qualquer medida verifique com cuidado o caminho/nome do arquivo para ver é de seu conhecimento, caso seja clique em
    Skip
    .

    OBSERVAÇÃO2:
    Se no resultado final do scan apenas tiver
    Result:
    OK
    , não precisa gerar um relatório, apenas informe deste.

    OBSERVAÇÃO3:
    Durante o scan pode ser que o Kaspersky acuse a seguinte pasta com vírus:
    c:\
    QooBox
    . Caso isto aconteça escolha a opção
    Skip
    , pois a mesma pertence ao
    ComboFix
    e será removida quando o mesmo for desinstalado.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Executei o programa e a única coisa que apareceu foi "Result:OK".

    O que me parece estranho, pois o virus/malware segue sendo detectado por outros programas..

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro digoep

    Estarei assumindo seu caso; nosso amigo RenatoMejias teve que viajar :)

    O que me parece estranho, pois o virus/malware segue sendo detectado por outros programas..
    Quais programas? Poste os relatórios deles...

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Por algum motivo, o que infecta meu pc consegue "desinstalar" o avast, é a terceira vez que tento instalar ele e depois de um tempo ele simplesmente "desinstala".. Já nem sei mais qual programa instalar, estou com o Avira, o Ad-Aware, Malwarebytes', SpyHunter, ParetoLogic Anti-Virus, SUPERAntiSpyware, tudo isso instalado e nenhum resolve.. sei que o recomendado não é ter tudo isso, mas devido a situação critica fiz todas tentativas.. Se não tivesse tanto arquivo já teria formatado o pc há horas, por isso é tão importante que consiga fazer essa limpeza..

    Vamos aos logs:

    AD AWARE (o log é enorme, vou colar parte)

    Scan profile name: Análise completa (ID: full)

    Objects scanned: 142569

    Objects detected: 1

    Type Detected

    ==========================

    Processes.......: 0

    Registry entries: 0

    Hostfile entries: 0

    Files...........: 1

    Folders.........: 0

    LSPs............: 0

    Cookies.........: 0

    Browser hijacks.: 0

    MRU objects.....: 0

    Quarantined items:

    Description: C:\System Volume Information\_restore{C222D9F8-FCD4-4267-9BDF-8BC28A45C24C}\RP583\A0070285.sys Family Name: Win32.Worm.Bagle Engine: 1 Clean status: Success Item ID: 1845968 Family ID: 1156 MD5: 524d8d450622db4a7875b111c299a76b

    Scan and cleaning complete: Finished correctly after 3461 seconds

    ****************************** System information ******************************

    Computer name: CARMEN-A2095CD3

    Processor name: Intel® Core2 Quad CPU Q6700 @ 2.66GHz

    Processor identifier: x86 Family 6 Model 15 Stepping 11

    Processor speed: ~2666MHZ

    Raw info: processorarchitecture 0, processortype 586, processorlevel 6, processor revision 3851, number of processors 4, processor features: [MMX,SSE,SSE2]

    Physical memory available: 1971343360 bytes

    Physical memory total: 3215699968 bytes

    Virtual memory available: 1778311168 bytes

    Virtual memory total: 2147352576 bytes

    Memory load: 38%

    Microsoft Windows XP Professional Service Pack 3 (build 2600)

    Windows startup mode:

    Running processes:

    PID: 544 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: AUTORIDADE NT

    PID: 600 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: AUTORIDADE NT

    PID: 624 name: \??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: AUTORIDADE NT

    PID: 668 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: AUTORIDADE NT

    PID: 680 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: AUTORIDADE NT

    PID: 872 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: AUTORIDADE NT

    PID: 920 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: AUTORIDADE NT

    PID: 964 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: AUTORIDADE NT

    PID: 1004 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: AUTORIDADE NT

    PID: 1076 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: AUTORIDADE NT

    PID: 1116 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: AUTORIDADE NT

    PID: 1336 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: AUTORIDADE NT

    PID: 1380 name: C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe owner: SYSTEM domain: AUTORIDADE NT

    PID: 1456 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: AUTORIDADE NT

    PID: 1504 name: C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe owner: SYSTEM domain: AUTORIDADE NT

    PID: 1516 name: C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe owner: SYSTEM domain: AUTORIDADE NT

    PID: 1528 name: C:\Arquivos de programas\Bonjour\mDNSResponder.exe owner: SYSTEM domain: AUTORIDADE NT

    PID: 1568 name: C:\Arquivos de programas\Java\jre6\bin\jqs.exe owner: SYSTEM domain: AUTORIDADE NT

    PID: 1628 name: C:\WINDOWS\system32\nvsvc32.exe owner: SYSTEM domain: AUTORIDADE NT

    PID: 1676 name: C:\WINDOWS\System32\snmp.exe owner: SYSTEM domain: AUTORIDADE NT

    PID: 1700 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: AUTORIDADE NT

    PID: 1740 name: C:\Arquivos de programas\Arquivos comuns\ParetoLogic\PLAS\plasservice.exe owner: SYSTEM domain: AUTORIDADE NT

    PID: 1920 name: C:\Arquivos de programas\Canon\CAL\CALMAIN.exe owner: SYSTEM domain: AUTORIDADE NT

    PID: 880 name: C:\WINDOWS\csrrs2.exe owner: Carmen domain: CARMEN-A2095CD3

    PID: 1072 name: C:\WINDOWS\Explorer.EXE owner: Carmen domain: CARMEN-A2095CD3

    PID: 724 name: C:\WINDOWS\RTHDCPL.EXE owner: Carmen domain: CARMEN-A2095CD3

    PID: 2072 name: C:\WINDOWS\system32\RUNDLL32.EXE owner: Carmen domain: CARMEN-A2095CD3

    PID: 2088 name: C:\Arquivos de programas\Java\jre6\bin\jusched.exe owner: Carmen domain: CARMEN-A2095CD3

    PID: 2096 name: C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe owner: Carmen domain: CARMEN-A2095CD3

    PID: 2108 name: C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe owner: Carmen domain: CARMEN-A2095CD3

    PID: 2192 name: C:\Arquivos de programas\PowerISO\PWRISOVM.EXE owner: Carmen domain: CARMEN-A2095CD3

    PID: 2244 name: C:\Arquivos de programas\iTunes\iTunesHelper.exe owner: Carmen domain: CARMEN-A2095CD3

    PID: 2252 name: C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe owner: Carmen domain: CARMEN-A2095CD3

    PID: 2300 name: C:\Arquivos de programas\ParetoLogic\Anti-Virus PLUS\Pareto_AV.exe owner: Carmen domain: CARMEN-A2095CD3

    PID: 2324 name: C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe owner: Carmen domain: CARMEN-A2095CD3

    PID: 2344 name: C:\Arquivos de programas\Rainlendar2\Rainlendar2.exe owner: Carmen domain: CARMEN-A2095CD3

    PID: 2360 name: C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe owner: Carmen domain: CARMEN-A2095CD3

    PID: 2456 name: C:\Documents and Settings\Carmen\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe owner: Carmen domain: CARMEN-A2095CD3

    PID: 2488 name: C:\WINDOWS\system32\ctfmon.exe owner: Carmen domain: CARMEN-A2095CD3

    PID: 2684 name: C:\WINDOWS\system32\wbem\wmiapsrv.exe owner: SYSTEM domain: AUTORIDADE NT

    PID: 2792 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: AUTORIDADE NT

    PID: 3020 name: C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe owner: SYSTEM domain: AUTORIDADE NT

    PID: 3100 name: C:\Arquivos de programas\iPod\bin\iPodService.exe owner: SYSTEM domain: AUTORIDADE NT

    PID: 3108 name: C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe owner: Carmen domain: CARMEN-A2095CD3

    PID: 3368 name: C:\WINDOWS\System32\alg.exe owner: LOCAL SERVICE domain: AUTORIDADE NT

    PID: 2676 name: C:\Arquivos de programas\Arquivos comuns\ParetoLogic\PLAVEngine\ScanningProcess.exe owner: SYSTEM domain: AUTORIDADE NT

    PID: 3856 name: C:\Arquivos de programas\Arquivos comuns\ParetoLogic\PLAVEngine\ScanningProcess.exe owner: SYSTEM domain: AUTORIDADE NT

    PID: 3432 name: C:\Arquivos de programas\Arquivos comuns\ParetoLogic\PLAVEngine\ScanningProcess.exe owner: SYSTEM domain: AUTORIDADE NT

    PID: 3892 name: C:\Arquivos de programas\Arquivos comuns\ParetoLogic\PLAVEngine\ScanningProcess.exe owner: SYSTEM domain: AUTORIDADE NT

    PID: 3556 name: C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: AUTORIDADE NT

    PID: 3968 name: C:\WINDOWS\system32\wbem\unsecapp.exe owner: SYSTEM domain: AUTORIDADE NT

    PID: 3456 name: C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe owner: Carmen domain: CARMEN-A2095CD3

    PID: 1660 name: C:\Arquivos de programas\Mozilla Firefox\firefox.exe owner: Carmen domain: CARMEN-A2095CD3

    PID: 2752 name: C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe owner: Carmen domain: CARMEN-A2095CD3

    PID: 648 name: C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe owner: Carmen domain: CARMEN-A2095CD3

    PID: 2880 name: C:\WINDOWS\System32\wudfhost.exe owner: LOCAL SERVICE domain: AUTORIDADE NT

    PID: 496 name: C:\Arquivos de programas\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Carmen domain: CARMEN-A2095CD3

    Startup items:

    Name: RTHDCPL

    imagepath: RTHDCPL.EXE

    Name: NvCplDaemon

    imagepath: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    Name: nwiz

    imagepath: nwiz.exe /install

    Name: NvMediaCenter

    imagepath: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    Name: NeroFilterCheck

    imagepath: C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

    Name: SunJavaUpdateSched

    imagepath: "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

    Name: GrooveMonitor

    imagepath: "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

    Name: HPDJ Taskbar Utility

    imagepath: C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

    Name: Ad-Watch

    imagepath: C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe

    Name: Adobe Reader Speed Launcher

    imagepath: "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    Name: PWRISOVM.EXE

    imagepath: C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

    Name: Malwarebytes Anti-Malware (reboot)

    imagepath: "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

    Name: QuickTime Task

    imagepath: "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

    Name: iTunesHelper

    imagepath: "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

    Name: avgnt

    imagepath: "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

    Name: ParetoLogic Anti-Virus PLUS

    imagepath: "C:\Arquivos de programas\ParetoLogic\Anti-Virus PLUS\Pareto_AV.lnk" -NM -hidesplash

    Name: PostBootReminder

    imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9}

    Name: CDBurn

    imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9}

    Name: WebCheck

    imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

    Name: SysTray

    imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153}

    Name: WPDShServiceObj

    imagepath: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}

    Name: CompIBBrd

    imagepath: {A3717295-941D-416F-9384-ED1736729F1C}

    Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1}

    imagepath: Pré-carregador Browseui

    Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}

    imagepath: Daemon de cache de categorias de componente

    Name: {A3717295-941D-416F-9384-ED1736729F1C}

    imagepath: scpLIB

    Name: PcSync

    imagepath: C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

    Name:

    imagepath: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\desktop.ini

    Name:

    imagepath: C:\WINDOWS\system32\config\systemprofile\Menu Iniciar\Programas\Inicializar\desktop.ini

    Bootexecute items:

    Name:

    imagepath: masterx autocheck autochk *

    Name:

    imagepath: lsdelete

    Running services:

    Name: ALG

    displayname: Serviço 'Gateway de camada de aplicativo'

