Ir ao conteúdo
  • Cadastre-se
Entre para seguir isso  
OtavioFFC

Analise meu log

Recommended Posts

Logfile of HijackThis v1.99.1

Scan saved at 12:44:51, on 6/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\snmp.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Otávio\Meus documentos\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar\01.01.2607.0\en-us\msntb.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O11 - Options group: [TABS] Tabbed Browsing

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{C1DFFBB9-78FA-4C2D-93E4-2C71D65DB0C0}: NameServer = 200.175.182.139,200.175.5.139

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro OtavioFFC

Desculpe-nos pela demora mas, se ainda precisa de ajuda, por favor siga as instruções deste tópico:

Leia Antes de Postar - Criando um novo Tópico

ATENÇÃO: Não precisa abrir um novo tópico, coloque os novos logs neste mesmo, obrigado!

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of HijackThis v1.99.1

Scan saved at 15:17:40, on 11/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Teamspeak2_RC2\TeamSpeak.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Media Player\wmplayer.exe

C:\Arquivos de programas\Tibia\Tibia.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Documents and Settings\Otávio\Meus documentos\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar\01.01.2607.0\en-us\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Service Manager.lnk = C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O11 - Options group: [TABS] Tabbed Browsing

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{C1DFFBB9-78FA-4C2D-93E4-2C71D65DB0C0}: NameServer = 200.175.182.139,200.175.5.139

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro OtavioFFC

Faça o download do Malwarebytes Anti-Malware:

  • Link1
  • Link alternativo
    • Duplo-clique em mbam-setup.exe, escolha a linguagem e siga as instruções para o software ser instalado.
    • Certifique-se que marca a caixa Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em concluir.
    • Se existirem atualizações, elas serão baixadas e instaladas.
    • Quando as atualizações terminarem, abrirá uma janela do programa. Marque "Verificação Rápida", e depois clique no botão Verificar.
    • O scan iniciará e poderá ser demorado. Por favor seja paciente.
    • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.
    • Se algo for encontrado, certifique-se que tudo está marcado e clique em Remover.
    • Quando a desinfecção terminar, automaticamente um log surgirá aberto num documento do Bloco de Notas e pode ser questionado para reiniciar o PC. (Leia a nota)
    • O log é automaticamente guardado e pode ser consultado clicando na tab Logs do menu principal.
    • Copie e cole o conteúdo desse log na sua próxima resposta.

Nota: Em infecções mais complicadas, poderá haver a necessidade de reiniciar o PC. Caso lhe seja pedido para reiniciar o PC, por favor, faça-o imediatamente.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Malwarebytes' Anti-Malware 1.30

Versão do banco de dados: 1408

Windows 5.1.2600 Service Pack 3

18/11/2008 13:08:25

mbam-log-2008-11-18 (13-08-25).txt

Tipo de Verificação: Rápida

Objetos verificados: 57061

Tempo decorrido: 4 minute(s), 36 second(s)

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 1

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 0

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

Chaves do Registro infectadas:

HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

Arquivos infectados:

(Nenhum ítem malicioso foi detectado)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro OtavioFFC

Faça o download de OTListIt e salve no desktop.

  • Duplo clique no icone da ferrameta que está no seu desktop.
  • Clique emk Run Scan e deixe a ferramenta ser executada.
  • Quando a ferramenta finalizar o scan, gerará dois arquivos texto:
    • OTViewIt.Txt <- Será automaticamente aberto no Bloco de Notas
    • Extras.txt <- estará no desktop

    [*] Copie (Ctrl+C) e cole (Ctrl+V) todo o conteudo do arquivo OTViewIt.Txt e do Extras.txt na sua proxima resposta.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

OTListIt Extras logfile created on: 20/11/2008 18:18:43 - Run

OTListIt by OldTimer - Version 1.0.12.0 Folder = C:\Documents and Settings\Otávio\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

511,29 Mb Total Physical Memory | 99,90 Mb Available Physical Memory | 19,54% Memory free

1,22 Gb Paging File | 0,81 Gb Available in Paging File | 66,01% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 74,52 Gb Total Space | 40,41 Gb Free Space | 54,23% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: OTAVIO

Current User Name: Otávio

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Whitelist: On

File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[2008/04/13 11:53:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[2007/01/19 12:54:34 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1

[2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[2008/04/13 11:53:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[2005/09/29 23:42:57 | 00,081,920 | ---- | M] (Valve) -- C:\Arquivos de programas\Valve\hl.exe:*:Enabled:Half-Life Launcher

[2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Arquivos de programas\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour

[2007/01/19 12:54:34 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1

[2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[2008/10/23 20:23:32 | 00,634,672 | ---- | M] (BitTorrent, Inc.) -- C:\Arquivos de programas\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

File not found -- C:\Arquivos de programas\Winamp Remote\bin\Orb.exe:*:Enabled:Orb

File not found -- C:\Arquivos de programas\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray

File not found -- C:\Arquivos de programas\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client

[2008/11/11 21:26:44 | 00,342,336 | ---- | M] (BitTorrent, Inc.) -- C:\Arquivos de programas\DNA\btdna.exe:*:Enabled:DNA

[2008/10/01 14:43:58 | 02,347,008 | ---- | M] (CipSoft GmbH) -- C:\Arquivos de programas\Tibia\Tibia.exe:*:Enabled:Tibia Player

[2008/09/23 14:17:06 | 21,755,688 | R--- | M] (Skype Technologies S.A.) -- C:\Arquivos de programas\Skype\Phone\Skype.exe:*:Enabled:Skype

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp

"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch

"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher

"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform

"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{251C3815-7A55-4607-A82D-C3B98F0FBAB8}" = Sony Vegas 7.0

"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3

"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg

"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan

"{3324A5DC-C7F6-430A-ACC8-F251CD8F4FC7}" = Motorola Driver Installation

"{350C9416-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{37FD253D-5064-4034-8CEC-CC3995F823A4}" = Windows Live Messenger

"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3

"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing

"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply

"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings

"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0

"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport

"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3

"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8

"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3

"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{71A41426-C7A4-4DCF-A9ED-C5B4B105ED1D}" = Sony Media Manager 2.2

"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update

"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client

"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3

"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01

"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01

"{8984E374-6C93-427C-A3B9-AD92472FDCA0}" = Assistente de Conexão do Windows Live

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3

"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support

"{90110416-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edição 2003

"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3

"{934F3C42-83E5-49EB-81C6-C22F9BB6E9B7}" = Motorola Phone Tools

"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings

"{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}" = Counter-Strike 1.6

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3

"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps

"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A6B90148-02C5-4fd3-8D7A-EF2386835CB9}" = F4100_Help

"{A6C265BE-E2C1-483e-843D-6B4C1E912AE0}" = F4100

"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings

"{AC76BA86-7AD7-1046-7B44-A90000000001}" = Adobe Reader 9 - Português

"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant

"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0

"{B4509BCE-7BAD-4a8c-B1AE-4D0CE7467C42}" = F4100_doccd

"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min

"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer

"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution

"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3

"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools

"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter

"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2

"{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software

"{CB49B376-1136-44B4-83FA-036334B59937}" = OLYMPUS Master 2

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client

"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component

"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files

"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings

"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer

"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings

"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)

"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm

"{E548726E-F4E8-459f-BAB8-45551BC071E9}" = DJ_AIO_ProductContext

"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3

"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox

"{EBD5E7A9-DBB8-4E24-AE3A-CF9390AF1CCB}" = Choice Guard

"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer

"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE

"{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0

"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio

"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status

"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup

"Adobe Acrobat 5.0" = Adobe Acrobat 5.0

"Adobe Audition 3.0" = Adobe Audition 3.0

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3

"Ask Toolbar_is1" = Ask Toolbar

"avast!" = avast! Antivirus

"ElfBot NG_is1" = ElfBot NG 4.0.1

"Free DVD Video Burner_is1" = Free DVD Video Burner version 1.1

"Free Video to DVD Converter_is1" = Free Video to DVD Converter version 1.1

"Free YouTube Download_is1" = Free YouTube Download 2.2

"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1

"GOM Player" = GOM Player

"HijackThis" = HijackThis 1.99.1

"HP Imaging Device Functions" = HP Imaging Device Functions 9.0

"HP Photosmart Essential" = HP Photosmart Essential 2.01

"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0

"HPExtendedCapabilities" = HP Customer Participation Program 9.0

"InCD!UninstallKey" = InCD

"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Messenger Plus! Live" = Messenger Plus! Live

"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0

"Mozilla Firefox (3.0.4)" = Mozilla Firefox (3.0.4)

"MSN Toolbar" = MSN Toolbar

"NeroMultiInstaller!UninstallKey" = Nero Suite

"NVIDIA Drivers" = NVIDIA Drivers

"RealAlt_is1" = Real Alternative 1.9.0

"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2

"Tibia Testserver_is1" = Tibia Testserver

"Tibia_is1" = Tibia

"TibiaBR Cam Lite_is1" = TibiaBR Cam Lite 1.7

"TMIPC" = Tibia MULTI-ip changer

"Uninstall_is1" = Uninstall 1.0.0.1

"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter

"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

"Winamp Toolbar for Firefox" = Winamp Toolbar for Firefox

"WinAVI Video Converter 9.09.0" = WinAVI Video Converter 9.0

"WinPcapInst" = WinPcap 3.1 beta3

"WinRAR archiver" = Arquivo do WinRAR

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 6/11/2008 20:58:59 | Computer Name = OTAVIO | Source = Application Error | ID = 1000

Description = Aplicativo com falha iexplore.exe, versão 7.0.5730.11, módulo com

falha oleaut32.dll, versão 5.1.2600.5512, endereço com falha 0x000048a4.

Error - 6/11/2008 21:12:30 | Computer Name = OTAVIO | Source = Application Error | ID = 1000

Description = Aplicativo com falha iexplore.exe, versão 7.0.5730.11, módulo com

falha ntdll.dll, versão 5.1.2600.5512, endereço com falha 0x00036f33.

Error - 6/11/2008 21:12:34 | Computer Name = OTAVIO | Source = Application Error | ID = 1000

Description = Aplicativo com falha drwtsn32.exe, versão 5.1.2600.0, módulo com falha

dbghelp.dll, versão 5.1.2600.5512, endereço com falha 0x0001295d.

