Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
OtavioFFC

Analise meu log

Recommended Posts

Logfile of HijackThis v1.99.1

Scan saved at 12:44:51, on 6/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\snmp.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Otávio\Meus documentos\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar\01.01.2607.0\en-us\msntb.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O11 - Options group: [TABS] Tabbed Browsing

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{C1DFFBB9-78FA-4C2D-93E4-2C71D65DB0C0}: NameServer = 200.175.182.139,200.175.5.139

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of HijackThis v1.99.1

Scan saved at 15:17:40, on 11/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Teamspeak2_RC2\TeamSpeak.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Media Player\wmplayer.exe

C:\Arquivos de programas\Tibia\Tibia.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Documents and Settings\Otávio\Meus documentos\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar\01.01.2607.0\en-us\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Service Manager.lnk = C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O11 - Options group: [TABS] Tabbed Browsing

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{C1DFFBB9-78FA-4C2D-93E4-2C71D65DB0C0}: NameServer = 200.175.182.139,200.175.5.139

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro OtavioFFC

Faça o download do Malwarebytes Anti-Malware:

  • Link1
  • Link alternativo
    • Duplo-clique em mbam-setup.exe, escolha a linguagem e siga as instruções para o software ser instalado.
    • Certifique-se que marca a caixa Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em concluir.
    • Se existirem atualizações, elas serão baixadas e instaladas.
    • Quando as atualizações terminarem, abrirá uma janela do programa. Marque "Verificação Rápida", e depois clique no botão Verificar.
    • O scan iniciará e poderá ser demorado. Por favor seja paciente.
    • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.
    • Se algo for encontrado, certifique-se que tudo está marcado e clique em Remover.
    • Quando a desinfecção terminar, automaticamente um log surgirá aberto num documento do Bloco de Notas e pode ser questionado para reiniciar o PC. (Leia a nota)
    • O log é automaticamente guardado e pode ser consultado clicando na tab Logs do menu principal.
    • Copie e cole o conteúdo desse log na sua próxima resposta.

Nota: Em infecções mais complicadas, poderá haver a necessidade de reiniciar o PC. Caso lhe seja pedido para reiniciar o PC, por favor, faça-o imediatamente.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Malwarebytes' Anti-Malware 1.30

Versão do banco de dados: 1408

Windows 5.1.2600 Service Pack 3

18/11/2008 13:08:25

mbam-log-2008-11-18 (13-08-25).txt

Tipo de Verificação: Rápida

Objetos verificados: 57061

Tempo decorrido: 4 minute(s), 36 second(s)

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 1

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 0

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

Chaves do Registro infectadas:

HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

Arquivos infectados:

(Nenhum ítem malicioso foi detectado)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro OtavioFFC

Faça o download de OTListIt e salve no desktop.

  • Duplo clique no icone da ferrameta que está no seu desktop.
  • Clique emk Run Scan e deixe a ferramenta ser executada.
  • Quando a ferramenta finalizar o scan, gerará dois arquivos texto:
    • OTViewIt.Txt <- Será automaticamente aberto no Bloco de Notas
    • Extras.txt <- estará no desktop

    [*] Copie (Ctrl+C) e cole (Ctrl+V) todo o conteudo do arquivo OTViewIt.Txt e do Extras.txt na sua proxima resposta.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

OTListIt Extras logfile created on: 20/11/2008 18:18:43 - Run

OTListIt by OldTimer - Version 1.0.12.0 Folder = C:\Documents and Settings\Otávio\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

511,29 Mb Total Physical Memory | 99,90 Mb Available Physical Memory | 19,54% Memory free

1,22 Gb Paging File | 0,81 Gb Available in Paging File | 66,01% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 74,52 Gb Total Space | 40,41 Gb Free Space | 54,23% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: OTAVIO

Current User Name: Otávio

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Whitelist: On

File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[2008/04/13 11:53:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[2007/01/19 12:54:34 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1

[2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[2008/04/13 11:53:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[2005/09/29 23:42:57 | 00,081,920 | ---- | M] (Valve) -- C:\Arquivos de programas\Valve\hl.exe:*:Enabled:Half-Life Launcher

[2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Arquivos de programas\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour

[2007/01/19 12:54:34 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1

[2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[2008/10/23 20:23:32 | 00,634,672 | ---- | M] (BitTorrent, Inc.) -- C:\Arquivos de programas\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

File not found -- C:\Arquivos de programas\Winamp Remote\bin\Orb.exe:*:Enabled:Orb

File not found -- C:\Arquivos de programas\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray

File not found -- C:\Arquivos de programas\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client

[2008/11/11 21:26:44 | 00,342,336 | ---- | M] (BitTorrent, Inc.) -- C:\Arquivos de programas\DNA\btdna.exe:*:Enabled:DNA

[2008/10/01 14:43:58 | 02,347,008 | ---- | M] (CipSoft GmbH) -- C:\Arquivos de programas\Tibia\Tibia.exe:*:Enabled:Tibia Player

[2008/09/23 14:17:06 | 21,755,688 | R--- | M] (Skype Technologies S.A.) -- C:\Arquivos de programas\Skype\Phone\Skype.exe:*:Enabled:Skype

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp

"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch

"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher

"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform

"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{251C3815-7A55-4607-A82D-C3B98F0FBAB8}" = Sony Vegas 7.0

"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3

"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg

"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan

"{3324A5DC-C7F6-430A-ACC8-F251CD8F4FC7}" = Motorola Driver Installation

"{350C9416-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{37FD253D-5064-4034-8CEC-CC3995F823A4}" = Windows Live Messenger

"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3

"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing

"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply

"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings

"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0

"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport

"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3

"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8

"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3

"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{71A41426-C7A4-4DCF-A9ED-C5B4B105ED1D}" = Sony Media Manager 2.2

"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update

"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client

"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3

"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01

"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01

"{8984E374-6C93-427C-A3B9-AD92472FDCA0}" = Assistente de Conexão do Windows Live

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3

"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support

"{90110416-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edição 2003

"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3

"{934F3C42-83E5-49EB-81C6-C22F9BB6E9B7}" = Motorola Phone Tools

"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings

"{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}" = Counter-Strike 1.6

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3

"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps

"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A6B90148-02C5-4fd3-8D7A-EF2386835CB9}" = F4100_Help

"{A6C265BE-E2C1-483e-843D-6B4C1E912AE0}" = F4100

"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings

"{AC76BA86-7AD7-1046-7B44-A90000000001}" = Adobe Reader 9 - Português

"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant

"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0

"{B4509BCE-7BAD-4a8c-B1AE-4D0CE7467C42}" = F4100_doccd

"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min

"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer

"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution

"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3

"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools

"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter

"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2

"{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software

"{CB49B376-1136-44B4-83FA-036334B59937}" = OLYMPUS Master 2

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client

"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component

"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files

"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings

"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer

"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings

"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)

"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm

"{E548726E-F4E8-459f-BAB8-45551BC071E9}" = DJ_AIO_ProductContext

"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3

"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox

"{EBD5E7A9-DBB8-4E24-AE3A-CF9390AF1CCB}" = Choice Guard

"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer

"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE

"{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0

"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio

"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status

"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup

"Adobe Acrobat 5.0" = Adobe Acrobat 5.0

"Adobe Audition 3.0" = Adobe Audition 3.0

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3

"Ask Toolbar_is1" = Ask Toolbar

"avast!" = avast! Antivirus

"ElfBot NG_is1" = ElfBot NG 4.0.1

"Free DVD Video Burner_is1" = Free DVD Video Burner version 1.1

"Free Video to DVD Converter_is1" = Free Video to DVD Converter version 1.1

"Free YouTube Download_is1" = Free YouTube Download 2.2

"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1

"GOM Player" = GOM Player

"HijackThis" = HijackThis 1.99.1

"HP Imaging Device Functions" = HP Imaging Device Functions 9.0

"HP Photosmart Essential" = HP Photosmart Essential 2.01

"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0

"HPExtendedCapabilities" = HP Customer Participation Program 9.0

"InCD!UninstallKey" = InCD

"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Messenger Plus! Live" = Messenger Plus! Live

"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0

"Mozilla Firefox (3.0.4)" = Mozilla Firefox (3.0.4)

"MSN Toolbar" = MSN Toolbar

"NeroMultiInstaller!UninstallKey" = Nero Suite

"NVIDIA Drivers" = NVIDIA Drivers

"RealAlt_is1" = Real Alternative 1.9.0

"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2

"Tibia Testserver_is1" = Tibia Testserver

"Tibia_is1" = Tibia

"TibiaBR Cam Lite_is1" = TibiaBR Cam Lite 1.7

"TMIPC" = Tibia MULTI-ip changer

"Uninstall_is1" = Uninstall 1.0.0.1

"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter

"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

"Winamp Toolbar for Firefox" = Winamp Toolbar for Firefox

"WinAVI Video Converter 9.09.0" = WinAVI Video Converter 9.0

"WinPcapInst" = WinPcap 3.1 beta3

"WinRAR archiver" = Arquivo do WinRAR

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 6/11/2008 20:58:59 | Computer Name = OTAVIO | Source = Application Error | ID = 1000

Description = Aplicativo com falha iexplore.exe, versão 7.0.5730.11, módulo com

falha oleaut32.dll, versão 5.1.2600.5512, endereço com falha 0x000048a4.

Error - 6/11/2008 21:12:30 | Computer Name = OTAVIO | Source = Application Error | ID = 1000

Description = Aplicativo com falha iexplore.exe, versão 7.0.5730.11, módulo com

falha ntdll.dll, versão 5.1.2600.5512, endereço com falha 0x00036f33.

Error - 6/11/2008 21:12:34 | Computer Name = OTAVIO | Source = Application Error | ID = 1000

Description = Aplicativo com falha drwtsn32.exe, versão 5.1.2600.0, módulo com falha

dbghelp.dll, versão 5.1.2600.5512, endereço com falha 0x0001295d.

