Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
_AlexF

ajuda pra wmpnet.exe

Recommended Posts

removi dois vírus do pc do tipo trojan e no outro dia apareceu essa mensagem:acess violation at adress 0040172b in module wnpnet.exe write of adress 41414141". o que é isso?

Compartilhar este post


Link para o post
Compartilhar em outros sites

DDS (Ver_09-10-26.01) - NTFSx86

Run by Iniciar at 15:49:57,51 on seg 02/11/2009

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.502.105 [GMT -2:00]

AV: avast! antivirus 4.8.1335 [VPS 090607-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\Explorer.EXE

svchost.exe

svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\sm56hlpr.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Iniciar\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.br/

uSearch Page =

uSearch Bar =

uInternet Connection Wizard,ShellNext = iexplore

mSearchAssistant =

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: ssh2 Class: {2e3c3651-b19c-4dd9-a979-901ec3e930af} - c:\arquivos de programas\scpad\scpsssh2.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Microsoft C Runtime Library: {abab7830-3b37-421b-b7ae-8be5b6f2b550} - c:\windows\system32\msvcr92d.dll

BHO: {C21DB80B-5EC5-4A58-9D82-6124A50B0DDB}9D82-6124A50B0DDB} - No File

BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540003} - c:\arquivos de programas\gbplugin\gbiehcef.dll

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [skyTel] SkyTel.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [sMSERIAL] c:\windows\sm56hlpr.exe

mRun: [Adobe Photo Downloader] "c:\arquivos de programas\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"

mRun: [Adobe Reader Speed Launcher] "c:\arquivos de programas\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\arquivos de programas\arquivos comuns\adobe\arm\1.0\AdobeARM.exe"

mRun: [avast!] c:\arquiv~1\alwils~1\avast4\ashDisp.exe

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office11\REFIEBAR.DLL

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1249860517250

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://imagem.caixa.gov.br/cab/gbpdist.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Notify: GbPluginCef - c:\arquivos de programas\gbplugin\gbiehCef.dll

Notify: igfxcui - igfxdev.dll

SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - c:\arquivos de programas\scpad\scpLIB.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

STS: compIB Class: {a3717295-941d-416f-9384-ed1736729f1c} - c:\arquivos de programas\scpad\scpLIB.dll

SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399003} - c:\arquivos de programas\gbplugin\gbiehcef.dll

============= SERVICES / DRIVERS ===============

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2009-10-26 30488]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-11-2 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-11-2 20560]

R2 GbpSv;Gbp Service;c:\arquiv~1\gbplugin\GbpSv.exe [2009-10-26 53808]

R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [2009-8-9 39424]

S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-10-6 7680]

=============== Created Last 30 ================

2009-11-02 14:31:46 3305 ----a-w- c:\windows\system32\wbem\Outlook_01ca5bc934a7a8bc.mof

2009-11-02 13:08:31 0 d-----w- c:\arquivos de programas\Microsoft

2009-10-28 17:14:28 0 d-----w- c:\arquivos de programas\arquivos comuns\Adobe AIR

2009-10-27 00:19:14 30488 ----a-w- c:\windows\system32\drivers\gbpkm.sys

2009-10-27 00:11:37 0 d-----w- c:\docume~1\alluse~1\dadosd~1\GbPlugin

2009-10-27 00:11:37 0 d-----w- c:\arquivos de programas\GbPlugin

2009-10-26 18:51:21 27 ----a-w- c:\windows\system32\Conts.ini

2009-10-25 22:52:25 57 ----a-w- c:\windows\system32\LgPss.ini

2009-10-24 21:46:32 711680 ----a-w- c:\windows\system32\wmpnet.exe

2009-10-24 14:35:31 72 ----a-w- c:\windows\system32\msvcr92d.usr

2009-10-24 14:35:31 48 ----a-w- c:\windows\system32\msvcr92d.cfg

2009-10-24 14:35:31 2591744 ----a-w- c:\windows\system32\msvcr92d.dll

2009-10-24 14:33:00 48 ----a-w- c:\windows\system32\lj3j4j63kkj.cfg

2009-10-24 14:32:59 72 ----a-w- c:\windows\system32\lj3j4j63kkj.usr

2009-10-24 12:47:21 90112 -c----w- c:\windows\system32\dllcache\wshext.dll

2009-10-24 12:47:21 180224 -c----w- c:\windows\system32\dllcache\scrobj.dll

2009-10-24 12:47:21 172032 -c----w- c:\windows\system32\dllcache\scrrun.dll

2009-10-24 12:47:21 155648 -c----w- c:\windows\system32\dllcache\wscript.exe

2009-10-24 12:47:21 135168 -c----w- c:\windows\system32\dllcache\cscript.exe

2009-10-24 12:44:24 1089883 -c----w- c:\windows\system32\dllcache\ntprint.cat

2009-10-23 19:06:53 0 d-----w- c:\windows\system32\bits

2009-10-23 19:06:53 0 d-----w- c:\windows\l2schemas

2009-10-23 19:00:32 0 d-----w- c:\windows\network diagnostic

2009-10-23 15:52:19 73216 ------w- c:\windows\system32\drivers\atintuxx.sys

2009-10-23 15:06:44 0 d-----w- c:\windows\system32\XPSViewer

2009-10-23 15:05:58 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-10-23 15:05:58 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-10-23 15:05:58 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2009-10-23 15:05:58 575488 ------w- c:\windows\system32\xpsshhdr.dll