    Name: AntiVirSchedulerService

    displayname: Avira AntiVir Scheduler

    Name: AntiVirService

    displayname: Avira AntiVir Guard

    Name: Apple Mobile Device

    displayname: Dispositivo Celular da Apple

    Name: AudioSrv

    displayname: Áudio do Windows

    Name: BITS

    displayname: Serviço de transferência inteligente de plano de fundo

    Name: Bonjour Service

    displayname: Bonjour Service

    Name: CCALib8

    displayname: Canon Camera Access Library 8

    Name: CryptSvc

    displayname: CryptSvc

    Name: DcomLaunch

    displayname: Inicializador de Processo de Servidor DCOM

    Name: Dhcp

    displayname: Cliente DHCP

    Name: Dnscache

    displayname: Cliente DNS

    Name: ERSvc

    displayname: Erro ao informar o serviço

    Name: Eventlog

    displayname: Log de eventos

    Name: EventSystem

    displayname: Sistema de eventos COM+

    Name: FastUserSwitchingCompatibility

    displayname: Compatibilidade com 'Troca rápida de usuário'

    Name: helpsvc

    displayname: Ajuda e suporte

    Name: HidServ

    displayname: HID Input Service

    Name: iPod Service

    displayname: iPod Service

    Name: JavaQuickStarterService

    displayname: Java Quick Starter

    Name: lanmanserver

    displayname: Servidor

    Name: lanmanworkstation

    displayname: Estação de trabalho

    Name: Lavasoft Ad-Aware Service

    displayname: Lavasoft Ad-Aware Service

    Name: LmHosts

    displayname: Auxiliar NetBIOS TCP/IP

    Name: Netman

    displayname: Conexões de rede

    Name: Nla

    displayname: Reconhecimento de local da rede (NLA)

    Name: NMIndexingService

    displayname: NMIndexingService

    Name: NVSvc

    displayname: NVIDIA Display Driver Service

    Name: PlugPlay

    displayname: Plug and Play

    Name: PolicyAgent

    displayname: Serviços IPSEC

    Name: ProtectedStorage

    displayname: Armazenamento protegido

    Name: RasMan

    displayname: Gerenciador de conexão de acesso remoto

    Name: RpcSs

    displayname: Chamada de procedimento remoto (RPC)

    Name: SamSs

    displayname: Gerenciador de contas de segurança

    Name: Schedule

    displayname: Agendador de tarefas

    Name: seclogon

    displayname: Secondary Logon

    Name: SENS

    displayname: Notificação de eventos de sistema

    Name: SharedAccess

    displayname: Firewall do Windows/Compartilhamento de Conexão com a Internet (ICS)

    Name: ShellHWDetection

    displayname: Detecção do hardware do shell

    Name: SNMP

    displayname: Serviço SNMP

    Name: Spooler

    displayname: Spooler de impressão

    Name: srservice

    displayname: Serviço de restauração do sistema

    Name: stisvc

    displayname: Assistente de aquisição de imagens do Windows (WIA)

    Name: TapiSrv

    displayname: Telefonia

    Name: TermService

    displayname: Serviços de terminal

    Name: Themes

    displayname: Temas

    Name: TrkWks

    displayname: Cliente de rastreamento de link distribuído

    Name: W32Time

    displayname: Horário do Windows

    Name: WebClient

    displayname: Cliente da Web

    Name: winmgmt

    displayname: Testador de instrumentação de gerenciam. do Windows

    Name: WmiApSrv

    displayname: Adaptador de desempenho WMI

    Name: wscsvc

    displayname: Central de Segurança

    Name: wuauserv

    displayname: Atualizações Automáticas

    Name: WudfSvc

    displayname: Windows Driver Foundation - User-mode Driver Framework

    Name: WZCSVC

    displayname: Configuração zero sem fio

    Name: ZeppelinService

    displayname: plasservice

    Malwarebytes

    Malwarebytes' Anti-Malware 1.41

    Versão do banco de dados: 3166

    Windows 5.1.2600 Service Pack 3

    27/1/2010 21:19:59

    mbam-log-2010-01-27 (21-19-59).txt

    Tipo de Verificação: Completa (C:\|)

    Objetos verificados: 229771

    Tempo decorrido: 31 minute(s), 35 second(s)

    Processos da Memória infectados: 0

    Módulos de Memória Infectados: 0

    Chaves do Registro infectadas: 1

    Valores do Registro infectados: 0

    Ítens do Registro infectados: 0

    Pastas infectadas: 0

    Arquivos infectados: 4

    Processos da Memória infectados:

    (Nenhum ítem malicioso foi detectado)

    Módulos de Memória Infectados:

    (Nenhum ítem malicioso foi detectado)

    Chaves do Registro infectadas:

    HKEY_CLASSES_ROOT\CLSID\{67406c94-40ea-093f-a925-1aa3ef4183f2} (Trojan.ATRAPS) -> Quarantined and deleted successfully.

    Valores do Registro infectados:

    (Nenhum ítem malicioso foi detectado)

    Ítens do Registro infectados:

    (Nenhum ítem malicioso foi detectado)

    Pastas infectadas:

    (Nenhum ítem malicioso foi detectado)

    Arquivos infectados:

    C:\System Volume Information\_restore{C222D9F8-FCD4-4267-9BDF-8BC28A45C24C}\RP578\A0067609.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

    C:\System Volume Information\_restore{C222D9F8-FCD4-4267-9BDF-8BC28A45C24C}\RP578\A0068779.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

    C:\WINDOWS\didulist (Malware.Trace) -> Quarantined and deleted successfully.

    C:\WINDOWS\wbtemp2.txt (Malware.Trace) -> Quarantined and deleted successfully.

    abaixo, um link prum print com as imagens dos virus/trojan/outros detectados por diversos programas:

    http://img199.imageshack.us/img199/8886/viruslp.jpg

    Grato.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro digoep

    Já nem sei mais qual programa instalar, estou com o Avira, o Ad-Aware, Malwarebytes', SpyHunter, ParetoLogic Anti-Virus, SUPERAntiSpyware, tudo isso instalado e nenhum resolve..
    Tudo isso!!! Está errado... você deve ter apenas 1 antivírus, 1 spyware (ad-aware) instalado, senão eles entrão em conflito e aí, realmente, não removem nada!

    Peço que faça uma desinstalação dos excedentes e me informe quem deixou, para podermos dar continuidade :)

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Está instalado agora apenas o Avira e o Ad-Aware..

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro digoep

    # Etapa nº 1 #

    Faça o donwload do OTL by OldTimer e salve em seu Desktop.

    • Clique duas vezes no ícone 3984478580_7ed4cabc45_o.gif
    • Deixe a tela principal configurada conforme figura abaixo:

    4046743195_16d3cb1e94_o.jpg

    • Copie e cole o conteúdo abaixo, no espaço logo após 3979150640_113dbcd345_o.jpg

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    %SYSTEMDRIVE%\eventlog.dll /s /md5
    %SYSTEMDRIVE%\scecli.dll /s /md5
    %SYSTEMDRIVE%\netlogon.dll /s /md5
    %SYSTEMDRIVE%\cngaudit.dll /s /md5
    %SYSTEMDRIVE%\sceclt.dll /s /md5
    %SYSTEMDRIVE%\ntelogon.dll /s /md5
    %SYSTEMDRIVE%\logevent.dll /s /md5
    %SYSTEMDRIVE%\iaStor.sys /s /md5
    %SYSTEMDRIVE%\nvstor.sys /s /md5
    %SYSTEMDRIVE%\atapi.sys /s /md5
    %SYSTEMDRIVE%\IdeChnDr.sys /s /md5
    %SYSTEMDRIVE%\viasraid.sys /s /md5


    • Clique no botão 3978388475_e858baec2d_o.jpg
    • Não interrompa o scan em hipótese alguma;
    • Quando terminar será gerado dois logs: OTL.txt e Extras.txt;
    • Reinicie o computador;
    • Poste os dois logs em sua próxima resposta.
    • Não exclua o OTL

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • OTL.Txt

    OTL logfile created on: 28/1/2010 20:52:36 - Run 1

    OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\Carmen\Desktop

    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

    Internet Explorer (Version = 8.0.6001.18702)

    Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

    3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 70,00% Memory free

    5,00 Gb Paging File | 4,00 Gb Available in Paging File | 86,00% Paging File free

    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

    Drive C: | 465,75 Gb Total Space | 296,24 Gb Free Space | 63,60% Space Free | Partition Type: NTFS

    D: Drive not present or media not loaded

    E: Drive not present or media not loaded

    F: Drive not present or media not loaded

    G: Drive not present or media not loaded

    H: Drive not present or media not loaded

    I: Drive not present or media not loaded

    Computer Name: CARMEN-A2095CD3

    Current User Name: Carmen

    Logged in as Administrator.

    Current Boot Mode: Normal

    Scan Mode: Current user

    Company Name Whitelist: Off

    Skip Microsoft Files: Off

    File Age = 30 Days

    Output = Standard

    ========== Processes (SafeList) ==========

    PRC - [2010/01/28 20:50:45 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carmen\Desktop\OTL.exe

    PRC - [2010/01/28 02:09:17 | 01,938,432 | ---- | M] () -- C:\WINDOWS\csrrs2.exe

    PRC - [2010/01/27 14:45:22 | 00,788,880 | ---- | M] (Lavasoft) -- C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe

    PRC - [2010/01/27 14:45:20 | 01,181,328 | ---- | M] (Lavasoft) -- C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe

    PRC - [2010/01/25 20:38:26 | 00,301,568 | ---- | M] (Adobe Inc.) -- C:\Arquivos de programas\Java\jre1.6.0\bin\applet\jvm\AcroRd32.exe

    PRC - [2010/01/13 15:22:19 | 00,135,664 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Carmen\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

    PRC - [2009/11/12 16:33:10 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Arquivos de programas\iTunes\iTunesHelper.exe

    PRC - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Arquivos de programas\iPod\bin\iPodService.exe

    PRC - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    PRC - [2009/07/21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

    PRC - [2009/05/13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

    PRC - [2009/03/02 12:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

    PRC - [2009/02/06 17:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

    PRC - [2008/12/17 12:15:20 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Java\jre6\bin\jqs.exe

    PRC - [2008/12/17 12:15:20 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Java\jre6\bin\jusched.exe

    PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Arquivos de programas\Bonjour\mDNSResponder.exe

    PRC - [2008/10/25 11:44:34 | 00,031,072 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

    PRC - [2008/04/13 23:21:19 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe

    PRC - [2008/04/13 23:20:58 | 01,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

    PRC - [2008/01/20 04:05:37 | 00,217,088 | ---- | M] (PowerISO Computing, Inc.) -- C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

    PRC - [2007/09/17 04:08:42 | 16,132,608 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe

    PRC - [2007/09/16 14:07:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe

    PRC - [2007/06/01 10:21:30 | 01,209,904 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

    PRC - [2007/06/01 10:21:30 | 00,271,920 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

    PRC - [2007/06/01 10:21:08 | 00,153,136 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

    PRC - [2007/01/31 14:55:42 | 00,096,370 | ---- | M] (Canon Inc.) -- C:\Arquivos de programas\Canon\CAL\CALMAIN.exe

    PRC - [2006/10/28 11:22:56 | 00,981,504 | ---- | M] () -- C:\Arquivos de programas\Rainlendar2\Rainlendar2.exe

    PRC - [2006/03/02 09:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe

    PRC - [2002/11/03 18:13:52 | 00,188,416 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

    ========== Modules (SafeList) ==========

    MOD - [2010/01/28 20:50:45 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carmen\Desktop\OTL.exe

    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- -- (avast! Web Scanner)

    SRV - File not found [On_Demand | Stopped] -- -- (avast! Mail Scanner)

    SRV - File not found [Auto | Stopped] -- -- (avast! Antivirus)

    SRV - File not found [Auto | Stopped] -- -- (aswUpdSv)

    SRV - [2010/01/27 14:45:20 | 01,181,328 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)

    SRV - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Arquivos de programas\iPod\bin\iPodService.exe -- (iPod Service)

    SRV - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)

    SRV - [2009/07/21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

    SRV - [2009/05/13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

    SRV - [2008/12/17 12:15:20 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Arquivos de programas\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)

    SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Arquivos de programas\Bonjour\mDNSResponder.exe -- (Bonjour Service)

    SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)

    SRV - [2008/10/25 11:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)

    SRV - [2008/05/20 13:55:10 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

    SRV - [2008/04/13 23:21:19 | 00,033,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\snmp.exe -- (SNMP)