Error - 6/11/2008 21:14:02 | Computer Name = OTAVIO | Source = Application Hang | ID = 1002

Description = Aplicativo com falha IEXPLORE.EXE, versão 7.0.5730.11, módulo com

falha hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

Error - 7/11/2008 20:29:10 | Computer Name = OTAVIO | Source = Application Hang | ID = 1002

Description = Aplicativo com falha Photoshop.exe, versão 10.0.0.0, módulo com falha

hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

Error - 13/11/2008 00:58:12 | Computer Name = OTAVIO | Source = Application Hang | ID = 1002

Description = Aplicativo com falha PenClean.exe, versão 2.0.3.0, módulo com falha

hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

Error - 14/11/2008 00:43:18 | Computer Name = OTAVIO | Source = Application Error | ID = 1000

Description = Aplicativo com falha xih9.cmd, versão 0.0.0.0, módulo com falha unknown,

versão 0.0.0.0, endereço com falha 0x00000000.

[ System Events ]

Error - 20/11/2008 06:16:56 | Computer Name = OTAVIO | Source = Dhcp | ID = 1002

Description = A concessão 10.1.1.2 do endereço IP para a placa de rede com endereço

de rede 0016EC972036 foi negada pelo servidor DHCP 10.1.1.1 (O servidor DHCP enviou

uma mensagem DHCPNACK).

Error - 20/11/2008 06:17:12 | Computer Name = OTAVIO | Source = Print | ID = 54

Description = O documento Microsoft Word - Documento1 estava corrompido e foi excluído.

O driver associado é: HP Deskjet F4100 series.

Error - 20/11/2008 10:13:11 | Computer Name = OTAVIO | Source = Dhcp | ID = 1002

Description = A concessão 10.1.1.2 do endereço IP para a placa de rede com endereço

de rede 0016EC972036 foi negada pelo servidor DHCP 10.1.1.1 (O servidor DHCP enviou

uma mensagem DHCPNACK).

Error - 20/11/2008 13:27:56 | Computer Name = OTAVIO | Source = Dhcp | ID = 1002

Description = A concessão 10.1.1.2 do endereço IP para a placa de rede com endereço

de rede 0016EC972036 foi negada pelo servidor DHCP 10.1.1.1 (O servidor DHCP enviou

uma mensagem DHCPNACK).

Error - 20/11/2008 13:38:37 | Computer Name = OTAVIO | Source = Dhcp | ID = 1002

Description = A concessão 10.1.1.2 do endereço IP para a placa de rede com endereço

de rede 0016EC972036 foi negada pelo servidor DHCP 10.1.1.1 (O servidor DHCP enviou

uma mensagem DHCPNACK).

Error - 20/11/2008 13:40:39 | Computer Name = OTAVIO | Source = Dhcp | ID = 1002

Description = A concessão 10.1.1.2 do endereço IP para a placa de rede com endereço

de rede 0016EC972036 foi negada pelo servidor DHCP 10.1.1.1 (O servidor DHCP enviou

uma mensagem DHCPNACK).

Error - 20/11/2008 13:44:16 | Computer Name = OTAVIO | Source = Dhcp | ID = 1002

Description = A concessão 10.1.1.2 do endereço IP para a placa de rede com endereço

de rede 0016EC972036 foi negada pelo servidor DHCP 10.1.1.1 (O servidor DHCP enviou

uma mensagem DHCPNACK).

Error - 20/11/2008 14:10:38 | Computer Name = OTAVIO | Source = Dhcp | ID = 1002

Description = A concessão 10.1.1.2 do endereço IP para a placa de rede com endereço

de rede 0016EC972036 foi negada pelo servidor DHCP 10.1.1.1 (O servidor DHCP enviou

uma mensagem DHCPNACK).

Error - 20/11/2008 15:14:38 | Computer Name = OTAVIO | Source = Dhcp | ID = 1002

Description = A concessão 10.1.1.2 do endereço IP para a placa de rede com endereço

de rede 0016EC972036 foi negada pelo servidor DHCP 10.1.1.1 (O servidor DHCP enviou

uma mensagem DHCPNACK).

Error - 20/11/2008 15:27:37 | Computer Name = OTAVIO | Source = Dhcp | ID = 1002

Description = A concessão 10.1.1.2 do endereço IP para a placa de rede com endereço

de rede 0016EC972036 foi negada pelo servidor DHCP 10.1.1.1 (O servidor DHCP enviou

uma mensagem DHCPNACK).

< End of report >

Compartilhar este post


Link para o post
Compartilhar em outros sites

OTListIt logfile created on: 20/11/2008 18:18:43 - Run

OTListIt by OldTimer - Version 1.0.12.0 Folder = C:\Documents and Settings\Otávio\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

511,29 Mb Total Physical Memory | 99,90 Mb Available Physical Memory | 19,54% Memory free

1,22 Gb Paging File | 0,81 Gb Available in Paging File | 66,01% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 74,52 Gb Total Space | 40,41 Gb Free Space | 54,23% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: OTAVIO

Current User Name: Otávio

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Whitelist: On

File Age = 30 Days

========== Processes ==========

[2005/07/08 17:24:46 | 00,871,424 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

[2008/07/19 11:25:06 | 00,016,056 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

[2008/07/19 11:38:28 | 00,147,640 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

[2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Arquivos de programas\Bonjour\mDNSResponder.exe

[2007/01/23 23:39:56 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe

[2008/04/13 19:21:20 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe

[2008/04/13 19:21:18 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe

[2008/07/19 11:38:34 | 00,078,008 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe

[2008/07/19 11:38:04 | 00,250,040 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

[2008/11/16 12:31:18 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[2008/07/23 11:25:45 | 00,348,344 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

[2007/03/11 21:26:24 | 00,210,520 | ---- | M] (Hewlett-Packard Co.) -- C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

[2008/04/13 19:21:26 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe

[2007/03/11 21:32:42 | 00,151,552 | ---- | M] (Hewlett-Packard Co.) -- C:\Arquivos de programas\HP\Digital Imaging\bin\hpqste08.exe

[2003/08/29 16:13:04 | 01,436,160 | ---- | M] (Dominating Bytes Design) -- C:\Arquivos de programas\Teamspeak2_RC2\TeamSpeak.exe

[2008/10/01 14:43:58 | 02,347,008 | ---- | M] (CipSoft GmbH) -- C:\Arquivos de programas\Tibia\Tibia.exe

[2008/11/13 22:49:29 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe

[2007/01/19 12:54:34 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

[2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\MSN Messenger\usnsvc.exe

[2008/11/20 18:18:19 | 00,418,304 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Otávio\Desktop\OTListIt.exe

========== (O23) Win32 Services ==========

[2008/11/09 10:53:37 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])

[2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

[2008/07/19 11:25:06 | 00,016,056 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])

[2008/07/19 11:38:28 | 00,147,640 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])

[2008/07/19 11:38:04 | 00,250,040 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])

[2008/07/23 11:25:45 | 00,348,344 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])

[2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Arquivos de programas\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])

[2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

[2008/11/10 11:21:06 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])

[2008/11/06 23:11:36 | 00,138,168 | ---- | M] (Google) -- C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])

[2005/07/08 17:24:46 | 00,871,424 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe -- (InCDsrv [Auto | Running])

[2001/10/28 15:07:32 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe -- (LPDSVC [On_Demand | Stopped])

[2002/12/17 17:26:22 | 07,520,337 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR [On_Demand | Stopped])

[2002/12/17 17:23:30 | 00,066,112 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])

[2007/01/23 23:39:56 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])

[2003/07/28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])

[2004/05/14 13:02:46 | 00,086,016 | ---- | M] (NetGroup - Politecnico di Torino) -- C:\Arquivos de programas\WinPcap\rpcapd.exe -- (rpcapd [On_Demand | Stopped])

[2008/04/13 19:21:20 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe -- (SNMP [Auto | Running])

[2008/04/13 19:21:20 | 00,008,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmptrap.exe -- (SNMPTRAP [On_Demand | Stopped])

[2002/12/17 17:23:30 | 00,311,872 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR [On_Demand | Stopped])

[2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Running])

[2006/11/02 23:31:44 | 00,914,944 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2008/07/19 11:32:15 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [system | Running])

[2007/01/25 16:37:16 | 04,027,456 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM [On_Demand | Running])

[2008/07/19 11:37:42 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk [Auto | Running])

[2008/07/19 11:37:21 | 00,094,416 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])

[2008/07/19 11:33:42 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])

[2008/07/19 11:35:18 | 00,078,416 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [system | Running])

[2008/07/19 11:32:36 | 00,042,912 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [system | Running])

[2007/04/17 11:58:56 | 00,042,496 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\drivers\fetnd5bv.sys -- (FET5X86V [On_Demand | Running])

[2001/08/17 18:13:08 | 00,027,165 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\drivers\fetnd5.sys -- (FETNDIS [On_Demand | Stopped])

[2007/03/08 02:20:48 | 00,049,920 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])

[2007/03/08 02:20:49 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])

[2007/03/08 02:20:50 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])

[2005/07/08 17:17:54 | 00,099,584 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs [Disabled | Running])

[2005/07/08 17:17:36 | 00,029,696 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass [system | Running])

[2006/07/12 07:58:02 | 00,028,672 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm [system | Running])

[2007/02/27 14:31:28 | 00,021,504 | ---- | M] (Motorola) -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem [On_Demand | Stopped])

[2008/04/13 11:53:10 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm [On_Demand | Stopped])

[2004/05/14 11:37:10 | 00,032,896 | ---- | M] (NetGroup - Politecnico di Torino) -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF [On_Demand | Stopped])

[2007/01/23 23:39:50 | 03,958,496 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])

[2001/10/28 15:07:22 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])

[2007/03/07 21:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [boot | Running])

[2008/04/13 09:39:18 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])

[2008/04/13 09:36:42 | 00,044,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\UAGP35.SYS -- (uagp35 [boot | Running])

[2006/11/02 07:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Stopped])

[2008/03/21 10:16:02 | 00,104,960 | ---- | M] (ZTE Incorporated) -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k [On_Demand | Stopped])

[2008/03/21 10:16:02 | 00,104,960 | ---- | M] (ZTE Incorporated) -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea [On_Demand | Stopped])

[2008/03/21 10:16:02 | 00,104,960 | ---- | M] (ZTE Incorporated) -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k [On_Demand | Stopped])

========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75

HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/en-us/srchasst/srchasst.htm

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: (776 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)

O2 - BHO: (Facilitador de Leitor de Link Adobe PDF) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll (Ask.com)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key does not exist or could not be opened. File not found

O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Arquivos de programas\Google\GoogleToolbar1.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Arquivos de programas\Google\GoogleToolbar1.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll (Ask.com)

O3 - HKLM\..\Toolbar: (MSN Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar\01.01.2607.0\en-us\msntb.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Arquivos de programas\Google\GoogleToolbar1.dll (Google Inc.)

