Ir ao conteúdo
  • Cadastre-se
Entre para seguir isso  
FernandoAmaral

Wircd.exe remoÇÃo por favor

Recommended Posts

Estou com essa praga e não consigo me livrar..

Segue o log do hijack

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:12:03, on 27/2/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\BitDefender\BitDefender Update Service\livesrv.exe

C:\Arquivos de programas\BitDefender\BitDefender 2009\vsserv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\DU Meter\DUMeterSvc.exe

C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\ARQUIV~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe

c:\windows\system32\wircd\wircd.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\BitDefender\BitDefender 2009\bdagent.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Stardock\Object Desktop\WindowFX\wfxload.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Active CPU\acpu.exe

C:\Arquivos de programas\Onscreen Display\osd.exe

C:\Arquivos de programas\SensorsView\sview.exe

C:\Arquivos de programas\BitDefender\BitDefender 2009\seccenter.exe

C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe

C:\arquivos de programas\internet explorer\iexplore.exe

C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe

C:\Arquivos de programas\DU Meter\DUMeter.exe

C:\Arquivos de programas\DAP\DAP.exe

C:\Arquivos de programas\CyberLink\PowerVCRII\PVCR.exe

C:\WINDOWS\system32\SNDVOL32.EXE

C:\Arquivos de programas\TruePoker\Client.exe

C:\ARQUIV~1\TRUEPO~1\client.exe

C:\arquivos de programas\internet explorer\iexplore.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: DAPBHO Class - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - C:\Arquivos de programas\DAP\DAPIEBar.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Arquivos de programas\DAP\DAPIEBar.dll

O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Arquivos de programas\BitDefender\BitDefender 2009\IEToolbar.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [bDAgent] "C:\Arquivos de programas\BitDefender\BitDefender 2009\bdagent.exe"

O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Arquivos de programas\BitDefender\BitDefender 2009\IEShow.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [spyHunter Security Suite] C:\Arquivos de programas\Enigma Software Group\SpyHunter\SpyHunter3.exe

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [DU Meter] C:\Arquivos de programas\DU Meter\DUMeter.exe

O4 - HKCU\..\Run: [WindowFX] C:\Arquivos de programas\Stardock\Object Desktop\WindowFX\\wfxload.exe

O4 - HKCU\..\Run: [CubeDesktop] C:\Arquivos de programas\CubeDesktop\cubedesktop.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - S-1-5-18 Startup: Active CPU.lnk = C:\Arquivos de programas\Active CPU\acpu.exe (User 'SYSTEM')

O4 - S-1-5-18 Startup: Atalho para osd.lnk = C:\Arquivos de programas\Onscreen Display\osd.exe (User 'SYSTEM')

O4 - S-1-5-18 Startup: SensorsView.lnk = C:\Arquivos de programas\SensorsView\sview.exe (User 'SYSTEM')

O4 - S-1-5-18 Startup: Stardock ObjectDock.lnk = C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: Active CPU.lnk = C:\Arquivos de programas\Active CPU\acpu.exe (User 'Default user')

O4 - .DEFAULT Startup: Atalho para osd.lnk = C:\Arquivos de programas\Onscreen Display\osd.exe (User 'Default user')

O4 - .DEFAULT Startup: SensorsView.lnk = C:\Arquivos de programas\SensorsView\sview.exe (User 'Default user')

O4 - .DEFAULT Startup: Stardock ObjectDock.lnk = C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe (User 'Default user')

O4 - Startup: Active CPU.lnk = C:\Arquivos de programas\Active CPU\acpu.exe

O4 - Startup: Atalho para osd.lnk = C:\Arquivos de programas\Onscreen Display\osd.exe

O4 - Startup: SensorsView.lnk = C:\Arquivos de programas\SensorsView\sview.exe

O4 - Startup: Stardock ObjectDock.lnk = C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe

O8 - Extra context menu item: &Download with &DAP - C:\ARQUIV~1\DAP\dapextie.htm

O8 - Extra context menu item: Download Using &BitSpirit - C:\Arquivos de programas\BitSpirit\bsurl.htm

O8 - Extra context menu item: Translate with &Babylon - res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm

O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\ARQUIV~1\DAP\DAP.EXE

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1235253007875

O17 - HKLM\System\CCS\Services\Tcpip\..\{43E0179C-3FA0-42F8-AED9-80D9AE9D9064}: NameServer = 200.142.130.10 200.220.227.101

O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Arquivos de programas\Arquivos comuns\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe

O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Arquivos de programas\DU Meter\DUMeterSvc.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Arquivos de programas\Arquivos comuns\BitDefender\BitDefender Update Service\livesrv.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\ARQUIV~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

O23 - Service: UnrealIRCd - none - c:\windows\system32\wircd\wircd.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Arquivos de programas\BitDefender\BitDefender 2009\vsserv.exe

O24 - Desktop Component 1: Aqua Real - 7db39a0d-580f-4be9-9195-8bfcd226f6c2

--

End of file - 8856 bytes

segue o DDS.SCR

DDS (Ver_09-02-01.01) - NTFSx86

Run by Tony at 1:31:48,48 on sex 27/02/2009

Internet Explorer: 7.0.5730.13

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2047.1348 [GMT -3:00]

AV: BitDefender Antivirus *On-access scanning enabled* (Updated)

FW: BitDefender Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

C:\Arquivos de programas\Arquivos comuns\BitDefender\BitDefender Update Service\livesrv.exe

C:\Arquivos de programas\BitDefender\BitDefender 2009\vsserv.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\DU Meter\DUMeterSvc.exe

C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\ARQUIV~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe -k imgsvc

c:\windows\system32\wircd\wircd.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\BitDefender\BitDefender 2009\bdagent.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Stardock\Object Desktop\WindowFX\wfxload.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Active CPU\acpu.exe

C:\Arquivos de programas\Onscreen Display\osd.exe

C:\Arquivos de programas\SensorsView\sview.exe

C:\Arquivos de programas\BitDefender\BitDefender 2009\seccenter.exe

C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe

C:\arquivos de programas\internet explorer\iexplore.exe

C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe

C:\Arquivos de programas\DU Meter\DUMeter.exe

C:\Arquivos de programas\DAP\DAP.exe

C:\Arquivos de programas\CyberLink\PowerVCRII\PVCR.exe

C:\WINDOWS\system32\SNDVOL32.EXE

C:\arquivos de programas\internet explorer\iexplore.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Tony\Desktop\dds.scr