Error - 6/11/2008 21:14:02 | Computer Name = OTAVIO | Source = Application Hang | ID = 1002

Description = Aplicativo com falha IEXPLORE.EXE, versão 7.0.5730.11, módulo com

falha hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

Error - 7/11/2008 20:29:10 | Computer Name = OTAVIO | Source = Application Hang | ID = 1002

Description = Aplicativo com falha Photoshop.exe, versão 10.0.0.0, módulo com falha

hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

Error - 13/11/2008 00:58:12 | Computer Name = OTAVIO | Source = Application Hang | ID = 1002

Description = Aplicativo com falha PenClean.exe, versão 2.0.3.0, módulo com falha

hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

Error - 14/11/2008 00:43:18 | Computer Name = OTAVIO | Source = Application Error | ID = 1000

Description = Aplicativo com falha xih9.cmd, versão 0.0.0.0, módulo com falha unknown,

versão 0.0.0.0, endereço com falha 0x00000000.

[ System Events ]

Error - 20/11/2008 06:16:56 | Computer Name = OTAVIO | Source = Dhcp | ID = 1002

Description = A concessão 10.1.1.2 do endereço IP para a placa de rede com endereço

de rede 0016EC972036 foi negada pelo servidor DHCP 10.1.1.1 (O servidor DHCP enviou

uma mensagem DHCPNACK).

Error - 20/11/2008 06:17:12 | Computer Name = OTAVIO | Source = Print | ID = 54

Description = O documento Microsoft Word - Documento1 estava corrompido e foi excluído.

O driver associado é: HP Deskjet F4100 series.

Error - 20/11/2008 10:13:11 | Computer Name = OTAVIO | Source = Dhcp | ID = 1002

Description = A concessão 10.1.1.2 do endereço IP para a placa de rede com endereço

de rede 0016EC972036 foi negada pelo servidor DHCP 10.1.1.1 (O servidor DHCP enviou

uma mensagem DHCPNACK).

Error - 20/11/2008 13:27:56 | Computer Name = OTAVIO | Source = Dhcp | ID = 1002

Description = A concessão 10.1.1.2 do endereço IP para a placa de rede com endereço

de rede 0016EC972036 foi negada pelo servidor DHCP 10.1.1.1 (O servidor DHCP enviou

uma mensagem DHCPNACK).

Error - 20/11/2008 13:38:37 | Computer Name = OTAVIO | Source = Dhcp | ID = 1002

Description = A concessão 10.1.1.2 do endereço IP para a placa de rede com endereço

de rede 0016EC972036 foi negada pelo servidor DHCP 10.1.1.1 (O servidor DHCP enviou

uma mensagem DHCPNACK).

Error - 20/11/2008 13:40:39 | Computer Name = OTAVIO | Source = Dhcp | ID = 1002

Description = A concessão 10.1.1.2 do endereço IP para a placa de rede com endereço

de rede 0016EC972036 foi negada pelo servidor DHCP 10.1.1.1 (O servidor DHCP enviou

uma mensagem DHCPNACK).

Error - 20/11/2008 13:44:16 | Computer Name = OTAVIO | Source = Dhcp | ID = 1002

Description = A concessão 10.1.1.2 do endereço IP para a placa de rede com endereço

de rede 0016EC972036 foi negada pelo servidor DHCP 10.1.1.1 (O servidor DHCP enviou

uma mensagem DHCPNACK).

Error - 20/11/2008 14:10:38 | Computer Name = OTAVIO | Source = Dhcp | ID = 1002

Description = A concessão 10.1.1.2 do endereço IP para a placa de rede com endereço

de rede 0016EC972036 foi negada pelo servidor DHCP 10.1.1.1 (O servidor DHCP enviou

uma mensagem DHCPNACK).

Error - 20/11/2008 15:14:38 | Computer Name = OTAVIO | Source = Dhcp | ID = 1002

Description = A concessão 10.1.1.2 do endereço IP para a placa de rede com endereço

de rede 0016EC972036 foi negada pelo servidor DHCP 10.1.1.1 (O servidor DHCP enviou

uma mensagem DHCPNACK).

Error - 20/11/2008 15:27:37 | Computer Name = OTAVIO | Source = Dhcp | ID = 1002

Description = A concessão 10.1.1.2 do endereço IP para a placa de rede com endereço

de rede 0016EC972036 foi negada pelo servidor DHCP 10.1.1.1 (O servidor DHCP enviou

uma mensagem DHCPNACK).

< End of report >

Compartilhar este post


Link para o post
Compartilhar em outros sites

OTListIt logfile created on: 20/11/2008 18:18:43 - Run

OTListIt by OldTimer - Version 1.0.12.0 Folder = C:\Documents and Settings\Otávio\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

511,29 Mb Total Physical Memory | 99,90 Mb Available Physical Memory | 19,54% Memory free

1,22 Gb Paging File | 0,81 Gb Available in Paging File | 66,01% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 74,52 Gb Total Space | 40,41 Gb Free Space | 54,23% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: OTAVIO

Current User Name: Otávio

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Whitelist: On

File Age = 30 Days

========== Processes ==========

[2005/07/08 17:24:46 | 00,871,424 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

[2008/07/19 11:25:06 | 00,016,056 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

[2008/07/19 11:38:28 | 00,147,640 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

[2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Arquivos de programas\Bonjour\mDNSResponder.exe

[2007/01/23 23:39:56 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe

[2008/04/13 19:21:20 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe

[2008/04/13 19:21:18 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe

[2008/07/19 11:38:34 | 00,078,008 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe

[2008/07/19 11:38:04 | 00,250,040 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

[2008/11/16 12:31:18 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[2008/07/23 11:25:45 | 00,348,344 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

[2007/03/11 21:26:24 | 00,210,520 | ---- | M] (Hewlett-Packard Co.) -- C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

[2008/04/13 19:21:26 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe

[2007/03/11 21:32:42 | 00,151,552 | ---- | M] (Hewlett-Packard Co.) -- C:\Arquivos de programas\HP\Digital Imaging\bin\hpqste08.exe

[2003/08/29 16:13:04 | 01,436,160 | ---- | M] (Dominating Bytes Design) -- C:\Arquivos de programas\Teamspeak2_RC2\TeamSpeak.exe

[2008/10/01 14:43:58 | 02,347,008 | ---- | M] (CipSoft GmbH) -- C:\Arquivos de programas\Tibia\Tibia.exe

[2008/11/13 22:49:29 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe

[2007/01/19 12:54:34 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

[2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\MSN Messenger\usnsvc.exe

[2008/11/20 18:18:19 | 00,418,304 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Otávio\Desktop\OTListIt.exe

========== (O23) Win32 Services ==========

[2008/11/09 10:53:37 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])

[2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

[2008/07/19 11:25:06 | 00,016,056 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])

[2008/07/19 11:38:28 | 00,147,640 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])

[2008/07/19 11:38:04 | 00,250,040 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])

[2008/07/23 11:25:45 | 00,348,344 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])

[2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Arquivos de programas\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])

[2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

[2008/11/10 11:21:06 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])

[2008/11/06 23:11:36 | 00,138,168 | ---- | M] (Google) -- C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])

[2005/07/08 17:24:46 | 00,871,424 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe -- (InCDsrv [Auto | Running])

[2001/10/28 15:07:32 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe -- (LPDSVC [On_Demand | Stopped])

[2002/12/17 17:26:22 | 07,520,337 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR [On_Demand | Stopped])

[2002/12/17 17:23:30 | 00,066,112 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])

[2007/01/23 23:39:56 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])

[2003/07/28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])

[2004/05/14 13:02:46 | 00,086,016 | ---- | M] (NetGroup - Politecnico di Torino) -- C:\Arquivos de programas\WinPcap\rpcapd.exe -- (rpcapd [On_Demand | Stopped])

[2008/04/13 19:21:20 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe -- (SNMP [Auto | Running])

[2008/04/13 19:21:20 | 00,008,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmptrap.exe -- (SNMPTRAP [On_Demand | Stopped])

[2002/12/17 17:23:30 | 00,311,872 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR [On_Demand | Stopped])

[2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Running])

[2006/11/02 23:31:44 | 00,914,944 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2008/07/19 11:32:15 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [system | Running])

[2007/01/25 16:37:16 | 04,027,456 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM [On_Demand | Running])

[2008/07/19 11:37:42 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk [Auto | Running])

[2008/07/19 11:37:21 | 00,094,416 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])

[2008/07/19 11:33:42 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])

[2008/07/19 11:35:18 | 00,078,416 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [system | Running])

[2008/07/19 11:32:36 | 00,042,912 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [system | Running])

[2007/04/17 11:58:56 | 00,042,496 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\drivers\fetnd5bv.sys -- (FET5X86V [On_Demand | Running])

[2001/08/17 18:13:08 | 00,027,165 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\drivers\fetnd5.sys -- (FETNDIS [On_Demand | Stopped])

[2007/03/08 02:20:48 | 00,049,920 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])

[2007/03/08 02:20:49 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])

[2007/03/08 02:20:50 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])

[2005/07/08 17:17:54 | 00,099,584 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs [Disabled | Running])

[2005/07/08 17:17:36 | 00,029,696 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass [system | Running])

[2006/07/12 07:58:02 | 00,028,672 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm [system | Running])

[2007/02/27 14:31:28 | 00,021,504 | ---- | M] (Motorola) -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem [On_Demand | Stopped])

[2008/04/13 11:53:10 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm [On_Demand | Stopped])

[2004/05/14 11:37:10 | 00,032,896 | ---- | M] (NetGroup - Politecnico di Torino) -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF [On_Demand | Stopped])

[2007/01/23 23:39:50 | 03,958,496 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])

[2001/10/28 15:07:22 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])

[2007/03/07 21:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [boot | Running])

[2008/04/13 09:39:18 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])

[2008/04/13 09:36:42 | 00,044,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\UAGP35.SYS -- (uagp35 [boot | Running])

[2006/11/02 07:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Stopped])

[2008/03/21 10:16:02 | 00,104,960 | ---- | M] (ZTE Incorporated) -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k [On_Demand | Stopped])

[2008/03/21 10:16:02 | 00,104,960 | ---- | M] (ZTE Incorporated) -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea [On_Demand | Stopped])

[2008/03/21 10:16:02 | 00,104,960 | ---- | M] (ZTE Incorporated) -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k [On_Demand | Stopped])

========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75

HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/en-us/srchasst/srchasst.htm

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: (776 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)

O2 - BHO: (Facilitador de Leitor de Link Adobe PDF) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll (Ask.com)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key does not exist or could not be opened. File not found

O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Arquivos de programas\Google\GoogleToolbar1.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Arquivos de programas\Google\GoogleToolbar1.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll (Ask.com)

O3 - HKLM\..\Toolbar: (MSN Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar\01.01.2607.0\en-us\msntb.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Arquivos de programas\Google\GoogleToolbar1.dll (Google Inc.)