    SRV - [2007/09/16 14:07:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)

    SRV - [2007/06/01 10:21:30 | 00,271,920 | ---- | M] (Nero AG) [On_Demand | Running] -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)

    SRV - [2007/04/13 21:09:56 | 00,792,112 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)

    SRV - [2007/01/31 14:55:42 | 00,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Arquivos de programas\Canon\CAL\CALMAIN.exe -- (CCALib8)

    SRV - [2006/11/06 14:21:10 | 00,210,432 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

    SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

    ========== Driver Services (SafeList) ==========

    DRV - [2009/11/30 17:16:49 | 00,269,904 | ---- | M] (ALWIL Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSnx.sys -- (aswSnx)

    DRV - [2009/11/30 17:16:29 | 00,186,064 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aswNdis.sys -- (aswNdis)

    DRV - [2009/11/25 11:19:02 | 00,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

    DRV - [2009/11/24 20:50:59 | 00,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)

    DRV - [2009/11/24 20:50:12 | 00,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)

    DRV - [2009/11/24 20:50:00 | 00,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)

    DRV - [2009/11/24 20:49:07 | 00,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)

    DRV - [2009/11/24 20:48:57 | 00,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)

    DRV - [2009/11/24 20:47:54 | 00,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)

    DRV - [2009/09/23 09:55:23 | 00,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)

    DRV - [2009/07/21 21:45:22 | 00,047,360 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin)

    DRV - [2009/06/30 09:37:16 | 00,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)

    DRV - [2009/05/18 14:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

    DRV - [2009/05/11 09:12:24 | 00,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

    DRV - [2009/03/30 09:33:07 | 00,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

    DRV - [2009/02/13 11:35:05 | 00,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Arquivos de programas\Avira\AntiVir Desktop\avgio.sys -- (avgio)

    DRV - [2008/05/20 23:27:41 | 00,223,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)

    DRV - [2008/05/11 20:15:43 | 00,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

    DRV - [2008/04/13 13:39:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)

    DRV - [2008/04/13 13:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

    DRV - [2008/01/20 04:07:58 | 00,033,292 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu)

    DRV - [2007/09/17 04:09:52 | 00,254,872 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®

    DRV - [2007/09/17 04:08:44 | 04,402,176 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

    DRV - [2007/09/16 14:07:00 | 06,853,088 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

    DRV - [2007/03/13 13:05:30 | 00,044,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®

    DRV - [2007/03/07 20:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)

    DRV - [2006/10/25 19:28:10 | 00,031,128 | ---- | M] (Compuware Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hid8103.sys -- (hid8103)

    DRV - [2006/10/10 08:54:34 | 00,138,240 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (Nokia USB Phone Parent)

    DRV - [2006/10/10 08:54:32 | 00,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (Nokia USB Port)

    DRV - [2006/10/10 08:54:32 | 00,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (Nokia USB Modem)

    DRV - [2006/10/10 08:54:32 | 00,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (Nokia USB Generic)

    DRV - [2006/03/02 09:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)

    ========== Standard Registry (SafeList) ==========

    ========== Internet Explorer ==========

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 58 27 5A 89 7D CA 01 [binary data]

    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"

    FF - prefs.js..browser.search.useDBForOrder: true

    FF - prefs.js..browser.startup.homepage: ""

    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

    FF - prefs.js..extensions.enabledItems: chromifox@altmusictv.com:1.1.3

    FF - prefs.js..extensions.enabledItems: CrystalFox_Qute@BigRedBrent:3.7

    FF - prefs.js..extensions.enabledItems: {069FB356-C69F-7349-D092-AB28AF836D0E}:0.9.030

    FF - prefs.js..extensions.enabledItems: {13b4437e-b706-11dc-8314-0800200c9a66}:1.35.20090722

    FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Arquivos de programas\Real\RealPlayer\browserrecord [2008/05/08 02:15:07 | 00,000,000 | ---D | M]

    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components [2010/01/19 00:43:43 | 00,000,000 | ---D | M]

    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox\plugins [2010/01/19 00:43:43 | 00,000,000 | ---D | M]

    [2009/04/08 15:31:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Carmen\Dados de aplicativos\Mozilla\Extensions

    [2009/04/08 15:31:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Carmen\Dados de aplicativos\Mozilla\Extensions\mozswing@mozswing.org

    [2010/01/27 21:24:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Carmen\Dados de aplicativos\Mozilla\Firefox\Profiles\60o3eaur.default\extensions

    [2010/01/25 20:56:48 | 00,000,000 | ---D | M] (Phoenity Next (formerly Phoenity Reborn)) -- C:\Documents and Settings\Carmen\Dados de aplicativos\Mozilla\Firefox\Profiles\60o3eaur.default\extensions\{069FB356-C69F-7349-D092-AB28AF836D0E}

    [2009/07/23 00:50:33 | 00,000,000 | ---D | M] (Simple Green) -- C:\Documents and Settings\Carmen\Dados de aplicativos\Mozilla\Firefox\Profiles\60o3eaur.default\extensions\{13b4437e-b706-11dc-8314-0800200c9a66}

    [2008/05/08 17:41:42 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carmen\Dados de aplicativos\Mozilla\Firefox\Profiles\60o3eaur.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash

    [2009/07/06 21:40:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Carmen\Dados de aplicativos\Mozilla\Firefox\Profiles\60o3eaur.default\extensions\chromifox@altmusictv.com

    [2009/07/08 11:16:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Carmen\Dados de aplicativos\Mozilla\Firefox\Profiles\60o3eaur.default\extensions\CrystalFox_Qute@BigRedBrent

    [2010/01/27 21:24:25 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\Mozilla Firefox\extensions

    [2008/01/23 03:20:30 | 00,491,520 | ---- | M] (BitComet) -- C:\Arquivos de programas\Mozilla Firefox\plugins\npBitCometAgent.dll

    [2005/12/05 22:31:00 | 00,114,688 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\plugins\npmozax.dll

    [2009/06/24 09:51:18 | 00,001,027 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\buscape.xml

    [2009/06/24 09:51:18 | 00,001,135 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\mercadolivre.xml

    [2009/06/24 09:51:18 | 00,001,168 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\wikipedia-br.xml

    [2009/06/24 09:51:18 | 00,000,648 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\yahoo-br.xml

    O1 HOSTS File: ([2010/01/28 02:07:54 | 00,001,490 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

    O1 - Hosts: 198.65.57.185 netcerto.com.br

    O1 - Hosts: 198.65.57.185 www.netcerto.com.br

    O1 - Hosts: 198.65.57.185 visanet.com.br

    O1 - Hosts: 198.65.57.185 www.visanet.com.br

    O1 - Hosts: 198.65.57.185 www.bancoreal.com.br

    O1 - Hosts: 198.65.57.185 real.com.br

    O1 - Hosts: 198.65.57.185 www.real.com.br

    O1 - Hosts: 198.65.57.185 www.itau.com.br

    O1 - Hosts: 198.65.57.185 itau.com.br

    O1 - Hosts: 198.65.57.185 www.itaupersonnalite.com.br

    O1 - Hosts: 198.65.57.185 itaupersonnalite.com.br

    O1 - Hosts: 198.65.57.185 www.itauprivatebank.com.br

    O1 - Hosts: 198.65.57.185 itauprivatebank.com.br

    O1 - Hosts: 198.65.57.185 www.bb.com.br

    O1 - Hosts: 198.65.57.185 bb.com.br

    O1 - Hosts: 198.65.57.185 www.bb.gov.br

    O1 - Hosts: 198.65.57.185 bb.gov.br

    O1 - Hosts: 198.65.57.185 bradesco.com.br

    O1 - Hosts: 198.65.57.185 www.bradesco.com.br

    O1 - Hosts: 198.65.57.185 www.bradescoprime.com.br

    O1 - Hosts: 198.65.57.185 bradescoprime.com.br

    O1 - Hosts: 198.65.57.185 bradescojuridico.com.br

    O1 - Hosts: 198.65.57.185 www.checktudo.com.br

    O1 - Hosts: 198.65.57.185 checktudo.com.br

    O1 - Hosts: 198.65.57.185 www.infoseg.gov.br

    O1 - Hosts: 18 more lines...

    O2 - BHO: (Facilitador de Leitor de Link Adobe PDF) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

    O2 - BHO: (no name) - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - No CLSID value found.

    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)

    O2 - BHO: (Click-to-Call BHO) - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll (Microsoft Corporation)

    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

    O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

    O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

    O2 - BHO: (no name) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - No CLSID value found.

    O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

    O2 - BHO: (Java Plug-In 2 SSV Helper) - {E3E15641-A5B2-4784-A8B0-3382A5616EE0} - C:\WINDOWS\java\jre1.6.0\bin\jp2ssv.dll ()

    O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

    O4 - HKLM..\Run: [Ad-Watch] C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)

    O4 - HKLM..\Run: [avgnt] C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

    O4 - HKLM..\Run: [GrooveMonitor] C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

    O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe (HP)

    O4 - HKLM..\Run: [iTunesHelper] C:\Arquivos de programas\iTunes\iTunesHelper.exe (Apple Inc.)

    O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe File not found

    O4 - HKLM..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe (Nero AG)

    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

    O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Arquivos de programas\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)

    O4 - HKLM..\Run: [QuickTime Task] C:\Arquivos de programas\QuickTime\QTTask.exe (Apple Inc.)

    O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)

    O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

    O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe (Nero AG)

    O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Carmen\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe (Google Inc.)

    O4 - HKCU..\Run: [Microsoft Security Essential] C:\Documents and Settings\Carmen\Configurações locais\temp\msseces.exe (Microsoft)

    O4 - HKCU..\Run: [Rainlendar2] C:\Arquivos de programas\Rainlendar2\Rainlendar2.exe ()

    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Arquivos de programas\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

    O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

    O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Arquivos de programas\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Arquivos de programas\Bonjour\mdnsNSP.dll (Apple Inc.)

    O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1210173210187 (MUWebControl Class)

    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)

    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)

    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)

    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

    O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

    O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} https://imagem.caixa.gov.br/cab/gbpdist.cab (Reg Error: Key error.)

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.21.192.132 201.21.192.133

    O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

    O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found

    O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found

    O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found

    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\csrrs2.exe) - C:\WINDOWS\csrrs2.exe ()

    O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - CLSID or File not found.