C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = www.google.com.br/

BHO: DAPBHO Class: {0096cc0a-623c-4829-ad9c-19af0dc9d8fe} - c:\arquivos de programas\dap\DAPIEBar.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\arquivos de programas\real\realplayer\rpbrowserrecordplugin.dll

TB: DAP Bar: {62999427-33fc-4baf-9c9c-bce6bd127f08} - c:\arquivos de programas\dap\DAPIEBar.dll

TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\arquivos de programas\bitdefender\bitdefender 2009\IEToolbar.dll

TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\arquivos de programas\daemon tools toolbar\DTToolbar.dll

uRun: [DU Meter] c:\arquivos de programas\du meter\DUMeter.exe

uRun: [WindowFX] c:\arquivos de programas\stardock\object desktop\windowfx\\wfxload.exe

uRun: [CubeDesktop] c:\arquivos de programas\cubedesktop\cubedesktop.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [soundMan] SOUNDMAN.EXE

mRun: [bDAgent] "c:\arquivos de programas\bitdefender\bitdefender 2009\bdagent.exe"

mRun: [bitDefender Antiphishing Helper] "c:\arquivos de programas\bitdefender\bitdefender 2009\IEShow.exe"

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [spyHunter Security Suite] c:\arquivos de programas\enigma software group\spyhunter\SpyHunter3.exe

mRunOnce: [Malwarebytes Anti-Malware (reboot)] "c:\arquivos de programas\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

StartupFolder: c:\docume~1\tony\menuin~1\progra~1\inicia~1\active~1.lnk - c:\arquivos de programas\active cpu\acpu.exe

StartupFolder: c:\docume~1\tony\menuin~1\progra~1\inicia~1\atalho~1.lnk - c:\arquivos de programas\onscreen display\osd.exe

StartupFolder: c:\docume~1\tony\menuin~1\progra~1\inicia~1\sensor~1.lnk - c:\arquivos de programas\sensorsview\sview.exe

StartupFolder: c:\docume~1\tony\menuin~1\progra~1\inicia~1\stardo~1.lnk - c:\arquivos de programas\stardock\objectdock\ObjectDock.exe

IE: &Download with &DAP - c:\arquiv~1\dap\dapextie.htm

IE: Download Using &BitSpirit - c:\arquivos de programas\bitspirit\bsurl.htm

IE: Translate with &Babylon - c:\arquivos de programas\babylon\babylon-pro\utils\BabylonIEPI.dll/Translate.htm

IE: ÓñÈÌؾ«ÁéÏÂÔØ(&B)

IE: {669695BC-A811-4A9D-8CDF-BA8C795F261C} - c:\arquiv~1\dap\DAP.EXE

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1235253007875

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

TCP: {43E0179C-3FA0-42F8-AED9-80D9AE9D9064} = 200.142.130.10 200.220.227.101

Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\arquiv~1\dap\dapie.dll

Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\arquiv~1\dap\dapie.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\arquivos de programas\qualcomm\qualcomm\eudora mail\EuShlExt.dll

============= SERVICES / DRIVERS ===============

R2 BDVEDISK;BDVEDISK;c:\arquivos de programas\bitdefender\bitdefender 2009\BDVEDISK.sys [2008-9-4 82696]

R2 DUMeterSvc;DU Meter Service;c:\arquivos de programas\du meter\DUMeterSvc.exe [2009-2-21 1382672]

R2 MBAMService;MBAMService;c:\arquivos de programas\malwarebytes' anti-malware\mbamservice.exe [2009-2-21 179856]

R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-9-18 111112]

R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2008-10-17 104328]

R3 CTL511Plus;Video Blaster WebCam 3/WebCam Plus (WDM);c:\windows\system32\drivers\webc3vid.sys [2009-2-25 166504]

R3 CXTuner;Conexant TVTuner;c:\windows\system32\drivers\CXTuner.sys [2009-2-21 23264]

R3 CXVideo;Conexant Capture;c:\windows\system32\drivers\CXVCap.sys [2009-2-21 93056]

R3 CXXBar;Conexant Crossbar;c:\windows\system32\drivers\CXXBar.sys [2009-2-21 7200]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-2-21 15504]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-2-21 38496]

S3 Arrakis3;BitDefender Arrakis Server;c:\arquivos de programas\arquivos comuns\bitdefender\bitdefender arrakis server\bin\Arrakis3.exe [2008-7-17 118784]

S3 dTVdrvNT;dTVdrvNT;c:\windows\system32\DTVDRVNT.SYS [2009-2-21 12188]

=============== Created Last 30 ================

2009-02-27 01:11 <DIR> --d----- c:\arquivos de programas\Trend Micro

2009-02-26 20:51 <DIR> --d----- c:\arquivos de programas\Enigma Software Group

2009-02-26 20:35 63 a------- c:\windows\wininit.ini

2009-02-26 19:35 1,128 a------- C:\settings.dat

2009-02-26 18:49 <DIR> --d----- c:\windows\system32\VIRepair

2009-02-26 11:08 <DIR> --d----- c:\arquivos de programas\The Hell in Vietnam

2009-02-26 00:12 <DIR> --d----- C:\vghd

2009-02-25 18:16 <DIR> --d----- c:\arquivos de programas\TVUPlayer

2009-02-25 18:15 <DIR> --d----- c:\arquivos de programas\Megacubo

2009-02-25 16:43 7 a------- c:\windows\sbacknt.bin

2009-02-25 16:33 152,904 a------- c:\windows\system32\vghd.scr

2009-02-25 16:33 <DIR> --d----- c:\docume~1\tony\dadosd~1\vghd

2009-02-25 15:31 <DIR> --d----- c:\arquivos de programas\Camwizard

2009-02-25 15:14 <DIR> --d----- c:\windows\OvtCam

2009-02-25 15:04 41,984 a------- c:\windows\CTREGRUN.EXE

2009-02-25 15:04 135,680 a------- c:\windows\Webdelc.exe

2009-02-25 15:04 643 a------- c:\windows\WebCamC.ini

2009-02-25 15:04 <DIR> --d----- c:\arquivos de programas\Creative

2009-02-25 14:54 <DIR> --d----- c:\arquivos de programas\Everest Poker

2009-02-25 13:27 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\GbPlugin

2009-02-25 12:05 <DIR> --d----- c:\docume~1\tony\dadosd~1\mojosoft

2009-02-25 12:05 <DIR> --d----- c:\arquivos de programas\MOJOSOFT

2009-02-25 11:24 5,248 a------- c:\windows\system32\drivers\giveio.sys

2009-02-25 11:24 <DIR> --d----- c:\arquivos de programas\SensorsView

2009-02-25 11:20 49,664 a------- c:\windows\unvise32.exe

2009-02-25 11:20 <DIR> --d----- c:\arquivos de programas\Active CPU

2009-02-24 21:54 206,755 a------- c:\windows\system32\nvapps.nvb

2009-02-24 21:53 <DIR> --d----- C:\NVIDIA

2009-02-24 21:50 <DIR> --d----- c:\arquivos de programas\2710 Software

2009-02-24 21:12 <DIR> --d----- c:\arquivos de programas\Texas Holdem Poker 3D Deluxe Edition DeLEGiON