O3 - HKCU\..\Toolbar: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll (Ask.com)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)

O4 - HKLM..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)

O4 - HKLM..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe (Nero AG)

O4 - HKLM..\Run: [LGODDFU] "C:\Arquivos de programas\lg_fwupdate\fwupdate.exe" blrun (BL)

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] nwiz.exe /install ()

O4 - HKLM..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" (Cyberlink Corp.)

O4 - HKLM..\Run: [soundMan] SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKCU..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background File not found

O4 - HKCU..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized (Skype Technologies S.A.)

O4 - HKCU..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Service Manager.lnk = C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra Button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)

O9 - Extra Button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)

O9 - Extra Button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Arquivos de programas\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (Microsoft Corporation)

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll [2001/08/01 17:05:42 | 00,270,336 | ---- | M] (Intertrust Technologies, Inc.)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key does not exist or could not be opened.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 200.175.182.139,200.175.5.139

O18 - Protocol\Handler: - ipp - No CLSID value found

O18 - Protocol\Handler: - ipp\0x00000001 - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - livecall - C:\Arquivos de programas\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)

O18 - Protocol\Handler: - msdaipp - No CLSID value found

O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - msdaipp\oledb - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - msnim - C:\Arquivos de programas\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)

O18 - Protocol\Handler: - mso-offdap - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - mso-offdap11 - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - skype4com - C:\Arquivos de programas\Arquivos comuns\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter: - text/xml - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - See sections below for AppInitDlls and Winlogon settings

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]

"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []

[2008/11/05 17:37:22 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

autorun.inf []

[2008/11/13 03:01:27 00,000,000 | ---D | M] -- C:\autorun.inf -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb85821b-aba1-11dd-9618-0016ec972036}\Shell\AutoRun\command]

"" = J:\xih9.cmd -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb85821b-aba1-11dd-9618-0016ec972036}\Shell\explore\Command]

"" = J:\xih9.cmd -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb85821b-aba1-11dd-9618-0016ec972036}\Shell\open\Command]

"" = J:\xih9.cmd -- File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]

[3 C:\WINDOWS\*.tmp files]

[2008/11/20 18:18:19 | 00,418,304 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Otávio\Desktop\OTListIt.exe

[2008/11/20 15:58:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Otávio\Dados de aplicativos\GRETECH

[2008/11/20 15:57:55 | 00,003,584 | ---- | C] () -- C:\Documents and Settings\Otávio\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/11/20 00:50:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\CyberLink

[2008/11/20 00:38:21 | 00,000,297 | ---- | C] () -- C:\WINDOWS\lgfwup.ini

[2008/11/20 00:38:19 | 00,115,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSINET.OCX

[2008/11/20 00:38:19 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Vb6stkit.dll

[2008/11/20 00:38:19 | 00,102,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6KO.DLL

[2008/11/20 00:38:19 | 00,016,384 | ---- | C] (CST) -- C:\WINDOWS\System32\lgfwunis.exe

[2008/11/20 00:38:18 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\lg_fwupdate

[2008/11/20 00:36:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\Profiles

[2008/11/20 00:36:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe

[2008/11/20 00:34:26 | 00,001,355 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk

[2008/11/20 00:32:56 | 00,364,544 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\TwnLib4.dll

[2008/11/20 00:31:32 | 00,059,042 | ---- | C] () -- C:\WINDOWS\NuNinst.cfg

[2008/11/20 00:31:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\InCD

[2008/11/20 00:29:35 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\CyberLink

[2008/11/20 00:29:22 | 00,000,000 | ---D | C] -- C:\MyWorks

[2008/11/20 00:29:10 | 00,040,960 | ---- | C] () -- C:\Arquivos de programas\Uninstall_CDS.exe

[2008/11/20 00:29:10 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\CyberLink DVD Solution

[2008/11/18 13:03:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Otávio\Dados de aplicativos\Malwarebytes

[2008/11/18 13:03:04 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2008/11/18 13:03:02 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2008/11/18 13:03:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes

[2008/11/18 13:03:00 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Malwarebytes' Anti-Malware

[2008/11/18 13:02:30 | 02,372,472 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Otávio\Desktop\mbam-setup.exe

[2008/11/17 03:04:29 | 00,446,707 | ---- | C] () -- C:\Documents and Settings\Otávio\Meus documentos\tutorial_dsl500b.pdf

[2008/11/17 01:39:54 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\TibiaBR Cam Lite

[2008/11/17 01:39:24 | 00,923,145 | ---- | C] (TibiaBR ) -- C:\Documents and Settings\Otávio\Desktop\TibiaBRCamLite-1.7.exe

[2008/11/15 03:40:17 | 00,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll

[2008/11/15 03:40:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Real

[2008/11/15 03:32:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\GRETECH

[2008/11/15 03:27:54 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Real Alternative

[2008/11/15 03:25:21 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\GRETECH

[2008/11/14 15:06:42 | 00,001,644 | ---- | C] () -- C:\Documents and Settings\Otávio\Meus documentos\txt_comprovante.gif

[2008/11/14 14:44:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Otávio\Meus documentos\popup_comprovante.jsp_arquivos

[2008/11/14 14:44:52 | 00,007,138 | ---- | C] () -- C:\Documents and Settings\Otávio\Meus documentos\popup_comprovante.jsp.htm

[2008/11/14 02:17:35 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\MSXML 4.0

[2008/11/14 02:17:26 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\OLYMPUS

[2008/11/13 19:19:29 | 01,220,007 | ---- | C] (NGSoft, LLC ) -- C:\Documents and Settings\Otávio\Desktop\setup-4.0.1.exe

[2008/11/13 03:02:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Otávio\Desktop\PenClean

[2008/11/13 03:01:27 | 00,000,000 | ---D | C] -- C:\autorun.inf

[2008/11/13 02:56:14 | 00,310,375 | ---- | C] () -- C:\Documents and Settings\Otávio\Desktop\PenClean.zip

[2008/11/12 15:46:57 | 00,007,168 | -HS- | C] () -- C:\WINDOWS\Thumbs.db

@Alternate Data Stream - 0 bytes -> C:\WINDOWS\Thumbs.db:encryptable

[2008/11/12 15:05:02 | 00,000,000 | ---D | C] -- C:\WMR Recordings

[2008/11/12 15:04:15 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\WinPcap

[2008/11/12 15:04:13 | 00,000,000 | ---D | C] -- C:\Temp

[2008/11/12 15:04:12 | 00,737,280 | ---- | C] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe

[2008/11/12 15:04:11 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\WM Recorder 10

[2008/11/12 13:26:30 | 00,001,769 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2008/11/11 13:27:12 | 00,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2008/11/11 13:27:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Otávio\Dados de aplicativos\skypePM

[2008/11/11 13:22:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Otávio\Dados de aplicativos\Skype

[2008/11/11 13:22:15 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Skype

[2008/11/11 13:22:15 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Skype

[2008/11/11 13:22:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Skype

[2008/11/11 13:18:23 | 22,404,904 | ---- | C] (Skype Technologies S.A.) -- C:\Documents and Settings\Otávio\Desktop\SkypeSetup.exe

[2008/11/10 13:03:45 | 01,217,339 | ---- | C] (NGSoft, LLC ) -- C:\Documents and Settings\Otávio\Desktop\setup-4.0(2).exe

[2008/11/10 11:31:09 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Bonjour

[2008/11/10 11:21:06 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Macrovision Shared

[2008/11/10 02:31:07 | 00,000,663 | ---- | C] () -- C:\Documents and Settings\Otávio\Desktop\ElfBot NG.lnk

[2008/11/10 02:31:07 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\ElfBot NG

[2008/11/10 02:28:01 | 01,205,065 | ---- | C] (NGSoft, LLC ) -- C:\Documents and Settings\Otávio\Desktop\setup-3.5.2.exe

[2008/11/10 02:25:33 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\ElfBot

[2008/11/10 02:08:50 | 01,217,339 | ---- | C] (NGSoft, LLC ) -- C:\Documents and Settings\Otávio\Desktop\setup-4.0.exe

[2008/11/10 02:05:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

@Alternate Data Stream - 225 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:6BE50C2B

[2008/11/09 11:42:50 | 00,000,000 | ---D | C] -- C:\DVDVideoSoft

[2008/11/09 11:41:45 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\AskBarDis

[2008/11/09 11:41:34 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\DVDVideoSoft

[2008/11/09 11:41:34 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\DVDVideoSoft

[2008/11/09 11:02:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Adobe Systems

[2008/11/09 10:53:37 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared

[2008/11/09 10:53:34 | 00,001,802 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Audition 3.0.lnk

[2008/11/08 21:32:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Otávio\Dados de aplicativos\teamspeak2

[2008/11/08 21:32:16 | 00,034,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lhacm.acm

[2008/11/08 21:32:12 | 00,000,705 | ---- | C] () -- C:\Documents and Settings\Otávio\Desktop\Teamspeak 2 RC2.lnk

[2008/11/08 21:32:09 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Teamspeak2_RC2

[2008/11/08 21:30:35 | 05,862,994 | ---- | C] () -- C:\Documents and Settings\Otávio\Desktop\ts2_client_rc2_2032.exe

[2008/11/08 21:27:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Otávio\Meus documentos\Os Meus Registos

[2008/11/08 13:10:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\WEBREG

[2008/11/08 13:07:37 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbscan.sys

[2008/11/08 13:07:37 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys

[2008/11/08 13:00:41 | 00,000,000 | -H-D | C] -- C:\Config.Msi

[2008/11/08 12:58:50 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbprint.sys

[2008/11/08 12:58:50 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys

[2008/11/08 09:03:23 | 00,001,948 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Service Manager.lnk

[2008/11/08 08:59:45 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Winamp

[2008/11/08 03:33:40 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motmodem_01005.Wdf

[2008/11/08 03:33:37 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

[2008/11/08 03:33:25 | 00,023,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe

[2008/11/08 03:30:55 | 00,001,749 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Motorola Phone Tools.lnk

[2008/11/08 03:29:27 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Avanquest update

[2008/11/08 03:28:38 | 01,419,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfcoinstaller01005.dll

[2008/11/08 03:28:38 | 00,021,504 | ---- | C] (Motorola) -- C:\WINDOWS\System32\drivers\motmodem.sys

[2008/11/08 03:28:18 | 00,000,000 | ---D | C] -- C:\Program Files

[2008/11/08 03:28:18 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Motorola Shared