O3 - HKCU\..\Toolbar: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll (Ask.com)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)

O4 - HKLM..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)

O4 - HKLM..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe (Nero AG)

O4 - HKLM..\Run: [LGODDFU] "C:\Arquivos de programas\lg_fwupdate\fwupdate.exe" blrun (BL)

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] nwiz.exe /install ()

O4 - HKLM..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" (Cyberlink Corp.)

O4 - HKLM..\Run: [soundMan] SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKCU..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background File not found

O4 - HKCU..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized (Skype Technologies S.A.)

O4 - HKCU..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Service Manager.lnk = C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra Button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)

O9 - Extra Button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)

O9 - Extra Button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Arquivos de programas\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (Microsoft Corporation)

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll [2001/08/01 17:05:42 | 00,270,336 | ---- | M] (Intertrust Technologies, Inc.)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key does not exist or could not be opened.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 200.175.182.139,200.175.5.139

O18 - Protocol\Handler: - ipp - No CLSID value found

O18 - Protocol\Handler: - ipp\0x00000001 - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - livecall - C:\Arquivos de programas\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)

O18 - Protocol\Handler: - msdaipp - No CLSID value found

O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - msdaipp\oledb - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - msnim - C:\Arquivos de programas\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)

O18 - Protocol\Handler: - mso-offdap - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - mso-offdap11 - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - skype4com - C:\Arquivos de programas\Arquivos comuns\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter: - text/xml - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - See sections below for AppInitDlls and Winlogon settings

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]

"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []

[2008/11/05 17:37:22 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

autorun.inf []

[2008/11/13 03:01:27 00,000,000 | ---D | M] -- C:\autorun.inf -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb85821b-aba1-11dd-9618-0016ec972036}\Shell\AutoRun\command]

"" = J:\xih9.cmd -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb85821b-aba1-11dd-9618-0016ec972036}\Shell\explore\Command]

"" = J:\xih9.cmd -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb85821b-aba1-11dd-9618-0016ec972036}\Shell\open\Command]

"" = J:\xih9.cmd -- File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]

[3 C:\WINDOWS\*.tmp files]

[2008/11/20 18:18:19 | 00,418,304 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Otávio\Desktop\OTListIt.exe

[2008/11/20 15:58:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Otávio\Dados de aplicativos\GRETECH

[2008/11/20 15:57:55 | 00,003,584 | ---- | C] () -- C:\Documents and Settings\Otávio\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/11/20 00:50:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\CyberLink

[2008/11/20 00:38:21 | 00,000,297 | ---- | C] () -- C:\WINDOWS\lgfwup.ini

[2008/11/20 00:38:19 | 00,115,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSINET.OCX

[2008/11/20 00:38:19 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Vb6stkit.dll

[2008/11/20 00:38:19 | 00,102,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6KO.DLL

[2008/11/20 00:38:19 | 00,016,384 | ---- | C] (CST) -- C:\WINDOWS\System32\lgfwunis.exe

[2008/11/20 00:38:18 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\lg_fwupdate

[2008/11/20 00:36:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\Profiles

[2008/11/20 00:36:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe

[2008/11/20 00:34:26 | 00,001,355 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk

[2008/11/20 00:32:56 | 00,364,544 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\TwnLib4.dll

[2008/11/20 00:31:32 | 00,059,042 | ---- | C] () -- C:\WINDOWS\NuNinst.cfg

[2008/11/20 00:31:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\InCD

[2008/11/20 00:29:35 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\CyberLink

[2008/11/20 00:29:22 | 00,000,000 | ---D | C] -- C:\MyWorks

[2008/11/20 00:29:10 | 00,040,960 | ---- | C] () -- C:\Arquivos de programas\Uninstall_CDS.exe

[2008/11/20 00:29:10 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\CyberLink DVD Solution

[2008/11/18 13:03:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Otávio\Dados de aplicativos\Malwarebytes

[2008/11/18 13:03:04 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2008/11/18 13:03:02 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2008/11/18 13:03:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes

[2008/11/18 13:03:00 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Malwarebytes' Anti-Malware

[2008/11/18 13:02:30 | 02,372,472 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Otávio\Desktop\mbam-setup.exe

[2008/11/17 03:04:29 | 00,446,707 | ---- | C] () -- C:\Documents and Settings\Otávio\Meus documentos\tutorial_dsl500b.pdf

[2008/11/17 01:39:54 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\TibiaBR Cam Lite

[2008/11/17 01:39:24 | 00,923,145 | ---- | C] (TibiaBR ) -- C:\Documents and Settings\Otávio\Desktop\TibiaBRCamLite-1.7.exe

[2008/11/15 03:40:17 | 00,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll

[2008/11/15 03:40:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Real

[2008/11/15 03:32:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\GRETECH

[2008/11/15 03:27:54 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Real Alternative

[2008/11/15 03:25:21 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\GRETECH

[2008/11/14 15:06:42 | 00,001,644 | ---- | C] () -- C:\Documents and Settings\Otávio\Meus documentos\txt_comprovante.gif

[2008/11/14 14:44:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Otávio\Meus documentos\popup_comprovante.jsp_arquivos

[2008/11/14 14:44:52 | 00,007,138 | ---- | C] () -- C:\Documents and Settings\Otávio\Meus documentos\popup_comprovante.jsp.htm

[2008/11/14 02:17:35 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\MSXML 4.0

[2008/11/14 02:17:26 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\OLYMPUS

[2008/11/13 19:19:29 | 01,220,007 | ---- | C] (NGSoft, LLC ) -- C:\Documents and Settings\Otávio\Desktop\setup-4.0.1.exe

[2008/11/13 03:02:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Otávio\Desktop\PenClean

[2008/11/13 03:01:27 | 00,000,000 | ---D | C] -- C:\autorun.inf

[2008/11/13 02:56:14 | 00,310,375 | ---- | C] () -- C:\Documents and Settings\Otávio\Desktop\PenClean.zip

[2008/11/12 15:46:57 | 00,007,168 | -HS- | C] () -- C:\WINDOWS\Thumbs.db

@Alternate Data Stream - 0 bytes -> C:\WINDOWS\Thumbs.db:encryptable

[2008/11/12 15:05:02 | 00,000,000 | ---D | C] -- C:\WMR Recordings

[2008/11/12 15:04:15 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\WinPcap

[2008/11/12 15:04:13 | 00,000,000 | ---D | C] -- C:\Temp

[2008/11/12 15:04:12 | 00,737,280 | ---- | C] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe

[2008/11/12 15:04:11 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\WM Recorder 10

[2008/11/12 13:26:30 | 00,001,769 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2008/11/11 13:27:12 | 00,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2008/11/11 13:27:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Otávio\Dados de aplicativos\skypePM

[2008/11/11 13:22:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Otávio\Dados de aplicativos\Skype

[2008/11/11 13:22:15 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Skype

[2008/11/11 13:22:15 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Skype

[2008/11/11 13:22:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Skype

[2008/11/11 13:18:23 | 22,404,904 | ---- | C] (Skype Technologies S.A.) -- C:\Documents and Settings\Otávio\Desktop\SkypeSetup.exe

[2008/11/10 13:03:45 | 01,217,339 | ---- | C] (NGSoft, LLC ) -- C:\Documents and Settings\Otávio\Desktop\setup-4.0(2).exe

[2008/11/10 11:31:09 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Bonjour

[2008/11/10 11:21:06 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Macrovision Shared

[2008/11/10 02:31:07 | 00,000,663 | ---- | C] () -- C:\Documents and Settings\Otávio\Desktop\ElfBot NG.lnk

[2008/11/10 02:31:07 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\ElfBot NG

[2008/11/10 02:28:01 | 01,205,065 | ---- | C] (NGSoft, LLC ) -- C:\Documents and Settings\Otávio\Desktop\setup-3.5.2.exe

[2008/11/10 02:25:33 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\ElfBot

[2008/11/10 02:08:50 | 01,217,339 | ---- | C] (NGSoft, LLC ) -- C:\Documents and Settings\Otávio\Desktop\setup-4.0.exe

[2008/11/10 02:05:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

@Alternate Data Stream - 225 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:6BE50C2B

[2008/11/09 11:42:50 | 00,000,000 | ---D | C] -- C:\DVDVideoSoft

[2008/11/09 11:41:45 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\AskBarDis

[2008/11/09 11:41:34 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\DVDVideoSoft

[2008/11/09 11:41:34 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\DVDVideoSoft

[2008/11/09 11:02:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Adobe Systems

[2008/11/09 10:53:37 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared

[2008/11/09 10:53:34 | 00,001,802 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Audition 3.0.lnk

[2008/11/08 21:32:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Otávio\Dados de aplicativos\teamspeak2

[2008/11/08 21:32:16 | 00,034,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lhacm.acm

[2008/11/08 21:32:12 | 00,000,705 | ---- | C] () -- C:\Documents and Settings\Otávio\Desktop\Teamspeak 2 RC2.lnk

[2008/11/08 21:32:09 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Teamspeak2_RC2

[2008/11/08 21:30:35 | 05,862,994 | ---- | C] () -- C:\Documents and Settings\Otávio\Desktop\ts2_client_rc2_2032.exe

[2008/11/08 21:27:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Otávio\Meus documentos\Os Meus Registos

[2008/11/08 13:10:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\WEBREG

[2008/11/08 13:07:37 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbscan.sys

[2008/11/08 13:07:37 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys

[2008/11/08 13:00:41 | 00,000,000 | -H-D | C] -- C:\Config.Msi

[2008/11/08 12:58:50 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbprint.sys

[2008/11/08 12:58:50 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys

[2008/11/08 09:03:23 | 00,001,948 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Service Manager.lnk

[2008/11/08 08:59:45 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Winamp

[2008/11/08 03:33:40 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motmodem_01005.Wdf

[2008/11/08 03:33:37 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

[2008/11/08 03:33:25 | 00,023,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe

[2008/11/08 03:30:55 | 00,001,749 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Motorola Phone Tools.lnk

[2008/11/08 03:29:27 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Avanquest update