2009-02-24 19:51 <DIR> --d----- C:\Filmes

2009-02-24 16:54 <DIR> --d----- c:\arquivos de programas\ASIO4ALL v2

2009-02-24 16:54 225,280 a------- c:\windows\system32\rewire.dll

2009-02-24 16:54 1,294,336 a------- c:\windows\system32\vorbis.acm

2009-02-24 16:46 <DIR> --d----- c:\arquivos de programas\CubeDesktop

2009-02-24 15:50 81,920 a----r-- c:\windows\system32\Tk421.dll

2009-02-24 15:50 <DIR> --d----- c:\arquivos de programas\Mixman Technologies

2009-02-24 10:29 394,240 a------- c:\windows\system32\Smab.dll

2009-02-24 10:29 240,128 a------- c:\windows\system32\x.264.exe

2009-02-24 10:29 70,656 a------- c:\windows\system32\i420vfw.dll

2009-02-24 10:29 66,560 a------- c:\windows\MOTA113.exe

2009-02-24 10:29 27,648 a------- c:\windows\system32\AVSredirect.dll

2009-02-24 10:29 502,784 a------- c:\windows\x2.64.exe

2009-02-24 10:29 217,073 a------- c:\windows\meta4.exe

2009-02-24 10:29 <DIR> --d----- C:\Program Files

2009-02-24 08:36 <DIR> --d----- c:\arquivos de programas\arquivos comuns\xing shared

2009-02-24 08:35 <DIR> --d----- c:\arquivos de programas\arquivos comuns\Real

2009-02-23 20:43 <DIR> --d----- c:\arquivos de programas\Qualcomm

2009-02-23 20:37 <DIR> --d----- C:\Games

2009-02-23 20:36 <DIR> --d----- C:\Manhunt [PC][3CDS][Multi5][www.emwreloaded.com]

2009-02-23 20:06 <DIR> --d----- C:\Mp3 - Vídeos

2009-02-23 19:44 <DIR> --d----- C:\WINXP

2009-02-23 19:43 <DIR> --d----- C:\Meus documentos

2009-02-23 18:07 <DIR> --d----- C:\Fernando

2009-02-23 17:36 <DIR> --d----- c:\docume~1\tony\dadosd~1\Boost Windows

2009-02-23 17:35 <DIR> --d----- c:\arquivos de programas\Boost Windows

2009-02-23 16:53 <DIR> --d-h--- c:\windows\system32\wircd

2009-02-23 16:18 121 a------- c:\windows\bdagent.INI

2009-02-23 14:35 <DIR> --d----- c:\arquivos de programas\Norton SystemWorks

2009-02-23 14:35 83,208 a------- c:\windows\system32\S32EVNT1.DLL

2009-02-23 14:35 82,136 a------- c:\windows\system32\drivers\SYMEVENT.SYS

2009-02-23 14:35 <DIR> --d----- c:\arquivos de programas\arquivos comuns\Symantec Shared

2009-02-23 14:02 <DIR> --d----- c:\arquivos de programas\HDD Regenerator

2009-02-23 02:43 <DIR> --d----- c:\docume~1\tony\dadosd~1\Symantec

2009-02-23 02:42 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Symantec

2009-02-22 23:14 <DIR> --d----- c:\windows\Aquadelic

2009-02-22 22:37 <DIR> --dsh--- c:\windows\ftpcache

2009-02-22 22:37 456,646 a------- c:\windows\Natura Sound Therapy Uninstaller.exe

2009-02-22 22:37 <DIR> --d----- c:\arquivos de programas\Natura Sound Therapy

2009-02-22 21:58 <DIR> --d----- c:\arquivos de programas\PowerISO

2009-02-22 21:09 <DIR> --d----- C:\Download

2009-02-22 16:51 249,856 -------- c:\windows\Setup1.exe

2009-02-22 16:51 73,216 a------- c:\windows\ST6UNST.EXE

2009-02-22 16:44 <DIR> --d----- c:\arquivos de programas\Super Fast Shutdown

2009-02-22 13:04 <DIR> --d----- C:\Backup de drivers

2009-02-22 12:56 1,686,016 a------- c:\windows\system32\clinetsuitex6.ocx

2009-02-22 12:56 1,071,088 a------- c:\windows\system32\MSCOMCTL.OCX

2009-02-22 12:56 662,288 a------- c:\windows\system32\MSCOMCT2.OCX

2009-02-22 12:56 <DIR> --d----- c:\arquivos de programas\Driver-Soft

2009-02-22 12:17 <DIR> --d----- c:\arquivos de programas\K-Lite Codec Pack

2009-02-22 11:16 101,376 a----r-- c:\windows\system32\drivers\ewusbmdm.sys

2009-02-22 11:16 24,448 a----r-- c:\windows\system32\drivers\ewdcsc.sys

2009-02-22 11:16 872,192 a------- c:\windows\system32\drivers\mod7700.sys

2009-02-22 11:16 103,168 a------- c:\windows\system32\drivers\ewusbfake.sys

2009-02-22 11:16 100,992 a------- c:\windows\system32\drivers\ewusbnet.sys

2009-02-22 02:55 <DIR> --d----- c:\docume~1\tony\dadosd~1\Thinstall

2009-02-22 01:16 1,032,192 a------- c:\windows\AquaReal.scr

2009-02-22 01:16 258,048 a------- c:\windows\system32\AquaReal.ocx

2009-02-22 01:16 131,072 a------- c:\windows\SNVerifyDLL.dll

2009-02-22 01:16 <DIR> --d----- c:\arquivos de programas\Formosoft

2009-02-22 01:16 <DIR> --d-h--- c:\windows\PIF

2009-02-22 01:05 <DIR> --d----- c:\arquivos de programas\Unlocker

2009-02-22 01:03 <DIR> --d----- c:\arquivos de programas\Depertador

2009-02-21 23:10 14,048 -------- c:\windows\system32\spmsg2.dll

2009-02-21 23:05 <DIR> --d----- c:\windows\system32\XPSViewer

2009-02-21 23:04 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-02-21 23:04 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll

2009-02-21 23:04 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-02-21 23:04 575,488 -------- c:\windows\system32\xpsshhdr.dll

2009-02-21 23:04 117,760 -------- c:\windows\system32\prntvpt.dll

2009-02-21 23:04 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll

2009-02-21 23:04 1,676,288 -------- c:\windows\system32\xpssvcs.dll

2009-02-21 22:58 <DIR> --d----- c:\arquivos de programas\MSXML 4.0

2009-02-21 22:54 6,066,688 -c------ c:\windows\system32\dllcache\ieframe.dll

2009-02-21 22:54 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat

2009-02-21 22:54 1,024,000 -c------ c:\windows\system32\dllcache\ieframe.dll.mui

2009-02-21 22:54 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll

2009-02-21 22:54 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll

2009-02-21 22:54 267,776 -c------ c:\windows\system32\dllcache\iertutil.dll

2009-02-21 22:54 63,488 -c------ c:\windows\system32\dllcache\icardie.dll

2009-02-21 22:54 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll

2009-02-21 22:54 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe

2009-02-21 22:37 <DIR> --d----- c:\arquivos de programas\Windows Media Connect 2

2009-02-21 22:35 <DIR> --d----- c:\windows\system32\LogFiles

2009-02-21 22:33 <DIR> --d----- c:\windows\system32\URTTemp

2009-02-21 20:08 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys

2009-02-21 20:02 2,149,376 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe

2009-02-21 20:02 2,070,272 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe

2009-02-21 20:02 2,028,032 -c------ c:\windows\system32\dllcache\ntkrpamp.exe

2009-02-21 20:02 2,193,408 -c------ c:\windows\system32\dllcache\ntoskrnl.exe

2009-02-21 19:54 272,384 -c------ c:\windows\system32\dllcache\bthport.sys

2009-02-21 19:54 272,384 -------- c:\windows\system32\drivers\bthport.sys

2009-02-21 19:09 <DIR> --d----- c:\windows\system32\PreInstall

2009-02-21 19:09 26,488 a------- c:\windows\system32\spupdsvc.exe

2009-02-21 19:09 <DIR> --d-h--- c:\windows\$hf_mig$

2009-02-21 18:52 31,768 a------- c:\windows\system32\wucltui.dll.mui

2009-02-21 18:52 18,968 a------- c:\windows\system32\wuaueng.dll.mui

2009-02-21 18:52 27,672 a------- c:\windows\system32\wuaucpl.cpl.mui

2009-02-21 18:52 27,672 a------- c:\windows\system32\wuapi.dll.mui

2009-02-21 18:52 <DIR> --d----- c:\windows\system32\SoftwareDistribution

2009-02-21 18:49 <DIR> --ds---- c:\documents and settings\tony\UserData

2009-02-21 18:45 <DIR> --d----- c:\docume~1\tony\dadosd~1\RaimaRadioPro

2009-02-21 18:45 <DIR> --d----- c:\arquivos de programas\RarmaRadio

2009-02-21 18:45 <DIR> --d----- c:\arquivos de programas\Audacity

2009-02-21 18:40 69 a------- c:\windows\NeroDigital.ini

2009-02-21 18:39 <DIR> --d----- c:\arquivos de programas\TruePoker

2009-02-21 18:35 <DIR> --d----- c:\docume~1\tony\dadosd~1\DAEMON Tools Pro

2009-02-21 18:34 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\DAEMON Tools Lite

2009-02-21 18:33 <DIR> --d----- c:\arquivos de programas\DAEMON Tools Toolbar

2009-02-21 18:33 <DIR> --d----- c:\arquivos de programas\DAEMON Tools Lite

2009-02-21 18:27 <DIR> --d----- c:\arquivos de programas\Babylon

2009-02-21 18:26 <DIR> --d----- c:\docume~1\tony\dadosd~1\Babylon

2009-02-21 18:26 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Babylon

2009-02-21 18:23 <DIR> --d----- c:\arquivos de programas\Windows Doctor

2009-02-21 18:18 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Nero

2009-02-21 18:18 <DIR> --d----- c:\arquivos de programas\Nero

2009-02-21 18:18 <DIR> --d----- c:\arquivos de programas\arquivos comuns\Ahead

2009-02-21 18:16 <DIR> --d----- c:\windows\RegisteredPackages

2009-02-21 18:11 <DIR> --d----- c:\arquivos de programas\VS Revo Group

2009-02-21 18:09 <DIR> --d----- c:\arquivos de programas\Symantec

2009-02-21 18:06 <DIR> --d----- c:\docume~1\tony\dadosd~1\Malwarebytes

2009-02-21 18:06 15,504 a------- c:\windows\system32\drivers\mbam.sys

2009-02-21 18:06 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2009-02-21 18:06 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Malwarebytes

2009-02-21 18:06 <DIR> --d----- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-02-21 18:04 <DIR> --d----- c:\arquivos de programas\Paint Shop Pro 5

2009-02-21 18:02 <DIR> --d----- c:\docume~1\tony\dadosd~1\DAEMON Tools Lite

2009-02-21 18:01 <DIR> --d----- c:\arquivos de programas\eRightSoft

2009-02-21 18:00 <DIR> --d----- c:\arquivos de programas\XP Codec Pack

2009-02-21 18:00 <DIR> --d----- c:\arquivos de programas\DVD Shrink

2009-02-21 17:59 39,488 a------- c:\windows\system32\drivers\Pcouffin.sys

2009-02-21 17:59 <DIR> --d----- c:\arquivos de programas\CloneDVD

2009-02-21 17:47 81,984 a------- c:\windows\system32\bdod.bin

2009-02-21 17:46 850 a------- c:\windows\system32\ProductTweaks.xml

2009-02-21 17:46 385 a------- c:\windows\system32\user_gensett.xml

2009-02-21 17:42 <DIR> --d----- C:\Downloads

2009-02-21 17:42 <DIR> --d----- c:\arquivos de programas\BitSpirit

2009-02-21 17:36 651 a------- c:\windows\system32\BDUpdateV1.xml

2009-02-21 17:26 <DIR> --d----- C:\links

2009-02-21 17:18 8,704 a------- C:\ConnectVMR9After.grf

2009-02-21 17:18 7,680 a------- C:\ConnectVMR9.grf

2009-02-21 17:11 <DIR> --d----- c:\arquivos de programas\arquivos comuns\Stardock

2009-02-21 16:52 <DIR> --d----- c:\docume~1\tony\dadosd~1\BitDefender

2009-02-21 16:52 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\BitDefender