[2008/11/08 03:28:06 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Motorola Phone Tools

[2008/11/08 01:54:05 | 00,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2008/11/08 01:53:53 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mdimon.dll

[2008/11/08 01:51:52 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\DESIGNER

[2008/11/08 01:51:38 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2008/11/08 01:51:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW

[2008/11/08 01:50:31 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Microsoft.NET

[2008/11/08 01:50:30 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Microsoft Office

[2008/11/08 01:47:36 | 00,000,000 | RH-D | C] -- C:\MSOCache

[2008/11/08 01:35:28 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Nero

[2008/11/08 01:33:56 | 00,106,496 | ---- | C] (Pegasus Software) -- C:\WINDOWS\System32\TwnLib20.dll

[2008/11/08 01:33:49 | 01,568,768 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagX7.dll

[2008/11/08 01:33:49 | 00,476,320 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXpr7.dll

[2008/11/08 01:33:49 | 00,471,040 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXRA7.dll

[2008/11/08 01:33:49 | 00,262,144 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXR7.dll

[2008/11/08 01:33:47 | 00,155,648 | ---- | C] (Ahead Software Gmbh) -- C:\WINDOWS\System32\NeroCheck.exe

[2008/11/08 01:33:40 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Ahead

[2008/11/08 01:33:39 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Ahead

[2008/11/08 00:42:27 | 00,000,156 | ---- | C] () -- C:\WINDOWS\Twunk001.MTX

[2008/11/08 00:42:27 | 00,000,003 | ---- | C] () -- C:\WINDOWS\Twain001.Mtx

[2008/11/08 00:42:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Twunk002.MTX

[2008/11/08 00:39:33 | 00,033,340 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dbmsqlgc.dll

[2008/11/08 00:39:33 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dbmsgnet.dll

[2008/11/08 00:39:06 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Microsoft SQL Server

[2008/11/08 00:37:38 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Vstplugins

[2008/11/08 00:37:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Sony

[2008/11/08 00:37:11 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Sony

[2008/11/08 00:28:24 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly

[2008/11/08 00:27:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET

[2008/11/08 00:20:08 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Sony Setup

[2008/11/08 00:15:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\WinAVI Video Converter 9.0

[2008/11/08 00:15:53 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\WinAVI Video Converter 9.0

[2008/11/08 00:05:39 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\K-Lite Codec Pack

[2008/11/07 23:30:15 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\DNA

[2008/11/07 23:30:14 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\BitTorrent

[2008/11/07 22:29:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Otávio\Configurações locais\Dados de aplicativos\Adobe

[2008/11/07 13:21:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss

[2008/11/07 12:48:52 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Otávio\Meus documentos\Minhas Pastas de Compartilhamento.lnk

[2008/11/07 12:47:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE

[2008/11/07 12:47:28 | 00,001,768 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Windows Live Messenger.lnk

[2008/11/07 12:47:23 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\MSN Messenger

[2008/11/07 12:37:10 | 00,000,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts.msn

[2008/11/07 12:11:55 | 00,000,212 | ---- | C] () -- C:\sqmdata03.sqm

[2008/11/07 12:11:55 | 00,000,200 | ---- | C] () -- C:\sqmnoopt03.sqm

[2008/11/07 12:09:50 | 00,000,236 | ---- | C] () -- C:\sqmdata02.sqm

[2008/11/07 12:09:50 | 00,000,200 | ---- | C] () -- C:\sqmnoopt02.sqm

[2008/11/07 12:08:00 | 00,000,272 | ---- | C] () -- C:\sqmdata01.sqm

[2008/11/07 12:08:00 | 00,000,224 | ---- | C] () -- C:\sqmnoopt01.sqm

[2008/11/06 22:48:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\FLEXnet

[2008/11/06 22:45:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Adobe

[2008/11/06 22:36:49 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Adobe

[2008/11/06 22:32:45 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Adobe

[2008/11/06 21:39:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

[2008/11/06 21:06:26 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Messenger Plus! Live

[2008/11/06 12:51:20 | 00,132,597 | ---- | C] () -- C:\Documents and Settings\Otávio\Desktop\Flash_Disinfector.exe

[2008/11/06 12:44:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Otávio\Meus documentos\hijackthis

[2008/11/06 12:44:32 | 00,212,849 | ---- | C] () -- C:\Documents and Settings\Otávio\Meus documentos\hijackthis.zip

[2008/11/06 12:43:43 | 00,000,000 | ---D | C] -- C:\PenClean

[2008/11/06 12:38:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\NVIDIA

[2008/11/06 12:37:35 | 00,000,236 | ---- | C] () -- C:\sqmdata00.sqm

[2008/11/06 12:37:35 | 00,000,200 | ---- | C] () -- C:\sqmnoopt00.sqm

[2008/11/06 08:50:04 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdjpn.dll

[2008/11/06 08:50:04 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdjpn.dll

[2008/11/06 08:50:04 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkor.dll

[2008/11/06 08:50:04 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkor.dll

[2008/11/06 08:50:04 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101c.dll

[2008/11/06 08:50:04 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101b.dll

[2008/11/06 08:50:04 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101c.dll

[2008/11/06 08:50:04 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101b.dll

[2008/11/06 08:50:04 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd103.dll

[2008/11/06 08:50:04 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd103.dll

[2008/11/06 08:50:03 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106.dll

[2008/11/06 08:50:03 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106.dll

[2008/11/05 22:15:37 | 00,000,000 | RHS- | C] () -- C:\Documents and Settings\All Users\Documentos\khq

[2008/11/05 21:54:59 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2008/11/05 21:54:59 | 00,001,781 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk

[2008/11/05 21:54:58 | 00,042,912 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2008/11/05 21:54:58 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2008/11/05 21:54:57 | 00,094,392 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr

[2008/11/05 21:54:56 | 00,094,416 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2008/11/05 21:54:56 | 00,093,264 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2008/11/05 21:54:56 | 00,078,416 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2008/11/05 21:54:56 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2008/11/05 21:54:42 | 01,163,960 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe

[2008/11/05 21:54:42 | 01,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71.dll

[2008/11/05 21:54:42 | 00,499,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSVCP71.dll

[2008/11/05 21:54:42 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx

[2008/11/05 21:54:42 | 00,348,160 | ---- | C] (Microsoft Corporation) --

Compartilhar este post


Link para o post
Compartilhar em outros sites

Nao Consigo postar o outro log aparece o seguinte erro:

Fatal error: Maximum execution time of 30 seconds exceeded in /www/forum/includes/functions.php on line 1745

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro OtavioFFC

Esse diz que você deve esperar 30 segundo entre uma mensagem e outra postada aqui no fórum... agora já pode postar :)

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

os dois Logs estão acima, foi erro meu o ultimo post :>

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro OtavioFFC

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde. [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 08-11-23.02 - Otávio 2008-11-24 14:39:34.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.328 [GMT -2:00]

Executando de: c:\documents and settings\Otávio\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\drivers\npf.sys

c:\windows\system32\hpowiax3.dll

c:\windows\system32\packet.dll

c:\windows\system32\pthreadVC.dll

c:\windows\system32\wanpacket.dll

c:\windows\system32\wpcap.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_NPF

-------\Service_NPF

(((((((((((((((( Arquivos/Ficheiros criados de 2008-10-24 to 2008-11-24 ))))))))))))))))))))))))))))

.

2008-11-23 15:34 . 2008-11-23 15:34 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Thraex Software

2008-11-23 15:34 . 2008-11-23 15:34 200,685 --a------ c:\windows\ADDONS SITECS (NONSTEAM) Uninstaller.exe

2008-11-20 15:58 . 2008-11-20 15:58 <DIR> d-------- c:\documents and settings\Otávio\Dados de aplicativos\GRETECH

2008-11-20 00:50 . 2008-11-20 00:50 <DIR> d-------- c:\documents and settings\Izabella\Dados de aplicativos\CyberLink

2008-11-20 00:50 . 2008-11-20 00:50 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\CyberLink

2008-11-20 00:38 . 2008-11-24 12:15 <DIR> d-------- c:\arquivos de programas\lg_fwupdate

2008-11-20 00:38 . 1998-06-24 00:00 115,016 --a------ c:\windows\system32\MSINET.OCX

2008-11-20 00:38 . 1998-07-22 00:00 102,912 --a------ c:\windows\system32\Vb6stkit.dll

2008-11-20 00:38 . 1998-07-22 00:00 102,160 --a------ c:\windows\system32\VB6KO.DLL

2008-11-20 00:38 . 2006-02-17 14:19 16,384 --a------ c:\windows\system32\lgfwunis.exe

2008-11-20 00:38 . 2008-11-24 12:15 297 --a------ c:\windows\lgfwup.ini

2008-11-20 00:36 . 2008-11-20 00:36 <DIR> d-------- c:\windows\system32\Adobe

2008-11-20 00:36 . 2008-11-20 00:36 <DIR> d-------- c:\windows\Profiles

2008-11-20 00:36 . 2008-11-20 00:36 <DIR> d-------- c:\documents and settings\Izabella\Dados de aplicativos\InterTrust

2008-11-20 00:32 . 2004-07-09 09:43 364,544 --------- c:\windows\system32\TwnLib4.dll

2008-11-20 00:29 . 2008-11-20 00:29 <DIR> d-------- C:\MyWorks

2008-11-20 00:29 . 2008-11-20 00:31 <DIR> d-------- c:\arquivos de programas\CyberLink DVD Solution

2008-11-20 00:29 . 2008-11-20 00:29 <DIR> d-------- c:\arquivos de programas\CyberLink

2008-11-20 00:29 . 2004-10-01 15:00 40,960 --a------ c:\arquivos de programas\Uninstall_CDS.exe

2008-11-19 19:51 . 2008-11-19 19:51 <DIR> d-------- c:\documents and settings\Izabella\Dados de aplicativos\zweitgeist

2008-11-18 13:03 . 2008-11-18 13:03 <DIR> d-------- c:\documents and settings\Otávio\Dados de aplicativos\Malwarebytes

2008-11-18 13:03 . 2008-11-18 13:03 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2008-11-18 13:03 . 2008-11-18 13:03 <DIR> d-------- c:\arquivos de programas\Malwarebytes' Anti-Malware

2008-11-18 13:03 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-11-18 13:03 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-11-17 23:48 . 2008-11-17 23:56 <DIR> d-------- c:\documents and settings\Izabella\Dados de aplicativos\Tibia