[2008/11/08 03:28:38 | 01,419,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfcoinstaller01005.dll

[2008/11/08 03:28:38 | 00,021,504 | ---- | C] (Motorola) -- C:\WINDOWS\System32\drivers\motmodem.sys

[2008/11/08 03:28:18 | 00,000,000 | ---D | C] -- C:\Program Files

[2008/11/08 03:28:18 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Motorola Shared

[2008/11/08 03:28:06 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Motorola Phone Tools

[2008/11/08 01:54:05 | 00,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2008/11/08 01:53:53 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mdimon.dll

[2008/11/08 01:51:52 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\DESIGNER

[2008/11/08 01:51:38 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2008/11/08 01:51:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW

[2008/11/08 01:50:31 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Microsoft.NET

[2008/11/08 01:50:30 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Microsoft Office

[2008/11/08 01:47:36 | 00,000,000 | RH-D | C] -- C:\MSOCache

[2008/11/08 01:35:28 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Nero

[2008/11/08 01:33:56 | 00,106,496 | ---- | C] (Pegasus Software) -- C:\WINDOWS\System32\TwnLib20.dll

[2008/11/08 01:33:49 | 01,568,768 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagX7.dll

[2008/11/08 01:33:49 | 00,476,320 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXpr7.dll

[2008/11/08 01:33:49 | 00,471,040 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXRA7.dll

[2008/11/08 01:33:49 | 00,262,144 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXR7.dll

[2008/11/08 01:33:47 | 00,155,648 | ---- | C] (Ahead Software Gmbh) -- C:\WINDOWS\System32\NeroCheck.exe

[2008/11/08 01:33:40 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Ahead

[2008/11/08 01:33:39 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Ahead

[2008/11/08 00:42:27 | 00,000,156 | ---- | C] () -- C:\WINDOWS\Twunk001.MTX

[2008/11/08 00:42:27 | 00,000,003 | ---- | C] () -- C:\WINDOWS\Twain001.Mtx

[2008/11/08 00:42:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Twunk002.MTX

[2008/11/08 00:39:33 | 00,033,340 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dbmsqlgc.dll

[2008/11/08 00:39:33 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dbmsgnet.dll

[2008/11/08 00:39:06 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Microsoft SQL Server

[2008/11/08 00:37:38 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Vstplugins

[2008/11/08 00:37:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Sony

[2008/11/08 00:37:11 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Sony

[2008/11/08 00:28:24 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly

[2008/11/08 00:27:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET

[2008/11/08 00:20:08 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Sony Setup

[2008/11/08 00:15:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\WinAVI Video Converter 9.0

[2008/11/08 00:15:53 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\WinAVI Video Converter 9.0

[2008/11/08 00:05:39 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\K-Lite Codec Pack

[2008/11/07 23:30:15 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\DNA

[2008/11/07 23:30:14 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\BitTorrent

[2008/11/07 22:29:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Otávio\Configurações locais\Dados de aplicativos\Adobe

[2008/11/07 13:21:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss

[2008/11/07 12:48:52 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Otávio\Meus documentos\Minhas Pastas de Compartilhamento.lnk

[2008/11/07 12:47:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE

[2008/11/07 12:47:28 | 00,001,768 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Windows Live Messenger.lnk

[2008/11/07 12:47:23 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\MSN Messenger

[2008/11/07 12:37:10 | 00,000,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts.msn

[2008/11/07 12:11:55 | 00,000,212 | ---- | C] () -- C:\sqmdata03.sqm

[2008/11/07 12:11:55 | 00,000,200 | ---- | C] () -- C:\sqmnoopt03.sqm

[2008/11/07 12:09:50 | 00,000,236 | ---- | C] () -- C:\sqmdata02.sqm

[2008/11/07 12:09:50 | 00,000,200 | ---- | C] () -- C:\sqmnoopt02.sqm

[2008/11/07 12:08:00 | 00,000,272 | ---- | C] () -- C:\sqmdata01.sqm

[2008/11/07 12:08:00 | 00,000,224 | ---- | C] () -- C:\sqmnoopt01.sqm

[2008/11/06 22:48:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\FLEXnet

[2008/11/06 22:45:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Adobe

[2008/11/06 22:36:49 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Adobe

[2008/11/06 22:32:45 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Adobe

[2008/11/06 21:39:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

[2008/11/06 21:06:26 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Messenger Plus! Live

[2008/11/06 12:51:20 | 00,132,597 | ---- | C] () -- C:\Documents and Settings\Otávio\Desktop\Flash_Disinfector.exe

[2008/11/06 12:44:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Otávio\Meus documentos\hijackthis

[2008/11/06 12:44:32 | 00,212,849 | ---- | C] () -- C:\Documents and Settings\Otávio\Meus documentos\hijackthis.zip

[2008/11/06 12:43:43 | 00,000,000 | ---D | C] -- C:\PenClean

[2008/11/06 12:38:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\NVIDIA

[2008/11/06 12:37:35 | 00,000,236 | ---- | C] () -- C:\sqmdata00.sqm

[2008/11/06 12:37:35 | 00,000,200 | ---- | C] () -- C:\sqmnoopt00.sqm

[2008/11/06 08:50:04 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdjpn.dll

[2008/11/06 08:50:04 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdjpn.dll

[2008/11/06 08:50:04 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkor.dll

[2008/11/06 08:50:04 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkor.dll

[2008/11/06 08:50:04 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101c.dll

[2008/11/06 08:50:04 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101b.dll

[2008/11/06 08:50:04 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101c.dll

[2008/11/06 08:50:04 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101b.dll

[2008/11/06 08:50:04 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd103.dll

[2008/11/06 08:50:04 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd103.dll

[2008/11/06 08:50:03 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106.dll

[2008/11/06 08:50:03 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106.dll

[2008/11/05 22:15:37 | 00,000,000 | RHS- | C] () -- C:\Documents and Settings\All Users\Documentos\khq

[2008/11/05 21:54:59 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2008/11/05 21:54:59 | 00,001,781 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk

[2008/11/05 21:54:58 | 00,042,912 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2008/11/05 21:54:58 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2008/11/05 21:54:57 | 00,094,392 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr

[2008/11/05 21:54:56 | 00,094,416 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2008/11/05 21:54:56 | 00,093,264 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2008/11/05 21:54:56 | 00,078,416 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2008/11/05 21:54:56 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2008/11/05 21:54:42 | 01,163,960 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe

[2008/11/05 21:54:42 | 01,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71.dll

[2008/11/05 21:54:42 | 00,499,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSVCP71.dll

[2008/11/05 21:54:42 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx

[2008/11/05 21:54:42 | 00,348,160 | ---- | C] (Microsoft Corporation) --

Compartilhar este post


Link para o post
Compartilhar em outros sites

Nao Consigo postar o outro log aparece o seguinte erro:

Fatal error: Maximum execution time of 30 seconds exceeded in /www/forum/includes/functions.php on line 1745

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro OtavioFFC

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde. [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 08-11-23.02 - Otávio 2008-11-24 14:39:34.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.328 [GMT -2:00]

Executando de: c:\documents and settings\Otávio\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\drivers\npf.sys

c:\windows\system32\hpowiax3.dll

c:\windows\system32\packet.dll

c:\windows\system32\pthreadVC.dll

c:\windows\system32\wanpacket.dll

c:\windows\system32\wpcap.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_NPF

-------\Service_NPF

(((((((((((((((( Arquivos/Ficheiros criados de 2008-10-24 to 2008-11-24 ))))))))))))))))))))))))))))

.

2008-11-23 15:34 . 2008-11-23 15:34 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Thraex Software

2008-11-23 15:34 . 2008-11-23 15:34 200,685 --a------ c:\windows\ADDONS SITECS (NONSTEAM) Uninstaller.exe

2008-11-20 15:58 . 2008-11-20 15:58 <DIR> d-------- c:\documents and settings\Otávio\Dados de aplicativos\GRETECH

2008-11-20 00:50 . 2008-11-20 00:50 <DIR> d-------- c:\documents and settings\Izabella\Dados de aplicativos\CyberLink

2008-11-20 00:50 . 2008-11-20 00:50 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\CyberLink

2008-11-20 00:38 . 2008-11-24 12:15 <DIR> d-------- c:\arquivos de programas\lg_fwupdate

2008-11-20 00:38 . 1998-06-24 00:00 115,016 --a------ c:\windows\system32\MSINET.OCX

2008-11-20 00:38 . 1998-07-22 00:00 102,912 --a------ c:\windows\system32\Vb6stkit.dll

2008-11-20 00:38 . 1998-07-22 00:00 102,160 --a------ c:\windows\system32\VB6KO.DLL

2008-11-20 00:38 . 2006-02-17 14:19 16,384 --a------ c:\windows\system32\lgfwunis.exe

2008-11-20 00:38 . 2008-11-24 12:15 297 --a------ c:\windows\lgfwup.ini

2008-11-20 00:36 . 2008-11-20 00:36 <DIR> d-------- c:\windows\system32\Adobe

2008-11-20 00:36 . 2008-11-20 00:36 <DIR> d-------- c:\windows\Profiles

2008-11-20 00:36 . 2008-11-20 00:36 <DIR> d-------- c:\documents and settings\Izabella\Dados de aplicativos\InterTrust

2008-11-20 00:32 . 2004-07-09 09:43 364,544 --------- c:\windows\system32\TwnLib4.dll

2008-11-20 00:29 . 2008-11-20 00:29 <DIR> d-------- C:\MyWorks

2008-11-20 00:29 . 2008-11-20 00:31 <DIR> d-------- c:\arquivos de programas\CyberLink DVD Solution

2008-11-20 00:29 . 2008-11-20 00:29 <DIR> d-------- c:\arquivos de programas\CyberLink

2008-11-20 00:29 . 2004-10-01 15:00 40,960 --a------ c:\arquivos de programas\Uninstall_CDS.exe

2008-11-19 19:51 . 2008-11-19 19:51 <DIR> d-------- c:\documents and settings\Izabella\Dados de aplicativos\zweitgeist

2008-11-18 13:03 . 2008-11-18 13:03 <DIR> d-------- c:\documents and settings\Otávio\Dados de aplicativos\Malwarebytes

2008-11-18 13:03 . 2008-11-18 13:03 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2008-11-18 13:03 . 2008-11-18 13:03 <DIR> d-------- c:\arquivos de programas\Malwarebytes' Anti-Malware