2009-02-21 16:52 <DIR> --d----- c:\arquivos de programas\BitDefender

2009-02-21 16:52 <DIR> --d----- c:\arquivos de programas\arquivos comuns\BitDefender

2009-02-21 16:44 <DIR> --d----- c:\arquivos de programas\Marcos Velasco Security

2009-02-21 16:42 172,032 a------- c:\windows\system32\AniGIF.ocx

2009-02-21 16:42 <DIR> --d----- c:\arquivos de programas\DAP

2009-02-21 16:29 <DIR> --d----- c:\docume~1\tony\dadosd~1\Thinking Minds Budiling Bytes

2009-02-21 16:15 0 a------- c:\windows\windowfx3.ini

2009-02-21 16:15 0 a------- c:\windows\windowfx2.ini

2009-02-21 16:13 <DIR> --d----- c:\arquivos de programas\Stardock

2009-02-21 16:09 <DIR> --d----- c:\docume~1\tony\dadosd~1\Styler

2009-02-21 16:02 78,942 a------- c:\windows\Icon_1.ico

2009-02-21 16:02 <DIR> --d----- c:\windows\system32\VITrans

2009-02-21 16:02 111,104 a------- c:\windows\system32\Uharc.exe

2009-02-21 16:02 94,208 a------- c:\windows\system32\pskill.exe

2009-02-21 16:02 69,632 a------- c:\windows\system32\moveex.exe

2009-02-21 16:02 20,480 a------- c:\windows\system32\scrnrdr.exe

2009-02-21 16:02 19,968 a------- c:\windows\system32\reico.exe

2009-02-21 16:02 8,636 a------- c:\windows\system32\modifype.exe

2009-02-21 15:55 32,128 ac------ c:\windows\system32\dllcache\usbccgp.sys

2009-02-21 15:55 32,128 a------- c:\windows\system32\drivers\usbccgp.sys

2009-02-21 15:54 <DIR> --d----- c:\arquivos de programas\VIVO ZAP 3G

2009-02-21 15:52 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Hagel Technologies

2009-02-21 15:52 <DIR> --d----- c:\arquivos de programas\DU Meter

2009-02-21 15:49 26,368 ac------ c:\windows\system32\dllcache\usbstor.sys

2009-02-21 15:48 32 a------- c:\windows\msiosd.ini

2009-02-21 15:47 <DIR> --d----- c:\arquivos de programas\Onscreen Display

2009-02-21 15:43 <DIR> --d----- c:\windows\pss

2009-02-21 15:43 109 a------- c:\windows\TSNV_I2C.INI

2009-02-21 15:43 1,494,528 a------- c:\windows\system32\TSSnap.ax

2009-02-21 15:43 49,152 a------- c:\windows\system32\TSWavDst.ax

2009-02-21 15:43 45,056 a------- c:\windows\system32\TSNull.ax

2009-02-21 15:43 22,260 a------- c:\windows\TSCTVMSG.INI

2009-02-21 15:43 13,872 a------- c:\windows\system32\DTVDRV95.VXD

2009-02-21 15:43 12,188 a------- c:\windows\system32\DTVDRVNT.SYS

2009-02-21 15:43 804 a------- c:\windows\TSCTVDIV.BIN

2009-02-21 15:43 57,344 a------- c:\windows\system32\DTVDRV.DLL

2009-02-21 15:43 45,056 a------- c:\windows\system32\Deinterlace.ax

2009-02-21 15:42 <DIR> --d----- C:\pvcrwork

2009-02-21 15:40 204,800 a------- c:\windows\TVXAPP.EXE

2009-02-21 15:40 204,800 a------- c:\windows\TVUNINST.EXE

2009-02-21 15:40 20,472 a------- c:\windows\Tsctvfm.ini

2009-02-21 15:40 10,470 a------- c:\windows\TSCTVDIV.INI

2009-02-21 15:40 2,318 a------- c:\windows\TSCTNDBG.INI

2009-02-21 15:40 95 a------- c:\windows\TSCFM.INI

2009-02-21 15:40 26 a------- c:\windows\IFOLDER.INI

2009-02-21 15:40 12 a------- c:\windows\GRAPPLER.INI

2009-02-21 15:40 <DIR> --d----- c:\windows\PowerVCR

2009-02-21 15:40 <DIR> --d----- c:\arquivos de programas\Prolink

2009-02-21 15:40 299,520 a------- c:\windows\uninst.exe

2009-02-21 15:38 <DIR> --d----- c:\windows\MustRead

2009-02-21 15:31 27,904 a------- c:\windows\system32\drivers\viaagp1.sys

2009-02-21 15:31 306,688 a------- c:\windows\IsUninst.exe

2009-02-21 15:29 <DIR> --d----- c:\documents and settings\tony\WINDOWS

2009-02-21 15:28 10,528,768 a------- c:\windows\system32\RTLCPL.exe

2009-02-21 15:28 141,016 a------- c:\windows\system32\alsndmgr.wav

2009-02-21 15:28 <DIR> --d----- c:\arquivos de programas\Realtek AC97

2009-02-21 15:28 18,804,736 a------- c:\windows\system32\alsndmgr.cpl

2009-02-21 15:28 577,536 a------- c:\windows\soundman.exe

2009-02-21 15:28 147,456 a------- c:\windows\system32\RtlCPAPI.dll

2009-02-21 15:28 315,392 a------- c:\windows\alcupd.exe

2009-02-21 15:28 217,088 a------- c:\windows\Alcrmv.exe

2009-02-21 15:28 <DIR> --d----- c:\arquivos de programas\arquivos comuns\InstallShield

2009-02-21 15:28 200,790 a------- c:\windows\system32\nvapps.xml

2009-02-21 15:28 453,152 a------- c:\windows\system32\nvudisp.exe

2009-02-21 15:28 18,725 a------- c:\windows\system32\nvdisp.nvu

2009-02-21 15:28 <DIR> --d----- c:\windows\nview

2009-02-21 15:26 453,152 a------- c:\windows\system32\NVUNINST.EXE

2009-02-21 15:17 <DIR> --d-h--- c:\documents and settings\tony\Configurações locais

2009-02-21 15:17 <DIR> --d-h--- c:\documents and settings\tony\Ambiente de rede

2009-02-21 15:17 <DIR> --d-h--- c:\documents and settings\tony\Ambiente de impressão

2009-02-21 15:17 <DIR> --d-hr-- c:\documents and settings\tony\Dados de aplicativos