2009-10-23 15:05:58 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2009-10-23 15:05:58 1676288 ------w- c:\windows\system32\xpssvcs.dll

2009-10-23 15:05:58 117760 ------w- c:\windows\system32\prntvpt.dll

2009-10-23 15:01:29 0 d-----w- c:\arquivos de programas\MSXML 6.0

2009-10-15 17:26:35 0 d-----w- c:\docume~1\iniciar\dadosd~1\Teleca

2009-10-15 17:26:24 0 d-----w- c:\docume~1\iniciar\dadosd~1\Sony Ericsson

2009-10-15 17:18:38 0 d-----w- c:\windows\Downloaded Installations

2009-10-12 21:19:35 48128 ----a-w- c:\windows\system32\nmwcdcls.dll

2009-10-12 21:19:16 0 d-----w- c:\docume~1\alluse~1\dadosd~1\Downloaded Installations

2009-10-10 18:09:34 0 d-----w- c:\arquivos de programas\Windows Media Connect 2

2009-10-10 18:07:23 0 d-----w- c:\windows\system32\LogFiles

2009-10-07 22:47:35 0 d-----w- c:\arquivos de programas\SopCast

2009-10-07 22:47:32 0 d-----w- c:\arquivos de programas\Orban

2009-10-06 22:59:04 7680 ----a-w- c:\windows\system32\drivers\massfilter.sys

2009-10-06 22:59:04 13824 ----a-w- c:\windows\system32\drivers\ZTEusbccid.sys

2009-10-06 22:59:04 104960 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys

2009-10-06 22:59:04 104960 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys

2009-10-06 22:59:04 104960 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys

2009-10-06 22:58:54 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys

2009-10-06 22:58:54 101120 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys

2009-10-06 22:58:54 100992 ----a-w- c:\windows\system32\drivers\ewusbnet.sys

2009-10-06 22:58:53 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys

2009-10-06 22:58:53 103168 ----a-w- c:\windows\system32\drivers\ewusbfake.sys

2009-10-06 22:58:26 0 d-----w- c:\docume~1\alluse~1\dadosd~1\OI

2009-10-06 22:58:25 0 d-----w- c:\arquivos de programas\OI

2009-10-05 14:18:50 0 d-----w- c:\arquivos de programas\Ares

==================== Find3M ====================

2009-11-02 14:31:46 79980 ----a-w- c:\windows\system32\perfc016.dat

2009-11-02 14:31:46 471022 ----a-w- c:\windows\system32\perfh016.dat

2009-09-11 14:19:14 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-04 21:04:39 58880 ----a-w- c:\windows\system32\msasn1.dll

2009-08-29 07:57:54 916480 ----a-w- c:\windows\system32\wininet.dll

2009-08-26 08:01:18 247326 ----a-w- c:\windows\system32\strmdll.dll

2009-08-09 16:11:06 315392 ----a-w- c:\windows\HideWin.exe

2009-08-09 14:38:37 21844 ----a-w- c:\windows\system32\emptyregdb.dat

2009-08-06 21:23:46 274288 ----a-w- c:\windows\system32\mucltui.dll

2009-08-06 21:23:46 215920 ----a-w- c:\windows\system32\muweb.dll

2009-08-05 09:00:39 205312 ----a-w- c:\windows\system32\mswebdvd.dll

2009-08-05 01:57:50 2193408 ----a-w- c:\windows\system32\ntoskrnl.exe

2009-08-04 21:52:22 1193832 ----a-w- c:\windows\system32\FM20.DLL

============= FINISH: 15:50:06,71 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 9/8/2009 11:44:09

System Uptime: 11/2/2009 12:50:56 (6339 hours ago)

Motherboard: Positivo Informatica SA | | POS-AG31AP

Processor: Processador Intel Pentium II | | 2200/7mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 78 GiB total, 63,066 GiB free.

D: is CDROM (CDFS)

E: is FIXED (NTFS) - 71 GiB total, 70,219 GiB free.

F: is CDROM (CDFS)

G: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 9/8/2009 12:10:49 - Ponto de verificação do sistema

RP2: 9/8/2009 13:11:09 - Instalado Realtek High Definition Audio Driver

RP3: 9/8/2009 13:11:21 - Installed Windows XP KB888111WXPSP2.

RP4: 9/8/2009 13:12:22 - Installed Atheros Communications Inc.® L1 Gigabit Ethernet Dri

RP5: 9/8/2009 13:16:20 - Instalado Microsoft Office Professional Edição 2003

RP6: 9/8/2009 13:18:07 - Instalado Nero 7 Essentials

RP7: 9/8/2009 13:21:06 - Installed Windows Media Player 10

RP8: 10/8/2009 17:04:58 - Ponto de verificação do sistema

RP9: 11/8/2009 18:00:25 - Ponto de verificação do sistema

RP10: 11/8/2009 19:56:10 - Software Distribution Service 3.0

RP11: 14/8/2009 10:53:31 - Ponto de verificação do sistema

RP12: 14/8/2009 22:10:30 - Software Distribution Service 3.0

RP13: 17/8/2009 06:28:27 - Software Distribution Service 3.0

RP14: 17/8/2009 14:44:37 - Software Distribution Service 3.0

RP15: 17/8/2009 21:58:20 - Software Distribution Service 3.0

RP16: 18/8/2009 14:50:14 - Software Distribution Service 3.0

RP17: 18/8/2009 20:01:29 - Software Distribution Service 3.0

RP18: 18/8/2009 21:04:40 - Software Distribution Service 3.0

RP19: 19/8/2009 13:00:15 - Software Distribution Service 3.0

RP20: 19/8/2009 14:26:05 - Software Distribution Service 3.0

RP21: 19/8/2009 21:05:52 - Software Distribution Service 3.0

RP22: 20/8/2009 13:00:14 - Software Distribution Service 3.0

RP23: 20/8/2009 14:42:23 - Software Distribution Service 3.0

RP24: 20/8/2009 17:32:17 - Software Distribution Service 3.0

RP25: 20/8/2009 20:29:03 - Software Distribution Service 3.0

RP26: 21/8/2009 05:58:56 - Software Distribution Service 3.0

RP27: 22/8/2009 06:58:33 - Ponto de verificação do sistema

RP28: 22/8/2009 08:54:30 - Windows Internet Explorer 8 Instalado.