2008-11-18 13:03 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-11-18 13:03 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-11-17 23:48 . 2008-11-17 23:56 <DIR> d-------- c:\documents and settings\Izabella\Dados de aplicativos\Tibia

2008-11-17 01:39 . 2008-11-17 01:40 <DIR> d-------- c:\arquivos de programas\TibiaBR Cam Lite

2008-11-15 03:32 . 2008-11-15 03:32 <DIR> d-------- c:\documents and settings\Izabella\Dados de aplicativos\GRETECH

2008-11-15 03:32 . 2008-11-15 03:32 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\GRETECH

2008-11-15 03:29 . 2008-11-15 03:29 <DIR> d-------- c:\documents and settings\Izabella\Dados de aplicativos\Media Player Classic

2008-11-15 03:27 . 2008-11-15 03:40 <DIR> d-------- c:\arquivos de programas\Real Alternative

2008-11-15 03:25 . 2008-11-15 03:31 <DIR> d-------- c:\arquivos de programas\GRETECH

2008-11-14 02:17 . 2008-11-14 02:17 <DIR> d-------- c:\arquivos de programas\OLYMPUS

2008-11-14 02:17 . 2008-11-14 02:17 <DIR> d-------- c:\arquivos de programas\MSXML 4.0

2008-11-13 03:03 . 2008-11-13 03:03 <DIR> d-------- c:\documents and settings\Otávio\Dados de aplicativos\HP

2008-11-12 15:46 . 2008-11-12 15:46 7,168 --ahs---- c:\windows\Thumbs.db

2008-11-12 15:05 . 2008-11-12 15:05 <DIR> d-------- C:\WMR Recordings

2008-11-12 15:04 . 2008-11-20 00:42 <DIR> d-------- C:\Temp

2008-11-12 15:04 . 2008-11-12 15:06 <DIR> d-------- c:\arquivos de programas\WM Recorder 10

2008-11-12 15:04 . 2008-11-12 15:04 <DIR> d-------- c:\arquivos de programas\WinPcap

2008-11-12 15:04 . 2008-11-12 15:04 737,280 --a------ c:\windows\iun6002.exe

2008-11-11 13:27 . 2008-11-24 12:15 <DIR> d-------- c:\documents and settings\Otávio\Dados de aplicativos\skypePM

2008-11-11 13:27 . 2008-11-11 13:27 56 --ah----- c:\windows\system32\ezsidmv.dat

2008-11-11 13:22 . 2008-11-24 12:15 <DIR> d-------- c:\documents and settings\Otávio\Dados de aplicativos\Skype

2008-11-11 13:22 . 2008-11-11 13:22 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Skype

2008-11-11 13:22 . 2008-11-11 13:22 <DIR> d-------- c:\arquivos de programas\Skype

2008-11-11 13:22 . 2008-11-11 13:22 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Skype

2008-11-11 10:28 . 2008-11-11 10:28 <DIR> d-------- c:\documents and settings\Zé Antonio\Dados de aplicativos\DivX

2008-11-10 21:09 . 2008-11-10 21:09 <DIR> d-------- c:\documents and settings\Zé Antonio\Dados de aplicativos\HPAppData

2008-11-10 11:31 . 2008-11-10 11:31 <DIR> d-------- c:\arquivos de programas\Bonjour

2008-11-10 11:21 . 2008-11-10 11:21 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Macrovision Shared

2008-11-10 02:31 . 2008-11-23 17:02 <DIR> d-------- c:\arquivos de programas\ElfBot NG

2008-11-10 02:25 . 2008-11-10 02:30 <DIR> d-------- c:\arquivos de programas\ElfBot

2008-11-10 02:05 . 2008-11-24 14:19 <DIR> d-a------ c:\documents and settings\All Users\Dados de aplicativos\TEMP

2008-11-09 11:42 . 2008-11-12 14:52 <DIR> d-------- C:\DVDVideoSoft

2008-11-09 11:41 . 2008-11-12 14:59 <DIR> d-------- c:\arquivos de programas\DVDVideoSoft

2008-11-09 11:41 . 2008-11-12 14:59 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\DVDVideoSoft

2008-11-09 11:02 . 2008-11-09 11:02 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Adobe Systems

2008-11-09 10:53 . 2008-11-09 10:53 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Adobe Systems Shared

2008-11-08 22:10 . 2008-11-08 22:10 <DIR> d-------- c:\documents and settings\Otávio\Dados de aplicativos\HPAppData

2008-11-08 21:32 . 2008-11-08 21:32 <DIR> d-------- c:\documents and settings\Otávio\Dados de aplicativos\teamspeak2

2008-11-08 21:32 . 2008-11-08 21:32 <DIR> d-------- c:\arquivos de programas\Teamspeak2_RC2

2008-11-08 21:32 . 2008-11-08 21:32 34,064 --a------ c:\windows\system32\lhacm.acm

2008-11-08 13:10 . 2008-11-08 13:10 <DIR> d-------- c:\documents and settings\Izabella\Dados de aplicativos\HP

2008-11-08 13:10 . 2008-11-08 13:10 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\WEBREG

2008-11-08 13:08 . 2008-11-08 13:08 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Hewlett-Packard

2008-11-08 13:08 . 2007-03-30 13:07 267,864 -ra------ c:\windows\system32\hpzids01.dll

2008-11-08 13:08 . 2007-03-28 14:01 117,760 --a------ c:\windows\system32\hpzll5ha.dll

2008-11-08 13:08 . 2007-03-08 02:20 49,920 -ra------ c:\windows\system32\drivers\HPZid412.sys

2008-11-08 13:08 . 2007-03-08 02:20 21,568 -ra------ c:\windows\system32\drivers\HPZius12.sys

2008-11-08 13:08 . 2007-03-08 02:20 16,496 -ra------ c:\windows\system32\drivers\HPZipr12.sys

2008-11-08 13:07 . 2007-03-17 14:11 569,344 -ra------ c:\windows\system32\hpotscl3.dll

2008-11-08 13:07 . 2007-03-08 02:20 364,544 -ra------ c:\windows\system32\hppldcoi.dll

2008-11-08 13:07 . 2007-03-17 14:11 303,104 -ra------ c:\windows\system32\hpovst10.dll

2008-11-08 13:07 . 2008-04-13 11:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys

2008-11-08 13:07 . 2008-04-13 11:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys

2008-11-08 13:05 . 2008-11-15 21:14 <DIR> d-------- c:\documents and settings\Izabella\Dados de aplicativos\HPAppData

2008-11-08 13:05 . 2008-11-08 13:05 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\HPSSUPPLY

2008-11-08 13:03 . 2008-11-08 13:03 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\HP Product Assistant

2008-11-08 13:03 . 2008-11-08 13:04 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\HP

2008-11-08 13:03 . 2008-11-08 13:03 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\HP

2008-11-08 13:02 . 2008-11-08 13:02 <DIR> d-------- c:\arquivos de programas\Hewlett-Packard

2008-11-08 13:02 . 2008-11-08 13:02 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Hewlett-Packard

2008-11-08 13:00 . 2008-11-08 13:05 <DIR> d-------- c:\arquivos de programas\HP

2008-11-08 12:59 . 2008-11-21 07:46 152,148 --a------ c:\windows\hpoins14.dat

2008-11-08 12:59 . 2007-09-19 23:14 2,000 --------- c:\windows\hpomdl14.dat

2008-11-08 12:58 . 2008-04-13 11:47 25,856 --a------ c:\windows\system32\drivers\usbprint.sys

2008-11-08 12:58 . 2008-04-13 11:47 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys

2008-11-08 11:56 . 2008-11-15 11:35 <DIR> d-------- c:\documents and settings\Zé Antonio\Contacts

2008-11-08 11:56 . 2008-11-15 11:35 <DIR> d-------- c:\documents and settings\Zé Antonio\Contacts

2008-11-08 08:59 . 2008-11-08 09:06 <DIR> d-------- c:\arquivos de programas\Winamp

2008-11-08 03:33 . 2006-10-08 21:51 23,856 --a------ c:\windows\system32\spupdsvc.exe

2008-11-08 03:33 . 2008-11-08 03:33 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2008-11-08 03:33 . 2008-11-08 03:33 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf

2008-11-08 03:29 . 2008-11-08 03:29 <DIR> d-------- c:\arquivos de programas\Avanquest update

2008-11-08 03:28 . 2008-11-08 03:28 <DIR> d-------- C:\Program Files

2008-11-08 03:28 . 2008-11-08 03:29 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\BVRP Software

2008-11-08 03:28 . 2008-11-08 03:29 <DIR> d-------- c:\arquivos de programas\Motorola Phone Tools

2008-11-08 03:28 . 2008-11-08 03:28 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Motorola Shared

2008-11-08 03:28 . 2006-11-13 14:45 1,419,232 --a------ c:\windows\system32\wdfcoinstaller01005.dll

2008-11-08 03:28 . 2007-02-27 14:31 21,504 --a------ c:\windows\system32\drivers\motmodem.sys

2008-11-08 03:27 . 2008-11-08 03:27 <DIR> d-------- c:\documents and settings\Izabella\Dados de aplicativos\InstallShield

2008-11-08 01:54 . 2008-11-13 03:04 421 --a------ c:\windows\ODBC.INI

2008-11-08 01:53 . 2003-06-19 01:31 17,920 --a------ c:\windows\system32\mdimon.dll

2008-11-08 01:51 . 2008-11-08 01:52 <DIR> d-------- c:\windows\SHELLNEW

2008-11-08 01:51 . 2008-11-24 10:50 116 --a------ c:\windows\NeroDigital.ini

2008-11-08 01:50 . 2008-11-08 01:50 <DIR> d-------- c:\arquivos de programas\Microsoft.NET

2008-11-08 01:47 . 2008-11-08 01:47 <DIR> dr-h----- C:\MSOCache

2008-11-08 01:35 . 2008-11-08 01:35 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Nero

2008-11-08 01:33 . 2008-11-08 01:33 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Ahead

2008-11-08 01:33 . 2008-11-24 14:22 <DIR> d-------- c:\arquivos de programas\Ahead

2008-11-08 01:33 . 2004-07-26 17:16 1,568,768 --------- c:\windows\system32\ImagX7.dll

2008-11-08 01:33 . 2004-07-26 17:16 476,320 --------- c:\windows\system32\ImagXpr7.dll

2008-11-08 01:33 . 2004-07-26 17:16 471,040 --------- c:\windows\system32\ImagXRA7.dll