    O22 - SharedTaskScheduler: {A3717295-941D-416F-9384-ED1736729F1C} - scpLIB - Reg Error: Key error. File not found

    O24 - Desktop Components:0 (Minha página inicial atual) - About:Home

    O24 - Desktop WallPaper: C:\Documents and Settings\Carmen\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp

    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Carmen\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp

    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

    O32 - HKLM CDRom: AutoRun - 1

    O32 - AutoRun File - [2008/05/07 10:11:43 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

    O34 - HKLM BootExecute: (masterx autocheck autochk *) - File not found

    O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

    O35 - comfile [open] -- "%1" %*

    O35 - exefile [open] -- "%1" %*

    NetSvcs: 6to4 - File not found

    NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/05/07 06:54:02 | 00,000,000 | ---D | M]

    NetSvcs: Iprip - File not found

    NetSvcs: Irmon - File not found

    NetSvcs: NWCWorkstation - File not found

    NetSvcs: Nwsapagent - File not found

    NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)

    NetSvcs: WmdmPmSp - File not found

    SafeBootMin: Base - Driver Group

    SafeBootMin: Boot Bus estender - Driver Group

    SafeBootMin: Boot file system - Driver Group

    SafeBootMin: File system - Driver Group

    SafeBootMin: Filter - Driver Group

    SafeBootMin: Lavasoft Ad-Aware Service - C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

    SafeBootMin: PCI Configuration - Driver Group

    SafeBootMin: PNP Filter - Driver Group

    SafeBootMin: Primary disk - Driver Group

    SafeBootMin: SCSI Class - Driver Group

    SafeBootMin: sermouse.sys - Driver

    SafeBootMin: System Bus estender - Driver Group

    SafeBootMin: vds - Service

    SafeBootMin: vga.sys - Driver

    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

    SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

    SafeBootNet: Base - Driver Group

    SafeBootNet: Boot Bus estender - Driver Group

    SafeBootNet: Boot file system - Driver Group

    SafeBootNet: File system - Driver Group

    SafeBootNet: Filter - Driver Group

    SafeBootNet: Lavasoft Ad-Aware Service - C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

    SafeBootNet: NDIS Wrapper - Driver Group

    SafeBootNet: NetBIOSGroup - Driver Group

    SafeBootNet: NetDDEGroup - Driver Group

    SafeBootNet: Network - Driver Group

    SafeBootNet: NetworkProvider - Driver Group

    SafeBootNet: PCI Configuration - Driver Group

    SafeBootNet: PNP Filter - Driver Group

    SafeBootNet: PNP_TDI - Driver Group

    SafeBootNet: Primary disk - Driver Group

    SafeBootNet: SCSI Class - Driver Group

    SafeBootNet: sermouse.sys - Driver

    SafeBootNet: Streams Drivers - Driver Group

    SafeBootNet: System Bus estender - Driver Group

    SafeBootNet: TDI - Driver Group

    SafeBootNet: vga.sys - Driver

    SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

    SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

    SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

    SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

    SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

    SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

    SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

    SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

    SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

    SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

    SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

    SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

    SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

    SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

    SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

    SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

    SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

    ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

    ActiveX: {0CBADDF4-2CF6-4CDB-B4F5-29B8FCA7FE07} - .NET Framework

    ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Processamento de gráficos vetoriais (VML)

    ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

    ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4

    ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

    ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4

    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

    ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Ligação de dados de HTML dinâmico para Java

    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

    ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Cancelar inscrição

    ActiveX: {405C32CF-9C6F-49B3-9436-3F5FDBE7B3CE} - .NET Framework

    ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

    ActiveX: {423290D4-DC50-48FA-9871-9D61FCAD7C13} - .NET Framework

    ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Criação avançada

    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

    ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

    ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX

    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

    ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes DirectAnimation para Java

    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8

    ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Atualização de Segurança para Windows XP (KB923789)

    ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

    ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

    ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework

    ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders

    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install

    ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser

    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

    ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider

    ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework

    ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

    ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

    ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Agendador de tarefas

    ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

    ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player

    ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)

    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

    ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate

    ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /HideWMP

    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

    ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

    Drivers32: msacm.divxa32 - C:\WINDOWS\System32\divxa32.acm (Kristal StudioDFileDescription)

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

    Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)

    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

    Drivers32: VIDC.FFDS - ff_vfw.dll File not found

    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

    Drivers32: vidc.XVID - xvidvfw.dll File not found

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/01/28 20:50:09 | 00,548,864 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Carmen\Desktop\OTL.exe

    [2010/01/28 02:29:15 | 00,000,000 | -HSD | C] -- C:\Config.Msi

    [2010/01/27 18:33:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft

    [2010/01/27 18:33:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dados de aplicativos\Adobe

    [2010/01/26 22:22:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\ParetoLogic

    [2010/01/26 22:22:07 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\ParetoLogic

    [2010/01/26 22:08:09 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys

    [2010/01/26 22:08:09 | 00,056,816 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

    [2010/01/26 22:08:09 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys

    [2010/01/26 22:08:09 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys

    [2010/01/26 22:08:08 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys

    [2010/01/26 22:08:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Avira

    [2010/01/26 22:08:06 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Avira

    [2010/01/19 00:45:49 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\iPod

    [2010/01/19 00:45:46 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\iTunes

    [2010/01/19 00:43:24 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\QuickTime

    [2010/01/18 22:01:14 | 00,000,000 | -HSD | C] -- C:\RECYCLER

    [2010/01/14 02:00:07 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Carmen\Recent

    [2010/01/13 21:49:52 | 00,000,000 | RHSD | C] -- C:\cmdcons

    [2010/01/13 21:48:52 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

    [2010/01/13 21:48:52 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

    [2010/01/13 21:48:51 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

    [2010/01/13 21:48:51 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

    [2010/01/13 21:47:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

    [2010/01/13 21:45:50 | 00,000,000 | ---D | C] -- C:\Qoobox

    [2010/01/09 14:26:01 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Symantec Shared

    [2010/01/09 14:22:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Symantec

    [2010/01/09 14:22:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Norton

    [2010/01/09 14:22:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\NortonInstaller

    [2010/01/09 05:32:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss

    [2009/08/06 23:51:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Apple

    [2009/02/26 01:55:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft

    [2008/05/30 02:24:18 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Carmen\Dados de aplicativos\pcouffin.sys

    [2008/05/20 14:16:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Adobe

    [2008/05/07 10:14:11 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dados de aplicativos\Microsoft

    [2008/05/07 10:13:29 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dados de aplicativos\Microsoft

    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010/01/28 20:50:45 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carmen\Desktop\OTL.exe

    [2010/01/28 20:45:22 | 00,000,520 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

    [2010/01/28 20:45:22 | 00,000,520 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job

    [2010/01/28 20:45:21 | 00,000,520 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job

    [2010/01/28 20:45:21 | 00,000,520 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job

    [2010/01/28 20:45:21 | 00,000,520 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job

    [2010/01/28 18:00:00 | 00,000,488 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job

    [2010/01/28 09:41:22 | 00,002,390 | ---- | M] () -- C:\rollback.ini

    [2010/01/28 09:20:34 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

    [2010/01/28 09:20:32 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

    [2010/01/28 09:20:31 | 32,157,73696 | -HS- | M] () -- C:\hiberfil.sys

    [2010/01/28 02:58:23 | 08,126,464 | ---- | M] () -- C:\Documents and Settings\Carmen\NTUSER.DAT

    [2010/01/28 02:24:55 | 00,230,912 | ---- | M] () -- C:\Documents and Settings\Carmen\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    [2010/01/28 02:09:25 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Carmen.jvs5

    [2010/01/28 02:09:17 | 01,938,432 | ---- | M] () -- C:\WINDOWS\csrrs2.exe

    [2010/01/28 02:07:54 | 00,001,490 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

    [2010/01/28 02:07:38 | 00,609,792 | ---- | M] () -- C:\Documents and Settings\Carmen\xUninstallJ.exe

    [2010/01/27 14:45:49 | 00,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe

    [2010/01/26 22:08:19 | 00,001,789 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk

    [2010/01/25 21:18:13 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Carmen.jvs4

    [2010/01/25 21:18:02 | 01,938,432 | ---- | M] () -- C:\Documents and Settings\Carmen\Dados de aplicativos\csrrs2.exe

    [2010/01/25 21:17:57 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Carmen.vs4

    [2010/01/25 21:17:51 | 01,321,472 | ---- | M] () -- C:\Documents and Settings\Carmen\Dados de aplicativos\csrrs1.exe

    [2010/01/25 20:38:13 | 00,000,001 | -HS- | M] () -- C:\MSDOS.INI

    [2010/01/23 14:34:40 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

    [2010/01/21 23:51:01 | 00,000,300 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

    [2010/01/21 19:52:08 | 00,000,210 | -HS- | M] () -- C:\Documents and Settings\Carmen\ntuser.ini

    [2010/01/19 00:53:36 | 00,002,169 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

    [2010/01/16 22:34:40 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

    [2010/01/16 22:29:22 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak

    [2010/01/14 01:15:59 | 00,003,018 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

    [2010/01/13 21:49:56 | 00,000,281 | RHS- | M] () -- C:\boot.ini

    [2010/01/09 05:19:53 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

    [2010/01/09 05:07:45 | 00,000,523 | ---- | M] () -- C:\hpfr3420.xml

    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/01/28 02:09:25 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Carmen.jvs5

    [2010/01/28 02:07:34 | 00,609,792 | ---- | C] () -- C:\Documents and Settings\Carmen\xUninstallJ.exe

    [2010/01/27 01:15:02 | 00,002,390 | ---- | C] () -- C:\rollback.ini

    [2010/01/26 22:41:46 | 00,000,488 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job

    [2010/01/26 22:08:19 | 00,001,789 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk

    [2010/01/25 21:18:13 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Carmen.jvs4

    [2010/01/25 21:17:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Carmen.vs4

    [2010/01/25 21:17:52 | 01,938,432 | ---- | C] () -- C:\WINDOWS\csrrs2.exe

    [2010/01/25 21:17:52 | 01,938,432 | ---- | C] () -- C:\Documents and Settings\Carmen\Dados de aplicativos\csrrs2.exe

    [2010/01/25 21:17:41 | 01,321,472 | ---- | C] () -- C:\Documents and Settings\Carmen\Dados de aplicativos\csrrs1.exe

    [2010/01/25 20:38:13 | 00,000,001 | -HS- | C] () -- C:\MSDOS.INI

    [2010/01/21 19:52:52 | 32,157,73696 | -HS- | C] () -- C:\hiberfil.sys

    [2010/01/19 00:46:26 | 00,002,169 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

    [2010/01/13 21:49:56 | 00,000,211 | ---- | C] () -- C:\Boot.bak

    [2010/01/13 21:49:53 | 00,261,920 | ---- | C] () -- C:\cmldr

    [2010/01/13 21:48:52 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe

    [2010/01/13 21:48:52 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

    [2010/01/13 21:48:52 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

    [2010/01/13 21:48:52 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

    [2010/01/13 21:48:51 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

    [2009/12/26 07:42:49 | 00,042,495 | ---- | C] () -- C:\Documents and Settings\Carmen\Configurações locais\Dados de aplicativos\FASTWiz.log

    [2009/07/13 19:14:24 | 02,362,880 | ---- | C] () -- C:\WINDOWS\System32\smll64.dll

    [2009/05/26 00:29:54 | 00,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll

    [2009/04/22 00:19:06 | 00,172,173 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat

    [2009/03/15 14:37:21 | 00,030,342 | ---- | C] () -- C:\Documents and Settings\Carmen\Dados de aplicativos\NMM-MetaData.db

    [2008/05/30 02:24:22 | 00,000,034 | ---- | C] () -- C:\Documents and Settings\Carmen\Dados de aplicativos\pcouffin.log

    [2008/05/30 02:24:18 | 00,087,608 | ---- | C] () -- C:\Documents and Settings\Carmen\Dados de aplicativos\ezpinst.exe

    [2008/05/30 02:24:18 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\Carmen\Dados de aplicativos\pcouffin.inf

    [2008/05/30 02:24:18 | 00,001,074 | ---- | C] () -- C:\Documents and Settings\Carmen\Dados de aplicativos\pcouffin.cat

    [2008/05/22 18:32:06 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

    [2008/05/20 23:27:41 | 00,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\dtscsi.sys

    [2008/05/20 13:53:53 | 00,035,979 | ---- | C] () -- C:\Arquivos de programas\Photoshop CS3 Read Me.html

    [2008/05/14 04:21:18 | 00,000,238 | ---- | C] () -- C:\WINDOWS\mafosav.INI

    [2008/05/11 20:15:43 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys

    [2008/05/08 04:04:24 | 00,230,912 | ---- | C] () -- C:\Documents and Settings\Carmen\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    [2008/05/07 11:38:51 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

    [2007/09/16 14:07:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

    [2007/09/16 14:07:00 | 01,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

    [2007/09/16 14:07:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

    [2007/09/16 14:07:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

    [2007/09/16 14:07:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

    [2005/12/07 11:31:00 | 00,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll

    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.exe >

    < %SYSTEMDRIVE%\eventlog.dll /s /md5 >

    [2006/03/02 09:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=BD18C87A4E1EA136C44D374296B981DC -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

    [2008/04/13 23:20:26 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=A8CDC8DECE4735B86BBEF28460996C30 -- C:\WINDOWS\ERDNT\cache\eventlog.dll

    [2008/04/13 23:20:26 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=A8CDC8DECE4735B86BBEF28460996C30 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

    [2008/04/13 23:20:26 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=A8CDC8DECE4735B86BBEF28460996C30 -- C:\WINDOWS\system32\eventlog.dll

    [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %SYSTEMDRIVE%\scecli.dll /s /md5 >