2009-02-21 15:17 <DIR> --d-h--- c:\documents and settings\tony\Modelos

2009-02-21 15:17 <DIR> --d--r-- c:\documents and settings\tony\Meus documentos

2009-02-21 15:17 <DIR> --d--r-- c:\documents and settings\tony\Menu Iniciar

2009-02-21 15:17 <DIR> --d--r-- c:\documents and settings\tony\Favoritos

2009-02-21 15:17 <DIR> --d----- c:\documents and settings\Tony

2009-02-21 15:16 <DIR> --ds---- c:\windows\system32\Microsoft

2009-02-21 15:16 8,192 a------- c:\windows\REGLOCS.OLD

2009-02-21 15:14 35,840 ac------ c:\windows\system32\dllcache\iprip.dll

2009-02-21 15:13 68,608 ac------ c:\windows\system32\dllcache\iisext51.dll

2009-02-21 15:12 <DIR> --dsh--- c:\documents and settings\all users\DRM

2009-02-21 15:12 <DIR> --d--r-- c:\windows\Offline Web Pages

2009-02-21 15:12 488 a---hr-- c:\windows\system32\WindowsLogon.manifest

2009-02-21 15:12 488 a---hr-- c:\windows\system32\logonui.exe.manifest

2009-02-21 15:12 <DIR> --ds---- c:\windows\Downloaded Program Files

2009-02-21 15:12 749 a---hr-- c:\windows\WindowsShell.Manifest

2009-02-21 15:12 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest

2009-02-21 15:12 749 a---hr-- c:\windows\system32\sapi.cpl.manifest

2009-02-21 15:12 749 a---hr-- c:\windows\system32\nwc.cpl.manifest

2009-02-21 15:12 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest

2009-02-21 15:12 749 a---hr-- c:\windows\system32\cdplayer.exe.manifest

2009-02-21 15:12 <DIR> --d-h--- c:\arquivos de programas\WindowsUpdate

2009-02-21 15:12 <DIR> --d----- c:\arquivos de programas\Serviços on-line

2009-02-21 15:12 4,399,505 ac------ c:\windows\system32\dllcache\nls302en.lex

2009-02-21 15:12 <DIR> --d----- c:\windows\system32\DirectX

2009-02-21 15:11 <DIR> --d----- c:\arquivos de programas\arquivos comuns\Serviços

2009-02-21 15:11 <DIR> --d----- c:\arquivos de programas\arquivos comuns\MSSoap

2009-02-21 15:09 <DIR> --d----- c:\arquivos de programas\Messenger

2009-02-21 15:09 <DIR> --d----- c:\arquivos de programas\MSN Gaming Zone

2009-02-21 15:09 <DIR> --d----- c:\arquivos de programas\Windows NT

2009-02-21 11:57 <DIR> --d----- c:\arquivos de programas\arquivos comuns\ODBC

2009-02-21 11:57 <DIR> --d----- c:\arquivos de programas\arquivos comuns\SpeechEngines

2009-02-21 11:56 <DIR> --d-h--- c:\documents and settings\all users\Modelos

2009-02-21 11:56 <DIR> --d--r-- c:\documents and settings\all users\Menu Iniciar

2009-02-21 11:56 <DIR> --d--r-- c:\documents and settings\all users\Documentos

2009-02-21 11:56 <DIR> --d----- c:\documents and settings\all users\Favoritos

2009-02-21 11:56 <DIR> --d-hr-- c:\documents and settings\all users\Dados de aplicativos

==================== Find3M ====================

2009-02-23 15:15 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat

2009-02-22 21:08 470,736 a------- c:\windows\system32\perfh016.dat

2009-02-22 21:08 80,368 a------- c:\windows\system32\perfc016.dat

2009-02-21 18:02 717,296 a------- c:\windows\system32\drivers\sptd.sys

2009-02-21 17:35 104,328 a------- c:\windows\system32\drivers\bdfndisf.sys

2009-02-21 17:34 82,696 a------- c:\windows\system32\drivers\BDVEDISK.sys

2009-02-21 17:34 242,184 a------- c:\windows\system32\drivers\bdfsfltr.sys

2009-02-21 15:10 21,844 a------- c:\windows\system32\emptyregdb.dat

2008-12-28 19:48 2,330,643 a------- c:\windows\system32\x264vfw.dll

2008-12-20 19:47 826,368 a------- c:\windows\system32\wininet.dll

2008-12-08 08:53 57,344 a------- c:\windows\system32\ff_vfw.dll

2008-12-07 15:08 795,648 a------- c:\windows\system32\xvidcore.dll

2008-12-07 15:08 130,048 a------- c:\windows\system32\xvidvfw.dll

2006-05-03 06:06 163,328 ---shr-- c:\windows\system32\flvDX.dll

2007-02-21 07:47 31,232 ---shr-- c:\windows\system32\msfDX.dll

============= FINISH: 1:32:45,50 ===============

Segue o GMER

GMER 1.0.10.10122 - http://www.gmer.net

Rootkit 2009-02-27 01:58:26

Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.10 ----

SSDT spuf.sys ZwCreateKey

SSDT spuf.sys ZwEnumerateKey

SSDT spuf.sys ZwEnumerateValueKey

SSDT spuf.sys ZwOpenKey

SSDT \??\C:\Arquivos de programas\BitDefender\BitDefender 2009\bdselfpr.sys ZwOpenProcess

SSDT \??\C:\Arquivos de programas\BitDefender\BitDefender 2009\bdselfpr.sys ZwOpenThread

SSDT spuf.sys ZwQueryKey

SSDT spuf.sys ZwQueryValueKey

SSDT spuf.sys ZwSetValueKey

SSDT \??\C:\Arquivos de programas\BitDefender\BitDefender 2009\bdselfpr.sys ZwTerminateProcess

---- Devices - GMER 1.0.10 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 89C111F8

Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 88E2D1F8

Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CREATE 89B531F8

Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_CREATE 89B531F8

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 89BA21F8

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 89BA21F8

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 89BA21F8

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 89BA21F8

Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_CREATE 89B371F8

Device \Driver\PCI_PNP5058 \Device\00000047 IRP_MJ_CREATE [F751AB1C] spuf.sys

Device \Driver\PCI_PNP5058 \Device\00000047 IRP_MJ_CREATE_NAMED_PIPE [F751AB1C] spuf.sys

Device \Driver\PCI_PNP5058 \Device\00000047 IRP_MJ_CLOSEIRP_MJ_READ [F751AB1C] spuf.sys