2008-11-08 01:33 . 2004-07-26 17:16 262,144 --------- c:\windows\system32\ImagXR7.dll

2008-11-08 01:33 . 2001-07-09 11:50 155,648 --a------ c:\windows\system32\NeroCheck.exe

2008-11-08 01:33 . 2000-06-26 11:45 106,496 --a------ c:\windows\system32\TwnLib20.dll

2008-11-08 00:42 . 2008-11-08 00:42 <DIR> d-------- c:\documents and settings\Izabella\Dados de aplicativos\Publish Providers

2008-11-08 00:42 . 2008-11-18 23:33 156 --a------ c:\windows\Twunk001.MTX

2008-11-08 00:42 . 2008-11-18 23:33 3 --a------ c:\windows\Twain001.Mtx

2008-11-08 00:42 . 2008-11-08 00:42 0 --a------ c:\windows\Twunk002.MTX

2008-11-08 00:39 . 2008-11-08 00:39 <DIR> d-------- c:\arquivos de programas\Microsoft SQL Server

2008-11-08 00:39 . 1998-10-29 15:45 306,688 --a------ c:\windows\IsUninst.exe

2008-11-08 00:39 . 2002-12-17 16:23 33,340 --------- c:\windows\system32\dbmsqlgc.dll

2008-11-08 00:39 . 2002-10-20 14:05 24,576 --------- c:\windows\system32\dbmsgnet.dll

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-20 02:38 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2008-11-20 02:28 --------- d-----w c:\arquivos de programas\Arquivos comuns\InstallShield

2008-11-05 19:59 --------- d-----w c:\arquivos de programas\Realtek Sound Manager

2008-11-05 19:59 --------- d-----w c:\arquivos de programas\Realtek AC97

2008-11-05 19:59 --------- d-----w c:\arquivos de programas\AvRack

2008-11-05 19:37 --------- d-----w c:\arquivos de programas\microsoft frontpage

2008-11-05 19:35 --------- d-----w c:\arquivos de programas\Serviços on-line

2008-11-05 19:35 --------- d-----w c:\arquivos de programas\Arquivos comuns\Serviços

2008-11-05 19:33 --------- d-----w c:\arquivos de programas\Windows Media Connect 2

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-01-23 7630848]

"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-13 171520]

"nwiz"="nwiz.exe" [2007-01-23 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

Service Manager.lnk - c:\arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-06-12 02:38 34672 c:\arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2008-04-13 19:20 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2007-03-11 21:34 49152 c:\arquivos de programas\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]

--a------ 2008-11-20 00:39 548864 c:\arquivos de programas\lg_fwupdate\fwupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2007-01-23 23:39 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--a------ 2004-11-02 20:24 32768 c:\arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

-ra------ 2008-09-23 14:17 21755688 c:\arquivos de programas\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2008-11-16 12:31 68856 c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

--a------ 2006-11-17 05:42 577536 c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Valve\\hl.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"=

"c:\\Arquivos de programas\\DNA\\btdna.exe"=

"c:\\Arquivos de programas\\Tibia\\Tibia.exe"=

"c:\\Arquivos de programas\\Valve\\hlds.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-05 78416]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-05 20560]

S3 PciCon;PciCon;\??\D:\PciCon.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb85821b-aba1-11dd-9618-0016ec972036}]

\Shell\AutoRun\command - J:\xih9.cmd

\Shell\explore\Command - J:\xih9.cmd

\Shell\open\Command - J:\xih9.cmd

.

Conteúdo da pasta 'Tarefas Agendadas'

2008-11-24 c:\windows\Tasks\WebReg Deskjet F4100 series.job

- c:\arquivos de programas\HP\Digital Imaging\bin\hpqwrg.exe [2007-03-11 21:27]

.

- - - - ORFÃOS REMOVIDOS - - - -

HKCU-Run-MsnMsgr - c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe

MSConfigStartUp-InCD - c:\arquivos de programas\Ahead\InCD\InCD.exe

.

------- Scan Suplementar -------

.

FireFox -: Profile - c:\documents and settings\Otávio\Dados de aplicativos\Mozilla\Firefox\Profiles\3iximq8t.default\

FF -: plugin - c:\arquivos de programas\DNA\plugins\npbtdna.dll

FF -: plugin - c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF -: plugin - c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF -: plugin - c:\arquivos de programas\Mozilla Firefox\plugins\npbittorrent.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-24 14:44:15

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

c:\arquivos de programas\Alwil Software\Avast4\ashServ.exe

c:\arquivos de programas\Bonjour\mDNSResponder.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\snmp.exe

c:\arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

c:\arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

c:\windows\system32\wscntfy.exe

c:\arquivos de programas\HP\Digital Imaging\bin\hpqste08.exe

.

**************************************************************************

.

Tempo para conclusão: 2008-11-24 14:46:46 - Máquina reiniciou

ComboFix-quarantined-files.txt 2008-11-24 16:46:43

Pré-execução: 18 pasta(s) 42.787.143.680 bytes disponíveis

Pós execução: 18 pasta(s) 43,353,468,928 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

273

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro OtavioFFC

Etapa nº 1 #

Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

>>>> ATENÇÃO: Conecte em seu computador PenDrive, MP3 player, etc!

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":

File::
J:\xih9.cmd

Firefox::
FireFox -: Profile - c:\documents and settings\Otávio\Dados de aplicativos\Mozilla\Firefox\Profiles\3iximq8t.defa ult\
FF -: plugin - c:\arquivos de programas\DNA\plugins\npbtdna.dll
FF -: plugin - c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF -: plugin - c:\arquivos de programas\Mozilla Firefox\plugins\npbittorrent.dll

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb85821b-aba1-11dd-9618-0016ec972036}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{3041D03E-FD4B-44E0-B742-2D9B88305F98}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Ask Toolbar_is1"=-

Salve este arquivo como: CFScript.txt

2872959479_997d4500c4_o.gif

Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para dentro do ComboFix.exe. Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

Etapa nº 2 #

Vá até 4y6d3b8.gif" Jotti's malware scan ":

  • Na caixa que fica em cima (File to upload & scan);
  • Copie e cole o seguinte:
    C:\WINDOWS\lgfwup.ini
  • Clique no botão 688godt.jpg
  • O arquivo irá ser examinado por diferentes programas antivirus, por favor aguarde.
  • Copie e cole esse resultado, juntamente com novo log do HijackThis.

Se o site acima estiver muito congestionado, tente num desses sites:

Alternativa 1

Alternativa 2

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 08-11-23.02 - Otávio 2008-11-25 11:45:44.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.212 [GMT -2:00]

Executando de: c:\documents and settings\Otávio\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Otávio\Desktop\CFScript.txt

* Criado um novo ponto de restauro

FILE ::

J:\xih9.cmd

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-10-25 to 2008-11-25 ))))))))))))))))))))))))))))

.

2008-11-25 11:35 . 2008-11-25 11:36 <DIR> d-------- c:\windows\LastGood

2008-11-25 08:02 . 2008-11-25 08:02 <DIR> d-------- c:\documents and settings\Zé Antonio\Dados de aplicativos\Winamp

2008-11-24 23:13 . 2008-11-24 23:14 23,392 --a------ c:\windows\system32\nscompat.tlb

2008-11-24 23:13 . 2008-11-24 23:14 16,832 --a------ c:\windows\system32\amcompat.tlb

2008-11-24 22:25 . 2008-11-24 23:04 <DIR> d-------- c:\documents and settings\Izabella\Dados de aplicativos\Winamp

2008-11-24 21:52 . 2008-11-25 08:27 <DIR> d-------- c:\documents and settings\Zé Antonio\Dados de aplicativos\Skype

2008-11-24 17:07 . 2008-11-24 17:07 <DIR> d-------- c:\arquivos de programas\TibiaBR Cam Pro

2008-11-23 15:34 . 2008-11-23 15:34 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Thraex Software

2008-11-23 15:34 . 2008-11-23 15:34 200,685 --a------ c:\windows\ADDONS SITECS (NONSTEAM) Uninstaller.exe

2008-11-20 15:58 . 2008-11-20 15:58 <DIR> d-------- c:\documents and settings\Otávio\Dados de aplicativos\GRETECH

2008-11-20 00:50 . 2008-11-20 00:50 <DIR> d-------- c:\documents and settings\Izabella\Dados de aplicativos\CyberLink

2008-11-20 00:50 . 2008-11-20 00:50 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\CyberLink

2008-11-20 00:38 . 2008-11-25 11:36 <DIR> d-------- c:\arquivos de programas\lg_fwupdate

2008-11-20 00:38 . 1998-06-24 00:00 115,016 --a------ c:\windows\system32\MSINET.OCX

2008-11-20 00:38 . 1998-07-22 00:00 102,912 --a------ c:\windows\system32\Vb6stkit.dll

2008-11-20 00:38 . 1998-07-22 00:00 102,160 --a------ c:\windows\system32\VB6KO.DLL

2008-11-20 00:38 . 2006-02-17 14:19 16,384 --a------ c:\windows\system32\lgfwunis.exe

2008-11-20 00:38 . 2008-11-25 11:35 297 --a------ c:\windows\lgfwup.ini

2008-11-20 00:36 . 2008-11-20 00:36 <DIR> d-------- c:\windows\system32\Adobe

2008-11-20 00:36 . 2008-11-20 00:36 <DIR> d-------- c:\windows\Profiles

2008-11-20 00:36 . 2008-11-20 00:36 <DIR> d-------- c:\documents and settings\Izabella\Dados de aplicativos\InterTrust

2008-11-20 00:32 . 2004-07-09 09:43 364,544 --------- c:\windows\system32\TwnLib4.dll

2008-11-20 00:29 . 2008-11-20 00:29 <DIR> d-------- C:\MyWorks

2008-11-20 00:29 . 2008-11-20 00:31 <DIR> d-------- c:\arquivos de programas\CyberLink DVD Solution

2008-11-20 00:29 . 2008-11-20 00:29 <DIR> d-------- c:\arquivos de programas\CyberLink

2008-11-20 00:29 . 2004-10-01 15:00 40,960 --a------ c:\arquivos de programas\Uninstall_CDS.exe

2008-11-19 19:51 . 2008-11-19 19:51 <DIR> d-------- c:\documents and settings\Izabella\Dados de aplicativos\zweitgeist

2008-11-18 13:03 . 2008-11-18 13:03 <DIR> d-------- c:\documents and settings\Otávio\Dados de aplicativos\Malwarebytes