RP29: 22/8/2009 13:00:17 - Software Distribution Service 3.0

RP30: 23/8/2009 12:15:12 - Instalado PC Camera

RP31: 23/8/2009 12:19:02 - Removido PC Camera

RP32: 23/8/2009 12:26:17 - Instalado PC Camera

RP33: 23/8/2009 12:40:30 - Removido PC Camera

RP34: 23/8/2009 13:00:14 - Software Distribution Service 3.0

RP35: 24/8/2009 07:36:34 - Instalado PC Camera

RP36: 24/8/2009 07:40:53 - Removido PC Camera

RP37: 24/8/2009 08:51:09 - Instalado PC Camera

RP38: 24/8/2009 12:25:27 - Removido PC Camera

RP39: 25/8/2009 13:42:12 - Ponto de verificação do sistema

RP40: 25/8/2009 13:57:28 - Software Distribution Service 3.0

RP41: 25/8/2009 14:19:17 - Instalado PAP7501

RP42: 25/8/2009 14:22:41 - Removido PAP7501

RP43: 25/8/2009 20:30:28 - Software Distribution Service 3.0

RP44: 26/8/2009 21:15:46 - Ponto de verificação do sistema

RP45: 26/8/2009 21:54:39 - Software Distribution Service 3.0

RP46: 27/8/2009 13:00:14 - Software Distribution Service 3.0

RP47: 27/8/2009 14:50:15 - Software Distribution Service 3.0

RP48: 27/8/2009 22:07:46 - Software Distribution Service 3.0

RP49: 28/8/2009 08:36:57 - Windows XP WgaNotify instalado.

RP50: 29/8/2009 09:58:05 - Ponto de verificação do sistema

RP51: 30/8/2009 10:04:46 - Ponto de verificação do sistema

RP52: 30/8/2009 11:26:20 - Installed Adobe Reader 9.1.

RP53: 31/8/2009 13:36:50 - Ponto de verificação do sistema

RP54: 31/8/2009 16:10:17 - Installed ICPhoto.

RP55: 31/8/2009 16:55:57 - Removed ICPhoto.

RP56: 1/9/2009 19:49:49 - Ponto de verificação do sistema

RP57: 4/9/2009 13:34:46 - Ponto de verificação do sistema

RP58: 5/9/2009 14:00:29 - Ponto de verificação do sistema

RP59: 6/9/2009 14:12:25 - Ponto de verificação do sistema

RP60: 8/9/2009 20:56:55 - Ponto de verificação do sistema

RP61: 9/9/2009 08:07:38 - Software Distribution Service 3.0

RP62: 10/9/2009 23:05:13 - Software Distribution Service 3.0

RP63: 11/9/2009 22:02:32 - Software Distribution Service 3.0

RP64: 14/9/2009 07:57:36 - Ponto de verificação do sistema

RP65: 16/9/2009 15:32:48 - Ponto de verificação do sistema

RP66: 16/9/2009 20:23:04 - Software Distribution Service 3.0

RP67: 17/9/2009 21:14:10 - Ponto de verificação do sistema

RP68: 18/9/2009 13:00:18 - Software Distribution Service 3.0

RP69: 19/9/2009 22:38:13 - Software Distribution Service 3.0

RP70: 21/9/2009 15:36:38 - Ponto de verificação do sistema

RP71: 23/9/2009 19:44:19 - Ponto de verificação do sistema

RP72: 24/9/2009 19:54:48 - Ponto de verificação do sistema

RP73: 25/9/2009 20:19:39 - Ponto de verificação do sistema

RP74: 27/9/2009 20:37:58 - Ponto de verificação do sistema

RP75: 30/9/2009 13:24:02 - Ponto de verificação do sistema

RP76: 4/10/2009 14:16:48 - Ponto de verificação do sistema

RP77: 8/10/2009 18:26:19 - Ponto de verificação do sistema

RP78: 8/10/2009 20:27:30 - Software Distribution Service 3.0

RP79: 10/10/2009 14:09:35 - Ponto de verificação do sistema

RP80: 10/10/2009 14:59:48 - Installed Windows Media Player 10

RP81: 10/10/2009 15:06:27 - Software Distribution Service 3.0

RP82: 11/10/2009 18:10:30 - Software Distribution Service 3.0

RP83: 11/10/2009 23:32:55 - Software Distribution Service 3.0

RP84: 12/10/2009 18:19:50 - Instalado Nokia PC Suite

RP85: 13/10/2009 19:50:28 - Ponto de verificação do sistema

RP86: 15/10/2009 09:59:56 - Installed Adobe® Photoshop® Album Starter Edition 3.0

RP87: 15/10/2009 10:16:17 - Removed Adobe® Photoshop® Album Starter Edition 3.0

RP88: 15/10/2009 14:19:54 - Instalado Sony Ericsson PC Suite

RP89: 16/10/2009 12:43:55 - Removed Nokia Connectivity Cable Driver

RP90: 16/10/2009 12:45:07 - Removido Nokia PC Suite

RP91: 16/10/2009 12:46:19 - Removed Nokia PC Connectivity Solution

RP92: 16/10/2009 12:46:31 - Removed Nokia Connectivity Cable Driver

RP93: 16/10/2009 12:48:46 - Removido Sony Ericsson PC Suite

RP94: 16/10/2009 13:00:14 - Software Distribution Service 3.0

RP95: 17/10/2009 09:31:52 - Software Distribution Service 3.0

RP96: 18/10/2009 13:50:33 - Removed Adobe Reader 9.1.3.