2008-11-17 01:39 . 2008-11-17 01:40 <DIR> d-------- c:\arquivos de programas\TibiaBR Cam Lite

2008-11-15 03:32 . 2008-11-15 03:32 <DIR> d-------- c:\documents and settings\Izabella\Dados de aplicativos\GRETECH

2008-11-15 03:32 . 2008-11-15 03:32 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\GRETECH

2008-11-15 03:29 . 2008-11-15 03:29 <DIR> d-------- c:\documents and settings\Izabella\Dados de aplicativos\Media Player Classic

2008-11-15 03:27 . 2008-11-15 03:40 <DIR> d-------- c:\arquivos de programas\Real Alternative

2008-11-15 03:25 . 2008-11-15 03:31 <DIR> d-------- c:\arquivos de programas\GRETECH

2008-11-14 02:17 . 2008-11-14 02:17 <DIR> d-------- c:\arquivos de programas\OLYMPUS

2008-11-14 02:17 . 2008-11-14 02:17 <DIR> d-------- c:\arquivos de programas\MSXML 4.0

2008-11-13 03:03 . 2008-11-13 03:03 <DIR> d-------- c:\documents and settings\Otávio\Dados de aplicativos\HP

2008-11-12 15:46 . 2008-11-12 15:46 7,168 --ahs---- c:\windows\Thumbs.db

2008-11-12 15:05 . 2008-11-12 15:05 <DIR> d-------- C:\WMR Recordings

2008-11-12 15:04 . 2008-11-20 00:42 <DIR> d-------- C:\Temp

2008-11-12 15:04 . 2008-11-12 15:06 <DIR> d-------- c:\arquivos de programas\WM Recorder 10

2008-11-12 15:04 . 2008-11-12 15:04 <DIR> d-------- c:\arquivos de programas\WinPcap

2008-11-12 15:04 . 2008-11-12 15:04 737,280 --a------ c:\windows\iun6002.exe

2008-11-11 13:27 . 2008-11-24 12:15 <DIR> d-------- c:\documents and settings\Otávio\Dados de aplicativos\skypePM

2008-11-11 13:27 . 2008-11-11 13:27 56 --ah----- c:\windows\system32\ezsidmv.dat

2008-11-11 13:22 . 2008-11-24 12:15 <DIR> d-------- c:\documents and settings\Otávio\Dados de aplicativos\Skype

2008-11-11 13:22 . 2008-11-11 13:22 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Skype

2008-11-11 13:22 . 2008-11-11 13:22 <DIR> d-------- c:\arquivos de programas\Skype

2008-11-11 13:22 . 2008-11-11 13:22 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Skype

2008-11-11 10:28 . 2008-11-11 10:28 <DIR> d-------- c:\documents and settings\Zé Antonio\Dados de aplicativos\DivX

2008-11-10 21:09 . 2008-11-10 21:09 <DIR> d-------- c:\documents and settings\Zé Antonio\Dados de aplicativos\HPAppData

2008-11-10 11:31 . 2008-11-10 11:31 <DIR> d-------- c:\arquivos de programas\Bonjour

2008-11-10 11:21 . 2008-11-10 11:21 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Macrovision Shared

2008-11-10 02:31 . 2008-11-23 17:02 <DIR> d-------- c:\arquivos de programas\ElfBot NG

2008-11-10 02:25 . 2008-11-10 02:30 <DIR> d-------- c:\arquivos de programas\ElfBot

2008-11-10 02:05 . 2008-11-24 14:19 <DIR> d-a------ c:\documents and settings\All Users\Dados de aplicativos\TEMP

2008-11-09 11:42 . 2008-11-12 14:52 <DIR> d-------- C:\DVDVideoSoft

2008-11-09 11:41 . 2008-11-12 14:59 <DIR> d-------- c:\arquivos de programas\DVDVideoSoft

2008-11-09 11:41 . 2008-11-12 14:59 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\DVDVideoSoft

2008-11-09 11:02 . 2008-11-09 11:02 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Adobe Systems

2008-11-09 10:53 . 2008-11-09 10:53 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Adobe Systems Shared

2008-11-08 22:10 . 2008-11-08 22:10 <DIR> d-------- c:\documents and settings\Otávio\Dados de aplicativos\HPAppData

2008-11-08 21:32 . 2008-11-08 21:32 <DIR> d-------- c:\documents and settings\Otávio\Dados de aplicativos\teamspeak2

2008-11-08 21:32 . 2008-11-08 21:32 <DIR> d-------- c:\arquivos de programas\Teamspeak2_RC2

2008-11-08 21:32 . 2008-11-08 21:32 34,064 --a------ c:\windows\system32\lhacm.acm

2008-11-08 13:10 . 2008-11-08 13:10 <DIR> d-------- c:\documents and settings\Izabella\Dados de aplicativos\HP

2008-11-08 13:10 . 2008-11-08 13:10 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\WEBREG

2008-11-08 13:08 . 2008-11-08 13:08 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Hewlett-Packard

2008-11-08 13:08 . 2007-03-30 13:07 267,864 -ra------ c:\windows\system32\hpzids01.dll

2008-11-08 13:08 . 2007-03-28 14:01 117,760 --a------ c:\windows\system32\hpzll5ha.dll

2008-11-08 13:08 . 2007-03-08 02:20 49,920 -ra------ c:\windows\system32\drivers\HPZid412.sys

2008-11-08 13:08 . 2007-03-08 02:20 21,568 -ra------ c:\windows\system32\drivers\HPZius12.sys

2008-11-08 13:08 . 2007-03-08 02:20 16,496 -ra------ c:\windows\system32\drivers\HPZipr12.sys

2008-11-08 13:07 . 2007-03-17 14:11 569,344 -ra------ c:\windows\system32\hpotscl3.dll

2008-11-08 13:07 . 2007-03-08 02:20 364,544 -ra------ c:\windows\system32\hppldcoi.dll

2008-11-08 13:07 . 2007-03-17 14:11 303,104 -ra------ c:\windows\system32\hpovst10.dll

2008-11-08 13:07 . 2008-04-13 11:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys

2008-11-08 13:07 . 2008-04-13 11:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys

2008-11-08 13:05 . 2008-11-15 21:14 <DIR> d-------- c:\documents and settings\Izabella\Dados de aplicativos\HPAppData

2008-11-08 13:05 . 2008-11-08 13:05 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\HPSSUPPLY

2008-11-08 13:03 . 2008-11-08 13:03 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\HP Product Assistant

2008-11-08 13:03 . 2008-11-08 13:04 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\HP

2008-11-08 13:03 . 2008-11-08 13:03 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\HP

2008-11-08 13:02 . 2008-11-08 13:02 <DIR> d-------- c:\arquivos de programas\Hewlett-Packard

2008-11-08 13:02 . 2008-11-08 13:02 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Hewlett-Packard

2008-11-08 13:00 . 2008-11-08 13:05 <DIR> d-------- c:\arquivos de programas\HP

2008-11-08 12:59 . 2008-11-21 07:46 152,148 --a------ c:\windows\hpoins14.dat

2008-11-08 12:59 . 2007-09-19 23:14 2,000 --------- c:\windows\hpomdl14.dat

2008-11-08 12:58 . 2008-04-13 11:47 25,856 --a------ c:\windows\system32\drivers\usbprint.sys

2008-11-08 12:58 . 2008-04-13 11:47 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys

2008-11-08 11:56 . 2008-11-15 11:35 <DIR> d-------- c:\documents and settings\Zé Antonio\Contacts

2008-11-08 11:56 . 2008-11-15 11:35 <DIR> d-------- c:\documents and settings\Zé Antonio\Contacts

2008-11-08 08:59 . 2008-11-08 09:06 <DIR> d-------- c:\arquivos de programas\Winamp

2008-11-08 03:33 . 2006-10-08 21:51 23,856 --a------ c:\windows\system32\spupdsvc.exe

2008-11-08 03:33 . 2008-11-08 03:33 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2008-11-08 03:33 . 2008-11-08 03:33 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf

2008-11-08 03:29 . 2008-11-08 03:29 <DIR> d-------- c:\arquivos de programas\Avanquest update

2008-11-08 03:28 . 2008-11-08 03:28 <DIR> d-------- C:\Program Files

2008-11-08 03:28 . 2008-11-08 03:29 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\BVRP Software

2008-11-08 03:28 . 2008-11-08 03:29 <DIR> d-------- c:\arquivos de programas\Motorola Phone Tools

2008-11-08 03:28 . 2008-11-08 03:28 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Motorola Shared

2008-11-08 03:28 . 2006-11-13 14:45 1,419,232 --a------ c:\windows\system32\wdfcoinstaller01005.dll

2008-11-08 03:28 . 2007-02-27 14:31 21,504 --a------ c:\windows\system32\drivers\motmodem.sys

2008-11-08 03:27 . 2008-11-08 03:27 <DIR> d-------- c:\documents and settings\Izabella\Dados de aplicativos\InstallShield

2008-11-08 01:54 . 2008-11-13 03:04 421 --a------ c:\windows\ODBC.INI

2008-11-08 01:53 . 2003-06-19 01:31 17,920 --a------ c:\windows\system32\mdimon.dll

2008-11-08 01:51 . 2008-11-08 01:52 <DIR> d-------- c:\windows\SHELLNEW

2008-11-08 01:51 . 2008-11-24 10:50 116 --a------ c:\windows\NeroDigital.ini

2008-11-08 01:50 . 2008-11-08 01:50 <DIR> d-------- c:\arquivos de programas\Microsoft.NET

2008-11-08 01:47 . 2008-11-08 01:47 <DIR> dr-h----- C:\MSOCache

2008-11-08 01:35 . 2008-11-08 01:35 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Nero

2008-11-08 01:33 . 2008-11-08 01:33 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Ahead

2008-11-08 01:33 . 2008-11-24 14:22 <DIR> d-------- c:\arquivos de programas\Ahead

2008-11-08 01:33 . 2004-07-26 17:16 1,568,768 --------- c:\windows\system32\ImagX7.dll

2008-11-08 01:33 . 2004-07-26 17:16 476,320 --------- c:\windows\system32\ImagXpr7.dll

2008-11-08 01:33 . 2004-07-26 17:16 471,040 --------- c:\windows\system32\ImagXRA7.dll

2008-11-08 01:33 . 2004-07-26 17:16 262,144 --------- c:\windows\system32\ImagXR7.dll