    [2006/03/02 09:00:00 | 00,183,808 | ---- | M] (Microsoft Corporation) MD5=E95230A31F912E07B19F8335D4DFF110 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

    [2008/04/13 23:20:40 | 00,184,832 | ---- | M] (Microsoft Corporation) MD5=879E802EF4EF2405014B170EA41E552B -- C:\WINDOWS\ERDNT\cache\scecli.dll

    [2008/04/13 23:20:40 | 00,184,832 | ---- | M] (Microsoft Corporation) MD5=879E802EF4EF2405014B170EA41E552B -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

    [2008/04/13 23:20:40 | 00,184,832 | ---- | M] (Microsoft Corporation) MD5=879E802EF4EF2405014B170EA41E552B -- C:\WINDOWS\system32\scecli.dll

    [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %SYSTEMDRIVE%\netlogon.dll /s /md5 >

    [2006/03/02 09:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=82777C1BE8E9F0B1574DAC5BC29C7D6F -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

    [2008/04/13 23:20:34 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=49897D67B04E62F8E59EB8B1C7DF7072 -- C:\WINDOWS\ERDNT\cache\netlogon.dll

    [2008/04/13 23:20:34 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=49897D67B04E62F8E59EB8B1C7DF7072 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

    [2008/04/13 23:20:34 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=49897D67B04E62F8E59EB8B1C7DF7072 -- C:\WINDOWS\system32\netlogon.dll

    [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %SYSTEMDRIVE%\cngaudit.dll /s /md5 >

    < %SYSTEMDRIVE%\sceclt.dll /s /md5 >

    < %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

    < %SYSTEMDRIVE%\logevent.dll /s /md5 >

    < %SYSTEMDRIVE%\iaStor.sys /s /md5 >

    < %SYSTEMDRIVE%\nvstor.sys /s /md5 >

    < %SYSTEMDRIVE%\atapi.sys /s /md5 >

    [2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

    [2008/04/13 15:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys

    [2008/04/13 15:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

    [2008/04/13 15:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

    [2006/03/02 09:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys

    [2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys

    < %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

    < %SYSTEMDRIVE%\viasraid.sys /s /md5 >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:DFC5A2B2

    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:2AB4FD5E

    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:A8ADE5D8

    < End of report >

    Extras.Txt

    OTL Extras logfile created on: 28/1/2010 20:52:36 - Run 1

    OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\Carmen\Desktop

    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

    Internet Explorer (Version = 8.0.6001.18702)

    Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

    3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 70,00% Memory free

    5,00 Gb Paging File | 4,00 Gb Available in Paging File | 86,00% Paging File free

    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

    Drive C: | 465,75 Gb Total Space | 296,24 Gb Free Space | 63,60% Space Free | Partition Type: NTFS

    D: Drive not present or media not loaded

    E: Drive not present or media not loaded

    F: Drive not present or media not loaded

    G: Drive not present or media not loaded

    H: Drive not present or media not loaded

    I: Drive not present or media not loaded

    Computer Name: CARMEN-A2095CD3

    Current User Name: Carmen

    Logged in as Administrator.

    Current Boot Mode: Normal

    Scan Mode: Current user

    Company Name Whitelist: Off

    Skip Microsoft Files: Off

    File Age = 30 Days

    Output = Standard

    ========== Extra Registry (SafeList) ==========

    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    .html [@ = FirefoxHTML] -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

    batfile [open] -- "%1" %*

    cmdfile [open] -- "%1" %*

    comfile [open] -- "%1" %*

    exefile [open] -- "%1" %*

    htmlfile [edit] -- Reg Error: Key error.

    htmlfile [open] -- "C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

    htmlfile [opennew] -- "C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

    http [open] -- "C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

    https [open] -- "C:\Arquivos de programas\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

    piffile [open] -- "%1" %*

    regfile [merge] -- Reg Error: Key error.

    scrfile [config] -- "%1"

    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

    scrfile [open] -- "%1" /S

    txtfile [edit] -- Reg Error: Key error.

    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    Directory [OneNote.Open] -- C:\ARQUIV~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

    Directory [Winamp.Bookmark] -- "C:\Arquivos de programas\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

    Directory [Winamp.Enqueue] -- "C:\Arquivos de programas\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

    Directory [Winamp.Play] -- "C:\Arquivos de programas\Winamp\winamp.exe" "%1" (Nullsoft)

    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    Applications\iexplore.exe [open] -- "C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    "FirstRunDisabled" = 1

    "UpdatesDisableNotify" = 0

    "AntiVirusOverride" = 1

    "FirewallOverride" = 0

    "AntiVirusDisableNotify" = 0

    "FirewallDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

    "EnableFirewall" = 1

    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    "7768:TCP" = 7768:TCP:*:Enabled:BitComet 7768 TCP

    "7768:UDP" = 7768:UDP:*:Enabled:BitComet 7768 UDP

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

    "C:\Arquivos de programas\Mozilla Firefox\firefox.exe" = C:\Arquivos de programas\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)

    "C:\Arquivos de programas\eMule\emule.exe" = C:\Arquivos de programas\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)

    "C:\Arquivos de programas\uTorrent\uTorrent.exe" = C:\Arquivos de programas\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- ()

    "C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe" = C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe:*:Enabled:Assistência Remota - Windows Messenger e Voz -- (Microsoft Corporation)

    "C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)

    "C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE" = C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)

    "C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE" = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)

    "C:\Arquivos de programas\KONAMI\Pro Evolution Soccer 2009\pes2009.exe" = C:\Arquivos de programas\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009 -- (Konami Digital Entertainment Co., Ltd.)

    "C:\Arquivos de programas\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" = C:\Arquivos de programas\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club -- (Take-Two Interactive Software, Inc.)

    "C:\Arquivos de programas\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe" = C:\Arquivos de programas\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV -- (Sony DADC Austria AG)

    "C:\Arquivos de programas\Rockstar Games\Grand Theft Auto IV\GTAIV.exe" = C:\Arquivos de programas\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV -- (Take-Two Interactive Software, Inc.)

    "C:\Arquivos de programas\Arquivos comuns\Ahead\Nero Web\SetupX.exe" = C:\Arquivos de programas\Arquivos comuns\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup -- (Nero AG)

    "C:\Arquivos de programas\KONAMI\Pro Evolution Soccer 2010\pes2010.exe" = C:\Arquivos de programas\KONAMI\Pro Evolution Soccer 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010 -- (Konami Digital Entertainment Co., Ltd.)

    "C:\Arquivos de programas\Bonjour\mDNSResponder.exe" = C:\Arquivos de programas\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)

    "C:\Arquivos de programas\iTunes\iTunes.exe" = C:\Arquivos de programas\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

    "{02091327-B124-4216-9D71-58C0E24F5392}" = Nokia PC Suite

    "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3

    "{04F3BF74-9E34-4D3E-93C3-D3D1F24199C8}" = PC Connectivity Solution

    "{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable

    "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

    "{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club

    "{0CBADDF4-2CF6-4CDB-B4F5-29B8FCA7FE07}" = Microsoft .NET Framework 1.1 Brazilian Portuguese Language Pack

    "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime

    "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin

    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live

    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

    "{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2

    "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 11

    "{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010

    "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3

    "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3

    "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5

    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

    "{32BC546A-8AA3-4239-AE92-9CF3291C35A6}" = Windows Live Call

    "{350C9416-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

    "{3BFFC6B8-4EC0-4240-858C-998FD4077983}" = Nokia Connectivity Cable Driver

    "{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3

    "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support

    "{405C32CF-9C6F-49B3-9436-3F5FDBE7B3CE}" = Microsoft .NET Framework 2.0 Language Pack - ESN

    "{423290D4-DC50-48FA-9871-9D61FCAD7C13}" = Microsoft .NET Framework 2.0 Language Pack - PTB

    "{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE

    "{4EF69D40-4DC9-485E-95D3-B1C22F218FC8}" = upapp

    "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings

    "{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}" = Assistente de Conexão do Windows Live

    "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3

    "{5546F2F4-236B-4E96-8D5C-7447BBC3C0B0}" = PS TO PC CONVERTER

    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

    "{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV

    "{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup

    "{66EBD70F-A42C-475F-AEDF-277378151046}" = Nero 7 Essentials

    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

    "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All

    "{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings

    "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3

    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

    "{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.12.0

    "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3

    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

    "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3

    "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support

    "{90120000-0010-0416-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Portuguese (Brazil)) 12

    "{90120000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2007

    "{90120000-0015-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

    "{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

    "{90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

    "{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

    "{90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

    "{90120000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

    "{90120000-0019-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

    "{90120000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

    "{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

    "{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007

    "{90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

    "{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007

    "{90120000-001F-0416-0000-0000000FF1CE}_ENTERPRISE_{75EBE365-7FC5-4720-A7D3-804BF550D1BC}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

    "{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007

    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

    "{90120000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

    "{90120000-0044-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

    "{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

    "{90120000-006E-0416-0000-0000000FF1CE}_ENTERPRISE_{9A141B2B-7C5E-47D2-8E9E-9AC6018F3C42}" = Microsoft Office 2007 Service Pack 2 (SP2)

    "{90120000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

    "{90120000-00A1-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

    "{90120000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

    "{90120000-00BA-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

    "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3

    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

    "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings

    "{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}" = Google Earth

    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

    "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3

    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

    "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps

    "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific

    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

    "{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes

    "{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}" = Hitman Blood Money

    "{A8DB611A-D80E-450D-85F6-3ACDD164BE31}" = Pro Evolution Soccer 2009

    "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support

    "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings

    "{AC76BA86-7AD7-1046-7B44-A81300000003}" = Adobe Reader 8.1.5 - Português

    "{AC76BA86-7AD7-1046-7B44-A81300000003}_814" = KB408682

    "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0

    "{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup

    "{B5ED7AB0-3838-4389-8549-7C8E22DD48F4}" = Windows Live Messenger

    "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3

    "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation

    "{BB406CEB-6207-4512-9BB2-89950DC9D6B6}_is1" = ConvertXtoDVD 2.1.13.217

    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

    "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client

    "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files

    "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings

    "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware

    "{E0F07676-2C60-4465-A727-20DE3BFCABAC}" = Tony Hawks Pro Skater 4

    "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3

    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

    "{F2CD4651-F948-467C-B014-71FD981B7F59}" = Windows Live Essentials

    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

    "{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package

    "{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup

    "0852D05415AB9A4F1EF451E342267F76C776ED2F" = Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)

    "4CFD94C379217A02D5EA067615FF789CD731BCDB" = Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2)

    "ActiveScan 2.0" = Panda ActiveScan 2.0

    "Ad-Aware" = Ad-Aware

    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5

    "Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2

    "Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings

    "Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3

    "Applian FLV Player2.0.24" = Applian FLV Player

    "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

    "BSPlayerf" = BS.Player FREE powered by AdVantage

    "CAL" = Canon Camera Access Library

    "CameraUserGuide-PSA470" = Canon PowerShot A470 Guía del usuario de la cámara

    "CameraWindowDC" = Canon Utilities CameraWindow DC

    "CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX

    "CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX

    "CameraWindowLauncher" = Canon Utilities CameraWindow

    "Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder

    "CCleaner" = CCleaner

    "CSCLIB" = Canon Camera Support Core Library

    "DirectPrintUserGuide" = Canon Guía del usuario de impresión directa

    "DVD Shrink_is1" = DVD Shrink 3.2

    "eMule" = eMule

    "ENTERPRISE" = Microsoft Office Enterprise 2007

    "EOS Utility" = Canon Utilities EOS Utility

    "Foxit Reader" = Foxit Reader

    "Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.81

    "Free Video to Mp3 Converter_is1" = Free Video to Mp3 Converter version 3.1

    "HECI" = Intel® Management Engine Interface

    "HijackThis" = HijackThis 2.0.2

    "hp deskjet 3420 series" = hp deskjet 3420 series (Remover somente)

    "hp deskjet 3420 series_Driver" = hp deskjet 3420 series

    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

    "ie8" = Windows Internet Explorer 8

    "Magic ISO Maker v5.3 (build 0221)" = Magic ISO Maker v5.3 (build 0221)

    "Mario Forever v 2.16 !" = Mario Forever v 2.16 !