RP97: 19/10/2009 16:14:43 - Ponto de verificação do sistema

RP98: 21/10/2009 10:58:29 - Ponto de verificação do sistema

RP99: 23/10/2009 10:11:43 - Ponto de verificação do sistema

RP100: 23/10/2009 13:00:14 - Software Distribution Service 3.0

RP101: 23/10/2009 16:15:51 - Software Distribution Service 3.0

RP102: 23/10/2009 16:49:03 - Software Distribution Service 3.0

RP103: 24/10/2009 11:05:14 - Software Distribution Service 3.0

RP104: 24/10/2009 13:00:18 - Software Distribution Service 3.0

RP105: 26/10/2009 21:37:37 - Operação de restauração

RP106: 28/10/2009 12:36:19 - Ponto de verificação do sistema

RP107: 29/10/2009 15:53:16 - Ponto de verificação do sistema

RP108: 30/10/2009 16:39:53 - Ponto de verificação do sistema

RP109: 30/10/2009 21:00:14 - Operação de restauração

RP110: 1/11/2009 22:36:21 - Ponto de verificação do sistema

==== Installed Programs ======================

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Media Player

Adobe Reader 9.2

Ares 2.1.1

Arquivo do WinRAR

Assistente de Conexão do Windows Live

Atheros Communications Inc.® L1 Gigabit Ethernet Driver

Atualização de Segurança para o Windows Media Player (KB952069)

Atualização de Segurança para o Windows Media Player (KB954155)

Atualização de Segurança para o Windows Media Player (KB968816)

Atualização de Segurança para o Windows Media Player (KB973540)

Atualização de Segurança para o Windows Media Player 11 (KB954154)

Atualização de Segurança para Windows Internet Explorer 8 (KB971961)

Atualização de Segurança para Windows Internet Explorer 8 (KB972260)

Atualização de Segurança para Windows Internet Explorer 8 (KB974455)

Atualização de Segurança para Windows XP (KB923561)

Atualização de Segurança para Windows XP (KB923689)

Atualização de Segurança para Windows XP (KB938464-v2)

Atualização de Segurança para Windows XP (KB941569)

Atualização de Segurança para Windows XP (KB946648)

Atualização de Segurança para Windows XP (KB950762)

Atualização de Segurança para Windows XP (KB950974)

Atualização de Segurança para Windows XP (KB951066)

Atualização de Segurança para Windows XP (KB951376-v2)

Atualização de Segurança para Windows XP (KB951748)

Atualização de Segurança para Windows XP (KB952004)

Atualização de Segurança para Windows XP (KB952954)

Atualização de Segurança para Windows XP (KB954459)

Atualização de Segurança para Windows XP (KB954600)

Atualização de Segurança para Windows XP (KB955069)

Atualização de Segurança para Windows XP (KB956572)

Atualização de Segurança para Windows XP (KB956744)

Atualização de Segurança para Windows XP (KB956802)

Atualização de Segurança para Windows XP (KB956803)

Atualização de Segurança para Windows XP (KB956844)

Atualização de Segurança para Windows XP (KB957097)

Atualização de Segurança para Windows XP (KB958644)

Atualização de Segurança para Windows XP (KB958687)

Atualização de Segurança para Windows XP (KB958869)

Atualização de Segurança para Windows XP (KB959426)

Atualização de Segurança para Windows XP (KB960225)

Atualização de Segurança para Windows XP (KB960803)

Atualização de Segurança para Windows XP (KB960859)

Atualização de Segurança para Windows XP (KB961371-v2)

Atualização de Segurança para Windows XP (KB961501)

Atualização de Segurança para Windows XP (KB968537)

Atualização de Segurança para Windows XP (KB969059)

Atualização de Segurança para Windows XP (KB970238)

Atualização de Segurança para Windows XP (KB971486)

Atualização de Segurança para Windows XP (KB971557)

Atualização de Segurança para Windows XP (KB971633)

Atualização de Segurança para Windows XP (KB971657)

Atualização de Segurança para Windows XP (KB973346)

Atualização de Segurança para Windows XP (KB973354)

Atualização de Segurança para Windows XP (KB973507)

Atualização de Segurança para Windows XP (KB973525)

Atualização de Segurança para Windows XP (KB973869)

Atualização de Segurança para Windows XP (KB974112)

Atualização de Segurança para Windows XP (KB974571)

Atualização de Segurança para Windows XP (KB975025)

Atualização de Segurança para Windows XP (KB975467)

Atualização para Windows XP (KB951978)

Atualização para Windows XP (KB955839)

Atualização para Windows XP (KB961503)

Atualização para Windows XP (KB967715)

Atualização para Windows XP (KB968389)