2008-11-08 01:33 . 2001-07-09 11:50 155,648 --a------ c:\windows\system32\NeroCheck.exe

2008-11-08 01:33 . 2000-06-26 11:45 106,496 --a------ c:\windows\system32\TwnLib20.dll

2008-11-08 00:42 . 2008-11-08 00:42 <DIR> d-------- c:\documents and settings\Izabella\Dados de aplicativos\Publish Providers

2008-11-08 00:42 . 2008-11-18 23:33 156 --a------ c:\windows\Twunk001.MTX

2008-11-08 00:42 . 2008-11-18 23:33 3 --a------ c:\windows\Twain001.Mtx

2008-11-08 00:42 . 2008-11-08 00:42 0 --a------ c:\windows\Twunk002.MTX

2008-11-08 00:39 . 2008-11-08 00:39 <DIR> d-------- c:\arquivos de programas\Microsoft SQL Server

2008-11-08 00:39 . 1998-10-29 15:45 306,688 --a------ c:\windows\IsUninst.exe

2008-11-08 00:39 . 2002-12-17 16:23 33,340 --------- c:\windows\system32\dbmsqlgc.dll

2008-11-08 00:39 . 2002-10-20 14:05 24,576 --------- c:\windows\system32\dbmsgnet.dll

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-20 02:38 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2008-11-20 02:28 --------- d-----w c:\arquivos de programas\Arquivos comuns\InstallShield

2008-11-05 19:59 --------- d-----w c:\arquivos de programas\Realtek Sound Manager

2008-11-05 19:59 --------- d-----w c:\arquivos de programas\Realtek AC97

2008-11-05 19:59 --------- d-----w c:\arquivos de programas\AvRack

2008-11-05 19:37 --------- d-----w c:\arquivos de programas\microsoft frontpage

2008-11-05 19:35 --------- d-----w c:\arquivos de programas\Serviços on-line

2008-11-05 19:35 --------- d-----w c:\arquivos de programas\Arquivos comuns\Serviços

2008-11-05 19:33 --------- d-----w c:\arquivos de programas\Windows Media Connect 2

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-01-23 7630848]

"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-13 171520]

"nwiz"="nwiz.exe" [2007-01-23 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

Service Manager.lnk - c:\arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-06-12 02:38 34672 c:\arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2008-04-13 19:20 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2007-03-11 21:34 49152 c:\arquivos de programas\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]

--a------ 2008-11-20 00:39 548864 c:\arquivos de programas\lg_fwupdate\fwupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2007-01-23 23:39 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--a------ 2004-11-02 20:24 32768 c:\arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

-ra------ 2008-09-23 14:17 21755688 c:\arquivos de programas\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2008-11-16 12:31 68856 c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

--a------ 2006-11-17 05:42 577536 c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Valve\\hl.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"=

"c:\\Arquivos de programas\\DNA\\btdna.exe"=

"c:\\Arquivos de programas\\Tibia\\Tibia.exe"=

"c:\\Arquivos de programas\\Valve\\hlds.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-05 78416]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-05 20560]

S3 PciCon;PciCon;\??\D:\PciCon.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb85821b-aba1-11dd-9618-0016ec972036}]

\Shell\AutoRun\command - J:\xih9.cmd

\Shell\explore\Command - J:\xih9.cmd

\Shell\open\Command - J:\xih9.cmd

.

Conteúdo da pasta 'Tarefas Agendadas'

2008-11-24 c:\windows\Tasks\WebReg Deskjet F4100 series.job

- c:\arquivos de programas\HP\Digital Imaging\bin\hpqwrg.exe [2007-03-11 21:27]

.

- - - - ORFÃOS REMOVIDOS - - - -

HKCU-Run-MsnMsgr - c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe

MSConfigStartUp-InCD - c:\arquivos de programas\Ahead\InCD\InCD.exe

.

------- Scan Suplementar -------

.

FireFox -: Profile - c:\documents and settings\Otávio\Dados de aplicativos\Mozilla\Firefox\Profiles\3iximq8t.default\

FF -: plugin - c:\arquivos de programas\DNA\plugins\npbtdna.dll

FF -: plugin - c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF -: plugin - c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF -: plugin - c:\arquivos de programas\Mozilla Firefox\plugins\npbittorrent.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-24 14:44:15

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

c:\arquivos de programas\Alwil Software\Avast4\ashServ.exe

c:\arquivos de programas\Bonjour\mDNSResponder.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\snmp.exe

c:\arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

c:\arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

c:\windows\system32\wscntfy.exe

c:\arquivos de programas\HP\Digital Imaging\bin\hpqste08.exe

.

**************************************************************************

.

Tempo para conclusão: 2008-11-24 14:46:46 - Máquina reiniciou

ComboFix-quarantined-files.txt 2008-11-24 16:46:43

Pré-execução: 18 pasta(s) 42.787.143.680 bytes disponíveis

Pós execução: 18 pasta(s) 43,353,468,928 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

273

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro OtavioFFC

Etapa nº 1 #

Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

>>>> ATENÇÃO: Conecte em seu computador PenDrive, MP3 player, etc!

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":

File::
J:\xih9.cmd

Firefox::
FireFox -: Profile - c:\documents and settings\Otávio\Dados de aplicativos\Mozilla\Firefox\Profiles\3iximq8t.defa ult\
FF -: plugin - c:\arquivos de programas\DNA\plugins\npbtdna.dll
FF -: plugin - c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF -: plugin - c:\arquivos de programas\Mozilla Firefox\plugins\npbittorrent.dll

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb85821b-aba1-11dd-9618-0016ec972036}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{3041D03E-FD4B-44E0-B742-2D9B88305F98}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Ask Toolbar_is1"=-

Salve este arquivo como: CFScript.txt

2872959479_997d4500c4_o.gif

Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para dentro do ComboFix.exe. Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

Etapa nº 2 #

Vá até 4y6d3b8.gif" Jotti's malware scan ":

  • Na caixa que fica em cima (File to upload & scan);
  • Copie e cole o seguinte:
    C:\WINDOWS\lgfwup.ini
  • Clique no botão 688godt.jpg
  • O arquivo irá ser examinado por diferentes programas antivirus, por favor aguarde.
  • Copie e cole esse resultado, juntamente com novo log do HijackThis.

Se o site acima estiver muito congestionado, tente num desses sites:

Alternativa 1

Alternativa 2

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 08-11-23.02 - Otávio 2008-11-25 11:45:44.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.212 [GMT -2:00]

Executando de: c:\documents and settings\Otávio\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Otávio\Desktop\CFScript.txt

* Criado um novo ponto de restauro

FILE ::

J:\xih9.cmd

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-10-25 to 2008-11-25 ))))))))))))))))))))))))))))

.

2008-11-25 11:35 . 2008-11-25 11:36 <DIR> d-------- c:\windows\LastGood

2008-11-25 08:02 . 2008-11-25 08:02 <DIR> d-------- c:\documents and settings\Zé Antonio\Dados de aplicativos\Winamp

2008-11-24 23:13 . 2008-11-24 23:14 23,392 --a------ c:\windows\system32\nscompat.tlb

2008-11-24 23:13 . 2008-11-24 23:14 16,832 --a------ c:\windows\system32\amcompat.tlb

2008-11-24 22:25 . 2008-11-24 23:04 <DIR> d-------- c:\documents and settings\Izabella\Dados de aplicativos\Winamp

2008-11-24 21:52 . 2008-11-25 08:27 <DIR> d-------- c:\documents and settings\Zé Antonio\Dados de aplicativos\Skype

2008-11-24 17:07 . 2008-11-24 17:07 <DIR> d-------- c:\arquivos de programas\TibiaBR Cam Pro

2008-11-23 15:34 . 2008-11-23 15:34 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Thraex Software

2008-11-23 15:34 . 2008-11-23 15:34 200,685 --a------ c:\windows\ADDONS SITECS (NONSTEAM) Uninstaller.exe

2008-11-20 15:58 . 2008-11-20 15:58 <DIR> d-------- c:\documents and settings\Otávio\Dados de aplicativos\GRETECH

2008-11-20 00:50 . 2008-11-20 00:50 <DIR> d-------- c:\documents and settings\Izabella\Dados de aplicativos\CyberLink

2008-11-20 00:50 . 2008-11-20 00:50 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\CyberLink

2008-11-20 00:38 . 2008-11-25 11:36 <DIR> d-------- c:\arquivos de programas\lg_fwupdate

2008-11-20 00:38 . 1998-06-24 00:00 115,016 --a------ c:\windows\system32\MSINET.OCX

2008-11-20 00:38 . 1998-07-22 00:00 102,912 --a------ c:\windows\system32\Vb6stkit.dll

2008-11-20 00:38 . 1998-07-22 00:00 102,160 --a------ c:\windows\system32\VB6KO.DLL

2008-11-20 00:38 . 2006-02-17 14:19 16,384 --a------ c:\windows\system32\lgfwunis.exe

2008-11-20 00:38 . 2008-11-25 11:35 297 --a------ c:\windows\lgfwup.ini

2008-11-20 00:36 . 2008-11-20 00:36 <DIR> d-------- c:\windows\system32\Adobe

2008-11-20 00:36 . 2008-11-20 00:36 <DIR> d-------- c:\windows\Profiles

2008-11-20 00:36 . 2008-11-20 00:36 <DIR> d-------- c:\documents and settings\Izabella\Dados de aplicativos\InterTrust

2008-11-20 00:32 . 2004-07-09 09:43 364,544 --------- c:\windows\system32\TwnLib4.dll

2008-11-20 00:29 . 2008-11-20 00:29 <DIR> d-------- C:\MyWorks

2008-11-20 00:29 . 2008-11-20 00:31 <DIR> d-------- c:\arquivos de programas\CyberLink DVD Solution

2008-11-20 00:29 . 2008-11-20 00:29 <DIR> d-------- c:\arquivos de programas\CyberLink

2008-11-20 00:29 . 2004-10-01 15:00 40,960 --a------ c:\arquivos de programas\Uninstall_CDS.exe

2008-11-19 19:51 . 2008-11-19 19:51 <DIR> d-------- c:\documents and settings\Izabella\Dados de aplicativos\zweitgeist

2008-11-18 13:03 . 2008-11-18 13:03 <DIR> d-------- c:\documents and settings\Otávio\Dados de aplicativos\Malwarebytes