    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

    "Microsoft .NET Framework 2.0 Language Pack - ESN" = Paquete de idioma de Microsoft .NET Framework 2.0 - ESN

    "Microsoft .NET Framework 2.0 Language Pack - PTB" = Microsoft .NET Framework 2.0 Language Pack - PTB

    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

    "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX

    "Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)

    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

    "MyCamera" = Canon Utilities MyCamera

    "MyCameraDC" = Canon Utilities MyCamera DC

    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

    "NVIDIA Drivers" = NVIDIA Drivers

    "PhotoStitch" = Canon Utilities PhotoStitch

    "PowerISO" = PowerISO

    "Rainlendar2" = Rainlendar2 (remove only)

    "RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX

    "RealPlayer 6.0" = RealPlayer

    "Recurso de Multa_is1" = Recurso de Multa v1.0

    "RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX

    "Revo Uninstaller" = Revo Uninstaller 1.85

    "SoftwareStarterGuide-DCSD34" = Canon Digital Camera Solution Disk 34 Guía de iniciación al software

    "Uninstall_is1" = Uninstall 1.0.0.1

    "VobSub" = VobSub v2.23 (Remove Only)

    "Winamp" = Winamp

    "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner

    "Windows Media Format Runtime" = Windows Media Format 11 runtime

    "Windows Media Player" = Windows Media Player 11

    "Windows XP Service Pack" = Windows XP Service Pack 3

    "WinLiveSuite_Wave3" = Windows Live Essentials

    "WinRAR archiver" = Arquivo do WinRAR

    "WMFDist11" = Windows Media Format 11 runtime

    "wmp11" = Windows Media Player 11

    "Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5

    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

    "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

    "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    "Google Chrome" = Google Chrome

    "uTorrent" = µTorrent

    ========== Last 10 Event Log Errors ==========

    [ Antivirus Events ]

    Error - 27/7/2008 14:09:52 | Computer Name = CARMEN-A2095CD3 | Source = avast! | ID = 33554522

    Description =

    Error - 12/8/2008 22:00:46 | Computer Name = CARMEN-A2095CD3 | Source = avast! | ID = 33554522

    Description =

    Error - 28/11/2008 14:53:13 | Computer Name = CARMEN-A2095CD3 | Source = avast! | ID = 33554522

    Description =

    Error - 30/11/2008 19:44:41 | Computer Name = CARMEN-A2095CD3 | Source = avast! | ID = 33554522

    Description =

    Error - 30/11/2008 19:44:54 | Computer Name = CARMEN-A2095CD3 | Source = avast! | ID = 33554522

    Description =

    Error - 4/6/2009 20:57:28 | Computer Name = CARMEN-A2095CD3 | Source = avast! | ID = 33554522

    Description =

    [ Application Events ]

    Error - 26/1/2010 09:03:20 | Computer Name = CARMEN-A2095CD3 | Source = Google Update | ID = 20

    Description =

    Error - 26/1/2010 10:02:58 | Computer Name = CARMEN-A2095CD3 | Source = Application Error | ID = 1000

    Description = Aplicativo com falha wlcomm.exe, versão 14.0.8064.206, módulo com

    falha jvm.dll, versão 0.0.0.0, endereço com falha 0x000353da.

    Error - 26/1/2010 19:55:45 | Computer Name = CARMEN-A2095CD3 | Source = Application Error | ID = 1000

    Description = Aplicativo com falha wlcomm.exe, versão 14.0.8064.206, módulo com

    falha jvm.dll, versão 0.0.0.0, endereço com falha 0x000353da.

    Error - 26/1/2010 19:55:45 | Computer Name = CARMEN-A2095CD3 | Source = Application Error | ID = 1000

    Description = Aplicativo com falha explorer.exe, versão 6.0.2900.5512, módulo com

    falha jp2ssv.dll, versão 0.0.0.0, endereço com falha 0x000c73f7.

    Error - 26/1/2010 22:09:26 | Computer Name = CARMEN-A2095CD3 | Source = Application Error | ID = 1000

    Description = Aplicativo com falha wlcomm.exe, versão 14.0.8064.206, módulo com

    falha jvm.dll, versão 0.0.0.0, endereço com falha 0x000353da.

    Error - 27/1/2010 10:15:38 | Computer Name = CARMEN-A2095CD3 | Source = Google Update | ID = 20

    Description =

    Error - 27/1/2010 17:53:23 | Computer Name = CARMEN-A2095CD3 | Source = Application Error | ID = 1000

    Description = Aplicativo com falha wlcomm.exe, versão 14.0.8064.206, módulo com

    falha jvm.dll, versão 0.0.0.0, endereço com falha 0x000353da.

    Error - 28/1/2010 01:10:40 | Computer Name = CARMEN-A2095CD3 | Source = Application Error | ID = 1000

    Description = Aplicativo com falha explorer.exe, versão 6.0.2900.5512, módulo com

    falha jp2ssv.dll, versão 0.0.0.0, endereço com falha 0x000c73f7.

    Error - 28/1/2010 01:10:41 | Computer Name = CARMEN-A2095CD3 | Source = Application Error | ID = 1000

    Description = Aplicativo com falha wlcomm.exe, versão 14.0.8064.206, módulo com

    falha jvm.dll, versão 0.0.0.0, endereço com falha 0x000353da.

    Error - 28/1/2010 10:20:57 | Computer Name = CARMEN-A2095CD3 | Source = Application Error | ID = 1000

    Description = Aplicativo com falha wlcomm.exe, versão 14.0.8064.206, módulo com

    falha jvm.dll, versão 0.0.0.0, endereço com falha 0x000353da.

    [ System Events ]

    Error - 28/1/2010 19:38:24 | Computer Name = CARMEN-A2095CD3 | Source = Service Control Manager | ID = 7023

    Description = O serviço Gerenciamento de aplicativo terminou com o erro: %%126

    Error - 28/1/2010 19:38:24 | Computer Name = CARMEN-A2095CD3 | Source = Service Control Manager | ID = 7023

    Description = O serviço Gerenciamento de aplicativo terminou com o erro: %%126

    Error - 28/1/2010 19:38:24 | Computer Name = CARMEN-A2095CD3 | Source = Service Control Manager | ID = 7023

    Description = O serviço Gerenciamento de aplicativo terminou com o erro: %%126

    Error - 28/1/2010 19:38:25 | Computer Name = CARMEN-A2095CD3 | Source = Service Control Manager | ID = 7023

    Description = O serviço Gerenciamento de aplicativo terminou com o erro: %%126

    Error - 28/1/2010 19:38:25 | Computer Name = CARMEN-A2095CD3 | Source = Service Control Manager | ID = 7023

    Description = O serviço Gerenciamento de aplicativo terminou com o erro: %%126

    Error - 28/1/2010 19:38:25 | Computer Name = CARMEN-A2095CD3 | Source = Service Control Manager | ID = 7023

    Description = O serviço Gerenciamento de aplicativo terminou com o erro: %%126

    Error - 28/1/2010 19:38:25 | Computer Name = CARMEN-A2095CD3 | Source = Service Control Manager | ID = 7023

    Description = O serviço Gerenciamento de aplicativo terminou com o erro: %%126

    Error - 28/1/2010 19:38:25 | Computer Name = CARMEN-A2095CD3 | Source = Service Control Manager | ID = 7023

    Description = O serviço Gerenciamento de aplicativo terminou com o erro: %%126

    Error - 28/1/2010 19:38:25 | Computer Name = CARMEN-A2095CD3 | Source = Service Control Manager | ID = 7023

    Description = O serviço Gerenciamento de aplicativo terminou com o erro: %%126

    Error - 28/1/2010 19:38:25 | Computer Name = CARMEN-A2095CD3 | Source = Service Control Manager | ID = 7023

    Description = O serviço Gerenciamento de aplicativo terminou com o erro: %%126

    < End of report >

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro digoep

    Novamente com o OTL

    • Clique duas vezes no ícone 3984478580_7ed4cabc45_o.gif
    • Copie e cole o conteúdo abaixo, no espaço logo após 3979150640_113dbcd345_o.jpg

    :OTL
    PRC - [2010/01/28 02:09:17 | 01,938,432 | ---- | M] () -- C:\WINDOWS\csrrs2.exe
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\csrrs2.exe) - C:\WINDOWS\csrrs2.exe ()
    O2 - BHO: (no name) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - No CLSID value found.

    :Processes

    :Services

    :Reg

    :Files
    C:\WINDOWS\csrrs2.exe
    @C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:DFC5A2B2
    @C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:2AB4FD5E
    @C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:A8ADE5D8

    :Commands
    [emptytemp]
    [purity]
    [resethosts]
    [clearallrestorepoints]
    [createrestorepoint]
    [reboot]

    • Clique no botão 3978388571_46074d225b_o.jpg
    • Quando reiniciar vai aparecer uma janela, clique em executar;
    • Salve (arquivo > salvar como) o log no desktop com um nome que desejar;
    • Atenção: se fechar o log sem ter salvo antes ele sumirá.
    • Abra novamente o OTL e clique no botão 3979150380_a527677c2f_o.jpg
    • Não interrompa o scan em hipótese algum;
    • Quando terminar será gerado o OTL.txt;
    • Poste então em sua próxima resposta os DOIS logs gerados.

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • OTL Run Fix

    All processes killed

    ========== OTL ==========

    No active process named csrrs2.exe was found!

    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\csrrs2.exe deleted successfully.

    C:\WINDOWS\csrrs2.exe moved successfully.

    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540003}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C41A1C0E-EA6C-11D4-B1B8-444553540003}\ not found.

    ========== PROCESSES ==========

    ========== SERVICES/DRIVERS ==========

    ========== REGISTRY ==========

    ========== FILES ==========

    File\Folder C:\WINDOWS\csrrs2.exe not found.

    ADS C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:DFC5A2B2 deleted successfully.

    ADS C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:2AB4FD5E deleted successfully.

    ADS C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:A8ADE5D8 deleted successfully.

    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrador

    ->Temp folder emptied: 0 bytes

    ->Temporary Internet Files folder emptied: 67 bytes

    ->FireFox cache emptied: 3309100 bytes

    User: All Users

    User: Carmen

    ->Temp folder emptied: 62060148 bytes

    ->Temporary Internet Files folder emptied: 8533456 bytes

    ->Java cache emptied: 44694 bytes

    ->FireFox cache emptied: 66216131 bytes

    ->Google Chrome cache emptied: 39354361 bytes

    User: Default User

    ->Temp folder emptied: 0 bytes

    ->Temporary Internet Files folder emptied: 67 bytes

    User: LocalService

    ->Temp folder emptied: 0 bytes

    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService

    ->Temp folder emptied: 0 bytes

    ->Temporary Internet Files folder emptied: 571854 bytes

    %systemdrive% .tmp files removed: 0 bytes

    %systemroot% .tmp files removed: 2148735 bytes

    %systemroot%\System32 .tmp files removed: 2969 bytes

    %systemroot%\System32\dllcache .tmp files removed: 0 bytes

    %systemroot%\System32\drivers .tmp files removed: 0 bytes

    Windows Temp folder emptied: 956826168 bytes

    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 1.086,00 mb

    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

    HOSTS file reset successfully

    Restore points cleared and new OTL Restore Point set!

    Error starting restore point: System Restore is disabled.

    Error closing restore point: System Restore is disabled.

    OTL by OldTimer - Version 3.1.27.0 log created on 01292010_203918

    Files\Folders moved on Reboot...

    File\Folder C:\Documents and Settings\Carmen\Configurações locais\Temp\Perflib_Perfdata_940.dat not found!

    Registry entries deleted on Reboot...