Atualização para Windows XP (KB973815)

avast! Antivirus

Discador iTelefonica

Discador Oi

Ferramenta de Carregamento do Windows Live

High Definition Audio Driver Package - KB888111

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows XP (KB954550-v5)

Hotfix para o Windows Media Player 11 (KB939683)

Hotfix para Windows XP (KB952287)

Hotfix para Windows XP (KB961118)

Hotfix para Windows XP (KB970653-v3)

Intel® Graphics Media Accelerator Driver

K-Lite Mega Codec Pack 3.9.0

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Office Professional Edição 2003

Microsoft User-Mode Driver Framework Feature Pack 1.0

Motorola SM56 Speakerphone Modem

MSVCRT

MSXML 6.0 Parser (KB933579)

Nero 7 Essentials

NOD32 FiX v2.1

OGA Notifier 2.0.0048.0

Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0

Realtek High Definition Audio Driver

Segoe UI

SopCast 3.0.3

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

WebFldrs XP

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Messenger

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

XP Codec Pack

==== End Of File ===========================

GMER 1.0.15.15163 - http://www.gmer.net

Rootkit scan 2009-11-02 15:48:26

Windows 5.1.2600 Service Pack 3

Running: gmer.exe; Driver: C:\DOCUME~1\Iniciar\CONFIG~1\Temp\kwtyipoc.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xA9FFF6B8]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xA9FFF574]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xA9FFFA52]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xA9FFF14C]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xA9FFF64E]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xA9FFF08C]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xA9FFF0F0]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xA9FFF76E]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xA9FFF72E]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xA9FFF8AE]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\winlogon.exe[544] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10076D00 C:\Arquivos de programas\GbPlugin\gbiehcef.dll (Gbieh Module/Caixa Economica Federal)

.text C:\WINDOWS\system32\winlogon.exe[544] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 10076B90 C:\Arquivos de programas\GbPlugin\gbiehcef.dll (Gbieh Module/Caixa Economica Federal)

.text C:\WINDOWS\system32\winlogon.exe[544] kernel32.dll!FreeLibraryAndExitThread 7C80C210 5 Bytes JMP 10076A30 C:\Arquivos de programas\GbPlugin\gbiehcef.dll (Gbieh Module/Caixa Economica Federal)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[588] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002

IAT C:\WINDOWS\system32\services.exe[588] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro _AlexF

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.

Por favor, atente para o seguinte:

  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Sempre coloque suas respostas neste tópico... Não abra outro!
  • Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

# Etapa nº 1 #

Faça o donwload do OTL by OldTimer e salve em seu

Desktop.

  • Clique duas vezes no ícone 3984478580_7ed4cabc45_o.gif
  • Deixe a tela principal configurada conforme figura abaixo:

4046743195_16d3cb1e94_o.jpg

  • Copie e cole o conteúdo abaixo, no espaço logo após 3979150640_113dbcd345_o.jpg

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%SYSTEMDRIVE%\eventlog.dll /s /md5
%SYSTEMDRIVE%\scecli.dll /s /md5
%SYSTEMDRIVE%\netlogon.dll /s /md5
%SYSTEMDRIVE%\cngaudit.dll /s /md5
%SYSTEMDRIVE%\sceclt.dll /s /md5
%SYSTEMDRIVE%\ntelogon.dll /s /md5
%SYSTEMDRIVE%\logevent.dll /s /md5
%SYSTEMDRIVE%\iaStor.sys /s /md5
%SYSTEMDRIVE%\nvstor.sys /s /md5
%SYSTEMDRIVE%\atapi.sys /s /md5
%SYSTEMDRIVE%\IdeChnDr.sys /s /md5
%SYSTEMDRIVE%\viasraid.sys /s /md5


  • Clique no botão 3978388475_e858baec2d_o.jpg
  • Não interrompa o scan em hipótese alguma;
  • Quando terminar será gerado dois logs: OTL.txt e Extras.txt;
  • Reinicie o computador;
  • Poste os dois logs em sua próxima resposta.
  • Não exclua o OTL

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá aí vai os logs

OTL logfile created on: 3/11/2009 12:11:02 - Run 1

OTL by OldTimer - Version 3.1.3.3 Folder = C:\Documents and Settings\Iniciar\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

502,17 Mb Total Physical Memory | 182,74 Mb Available Physical Memory | 36,39% Memory free

1,20 Gb Paging File | 0,82 Gb Available in Paging File | 68,44% Paging File free

Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 78,13 Gb Total Space | 63,80 Gb Free Space | 81,66% Space Free | Partition Type: NTFS

Drive D: | 33,54 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Drive E: | 70,91 Gb Total Space | 70,22 Gb Free Space | 99,02% Space Free | Partition Type: NTFS

Drive F: | 4,39 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: 2009-E12

Current User Name: Iniciar

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/03 12:07:55 | 00,527,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Iniciar\Desktop\OTL.exe

PRC - [2009/09/30 16:58:52 | 00,053,808 | ---- | M] ( ) -- C:\Arquivos de programas\GbPlugin\GbpSv.exe

PRC - [2009/09/15 07:56:48 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe

PRC - [2009/09/15 07:56:43 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

PRC - [2009/09/15 07:56:28 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

PRC - [2009/09/15 07:54:13 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

PRC - [2009/09/15 07:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

PRC - [2009/07/16 17:53:30 | 02,499,584 | ---- | M] (LightComm Tecnologia) -- C:\Arquivos de programas\OI\Oi3G\DiscadorOi.exe