Device \Driver\PCI_PNP5058 \Device\00000047 IRP_MJ_WRITE [F751AB1C] spuf.sys

Device \Driver\PCI_PNP5058 \Device\00000047 IRP_MJ_QUERY_INFORMATION [F751AB1C] spuf.sys

Device \Driver\PCI_PNP5058 \Device\00000047 IRP_MJ_SET_INFORMATION [F751AB1C] spuf.sys

Device \Driver\PCI_PNP5058 \Device\00000047 IRP_MJ_QUERY_EA [F751AB1C] spuf.sys

Device \Driver\PCI_PNP5058 \Device\00000047 IRP_MJ_SET_EA [F751AB1C] spuf.sys

Device \Driver\PCI_PNP5058 \Device\00000047 IRP_MJ_FLUSH_BUFFERS [F751AB1C] spuf.sys

Device \Driver\PCI_PNP5058 \Device\00000047 IRP_MJ_QUERY_VOLUME_INFORMATION [F751AB1C] spuf.sys

Device \Driver\PCI_PNP5058 \Device\00000047 IRP_MJ_SET_VOLUME_INFORMATION [F751AB1C] spuf.sys

Device \Driver\PCI_PNP5058 \Device\00000047 IRP_MJ_DIRECTORY_CONTROL [F751AB1C] spuf.sys

Device \Driver\PCI_PNP5058 \Device\00000047 IRP_MJ_FILE_SYSTEM_CONTROL [F751AB1C] spuf.sys

Device \Driver\PCI_PNP5058 \Device\00000047 IRP_MJ_DEVICE_CONTROL [F751AB1C] spuf.sys

Device \Driver\PCI_PNP5058 \Device\00000047 IRP_MJ_INTERNAL_DEVICE_CONTROL [F751AB1C] spuf.sys

Device \Driver\PCI_PNP5058 \Device\00000047 IRP_MJ_SHUTDOWN [F751AB1C] spuf.sys

Device \Driver\PCI_PNP5058 \Device\00000047 IRP_MJ_LOCK_CONTROL [F751AB1C] spuf.sys

Device \Driver\PCI_PNP5058 \Device\00000047 IRP_MJ_CLEANUP [F751AB1C] spuf.sys

Device \Driver\PCI_PNP5058 \Device\00000047 IRP_MJ_CREATE_MAILSLOT [F751AB1C] spuf.sys

Device \Driver\PCI_PNP5058 \Device\00000047 IRP_MJ_QUERY_SECURITY [F751AB1C] spuf.sys

Device \Driver\PCI_PNP5058 \Device\00000047 IRP_MJ_SET_SECURITY [F751AB1C] spuf.sys

Device \Driver\PCI_PNP5058 \Device\00000047 IRP_MJ_POWER [F751AB1C] spuf.sys

Device \Driver\PCI_PNP5058 \Device\00000047 IRP_MJ_SYSTEM_CONTROL [F74DEE1C] spuf.sys

Device \Driver\PCI_PNP5058 \Device\00000047 IRP_MJ_DEVICE_CHANGE [F74F3514] spuf.sys

Device \Driver\PCI_PNP5058 \Device\00000047 IRP_MJ_QUERY_QUOTA [F751AB1C] spuf.sys

Device \Driver\PCI_PNP5058 \Device\00000047 IRP_MJ_SET_QUOTA [F751AB1C] spuf.sys

Device \Driver\PCI_PNP5058 \Device\00000047 IRP_MJ_PNP [F751AB1C] spuf.sys

Device \Driver\PCI_PNP5058 \Device\00000047 IRP_MJ_PNP_POWER [F7517E8A] spuf.sys

Device \Driver\usbohci \Device\USBPDO-3 IRP_MJ_CREATE 89B531F8

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 89C131F8

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 89B3B1F8

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 89B3B1F8

Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 89B3B1F8

Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 88E601F8

Device \Driver\NetBT \Device\NetBT_Tcpip_{43E0179C-3FA0-42F8-AED9-80D9AE9D9064} IRP_MJ_CREATE 88E601F8

Device \Driver\USBSTOR \Device\00000078 IRP_MJ_CREATE 88D1A500

Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 88E601F8

Device \Driver\USBSTOR \Device\00000079 IRP_MJ_CREATE 88D1A500

Device \Driver\sptd \Device\3815441308 IRP_MJ_CREATE [F74D7000] spuf.sys

Device \Driver\sptd \Device\3815441308 IRP_MJ_CREATE_NAMED_PIPE [F74D7000] spuf.sys

Device \Driver\sptd \Device\3815441308 IRP_MJ_CLOSEIRP_MJ_READ [F74D7000] spuf.sys

Device \Driver\sptd \Device\3815441308 IRP_MJ_WRITE [F74D7000] spuf.sys

Device \Driver\sptd \Device\3815441308 IRP_MJ_QUERY_INFORMATION [F74D7000] spuf.sys

Device \Driver\sptd \Device\3815441308 IRP_MJ_SET_INFORMATION [F74D7000] spuf.sys

Device \Driver\sptd \Device\3815441308 IRP_MJ_QUERY_EA [F74D7000] spuf.sys

Device \Driver\sptd \Device\3815441308 IRP_MJ_SET_EA [F74D7000] spuf.sys

Device \Driver\sptd \Device\3815441308 IRP_MJ_FLUSH_BUFFERS [F74D7000] spuf.sys

Device \Driver\sptd \Device\3815441308 IRP_MJ_QUERY_VOLUME_INFORMATION [F74D7000] spuf.sys

Device \Driver\sptd \Device\3815441308 IRP_MJ_SET_VOLUME_INFORMATION [F74D7000] spuf.sys

Device \Driver\sptd \Device\3815441308 IRP_MJ_DIRECTORY_CONTROL [F74D7000] spuf.sys

Device \Driver\sptd \Device\3815441308 IRP_MJ_FILE_SYSTEM_CONTROL [F74D7000] spuf.sys

Device \Driver\sptd \Device\3815441308 IRP_MJ_DEVICE_CONTROL [F74D7000] spuf.sys

Device \Driver\sptd \Device\3815441308 IRP_MJ_INTERNAL_DEVICE_CONTROL [F74D7000] spuf.sys

Device \Driver\sptd \Device\3815441308 IRP_MJ_SHUTDOWN [F74D7000] spuf.sys

Device \Driver\sptd \Device\3815441308 IRP_MJ_LOCK_CONTROL [F74D7000] spuf.sys

Device \Driver\sptd \Device\3815441308 IRP_MJ_CLEANUP [F74D7000] spuf.sys

Device \Driver\sptd \Device\3815441308 IRP_MJ_CREATE_MAILSLOT [F74D7000] spuf.sys