2008-11-18 13:03 . 2008-11-18 13:03 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2008-11-18 13:03 . 2008-11-18 13:03 <DIR> d-------- c:\arquivos de programas\Malwarebytes' Anti-Malware

2008-11-18 13:03 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-11-18 13:03 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-11-17 23:48 . 2008-11-17 23:56 <DIR> d-------- c:\documents and settings\Izabella\Dados de aplicativos\Tibia

2008-11-17 01:39 . 2008-11-17 01:40 <DIR> d-------- c:\arquivos de programas\TibiaBR Cam Lite

2008-11-15 03:32 . 2008-11-15 03:32 <DIR> d-------- c:\documents and settings\Izabella\Dados de aplicativos\GRETECH

2008-11-15 03:32 . 2008-11-15 03:32 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\GRETECH

2008-11-15 03:29 . 2008-11-15 03:29 <DIR> d-------- c:\documents and settings\Izabella\Dados de aplicativos\Media Player Classic

2008-11-15 03:27 . 2008-11-15 03:40 <DIR> d-------- c:\arquivos de programas\Real Alternative

2008-11-15 03:25 . 2008-11-15 03:31 <DIR> d-------- c:\arquivos de programas\GRETECH

2008-11-14 02:17 . 2008-11-14 02:17 <DIR> d-------- c:\arquivos de programas\OLYMPUS

2008-11-14 02:17 . 2008-11-14 02:17 <DIR> d-------- c:\arquivos de programas\MSXML 4.0

2008-11-13 03:03 . 2008-11-13 03:03 <DIR> d-------- c:\documents and settings\Otávio\Dados de aplicativos\HP

2008-11-12 15:46 . 2008-11-12 15:46 7,168 --ahs---- c:\windows\Thumbs.db

2008-11-12 15:05 . 2008-11-12 15:05 <DIR> d-------- C:\WMR Recordings

2008-11-12 15:04 . 2008-11-20 00:42 <DIR> d-------- C:\Temp

2008-11-12 15:04 . 2008-11-12 15:06 <DIR> d-------- c:\arquivos de programas\WM Recorder 10

2008-11-12 15:04 . 2008-11-12 15:04 <DIR> d-------- c:\arquivos de programas\WinPcap

2008-11-12 15:04 . 2008-11-12 15:04 737,280 --a------ c:\windows\iun6002.exe

2008-11-11 13:27 . 2008-11-24 12:15 <DIR> d-------- c:\documents and settings\Otávio\Dados de aplicativos\skypePM

2008-11-11 13:27 . 2008-11-11 13:27 56 --ah----- c:\windows\system32\ezsidmv.dat

2008-11-11 13:22 . 2008-11-24 12:15 <DIR> d-------- c:\documents and settings\Otávio\Dados de aplicativos\Skype

2008-11-11 13:22 . 2008-11-11 13:22 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Skype

2008-11-11 13:22 . 2008-11-11 13:22 <DIR> d-------- c:\arquivos de programas\Skype

2008-11-11 13:22 . 2008-11-11 13:22 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Skype

2008-11-11 10:28 . 2008-11-11 10:28 <DIR> d-------- c:\documents and settings\Zé Antonio\Dados de aplicativos\DivX

2008-11-10 21:09 . 2008-11-10 21:09 <DIR> d-------- c:\documents and settings\Zé Antonio\Dados de aplicativos\HPAppData

2008-11-10 11:31 . 2008-11-10 11:31 <DIR> d-------- c:\arquivos de programas\Bonjour

2008-11-10 11:21 . 2008-11-10 11:21 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Macrovision Shared

2008-11-10 02:31 . 2008-11-23 17:02 <DIR> d-------- c:\arquivos de programas\ElfBot NG

2008-11-10 02:25 . 2008-11-10 02:30 <DIR> d-------- c:\arquivos de programas\ElfBot

2008-11-10 02:05 . 2008-11-24 18:24 <DIR> d-a------ c:\documents and settings\All Users\Dados de aplicativos\TEMP

2008-11-09 11:42 . 2008-11-12 14:52 <DIR> d-------- C:\DVDVideoSoft

2008-11-09 11:41 . 2008-11-12 14:59 <DIR> d-------- c:\arquivos de programas\DVDVideoSoft

2008-11-09 11:41 . 2008-11-12 14:59 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\DVDVideoSoft

2008-11-09 11:02 . 2008-11-09 11:02 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Adobe Systems

2008-11-09 10:53 . 2008-11-09 10:53 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Adobe Systems Shared

2008-11-08 22:10 . 2008-11-08 22:10 <DIR> d-------- c:\documents and settings\Otávio\Dados de aplicativos\HPAppData

2008-11-08 21:32 . 2008-11-08 21:32 <DIR> d-------- c:\documents and settings\Otávio\Dados de aplicativos\teamspeak2

2008-11-08 21:32 . 2008-11-08 21:32 <DIR> d-------- c:\arquivos de programas\Teamspeak2_RC2

2008-11-08 21:32 . 2008-11-08 21:32 34,064 --a------ c:\windows\system32\lhacm.acm

2008-11-08 13:10 . 2008-11-08 13:10 <DIR> d-------- c:\documents and settings\Izabella\Dados de aplicativos\HP

2008-11-08 13:10 . 2008-11-08 13:10 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\WEBREG

2008-11-08 13:08 . 2008-11-08 13:08 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Hewlett-Packard

2008-11-08 13:08 . 2007-03-30 13:07 267,864 -ra------ c:\windows\system32\hpzids01.dll

2008-11-08 13:08 . 2007-03-28 14:01 117,760 --a------ c:\windows\system32\hpzll5ha.dll

2008-11-08 13:08 . 2007-03-08 02:20 49,920 -ra------ c:\windows\system32\drivers\HPZid412.sys

2008-11-08 13:08 . 2007-03-08 02:20 21,568 -ra------ c:\windows\system32\drivers\HPZius12.sys

2008-11-08 13:08 . 2007-03-08 02:20 16,496 -ra------ c:\windows\system32\drivers\HPZipr12.sys

2008-11-08 13:07 . 2007-03-17 14:11 569,344 -ra------ c:\windows\system32\hpotscl3.dll

2008-11-08 13:07 . 2007-03-08 02:20 364,544 -ra------ c:\windows\system32\hppldcoi.dll

2008-11-08 13:07 . 2007-03-17 14:11 303,104 -ra------ c:\windows\system32\hpovst10.dll

2008-11-08 13:07 . 2008-04-13 11:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys

2008-11-08 13:07 . 2008-04-13 11:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys

2008-11-08 13:05 . 2008-11-15 21:14 <DIR> d-------- c:\documents and settings\Izabella\Dados de aplicativos\HPAppData

2008-11-08 13:05 . 2008-11-08 13:05 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\HPSSUPPLY

2008-11-08 13:03 . 2008-11-08 13:03 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\HP Product Assistant

2008-11-08 13:03 . 2008-11-08 13:04 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\HP

2008-11-08 13:03 . 2008-11-08 13:03 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\HP

2008-11-08 13:02 . 2008-11-08 13:02 <DIR> d-------- c:\arquivos de programas\Hewlett-Packard

2008-11-08 13:02 . 2008-11-08 13:02 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Hewlett-Packard

2008-11-08 13:00 . 2008-11-08 13:05 <DIR> d-------- c:\arquivos de programas\HP

2008-11-08 12:59 . 2008-11-21 07:46 152,148 --a------ c:\windows\hpoins14.dat

2008-11-08 12:59 . 2007-09-19 23:14 2,000 --------- c:\windows\hpomdl14.dat

2008-11-08 12:58 . 2008-04-13 11:47 25,856 --a------ c:\windows\system32\drivers\usbprint.sys

2008-11-08 12:58 . 2008-04-13 11:47 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys

2008-11-08 11:56 . 2008-11-15 11:35 <DIR> d-------- c:\documents and settings\Zé Antonio\Contacts

2008-11-08 11:56 . 2008-11-15 11:35 <DIR> d-------- c:\documents and settings\Zé Antonio\Contacts

2008-11-08 08:59 . 2008-11-24 22:26 <DIR> d-------- c:\arquivos de programas\Winamp

2008-11-08 03:33 . 2006-10-08 21:51 23,856 --a------ c:\windows\system32\spupdsvc.exe

2008-11-08 03:33 . 2008-11-08 03:33 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2008-11-08 03:33 . 2008-11-08 03:33 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf

2008-11-08 03:29 . 2008-11-08 03:29 <DIR> d-------- c:\arquivos de programas\Avanquest update

2008-11-08 03:28 . 2008-11-08 03:28 <DIR> d-------- C:\Program Files

2008-11-08 03:28 . 2008-11-08 03:29 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\BVRP Software

2008-11-08 03:28 . 2008-11-08 03:29 <DIR> d-------- c:\arquivos de programas\Motorola Phone Tools

2008-11-08 03:28 . 2008-11-08 03:28 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Motorola Shared

2008-11-08 03:28 . 2006-11-13 14:45 1,419,232 --a------ c:\windows\system32\wdfcoinstaller01005.dll

2008-11-08 03:28 . 2007-02-27 14:31 21,504 --a------ c:\windows\system32\drivers\motmodem.sys

2008-11-08 03:27 . 2008-11-08 03:27 <DIR> d-------- c:\documents and settings\Izabella\Dados de aplicativos\InstallShield

2008-11-08 01:54 . 2008-11-13 03:04 421 --a------ c:\windows\ODBC.INI

2008-11-08 01:53 . 2003-06-19 01:31 17,920 --a------ c:\windows\system32\mdimon.dll

2008-11-08 01:51 . 2008-11-08 01:52 <DIR> d-------- c:\windows\SHELLNEW

2008-11-08 01:51 . 2008-11-24 10:50 116 --a------ c:\windows\NeroDigital.ini

2008-11-08 01:50 . 2008-11-08 01:50 <DIR> d-------- c:\arquivos de programas\Microsoft.NET

2008-11-08 01:47 . 2008-11-08 01:47 <DIR> dr-h----- C:\MSOCache

2008-11-08 01:35 . 2008-11-08 01:35 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Nero

2008-11-08 01:33 . 2008-11-08 01:33 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Ahead

2008-11-08 01:33 . 2008-11-24 14:22 <DIR> d-------- c:\arquivos de programas\Ahead

2008-11-08 01:33 . 2004-07-26 17:16 1,568,768 --------- c:\windows\system32\ImagX7.dll