PRC - [2009/03/08 15:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe

PRC - [2009/03/08 15:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe

PRC - [2008/04/14 00:20:58 | 01,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/04/20 03:57:36 | 00,142,104 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe

PRC - [2007/04/20 03:57:32 | 00,252,696 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe

PRC - [2007/04/20 03:57:30 | 00,138,008 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe

PRC - [2007/04/20 03:57:20 | 00,162,584 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe

PRC - [2007/04/10 13:28:44 | 16,126,464 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe

PRC - [2006/04/05 08:36:52 | 00,565,248 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\sm56hlpr.exe

========== Modules (SafeList) ==========

MOD - [2009/11/03 12:07:55 | 00,527,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Iniciar\Desktop\OTL.exe

MOD - [2008/04/14 00:20:26 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll

MOD - [2008/04/14 00:17:56 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2009/09/30 16:58:52 | 00,053,808 | ---- | M] ( ) -- C:\Arquivos de programas\GbPlugin\GbpSv.exe -- (GbpSv)

SRV - [2009/09/15 07:56:43 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)

SRV - [2009/09/15 07:56:28 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)

SRV - [2009/09/15 07:54:13 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)

SRV - [2009/09/15 07:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)

SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)

SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)

SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)

SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)

SRV - [2008/04/14 00:20:37 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)

SRV - [2007/01/05 14:41:10 | 00,774,144 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)

SRV - [2006/12/23 18:54:04 | 00,262,144 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)

SRV - [2006/11/03 00:31:44 | 00,914,944 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)

SRV - [2003/07/28 21:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

========== Driver Services (SafeList) ==========

DRV - [2009/09/30 16:57:38 | 00,030,488 | ---- | M] (GAS Tecnologia) -- C:\WINDOWS\system32\drivers\GbpKm.sys -- (GbpKm)

DRV - [2009/09/15 07:56:14 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2009/09/15 07:55:30 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)

DRV - [2009/09/15 07:55:19 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2009/09/15 07:54:30 | 00,052,368 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2009/09/15 07:54:21 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2009/09/15 07:53:24 | 00,027,408 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2009/06/29 13:16:40 | 00,007,680 | ---- | M] (ZTE Incorporated) -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)

DRV - [2009/06/08 17:06:48 | 00,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)

DRV - [2008/04/13 16:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio)

DRV - [2008/04/13 14:39:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)

DRV - [2008/04/13 14:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2007/07/03 09:06:40 | 00,039,424 | ---- | M] (Atheros Communications Inc.) -- C:\WINDOWS\system32\drivers\l151x86.sys -- (AtcL001)

DRV - [2007/04/16 04:16:26 | 05,760,096 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)

DRV - [2007/04/10 17:04:40 | 04,397,568 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)

DRV - [2006/04/05 08:40:36 | 00,962,304 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)

DRV - [2001/10/28 16:07:22 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)

DRV - [2001/08/17 22:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/10/24 13:00:37 | 00,000,000 | ---D | M]

O1 HOSTS File: (776 bytes) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (ssh2 Class) - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll (Scopus Tecnologia Ltda)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Microsoft C Runtime Library) - {ABAB7830-3B37-421B-B7AE-8BE5B6F2B550} - C:\WINDOWS\system32\msvcr92d.dll ( )

O2 - BHO: (no name) - {C21DB80B-5EC5-4A58-9D82-6124A50B0DDB}9D82-6124A50B0DDB} - No CLSID value found.

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)

O4 - HKLM..\Run: [Adobe ARM] C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe File not found

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [avast!] C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)

O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)

O4 - HKLM..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)

O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [skyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [sMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de programas\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Arquivos de programas\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (Microsoft Corporation)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1249860517250 (WUWebControl Class)

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} https://imagem.caixa.gov.br/cab/gbpdist.cab (GbpDistObj Class)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de programas\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de programas\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\ GbPluginCef: DllName - C:\Arquivos de programas\GbPlugin\gbiehCef.dll - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll (Scopus Tecnologia Ltda)

O22 - SharedTaskScheduler: {A3717295-941D-416F-9384-ED1736729F1C} - scpLIB - C:\Arquivos de programas\Scpad\scpLIB.dll (Scopus Tecnologia Ltda)

O24 - Desktop Components:0 (Minha página inicial atual) - About:Home

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/08/09 12:41:56 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2008/03/20 15:28:14 | 00,114,688 | R--- | M] (Huawei Technologies Co., Ltd.) - F:\AutoRun.exe -- [ CDFS ]

O32 - AutoRun File - [2008/11/27 15:11:16 | 00,000,043 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]

O33 - MountPoints2\{acce4cc0-b2cb-11de-b26b-0026183c16d2}\Shell - "" = AutoRun

O33 - MountPoints2\{acce4cc0-b2cb-11de-b26b-0026183c16d2}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008/03/20 15:28:14 | 00,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)

O33 - MountPoints2\{acce4cc4-b2cb-11de-b26b-0026183c16d2}\Shell - "" = AutoRun

O33 - MountPoints2\{acce4cc4-b2cb-11de-b26b-0026183c16d2}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008/03/20 15:28:14 | 00,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)

O33 - MountPoints2\{d773fca6-b378-11de-b26c-0026183c16d2}\Shell - "" = AutoRun

O33 - MountPoints2\{d773fca6-b378-11de-b26c-0026183c16d2}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008/03/20 15:28:14 | 00,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)

O33 - MountPoints2\{d773fca7-b378-11de-b26c-0026183c16d2}\Shell - "" = AutoRun

O33 - MountPoints2\{d773fca7-b378-11de-b26c-0026183c16d2}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008/03/20 15:28:14 | 00,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