2008-11-18 13:03 . 2008-11-18 13:03 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2008-11-18 13:03 . 2008-11-18 13:03 <DIR> d-------- c:\arquivos de programas\Malwarebytes' Anti-Malware

2008-11-18 13:03 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-11-18 13:03 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-11-17 23:48 . 2008-11-17 23:56 <DIR> d-------- c:\documents and settings\Izabella\Dados de aplicativos\Tibia

2008-11-17 01:39 . 2008-11-17 01:40 <DIR> d-------- c:\arquivos de programas\TibiaBR Cam Lite

2008-11-15 03:32 . 2008-11-15 03:32 <DIR> d-------- c:\documents and settings\Izabella\Dados de aplicativos\GRETECH

2008-11-15 03:32 . 2008-11-15 03:32 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\GRETECH

2008-11-15 03:29 . 2008-11-15 03:29 <DIR> d-------- c:\documents and settings\Izabella\Dados de aplicativos\Media Player Classic

2008-11-15 03:27 . 2008-11-15 03:40 <DIR> d-------- c:\arquivos de programas\Real Alternative

2008-11-15 03:25 . 2008-11-15 03:31 <DIR> d-------- c:\arquivos de programas\GRETECH

2008-11-14 02:17 . 2008-11-14 02:17 <DIR> d-------- c:\arquivos de programas\OLYMPUS

2008-11-14 02:17 . 2008-11-14 02:17 <DIR> d-------- c:\arquivos de programas\MSXML 4.0

2008-11-13 03:03 . 2008-11-13 03:03 <DIR> d-------- c:\documents and settings\Otávio\Dados de aplicativos\HP

2008-11-12 15:46 . 2008-11-12 15:46 7,168 --ahs---- c:\windows\Thumbs.db

2008-11-12 15:05 . 2008-11-12 15:05 <DIR> d-------- C:\WMR Recordings

2008-11-12 15:04 . 2008-11-20 00:42 <DIR> d-------- C:\Temp

2008-11-12 15:04 . 2008-11-12 15:06 <DIR> d-------- c:\arquivos de programas\WM Recorder 10

2008-11-12 15:04 . 2008-11-12 15:04 <DIR> d-------- c:\arquivos de programas\WinPcap

2008-11-12 15:04 . 2008-11-12 15:04 737,280 --a------ c:\windows\iun6002.exe

2008-11-11 13:27 . 2008-11-24 12:15 <DIR> d-------- c:\documents and settings\Otávio\Dados de aplicativos\skypePM

2008-11-11 13:27 . 2008-11-11 13:27 56 --ah----- c:\windows\system32\ezsidmv.dat

2008-11-11 13:22 . 2008-11-24 12:15 <DIR> d-------- c:\documents and settings\Otávio\Dados de aplicativos\Skype

2008-11-11 13:22 . 2008-11-11 13:22 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Skype

2008-11-11 13:22 . 2008-11-11 13:22 <DIR> d-------- c:\arquivos de programas\Skype

2008-11-11 13:22 . 2008-11-11 13:22 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Skype

2008-11-11 10:28 . 2008-11-11 10:28 <DIR> d-------- c:\documents and settings\Zé Antonio\Dados de aplicativos\DivX

2008-11-10 21:09 . 2008-11-10 21:09 <DIR> d-------- c:\documents and settings\Zé Antonio\Dados de aplicativos\HPAppData

2008-11-10 11:31 . 2008-11-10 11:31 <DIR> d-------- c:\arquivos de programas\Bonjour

2008-11-10 11:21 . 2008-11-10 11:21 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Macrovision Shared

2008-11-10 02:31 . 2008-11-23 17:02 <DIR> d-------- c:\arquivos de programas\ElfBot NG

2008-11-10 02:25 . 2008-11-10 02:30 <DIR> d-------- c:\arquivos de programas\ElfBot

2008-11-10 02:05 . 2008-11-24 18:24 <DIR> d-a------ c:\documents and settings\All Users\Dados de aplicativos\TEMP

2008-11-09 11:42 . 2008-11-12 14:52 <DIR> d-------- C:\DVDVideoSoft

2008-11-09 11:41 . 2008-11-12 14:59 <DIR> d-------- c:\arquivos de programas\DVDVideoSoft

2008-11-09 11:41 . 2008-11-12 14:59 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\DVDVideoSoft

2008-11-09 11:02 . 2008-11-09 11:02 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Adobe Systems

2008-11-09 10:53 . 2008-11-09 10:53 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Adobe Systems Shared

2008-11-08 22:10 . 2008-11-08 22:10 <DIR> d-------- c:\documents and settings\Otávio\Dados de aplicativos\HPAppData

2008-11-08 21:32 . 2008-11-08 21:32 <DIR> d-------- c:\documents and settings\Otávio\Dados de aplicativos\teamspeak2

2008-11-08 21:32 . 2008-11-08 21:32 <DIR> d-------- c:\arquivos de programas\Teamspeak2_RC2

2008-11-08 21:32 . 2008-11-08 21:32 34,064 --a------ c:\windows\system32\lhacm.acm

2008-11-08 13:10 . 2008-11-08 13:10 <DIR> d-------- c:\documents and settings\Izabella\Dados de aplicativos\HP

2008-11-08 13:10 . 2008-11-08 13:10 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\WEBREG

2008-11-08 13:08 . 2008-11-08 13:08 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Hewlett-Packard

2008-11-08 13:08 . 2007-03-30 13:07 267,864 -ra------ c:\windows\system32\hpzids01.dll

2008-11-08 13:08 . 2007-03-28 14:01 117,760 --a------ c:\windows\system32\hpzll5ha.dll

2008-11-08 13:08 . 2007-03-08 02:20 49,920 -ra------ c:\windows\system32\drivers\HPZid412.sys

2008-11-08 13:08 . 2007-03-08 02:20 21,568 -ra------ c:\windows\system32\drivers\HPZius12.sys

2008-11-08 13:08 . 2007-03-08 02:20 16,496 -ra------ c:\windows\system32\drivers\HPZipr12.sys

2008-11-08 13:07 . 2007-03-17 14:11 569,344 -ra------ c:\windows\system32\hpotscl3.dll

2008-11-08 13:07 . 2007-03-08 02:20 364,544 -ra------ c:\windows\system32\hppldcoi.dll

2008-11-08 13:07 . 2007-03-17 14:11 303,104 -ra------ c:\windows\system32\hpovst10.dll

2008-11-08 13:07 . 2008-04-13 11:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys

2008-11-08 13:07 . 2008-04-13 11:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys

2008-11-08 13:05 . 2008-11-15 21:14 <DIR> d-------- c:\documents and settings\Izabella\Dados de aplicativos\HPAppData

2008-11-08 13:05 . 2008-11-08 13:05 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\HPSSUPPLY

2008-11-08 13:03 . 2008-11-08 13:03 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\HP Product Assistant

2008-11-08 13:03 . 2008-11-08 13:04 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\HP

2008-11-08 13:03 . 2008-11-08 13:03 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\HP

2008-11-08 13:02 . 2008-11-08 13:02 <DIR> d-------- c:\arquivos de programas\Hewlett-Packard

2008-11-08 13:02 . 2008-11-08 13:02 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Hewlett-Packard

2008-11-08 13:00 . 2008-11-08 13:05 <DIR> d-------- c:\arquivos de programas\HP

2008-11-08 12:59 . 2008-11-21 07:46 152,148 --a------ c:\windows\hpoins14.dat

2008-11-08 12:59 . 2007-09-19 23:14 2,000 --------- c:\windows\hpomdl14.dat

2008-11-08 12:58 . 2008-04-13 11:47 25,856 --a------ c:\windows\system32\drivers\usbprint.sys

2008-11-08 12:58 . 2008-04-13 11:47 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys

2008-11-08 11:56 . 2008-11-15 11:35 <DIR> d-------- c:\documents and settings\Zé Antonio\Contacts

2008-11-08 11:56 . 2008-11-15 11:35 <DIR> d-------- c:\documents and settings\Zé Antonio\Contacts

2008-11-08 08:59 . 2008-11-24 22:26 <DIR> d-------- c:\arquivos de programas\Winamp

2008-11-08 03:33 . 2006-10-08 21:51 23,856 --a------ c:\windows\system32\spupdsvc.exe

2008-11-08 03:33 . 2008-11-08 03:33 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2008-11-08 03:33 . 2008-11-08 03:33 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf

2008-11-08 03:29 . 2008-11-08 03:29 <DIR> d-------- c:\arquivos de programas\Avanquest update

2008-11-08 03:28 . 2008-11-08 03:28 <DIR> d-------- C:\Program Files

2008-11-08 03:28 . 2008-11-08 03:29 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\BVRP Software

2008-11-08 03:28 . 2008-11-08 03:29 <DIR> d-------- c:\arquivos de programas\Motorola Phone Tools

2008-11-08 03:28 . 2008-11-08 03:28 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Motorola Shared

2008-11-08 03:28 . 2006-11-13 14:45 1,419,232 --a------ c:\windows\system32\wdfcoinstaller01005.dll

2008-11-08 03:28 . 2007-02-27 14:31 21,504 --a------ c:\windows\system32\drivers\motmodem.sys

2008-11-08 03:27 . 2008-11-08 03:27 <DIR> d-------- c:\documents and settings\Izabella\Dados de aplicativos\InstallShield

2008-11-08 01:54 . 2008-11-13 03:04 421 --a------ c:\windows\ODBC.INI

2008-11-08 01:53 . 2003-06-19 01:31 17,920 --a------ c:\windows\system32\mdimon.dll

2008-11-08 01:51 . 2008-11-08 01:52 <DIR> d-------- c:\windows\SHELLNEW

2008-11-08 01:51 . 2008-11-24 10:50 116 --a------ c:\windows\NeroDigital.ini

2008-11-08 01:50 . 2008-11-08 01:50 <DIR> d-------- c:\arquivos de programas\Microsoft.NET

2008-11-08 01:47 . 2008-11-08 01:47 <DIR> dr-h----- C:\MSOCache

2008-11-08 01:35 . 2008-11-08 01:35 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Nero

2008-11-08 01:33 . 2008-11-08 01:33 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Ahead

2008-11-08 01:33 . 2008-11-24 14:22 <DIR> d-------- c:\arquivos de programas\Ahead

2008-11-08 01:33 . 2004-07-26 17:16 1,568,768 --------- c:\windows\system32\ImagX7.dll