Device \Driver\sptd \Device\3815441308 IRP_MJ_QUERY_SECURITY [F74D7000] spuf.sys

Device \Driver\sptd \Device\3815441308 IRP_MJ_SET_SECURITY [F74D7000] spuf.sys

Device \Driver\sptd \Device\3815441308 IRP_MJ_POWER [F74D7000] spuf.sys

Device \Driver\sptd \Device\3815441308 IRP_MJ_SYSTEM_CONTROL [F74D7000] spuf.sys

Device \Driver\sptd \Device\3815441308 IRP_MJ_DEVICE_CHANGE [F74D7000] spuf.sys

Device \Driver\sptd \Device\3815441308 IRP_MJ_QUERY_QUOTA [F74D7000] spuf.sys

Device \Driver\sptd \Device\3815441308 IRP_MJ_SET_QUOTA [F74D7000] spuf.sys

Device \Driver\sptd \Device\3815441308 IRP_MJ_PNP [F74D7000] spuf.sys

Device \Driver\sptd \Device\3815441308 IRP_MJ_PNP_POWER [F74D7000] spuf.sys

Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_CREATE 89B531F8

Device \Driver\USBSTOR \Device\0000007a IRP_MJ_CREATE 88D1A500

Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_CREATE 89B531F8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 88E551F8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 88E551F8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSEIRP_MJ_READ 88E551F8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 88E551F8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 88E551F8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 88E551F8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 88E551F8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 88E551F8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 88E551F8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 88E551F8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 88E551F8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 88E551F8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 88E551F8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 88E551F8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 88E551F8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 88E551F8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 88E551F8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 88E551F8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 88E551F8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 88E551F8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 88E551F8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 88E551F8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 88E551F8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 88E551F8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 88E551F8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 88E551F8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 88E551F8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP_POWER 88E551F8

Device \Driver\usbohci \Device\USBFDO-2 IRP_MJ_CREATE 89B531F8

Device \Driver\USBSTOR \Device\0000007b IRP_MJ_CREATE 88D1A500

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 88E551F8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 88E551F8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSEIRP_MJ_READ 88E551F8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 88E551F8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 88E551F8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 88E551F8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 88E551F8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 88E551F8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 88E551F8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 88E551F8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 88E551F8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 88E551F8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 88E551F8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 88E551F8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 88E551F8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 88E551F8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 88E551F8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 88E551F8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 88E551F8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 88E551F8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 88E551F8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 88E551F8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 88E551F8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 88E551F8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 88E551F8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 88E551F8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 88E551F8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP_POWER 88E551F8

Device \Driver\usbehci \Device\USBFDO-3 IRP_MJ_CREATE 89B371F8

Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 89C131F8

Device \Driver\aj12dzr3 \Device\Scsi\aj12dzr31 IRP_MJ_CREATE 89B391F8

Device \Driver\aj12dzr3 \Device\Scsi\aj12dzr31Port4Path0Target0Lun0 IRP_MJ_CREATE 89B391F8

Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 88E2D1F8

Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 88E1E1F8

---- Registry - GMER 1.0.10 ----

Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{55EBB33D-C846-3936-4D81-C88F32DEF225}\InProcServer32@japilamgofbpkpddhbap 0x6A 0x61 0x62 0x62 ...

Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{55EBB33D-C846-3936-4D81-C88F32DEF225}\InProcServer32@iapibbkhkpcnicjmah 0x6A 0x61 0x62 0x62 ...

Reg \Registry\USER\S-1-5-21-507921405-583907252-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{41BEB790-5D61-393B-73CD-51332BB572B1}@haediikbccamjbga 0x6E 0x62 0x6A 0x6A ...

Reg \Registry\USER\S-1-5-21-507921405-583907252-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{41BEB790-5D61-393B-73CD-51332BB572B1}@jaediikbccamjbgahodn 0x66 0x61 0x6A 0x6A ...

Reg \Registry\USER\S-1-5-21-507921405-583907252-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{41BEB790-5D61-393B-73CD-51332BB572B1}@pamdjdgefiihkmfghomkfnbmgdfopcng 0x65 0x61 0x6A 0x6A ...

Reg \Registry\USER\S-1-5-21-507921405-583907252-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{41BEB790-5D61-393B-73CD-51332BB572B1}@pamdjdgefiihkmfghomkfnbmgdfopccf 0x62 0x61 0x69 0x6A ...

---- Files - GMER 1.0.10 ----

File C:\System Volume Information\MountPointManagerRemoteDatabase

File C:\System Volume Information\tracking.log

File C:\System Volume Information\_restore{B1AC58E1-9FE7-4815-8E94-A27C054FC216}

---- EOF - GMER 1.0.10 ----

SOCORRO!

Obrigado

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro FernandoAmaral

Bem vindo à Remoção de Malware

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-la novamente.

Atente para o seguinte, por favor:

1) Estarei acompanhado os procedimentos de análise de seu log, retornarei tão logo que seja possível!;

2) Não tome nenhum procedimento até começarmos;

3) O que será passado aqui somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;

4) Caso tenha outro computador abra um novo tópico com seu respectivo log;

5) Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;

6) Sempre coloque suas respostas neste tópico... Não abra outro!

Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro FernandoAmaral

Etapa nº 1 #

Execute o HijackThis , clique em Do a system scan only e marque as entradas que encontrar da lista abaixo:

O24 - Desktop Component 1: Aqua Real - 7db39a0d-580f-4be9-9195-8bfcd226f6c2

Depois de marcar estas entradas, feche todas as janelas e clique em ht-fix.png

Etapa nº 2 #

Temporariamente desative o seu anti-virus!

Faça um Online Scan em kaspersky Virusscanner

  • Clique em Clipboard01-1.jpg
  • Quando questionando para instalar o ActiveX, clique Clipboard015.jpg
  • Aguarde a instalação e a atualização e depois clique em Clipboard013.jpg
  • Clique agora em Clipboard016.jpg
  • Nas opções do scan (settings), certifique-se que as entradas abaixo estão selecionadas:
    • Scan using the following Anti-Virus database:

    • Extended (if available otherwise Standard)
  • Scan Options:

  • Scan Archives Scan Mail Bases
Clique Clipboard014.jpgClique em My Computer para que seja feito um Scan completo no seu sistema.Será inciaido o scan e poderá demorar um pouco. Seja paciente e aguarde.No final do Scan, clique no botão Save as TextSalve o log com os resultados e cole o conteúdo na sua próxima mensagem.Gere e cole também um novo log do HijackThis.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×