    OTL Quick Scan

    OTL logfile created on: 29/1/2010 20:45:10 - Run 2

    OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\Carmen\Desktop

    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

    Internet Explorer (Version = 8.0.6001.18702)

    Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

    3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 73,00% Memory free

    5,00 Gb Paging File | 4,00 Gb Available in Paging File | 89,00% Paging File free

    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

    Drive C: | 465,75 Gb Total Space | 298,51 Gb Free Space | 64,09% Space Free | Partition Type: NTFS

    D: Drive not present or media not loaded

    E: Drive not present or media not loaded

    F: Drive not present or media not loaded

    G: Drive not present or media not loaded

    H: Drive not present or media not loaded

    I: Drive not present or media not loaded

    Computer Name: CARMEN-A2095CD3

    Current User Name: Carmen

    Logged in as Administrator.

    Current Boot Mode: Normal

    Scan Mode: Current user

    Company Name Whitelist: On

    Skip Microsoft Files: On

    File Age = 14 Days

    Output = Standard

    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/01/28 20:50:45 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carmen\Desktop\OTL.exe

    PRC - [2010/01/27 14:45:27 | 00,823,928 | ---- | M] (Lavasoft) -- C:\Arquivos de programas\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe

    PRC - [2010/01/27 14:45:22 | 00,788,880 | ---- | M] (Lavasoft) -- C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe

    PRC - [2010/01/27 14:45:20 | 01,181,328 | ---- | M] (Lavasoft) -- C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe

    PRC - [2010/01/13 15:22:19 | 00,135,664 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Carmen\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

    PRC - [2010/01/06 19:24:01 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe

    PRC - [2009/11/12 16:33:10 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Arquivos de programas\iTunes\iTunesHelper.exe

    PRC - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Arquivos de programas\iPod\bin\iPodService.exe

    PRC - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    PRC - [2009/07/21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

    PRC - [2009/05/13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

    PRC - [2009/03/02 12:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

    PRC - [2009/02/06 17:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

    PRC - [2008/12/17 12:15:20 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Java\jre6\bin\jqs.exe

    PRC - [2008/12/17 12:15:20 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Java\jre6\bin\jusched.exe

    PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Arquivos de programas\Bonjour\mDNSResponder.exe

    PRC - [2008/10/25 11:44:34 | 00,031,072 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

    PRC - [2008/10/15 01:04:34 | 00,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

    PRC - [2008/04/13 23:21:19 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe

    PRC - [2008/04/13 23:20:58 | 01,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

    PRC - [2008/01/20 04:05:37 | 00,217,088 | ---- | M] (PowerISO Computing, Inc.) -- C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

    PRC - [2007/09/17 04:08:42 | 16,132,608 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe

    PRC - [2007/09/16 14:07:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe

    PRC - [2007/06/01 10:21:30 | 01,209,904 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

    PRC - [2007/06/01 10:21:30 | 00,271,920 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

    PRC - [2007/06/01 10:21:08 | 00,153,136 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

    PRC - [2007/01/31 14:55:42 | 00,096,370 | ---- | M] (Canon Inc.) -- C:\Arquivos de programas\Canon\CAL\CALMAIN.exe

    PRC - [2006/10/28 11:22:56 | 00,981,504 | ---- | M] () -- C:\Arquivos de programas\Rainlendar2\Rainlendar2.exe

    PRC - [2006/03/02 09:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe

    PRC - [2002/11/03 18:13:52 | 00,188,416 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

    ========== Modules (SafeList) ==========

    MOD - [2010/01/28 20:50:45 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carmen\Desktop\OTL.exe

    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- -- (avast! Web Scanner)

    SRV - File not found [On_Demand | Stopped] -- -- (avast! Mail Scanner)

    SRV - File not found [Auto | Stopped] -- -- (avast! Antivirus)

    SRV - File not found [Auto | Stopped] -- -- (aswUpdSv)

    SRV - [2010/01/27 14:45:20 | 01,181,328 | ---- | M] (Lavasoft) [Auto | Stop_Pending] -- C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)

    SRV - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Arquivos de programas\iPod\bin\iPodService.exe -- (iPod Service)

    SRV - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)

    SRV - [2009/07/21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

    SRV - [2009/05/13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

    SRV - [2008/12/17 12:15:20 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Arquivos de programas\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)

    SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Arquivos de programas\Bonjour\mDNSResponder.exe -- (Bonjour Service)

    SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)

    SRV - [2008/10/25 11:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)

    SRV - [2008/05/20 13:55:10 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

    SRV - [2008/04/13 23:21:19 | 00,033,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\snmp.exe -- (SNMP)

    SRV - [2007/09/16 14:07:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)

    SRV - [2007/06/01 10:21:30 | 00,271,920 | ---- | M] (Nero AG) [On_Demand | Running] -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)

    SRV - [2007/04/13 21:09:56 | 00,792,112 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)

    SRV - [2007/01/31 14:55:42 | 00,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Arquivos de programas\Canon\CAL\CALMAIN.exe -- (CCALib8)

    SRV - [2006/11/06 14:21:10 | 00,210,432 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

    SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

    ========== Standard Registry (SafeList) ==========

    ========== Internet Explorer ==========

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 58 27 5A 89 7D CA 01 [binary data]

    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"

    FF - prefs.js..browser.search.useDBForOrder: true

    FF - prefs.js..browser.startup.homepage: ""

    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

    FF - prefs.js..extensions.enabledItems: chromifox@altmusictv.com:1.1.3

    FF - prefs.js..extensions.enabledItems: CrystalFox_Qute@BigRedBrent:3.7

    FF - prefs.js..extensions.enabledItems: {069FB356-C69F-7349-D092-AB28AF836D0E}:0.9.030

    FF - prefs.js..extensions.enabledItems: {13b4437e-b706-11dc-8314-0800200c9a66}:1.35.20090722

    FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Arquivos de programas\Real\RealPlayer\browserrecord [2008/05/08 02:15:07 | 00,000,000 | ---D | M]

    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components [2010/01/19 00:43:43 | 00,000,000 | ---D | M]

    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox\plugins [2010/01/19 00:43:43 | 00,000,000 | ---D | M]

    [2009/04/08 15:31:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Carmen\Dados de aplicativos\Mozilla\Extensions

    [2009/04/08 15:31:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Carmen\Dados de aplicativos\Mozilla\Extensions\mozswing@mozswing.org

    [2010/01/28 22:40:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Carmen\Dados de aplicativos\Mozilla\Firefox\Profiles\60o3eaur.default\extensions

    [2010/01/25 20:56:48 | 00,000,000 | ---D | M] (Phoenity Next (formerly Phoenity Reborn)) -- C:\Documents and Settings\Carmen\Dados de aplicativos\Mozilla\Firefox\Profiles\60o3eaur.default\extensions\{069FB356-C69F-7349-D092-AB28AF836D0E}

    [2009/07/23 00:50:33 | 00,000,000 | ---D | M] (Simple Green) -- C:\Documents and Settings\Carmen\Dados de aplicativos\Mozilla\Firefox\Profiles\60o3eaur.default\extensions\{13b4437e-b706-11dc-8314-0800200c9a66}

    [2008/05/08 17:41:42 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carmen\Dados de aplicativos\Mozilla\Firefox\Profiles\60o3eaur.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash

    [2009/07/06 21:40:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Carmen\Dados de aplicativos\Mozilla\Firefox\Profiles\60o3eaur.default\extensions\chromifox@altmusictv.com

    [2009/07/08 11:16:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Carmen\Dados de aplicativos\Mozilla\Firefox\Profiles\60o3eaur.default\extensions\CrystalFox_Qute@BigRedBrent

    [2010/01/28 22:40:03 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\Mozilla Firefox\extensions

    [2008/01/23 03:20:30 | 00,491,520 | ---- | M] (BitComet) -- C:\Arquivos de programas\Mozilla Firefox\plugins\npBitCometAgent.dll

    [2005/12/05 22:31:00 | 00,114,688 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\plugins\npmozax.dll

    [2009/06/24 09:51:18 | 00,001,027 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\buscape.xml

    [2009/06/24 09:51:18 | 00,001,135 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\mercadolivre.xml

    [2009/06/24 09:51:18 | 00,001,168 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\wikipedia-br.xml

    [2009/06/24 09:51:18 | 00,000,648 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\yahoo-br.xml

    O1 HOSTS File: ([2010/01/29 20:39:28 | 00,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts

    O1 - Hosts: 127.0.0.1 localhost

    O1 - Hosts: ::1 localhost

    O2 - BHO: (Facilitador de Leitor de Link Adobe PDF) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

    O2 - BHO: (no name) - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - No CLSID value found.

    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)

    O2 - BHO: (Click-to-Call BHO) - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll (Microsoft Corporation)

    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

    O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

    O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

    O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

    O2 - BHO: (Java Plug-In 2 SSV Helper) - {E3E15641-A5B2-4784-A8B0-3382A5616EE0} - C:\WINDOWS\java\jre1.6.0\bin\jp2ssv.dll ()

    O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

    O4 - HKLM..\Run: [Ad-Watch] C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)

    O4 - HKLM..\Run: [avgnt] C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

    O4 - HKLM..\Run: [GrooveMonitor] C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

    O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe (HP)

    O4 - HKLM..\Run: [iTunesHelper] C:\Arquivos de programas\iTunes\iTunesHelper.exe (Apple Inc.)

    O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe File not found

    O4 - HKLM..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe (Nero AG)

    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

    O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Arquivos de programas\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)

    O4 - HKLM..\Run: [QuickTime Task] C:\Arquivos de programas\QuickTime\QTTask.exe (Apple Inc.)

    O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)

    O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

    O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe (Nero AG)

    O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Carmen\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe (Google Inc.)

    O4 - HKCU..\Run: [Microsoft Security Essential] C:\DOCUME~1\Carmen\CONFIG~1\Temp\msseces.exe File not found

    O4 - HKCU..\Run: [Rainlendar2] C:\Arquivos de programas\Rainlendar2\Rainlendar2.exe ()

    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Arquivos de programas\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

    O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

    O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Arquivos de programas\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Arquivos de programas\Bonjour\mdnsNSP.dll (Apple Inc.)

    O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1210173210187 (MUWebControl Class)

    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)

    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)

    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)

    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

    O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

    O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} https://imagem.caixa.gov.br/cab/gbpdist.cab (Reg Error: Key error.)

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.21.192.132 201.21.192.133

    O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

    O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found

    O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found

    O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found

    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

    O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - CLSID or File not found.