2008-11-08 01:33 . 2004-07-26 17:16 476,320 --------- c:\windows\system32\ImagXpr7.dll

2008-11-08 01:33 . 2004-07-26 17:16 471,040 --------- c:\windows\system32\ImagXRA7.dll

2008-11-08 01:33 . 2004-07-26 17:16 262,144 --------- c:\windows\system32\ImagXR7.dll

2008-11-08 01:33 . 2001-07-09 11:50 155,648 --a------ c:\windows\system32\NeroCheck.exe

2008-11-08 01:33 . 2000-06-26 11:45 106,496 --a------ c:\windows\system32\TwnLib20.dll

2008-11-08 00:42 . 2008-11-08 00:42 <DIR> d-------- c:\documents and settings\Izabella\Dados de aplicativos\Publish Providers

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-20 02:38 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2008-11-20 02:28 --------- d-----w c:\arquivos de programas\Arquivos comuns\InstallShield

2008-11-05 19:59 --------- d-----w c:\arquivos de programas\Realtek Sound Manager

2008-11-05 19:59 --------- d-----w c:\arquivos de programas\Realtek AC97

2008-11-05 19:59 --------- d-----w c:\arquivos de programas\AvRack

2008-11-05 19:37 --------- d-----w c:\arquivos de programas\microsoft frontpage

2008-11-05 19:35 --------- d-----w c:\arquivos de programas\Serviços on-line

2008-11-05 19:35 --------- d-----w c:\arquivos de programas\Arquivos comuns\Serviços

2008-11-05 19:33 --------- d-----w c:\arquivos de programas\Windows Media Connect 2

2008-10-16 16:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 16:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 16:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 16:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 16:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 16:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 16:09 43,544 ----a-w c:\windows\system32\wups2.dll

.

((((((((((((((((((((((((((((( snapshot@2008-11-24_14.46.22.92 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-04-13 21:20:26 66,560 ----a-w c:\windows\LastGood\system32\cdm.dll

+ 2008-04-13 21:20:46 431,616 ----a-w c:\windows\LastGood\system32\wuapi.dll

+ 2008-04-13 21:21:26 111,616 ----a-w c:\windows\LastGood\system32\wuauclt.exe

+ 2008-04-13 21:20:46 1,135,616 ----a-w c:\windows\LastGood\system32\wuaueng.dll

+ 2008-04-13 21:20:48 113,152 ----a-w c:\windows\LastGood\system32\wucltui.dll

+ 2008-04-13 21:20:48 32,256 ----a-w c:\windows\LastGood\system32\wups.dll

+ 2008-04-13 21:20:48 120,320 ----a-w c:\windows\LastGood\system32\wuweb.dll

+ 2008-11-25 13:38:56 1,940 ----a-w c:\windows\SoftwareDistribution\EventCache\{50A282AD-3271-4E14-AF67-A59265F1D43C}.bin

- 2008-04-13 21:20:26 66,560 -c--a-w c:\windows\system32\dllcache\cdm.dll

+ 2008-10-16 16:09:44 92,696 -c--a-w c:\windows\system32\dllcache\cdm.dll

- 2008-04-13 21:20:46 431,616 -c--a-w c:\windows\system32\dllcache\wuapi.dll

+ 2008-10-16 16:12:20 561,688 -c--a-w c:\windows\system32\dllcache\wuapi.dll

- 2008-04-13 21:21:26 111,616 -c--a-w c:\windows\system32\dllcache\wuauclt.exe

+ 2008-10-16 16:09:44 51,224 -c--a-w c:\windows\system32\dllcache\wuauclt.exe

- 2008-04-13 21:20:46 1,135,616 -c--a-w c:\windows\system32\dllcache\wuaueng.dll

+ 2008-10-16 16:13:40 1,809,944 -c--a-w c:\windows\system32\dllcache\wuaueng.dll

- 2008-04-13 21:20:48 113,152 -c--a-w c:\windows\system32\dllcache\wucltui.dll

+ 2008-10-16 16:12:22 323,608 -c--a-w c:\windows\system32\dllcache\wucltui.dll

- 2008-04-13 21:20:48 120,320 -c--a-w c:\windows\system32\dllcache\wuweb.dll

+ 2008-10-16 16:13:40 202,776 -c--a-w c:\windows\system32\dllcache\wuweb.dll

+ 2008-10-16 16:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll

- 2006-10-08 23:51:14 14,640 ------w c:\windows\system32\spmsg.dll

+ 2006-09-25 19:58:48 14,640 ------w c:\windows\system32\spmsg.dll

- 2008-05-07 03:53:37 38,400 ----a-w c:\windows\system32\wpdshextres.dll

+ 2006-11-02 13:52:56 41,984 ----a-w c:\windows\system32\wpdshextres.dll

+ 2008-11-25 09:27:43 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_14c.dat

+ 2008-11-25 09:27:39 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5c8.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\arquivos de programas\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-01-23 7630848]

"RemoteControl"="c:\arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-01-23 86016]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"LGODDFU"="c:\arquivos de programas\lg_fwupdate\fwupdate.exe" [2008-11-20 548864]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"WinampAgent"="c:\arquivos de programas\Winamp\winampa.exe" [2008-08-03 36352]

"nwiz"="nwiz.exe" [2007-01-23 c:\windows\system32\nwiz.exe]

"SoundMan"="SOUNDMAN.EXE" [2006-11-17 c:\windows\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

Service Manager.lnk - c:\arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Valve\\hl.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"=

"c:\\Arquivos de programas\\DNA\\btdna.exe"=

"c:\\Arquivos de programas\\Tibia\\Tibia.exe"=

"c:\\Arquivos de programas\\Valve\\hlds.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-05 78416]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-05 20560]

S3 PciCon;PciCon;\??\D:\PciCon.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - BITS

.

Conteúdo da pasta 'Tarefas Agendadas'

2008-11-25 c:\windows\Tasks\WebReg Deskjet F4100 series.job

- c:\arquivos de programas\HP\Digital Imaging\bin\hpqwrg.exe [2007-03-11 21:27]

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-25 11:48:05

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-11-25 11:48:55

ComboFix-quarantined-files.txt 2008-11-25 13:48:41

ComboFix2.txt 2008-11-24 16:46:47

Pré-execução: 18 pasta(s) 43,382,218,752 bytes disponíveis

Pós execução: 18 pasta(s) 43,397,545,984 bytes disponíveis

255

Antivírus Versão Última Atualização Resultado

AhnLab-V3 2008.11.24.3 2008.11.25 -

AntiVir 7.9.0.35 2008.11.25 -

Authentium 5.1.0.4 2008.11.25 -

Avast 4.8.1281.0 2008.11.24 -

AVG 8.0.0.199 2008.11.25 -

BitDefender 7.2 2008.11.25 -

CAT-QuickHeal 10.00 2008.11.25 -

ClamAV 0.94.1 2008.11.25 -

DrWeb 4.44.0.09170 2008.11.25 -

eSafe 7.0.17.0 2008.11.25 -

eTrust-Vet 31.6.6227 2008.11.25 -

Ewido 4.0 2008.11.25 -

F-Prot 4.4.4.56 2008.11.24 -

F-Secure 8.0.14332.0 2008.11.25 -

Fortinet 3.117.0.0 2008.11.25 -

GData 19 2008.11.25 -

Ikarus T3.1.1.45.0 2008.11.25 -

K7AntiVirus 7.10.532 2008.11.24 -

Kaspersky 7.0.0.125 2008.11.25 -

McAfee 5444 2008.11.24 -

McAfee+Artemis 5444 2008.11.24 -

Microsoft 1.4104 2008.11.25 -

NOD32 3638 2008.11.25 -

Norman 5.80.02 2008.11.25 -

Panda 9.0.0.4 2008.11.25 -

PCTools 4.4.2.0 2008.11.25 -

Prevx1 V2 2008.11.25 -

Rising 21.05.12.00 2008.11.25 -

SecureWeb-Gateway 6.7.6 2008.11.25 -

Sophos 4.35.0 2008.11.25 -

Sunbelt 3.1.1823.2 2008.11.22 -

Symantec 10 2008.11.25 -

TheHacker 6.3.1.1.162 2008.11.25 -

TrendMicro 8.700.0.1004 2008.11.25 -

VBA32 None 2008.11.24 -

ViRobot 2008.11.25.1485 2008.11.25 -

VirusBuster 4.5.11.0 2008.11.24 -

Informações adicionais

File size: 297 bytes

MD5...: 73b4c18155c3f71140dbcf67e6e725f2

SHA1..: 0b7f8043fabb26b96600f041ef9cce69fc401d61

SHA256: d59fcd2a7d6e038c7477b193403352955709574b84958fd475f5aa7185a62745

SHA512: d2741532ad4c14cade0ed335b8a040d899168604f9546d8b128ea9abb323361c

95e40643f78ec7bf5e9835ca980659872a8cb554efd40e8dd7dd4c9373a4e876

ssdeep: 6:IJfpV7Ebv0LWEoMZDAMNcwojnol8nvWQALnJNX9pfeyKw1:uBV2aWB+MCrAoSn

MX9pGg1

PEiD..: -

TrID..: File type identification

Generic INI configuration (100.0%)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ahh e outra coisa, após usar o ComboFix Meu antivirus nao abre mais, é o avast, ele nao abre mais os residentes com a inicialização do computador.... E outra problema, o windows media player e o scanner da impressora nao abrem mais nos outros usuarios do computador, só no meu..

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro OtavioFFC

Temporariamente desative o seu anti-virus!

Faça um Online Scan em kaspersky Virusscanner

  • Clique em Clipboard01-1.jpg
  • Quando questionando para instalar o ActiveX, clique Clipboard015.jpg
  • Aguarde a instalação e a atualização e depois clique em Clipboard013.jpg
  • Clique agora em Clipboard016.jpg
  • Nas opções do scan (settings), certifique-se que as entradas abaixo estão selecionadas:
    • Scan using the following Anti-Virus database:

    • Extended (if available otherwise Standard)
  • Scan Options:

  • Scan Archives Scan Mail Bases
Clique Clipboard014.jpgClique em My Computer para que seja feito um Scan completo no seu sistema.Será inciaido o scan e poderá demorar um pouco. Seja paciente e aguarde.No final do Scan, clique no botão Save as TextSalve o log com os resultados e cole o conteúdo na sua próxima mensagem.Gere e cole também um novo log do HijackThis.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×