2008-11-08 01:33 . 2004-07-26 17:16 476,320 --------- c:\windows\system32\ImagXpr7.dll

2008-11-08 01:33 . 2004-07-26 17:16 471,040 --------- c:\windows\system32\ImagXRA7.dll

2008-11-08 01:33 . 2004-07-26 17:16 262,144 --------- c:\windows\system32\ImagXR7.dll

2008-11-08 01:33 . 2001-07-09 11:50 155,648 --a------ c:\windows\system32\NeroCheck.exe

2008-11-08 01:33 . 2000-06-26 11:45 106,496 --a------ c:\windows\system32\TwnLib20.dll

2008-11-08 00:42 . 2008-11-08 00:42 <DIR> d-------- c:\documents and settings\Izabella\Dados de aplicativos\Publish Providers

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-20 02:38 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2008-11-20 02:28 --------- d-----w c:\arquivos de programas\Arquivos comuns\InstallShield

2008-11-05 19:59 --------- d-----w c:\arquivos de programas\Realtek Sound Manager

2008-11-05 19:59 --------- d-----w c:\arquivos de programas\Realtek AC97

2008-11-05 19:59 --------- d-----w c:\arquivos de programas\AvRack

2008-11-05 19:37 --------- d-----w c:\arquivos de programas\microsoft frontpage

2008-11-05 19:35 --------- d-----w c:\arquivos de programas\Serviços on-line

2008-11-05 19:35 --------- d-----w c:\arquivos de programas\Arquivos comuns\Serviços

2008-11-05 19:33 --------- d-----w c:\arquivos de programas\Windows Media Connect 2

2008-10-16 16:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 16:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 16:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 16:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 16:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 16:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 16:09 43,544 ----a-w c:\windows\system32\wups2.dll

.

((((((((((((((((((((((((((((( snapshot@2008-11-24_14.46.22.92 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-04-13 21:20:26 66,560 ----a-w c:\windows\LastGood\system32\cdm.dll

+ 2008-04-13 21:20:46 431,616 ----a-w c:\windows\LastGood\system32\wuapi.dll

+ 2008-04-13 21:21:26 111,616 ----a-w c:\windows\LastGood\system32\wuauclt.exe

+ 2008-04-13 21:20:46 1,135,616 ----a-w c:\windows\LastGood\system32\wuaueng.dll

+ 2008-04-13 21:20:48 113,152 ----a-w c:\windows\LastGood\system32\wucltui.dll

+ 2008-04-13 21:20:48 32,256 ----a-w c:\windows\LastGood\system32\wups.dll

+ 2008-04-13 21:20:48 120,320 ----a-w c:\windows\LastGood\system32\wuweb.dll

+ 2008-11-25 13:38:56 1,940 ----a-w c:\windows\SoftwareDistribution\EventCache\{50A282AD-3271-4E14-AF67-A59265F1D43C}.bin

- 2008-04-13 21:20:26 66,560 -c--a-w c:\windows\system32\dllcache\cdm.dll

+ 2008-10-16 16:09:44 92,696 -c--a-w c:\windows\system32\dllcache\cdm.dll

- 2008-04-13 21:20:46 431,616 -c--a-w c:\windows\system32\dllcache\wuapi.dll

+ 2008-10-16 16:12:20 561,688 -c--a-w c:\windows\system32\dllcache\wuapi.dll

- 2008-04-13 21:21:26 111,616 -c--a-w c:\windows\system32\dllcache\wuauclt.exe

+ 2008-10-16 16:09:44 51,224 -c--a-w c:\windows\system32\dllcache\wuauclt.exe

- 2008-04-13 21:20:46 1,135,616 -c--a-w c:\windows\system32\dllcache\wuaueng.dll

+ 2008-10-16 16:13:40 1,809,944 -c--a-w c:\windows\system32\dllcache\wuaueng.dll

- 2008-04-13 21:20:48 113,152 -c--a-w c:\windows\system32\dllcache\wucltui.dll

+ 2008-10-16 16:12:22 323,608 -c--a-w c:\windows\system32\dllcache\wucltui.dll

- 2008-04-13 21:20:48 120,320 -c--a-w c:\windows\system32\dllcache\wuweb.dll

+ 2008-10-16 16:13:40 202,776 -c--a-w c:\windows\system32\dllcache\wuweb.dll

+ 2008-10-16 16:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll

- 2006-10-08 23:51:14 14,640 ------w c:\windows\system32\spmsg.dll

+ 2006-09-25 19:58:48 14,640 ------w c:\windows\system32\spmsg.dll

- 2008-05-07 03:53:37 38,400 ----a-w c:\windows\system32\wpdshextres.dll

+ 2006-11-02 13:52:56 41,984 ----a-w c:\windows\system32\wpdshextres.dll

+ 2008-11-25 09:27:43 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_14c.dat

+ 2008-11-25 09:27:39 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5c8.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\arquivos de programas\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-01-23 7630848]

"RemoteControl"="c:\arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-01-23 86016]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"LGODDFU"="c:\arquivos de programas\lg_fwupdate\fwupdate.exe" [2008-11-20 548864]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"WinampAgent"="c:\arquivos de programas\Winamp\winampa.exe" [2008-08-03 36352]

"nwiz"="nwiz.exe" [2007-01-23 c:\windows\system32\nwiz.exe]

"SoundMan"="SOUNDMAN.EXE" [2006-11-17 c:\windows\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

Service Manager.lnk - c:\arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Valve\\hl.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"=

"c:\\Arquivos de programas\\DNA\\btdna.exe"=

"c:\\Arquivos de programas\\Tibia\\Tibia.exe"=

"c:\\Arquivos de programas\\Valve\\hlds.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-05 78416]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-05 20560]

S3 PciCon;PciCon;\??\D:\PciCon.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - BITS

.

Conteúdo da pasta 'Tarefas Agendadas'

2008-11-25 c:\windows\Tasks\WebReg Deskjet F4100 series.job

- c:\arquivos de programas\HP\Digital Imaging\bin\hpqwrg.exe [2007-03-11 21:27]

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-25 11:48:05

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-11-25 11:48:55

ComboFix-quarantined-files.txt 2008-11-25 13:48:41

ComboFix2.txt 2008-11-24 16:46:47

Pré-execução: 18 pasta(s) 43,382,218,752 bytes disponíveis

Pós execução: 18 pasta(s) 43,397,545,984 bytes disponíveis

255

Antivírus Versão Última Atualização Resultado

AhnLab-V3 2008.11.24.3 2008.11.25 -

AntiVir 7.9.0.35 2008.11.25 -

Authentium 5.1.0.4 2008.11.25 -

Avast 4.8.1281.0 2008.11.24 -

AVG 8.0.0.199 2008.11.25 -

BitDefender 7.2 2008.11.25 -

CAT-QuickHeal 10.00 2008.11.25 -

ClamAV 0.94.1 2008.11.25 -

DrWeb 4.44.0.09170 2008.11.25 -

eSafe 7.0.17.0 2008.11.25 -

eTrust-Vet 31.6.6227 2008.11.25 -

Ewido 4.0 2008.11.25 -

F-Prot 4.4.4.56 2008.11.24 -

F-Secure 8.0.14332.0 2008.11.25 -

Fortinet 3.117.0.0 2008.11.25 -

GData 19 2008.11.25 -

Ikarus T3.1.1.45.0 2008.11.25 -

K7AntiVirus 7.10.532 2008.11.24 -

Kaspersky 7.0.0.125 2008.11.25 -

McAfee 5444 2008.11.24 -

McAfee+Artemis 5444 2008.11.24 -

Microsoft 1.4104 2008.11.25 -

NOD32 3638 2008.11.25 -

Norman 5.80.02 2008.11.25 -

Panda 9.0.0.4 2008.11.25 -

PCTools 4.4.2.0 2008.11.25 -

Prevx1 V2 2008.11.25 -

Rising 21.05.12.00 2008.11.25 -

SecureWeb-Gateway 6.7.6 2008.11.25 -

Sophos 4.35.0 2008.11.25 -

Sunbelt 3.1.1823.2 2008.11.22 -

Symantec 10 2008.11.25 -

TheHacker 6.3.1.1.162 2008.11.25 -

TrendMicro 8.700.0.1004 2008.11.25 -

VBA32 None 2008.11.24 -

ViRobot 2008.11.25.1485 2008.11.25 -

VirusBuster 4.5.11.0 2008.11.24 -

Informações adicionais

File size: 297 bytes

MD5...: 73b4c18155c3f71140dbcf67e6e725f2

SHA1..: 0b7f8043fabb26b96600f041ef9cce69fc401d61

SHA256: d59fcd2a7d6e038c7477b193403352955709574b84958fd475f5aa7185a62745

SHA512: d2741532ad4c14cade0ed335b8a040d899168604f9546d8b128ea9abb323361c

95e40643f78ec7bf5e9835ca980659872a8cb554efd40e8dd7dd4c9373a4e876

ssdeep: 6:IJfpV7Ebv0LWEoMZDAMNcwojnol8nvWQALnJNX9pfeyKw1:uBV2aWB+MCrAoSn

MX9pGg1

PEiD..: -

TrID..: File type identification

Generic INI configuration (100.0%)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ahh e outra coisa, após usar o ComboFix Meu antivirus nao abre mais, é o avast, ele nao abre mais os residentes com a inicialização do computador.... E outra problema, o windows media player e o scanner da impressora nao abrem mais nos outros usuarios do computador, só no meu..

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro OtavioFFC

Temporariamente desative o seu anti-virus!

Faça um Online Scan em kaspersky Virusscanner

  • Clique em Clipboard01-1.jpg
  • Quando questionando para instalar o ActiveX, clique Clipboard015.jpg
  • Aguarde a instalação e a atualização e depois clique em Clipboard013.jpg
  • Clique agora em Clipboard016.jpg
  • Nas opções do scan (settings), certifique-se que as entradas abaixo estão selecionadas:
    • Scan using the following Anti-Virus database:

    • Extended (if available otherwise Standard)
  • Scan Options:

  • Scan Archives Scan Mail Bases
Clique Clipboard014.jpgClique em My Computer para que seja feito um Scan completo no seu sistema.Será inciaido o scan e poderá demorar um pouco. Seja paciente e aguarde.No final do Scan, clique no botão Save as TextSalve o log com os resultados e cole o conteúdo na sua próxima mensagem.Gere e cole também um novo log do HijackThis.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×