    O22 - SharedTaskScheduler: {A3717295-941D-416F-9384-ED1736729F1C} - scpLIB - Reg Error: Key error. File not found

    O24 - Desktop Components:0 (Minha página inicial atual) - About:Home

    O24 - Desktop WallPaper: C:\Documents and Settings\Carmen\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp

    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Carmen\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp

    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

    O32 - HKLM CDRom: AutoRun - 1

    O32 - AutoRun File - [2008/05/07 10:11:43 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

    O34 - HKLM BootExecute: (masterx autocheck autochk *) - File not found

    O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

    O35 - comfile [open] -- "%1" %*

    O35 - exefile [open] -- "%1" %*

    ========== Files/Folders - Created Within 14 Days ==========

    [2010/01/29 20:39:18 | 00,000,000 | ---D | C] -- C:\_OTL

    [2010/01/28 20:50:09 | 00,548,864 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Carmen\Desktop\OTL.exe

    [2010/01/28 02:29:15 | 00,000,000 | -HSD | C] -- C:\Config.Msi

    [2010/01/27 18:33:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft

    [2010/01/27 18:33:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dados de aplicativos\Adobe

    [2010/01/26 22:22:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\ParetoLogic

    [2010/01/26 22:22:07 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\ParetoLogic

    [2010/01/26 22:08:09 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys

    [2010/01/26 22:08:09 | 00,056,816 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

    [2010/01/26 22:08:09 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys

    [2010/01/26 22:08:09 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys

    [2010/01/26 22:08:08 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys

    [2010/01/26 22:08:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Avira

    [2010/01/26 22:08:06 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Avira

    [2010/01/19 00:45:49 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\iPod

    [2010/01/19 00:45:46 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\iTunes

    [2010/01/19 00:43:24 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\QuickTime

    [2010/01/18 22:01:14 | 00,000,000 | -HSD | C] -- C:\RECYCLER

    [2009/08/06 23:51:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Apple

    [2009/02/26 01:55:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft

    [2008/05/30 02:24:18 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Carmen\Dados de aplicativos\pcouffin.sys

    [2008/05/20 14:16:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Adobe

    [2008/05/07 10:14:11 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dados de aplicativos\Microsoft

    [2008/05/07 10:13:29 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dados de aplicativos\Microsoft

    ========== Files - Modified Within 14 Days ==========

    [2010/01/29 20:45:24 | 00,000,520 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

    [2010/01/29 20:45:24 | 00,000,520 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job

    [2010/01/29 20:45:23 | 00,000,520 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job

    [2010/01/29 20:45:23 | 00,000,520 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job

    [2010/01/29 20:45:22 | 00,000,520 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job

    [2010/01/29 20:41:20 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

    [2010/01/29 20:41:19 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

    [2010/01/29 20:41:17 | 32,157,73696 | -HS- | M] () -- C:\hiberfil.sys

    [2010/01/29 20:40:35 | 08,126,464 | ---- | M] () -- C:\Documents and Settings\Carmen\NTUSER.DAT

    [2010/01/29 20:39:28 | 00,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts

    [2010/01/29 18:24:42 | 00,000,488 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job

    [2010/01/28 23:51:00 | 00,000,300 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

    [2010/01/28 20:50:45 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carmen\Desktop\OTL.exe

    [2010/01/28 09:41:22 | 00,002,390 | ---- | M] () -- C:\rollback.ini

    [2010/01/28 02:24:55 | 00,230,912 | ---- | M] () -- C:\Documents and Settings\Carmen\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    [2010/01/28 02:09:25 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Carmen.jvs5

    [2010/01/28 02:07:38 | 00,609,792 | ---- | M] () -- C:\Documents and Settings\Carmen\xUninstallJ.exe

    [2010/01/27 14:45:49 | 00,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe

    [2010/01/26 22:08:19 | 00,001,789 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk

    [2010/01/25 21:18:13 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Carmen.jvs4

    [2010/01/25 21:18:02 | 01,938,432 | ---- | M] () -- C:\Documents and Settings\Carmen\Dados de aplicativos\csrrs2.exe

    [2010/01/25 21:17:57 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Carmen.vs4

    [2010/01/25 21:17:51 | 01,321,472 | ---- | M] () -- C:\Documents and Settings\Carmen\Dados de aplicativos\csrrs1.exe

    [2010/01/25 20:38:13 | 00,000,001 | -HS- | M] () -- C:\MSDOS.INI

    [2010/01/23 14:34:40 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

    [2010/01/21 19:52:08 | 00,000,210 | -HS- | M] () -- C:\Documents and Settings\Carmen\ntuser.ini

    [2010/01/19 00:53:36 | 00,002,169 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

    [2010/01/16 22:34:40 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

    [2010/01/16 22:29:22 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak

    ========== Files Created - No Company Name ==========

    [2010/01/28 02:09:25 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Carmen.jvs5

    [2010/01/28 02:07:34 | 00,609,792 | ---- | C] () -- C:\Documents and Settings\Carmen\xUninstallJ.exe

    [2010/01/27 01:15:02 | 00,002,390 | ---- | C] () -- C:\rollback.ini

    [2010/01/26 22:41:46 | 00,000,488 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job

    [2010/01/26 22:08:19 | 00,001,789 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk

    [2010/01/25 21:18:13 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Carmen.jvs4

    [2010/01/25 21:17:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Carmen.vs4

    [2010/01/25 21:17:52 | 01,938,432 | ---- | C] () -- C:\Documents and Settings\Carmen\Dados de aplicativos\csrrs2.exe

    [2010/01/25 21:17:41 | 01,321,472 | ---- | C] () -- C:\Documents and Settings\Carmen\Dados de aplicativos\csrrs1.exe

    [2010/01/25 20:38:13 | 00,000,001 | -HS- | C] () -- C:\MSDOS.INI

    [2010/01/21 19:52:52 | 32,157,73696 | -HS- | C] () -- C:\hiberfil.sys

    [2010/01/19 00:46:26 | 00,002,169 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

    [2009/12/26 07:42:49 | 00,042,495 | ---- | C] () -- C:\Documents and Settings\Carmen\Configurações locais\Dados de aplicativos\FASTWiz.log

    [2009/07/13 19:14:24 | 02,362,880 | ---- | C] () -- C:\WINDOWS\System32\smll64.dll

    [2009/05/26 00:29:54 | 00,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll

    [2009/04/22 00:19:06 | 00,172,173 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat

    [2009/03/15 14:37:21 | 00,030,342 | ---- | C] () -- C:\Documents and Settings\Carmen\Dados de aplicativos\NMM-MetaData.db

    [2008/05/30 02:24:22 | 00,000,034 | ---- | C] () -- C:\Documents and Settings\Carmen\Dados de aplicativos\pcouffin.log

    [2008/05/30 02:24:18 | 00,087,608 | ---- | C] () -- C:\Documents and Settings\Carmen\Dados de aplicativos\ezpinst.exe

    [2008/05/30 02:24:18 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\Carmen\Dados de aplicativos\pcouffin.inf

    [2008/05/30 02:24:18 | 00,001,074 | ---- | C] () -- C:\Documents and Settings\Carmen\Dados de aplicativos\pcouffin.cat

    [2008/05/22 18:32:06 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

    [2008/05/20 23:27:41 | 00,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\dtscsi.sys

    [2008/05/20 13:53:53 | 00,035,979 | ---- | C] () -- C:\Arquivos de programas\Photoshop CS3 Read Me.html

    [2008/05/14 04:21:18 | 00,000,238 | ---- | C] () -- C:\WINDOWS\mafosav.INI

    [2008/05/11 20:15:43 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys

    [2008/05/08 04:04:24 | 00,230,912 | ---- | C] () -- C:\Documents and Settings\Carmen\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    [2008/05/07 11:38:51 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

    [2007/09/16 14:07:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

    [2007/09/16 14:07:00 | 01,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

    [2007/09/16 14:07:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

    [2007/09/16 14:07:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

    [2007/09/16 14:07:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

    [2005/12/07 11:31:00 | 00,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll

    ========== LOP Check ==========

    [2009/12/02 19:59:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Alwil Software

    [2009/03/15 14:10:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Downloaded Installations

    [2009/11/11 06:37:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

    [2009/10/24 13:25:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\KONAMI

    [2010/01/28 20:37:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\ParetoLogic

    [2009/03/15 14:14:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\PC Suite

    [2010/01/13 21:48:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

    [2008/05/30 01:11:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\VistaCodecs

    [2009/09/18 00:06:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\{755AC846-7372-4AC8-8550-C52491DAA8BD}

    [2009/10/14 20:29:22 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}

    [2009/08/07 22:51:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Carmen\Dados de aplicativos\Audacity

    [2008/05/16 03:17:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Carmen\Dados de aplicativos\BSplayer

    [2008/05/12 17:54:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Carmen\Dados de aplicativos\BSplayer Pro

    [2008/05/11 20:15:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Carmen\Dados de aplicativos\DAEMON Tools

    [2009/06/08 01:44:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Carmen\Dados de aplicativos\LimeWire

    [2009/03/15 14:14:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Carmen\Dados de aplicativos\Nokia

    [2009/03/16 00:39:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Carmen\Dados de aplicativos\Nokia Multimedia Player

    [2009/03/16 00:38:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Carmen\Dados de aplicativos\PC Suite

    [2008/05/11 18:56:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Carmen\Dados de aplicativos\TuneUp Software

    [2009/08/24 00:15:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Carmen\Dados de aplicativos\uTorrent

    [2009/11/28 16:05:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Carmen\Dados de aplicativos\Vso

    [2009/12/25 03:22:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Carmen\Dados de aplicativos\VSRevoGroup

    [2010/01/29 20:45:22 | 00,000,520 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job

    [2010/01/29 20:45:23 | 00,000,520 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job

    [2010/01/29 20:45:23 | 00,000,520 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job

    [2010/01/29 20:45:24 | 00,000,520 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job

    [2010/01/29 20:45:24 | 00,000,520 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

    [2010/01/29 18:24:42 | 00,000,488 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job

    ========== Purity Check ==========

    < End of report >

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro digoep

    Etapa nº 1 #

    Novamente com o OTL

    • Clique duas vezes no ícone 3984478580_7ed4cabc45_o.gif
    • Copie e cole o conteúdo abaixo, no espaço logo após 3979150640_113dbcd345_o.jpg

    :Processes

    :Reg

    :Files
    C:\Documents and Settings\Carmen\Dados de aplicativos\csrrs2.exe

    :Commands
    [reboot]

    • Clique no botão 3978388571_46074d225b_o.jpg
    • Quando reiniciar vai aparecer uma janela, clique em executar;
    • Salve (arquivo > salvar como) o log no desktop com um nome que desejar;
    • Atenção: se fechar o log sem ter salvo antes ele sumirá.
    • Abra novamente o OTL e clique no botão 3979150380_a527677c2f_o.jpg
    • Não interrompa o scan em hipótese algum;
    • Quando terminar será gerado o OTL.txt;
    • Poste então em sua próxima resposta os DOIS logs gerados.

    Etapa nº 2 #

    Leia atentamente toda a instrução abaixo antes de executar o programa.

    Faça download do Kaspersky Removal Tool e salve em seu desktop.

    • Instale o programa normalmente, seguindo todas as instruções.
    • Uma pasta chamada Virus Removal Tool será criada no desktop.
    • Na tela do programa clique nas opções:
      • Meu computador
      • Hidden Startup objects
      • Disk boot sectors
      • System Memory

      [*]Clique no botão Start Scan.[*]Seja paciente, o scan é demorado![*]Conforme for scaneando provavelmente abrirá algumas janelas pequenas ao lado do relógio, não clique em nada.[*]Também há uma possibilidade de abrir uma janela maior contendo as seguintes opções:

      • Desinfection (quando possível)
      • Delete
      • Skip
    • Quando aparecer, marque primero a opção abaixo Apply to all objects e depois clique numa das opções acima.
    • Após completar tudo, clique no botão Reports, na janela que abrir nas opções acima deixe:
      • Autoscan
      • Group by result
      • All Events

      [*]Expanda Autoscan clicando no sinal ao lado de +[*]Expanda Result: Detected.[*]Clique com o botão direito do mouse e escolha Select all, e depois escolha Copy.[*]Atenção, ao fazer isso parece que o PC travou, mas não, aguarde uns minutos para liberar a memória.[*]Abra o Bloco de Notas e cole (ctrl + v) [*]Dê um nome para o arquivo e salve numa pasta de sua preferência.[*]Feche o resultado clicando no botão Exit.[*]Ao fazer isso será questionado se quer desinstalar a ferramenta, clique em Sim.[*]Reinicie o computador quando for pedido.[*]Poste o conteúdo desse arquivo em sua próxima resposta.

    OBSERVAÇÃO1:
    Atente para as janelas durante o scan elas possuem cores diferentes dependendo do risco. Portanto,
    • verde
      :
      baixo risco
    • amarelo
      :
      médio risco
    • vermelho
      :
      alto risco

    Antes de tomar qualquer medida verifique com cuidado o caminho/nome do arquivo para ver é de seu conhecimento, caso seja clique em
    Skip
    .

    OBSERVAÇÃO2:
    Se no resultado final do scan apenas tiver
    Result:
    OK
    , não precisa gerar um relatório, apenas informe deste.

    OBSERVAÇÃO3:
    Durante o scan pode ser que o Kaspersky acuse a seguinte pasta com vírus:
    c:\
    QooBox
    . Caso isto aconteça escolha a opção
    Skip
    , pois a mesma pertence ao
    ComboFix
    e será removida quando o mesmo for desinstalado.

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Visitante
    Este tópico está impedido de receber novos posts.
    Entre para seguir isso  





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×