O35 - comfile [open] -- "%1" %* File not found

O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - File not found

NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/08/09 12:41:19 | 00,000,000 | ---D | M]

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: helpsvc - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)

MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe (Nero AG)

MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe (Nero AG)

MsConfig - State: "system.ini" - 0

MsConfig - State: "win.ini" - 0

MsConfig - State: "bootini" - 0

MsConfig - State: "services" - 0

MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus estender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus estender - Driver Group

SafeBootMin: vds - Service

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus estender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus estender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Processamento de gráficos vetoriais (VML)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Ligação de dados de HTML dinâmico para Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Cancelar inscrição

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Criação avançada

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes DirectAnimation para Java

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Pastas da Web

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Agendador de tarefas

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)

Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()

Drivers32: msacm.iac2 - C:\\WINDOWS\\system32\\iac25_32.ax ()

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)

Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: msacm.voxacm160 - vct3216.acm File not found

Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)

Drivers32: VIDC.DRAW - DVIDEO.DLL File not found

Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ffdshow.ax ()

Drivers32: VIDC.FPS1 - frapsvid.dll File not found

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

Drivers32: vidc.mp42 - MPG4C32.dll File not found

Drivers32: VIDC.MSUD - msulvc05.dll File not found

Drivers32: VIDC.VP40 - vp4vfw.dll File not found

Drivers32: vidc.VP60 - vp6vfw.dll File not found

Drivers32: vidc.VP61 - vp6vfw.dll File not found

Drivers32: vidc.VP62 - vp6vfw.dll File not found

Drivers32: vidc.VP70 - vp7vfw.dll File not found

Drivers32: VIDC.WMV3 - wmv9vcm.dll File not found

Drivers32: vidc.X264 - x264vfw.dll File not found

Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

========== Files/Folders - Created Within 30 Days ==========

[2009/11/03 12:07:55 | 00,527,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Iniciar\Desktop\OTL.exe

[2009/11/02 12:48:50 | 00,052,368 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2009/11/02 12:48:50 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2009/11/02 12:48:49 | 00,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2009/11/02 12:48:46 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr

[2009/11/02 12:48:44 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2009/11/02 12:48:43 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2009/11/02 12:48:43 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2009/11/02 12:48:43 | 00,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2009/11/02 12:48:23 | 01,279,968 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe

[2009/11/02 11:08:31 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Microsoft

[2009/11/02 11:07:59 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Windows Live

[2009/10/29 15:32:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

[2009/10/28 15:22:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\FLEXnet

[2009/10/28 15:16:53 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Adobe Media Player

[2009/10/28 15:14:28 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Adobe AIR

[2009/10/26 22:19:14 | 00,030,488 | ---- | C] (GAS Tecnologia) -- C:\WINDOWS\System32\drivers\gbpkm.sys

[2009/10/26 22:11:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

[2009/10/26 22:11:37 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\GbPlugin

[2009/10/24 12:35:31 | 02,591,744 | ---- | C] ( ) -- C:\WINDOWS\System32\msvcr92d.dll

[2009/10/24 10:47:21 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrobj.dll

[2009/10/24 10:47:21 | 00,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrrun.dll

[2009/10/24 10:47:21 | 00,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wscript.exe

[2009/10/24 10:47:21 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cscript.exe

[2009/10/24 10:47:21 | 00,090,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshext.dll

[2009/10/23 17:17:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch

[2009/10/23 17:06:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas

[2009/10/23 17:06:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits

[2009/10/23 17:00:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic

[2009/10/23 16:55:13 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$

[2009/10/23 13:55:37 | 00,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys

[2009/10/23 13:55:37 | 00,022,271 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys

[2009/10/23 13:55:37 | 00,011,935 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys

[2009/10/23 13:55:37 | 00,011,871 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys

[2009/10/23 13:55:37 | 00,011,807 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys

[2009/10/23 13:55:37 | 00,011,295 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys

[2009/10/23 13:55:29 | 00,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys

[2009/10/23 13:55:29 | 00,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys

[2009/10/23 13:55:29 | 00,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys

[2009/10/23 13:55:29 | 00,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys

[2009/10/23 13:55:29 | 00,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys

[2009/10/23 13:55:28 | 00,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys

[2009/10/23 13:55:26 | 01,897,408 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nv4_mini.sys

[2009/10/23 13:55:26 | 00,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys

[2009/10/23 13:55:25 | 00,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys

[2009/10/23 13:55:24 | 01,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys

[2009/10/23 13:55:24 | 00,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys

[2009/10/23 13:55:22 | 00,011,868 | ---- | C] (Conexant) -- C:\WINDOWS\System32\drivers\mdmxsdk.sys

[2009/10/23 13:55:14 | 01,041,536 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\hsfdpsp2.sys

[2009/10/23 13:55:14 | 00,685,056 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\hsfcxts2.sys

[2009/10/23 13:55:14 | 00,220,032 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\hsfbs2s2.sys

[2009/10/23 13:52:19 | 00,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys

[2009/10/23 13:52:19 | 00,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys

[2009/10/23 13:52:19 | 00,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys

[2009/10/23 13:52:19 | 00,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys

[2009/10/23 13:52:19 | 00,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys

[2009/10/23 13:52:19 | 00,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys

[2009/10/23 13:52:19 | 00,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys

[2009/10/23 13:52:19 | 00,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys

[2009/10/23 13:52:19 | 00,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys

[2009/10/23 13:52:19 | 00,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys

[2009/10/23 13:52:19 | 00,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys

[2009/10/23 13:52:19 | 00,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys

[2009/10/23 13:52:18 | 00,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys

[2009/10/23 13:52:18 | 00,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys

[2009/10/23 13:52:18 | 00,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys

[2009/10/23 13:52:18 | 00,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys

[2009/10/23 13:52:18 | 00,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys

[2009/10/23 13:52:18 | 00,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys

[2009/10/23 13:52:18 | 00,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys

[2009/10/23 13:52:18 | 00,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys

[2009/10/23 13:52:18 | 00,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys

[2009/10/23 13:52:18 | 00,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys

[2009/10/23 13:06:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer

[2009/10/23 13:06:40 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\MSBuild

[2009/10/23 13:06:32 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Reference Assemblies

[2009/10/23 13:05:58 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll

[2009/10/23 13:05:58 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll

[2009/10/23 13:05:58 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe

[2009/10/23 13:05:58 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll

[2009/10/23 13:05:58 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll

[2009/10/23 13:05:58 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll

[2009/10/23 13:05:58 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll

[2009/10/23 13:01:29 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\MSXML 6.0

[2009/10/15 15:26:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Iniciar\Dados de aplicativos\Teleca

[2009/10/15 15:26:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Iniciar\Dados de aplicativos\Sony Ericsson

[2009/10/15 15:18:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations

[2009/10/15 11:16:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Iniciar\Dados de aplicativos\Leadertech

[2009/10/15 11:01:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Iniciar\Dados de aplicativos\AdobeUM

[2009/10/12 19:22:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Iniciar\Dados de aplicativos\Nokia

[2009/10/12 19:20:14 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\DIFX

[2009/10/12 19:19:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Iniciar\Dados de aplicativos\PC Suite

[2009/10/12 19:19:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\PC Suite

[2009/10/12 19:19:35 | 00,048,128 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcls.dll

[2009/10/12 19:19:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Downloaded Installations

[2009/10/10 16:09:50 | 00,018,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll

[2009/10/10 16:09:34 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Windows Media Connect 2

[2009/10/10 16:07:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF

[2009/10/10 16:07:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles

[2009/10/09 10:37:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Iniciar\Application Data

[2009/10/09 08:48:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data

[2009/10/08 21:27:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW

[2009/10/08 21:27:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK

[2009/10/08 21:27:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR

[2009/10/08 21:27:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE

[2009/10/08 21:27:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL

[2009/10/08 21:27:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO

[2009/10/08 21:27:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR

[2009/10/08 21:27:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT

[2009/10/08 21:27:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL

[2009/10/08 21:27:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR

[2009/10/08 21:27:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI

[2009/10/08 21:27:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES

[2009/10/08 21:27:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US

[2009/10/08 21:27:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR

[2009/10/08 21:27:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE

[2009/10/08 21:27:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK

[2009/10/08 21:27:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA

[2009/10/07 20:47:35 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\SopCast

[2009/10/07 20:47:32 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Orban

[2009/10/06 20:59:04 | 00,104,960 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbser6k.sys

[2009/10/06 20:59:04 | 00,104,960 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbnmea.sys

[2009/10/06 20:59:04 | 00,104,960 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbmdm6k.sys

[2009/10/06 20:59:04 | 00,013,824 | ---- | C] (ZTE) -- C:\WINDOWS\System32\drivers\ZTEusbccid.sys

[2009/10/06 20:59:04 | 00,007,680 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\massfilter.sys

[2009/10/06 20:58:54 | 00,621,056 | ---- | C] (DiBcom SA) -- C:\WINDOWS\System32\drivers\mod7700.sys

[2009/10/06 20:58:54 | 00,101,120 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbmdm.sys

[2009/10/06 20:58:54 | 00,100,992 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbnet.sys

[2009/10/06 20:58:53 | 00,103,168 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbfake.sys

[2009/10/06 20:58:53 | 00,024,448 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewdcsc.sys

[2009/10/06 20:58:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\OI

[2009/10/06 20:58:25 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\OI

[2009/10/05 12:19:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Iniciar\Configurações locais\Dados de aplicativos\Ares

[2009/10/05 12:18:50 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Ares

[2004/11/24 16:25:52 | 00,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/03 12:07:55 | 00,527,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Iniciar\Desktop\OTL.exe

[2009/11/03 12:03:56 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/11/03 12:03:52 | 00,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job

[2009/11/03 12:03:49 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/11/03 12:03:37 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/11/03 12:02:29 | 00,000,330 | -HS- | M] () -- C:\Documents and Settings\Iniciar\ntuser.ini

[2009/11/03 12:02:28 | 03,932,160 | -H-- | M] () -- C:\Documents and Settings\Iniciar\NTUSER.DAT

[2009/11/03 12:01:25 | 00,003,018 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2009/11/03 11:43:29 | 00,000,458 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{0C147914-CBB4-43CD-803C-EE0F8B091F68}.job

[2009/11/02 15:48:50 | 00,002,559 | ---- | M] () -- C:\Documents and Settings\Iniciar\Desktop\Microsoft Office Word 2003.lnk

[2009/11/02 13:03:23 | 00,523,776 | ---- | M] () -- C:\Documents and Settings\Iniciar\Desktop\dds.scr

[2009/11/02 12:48:51 | 00,001,781 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk

[2009/11/02 12:31:46 | 00,471,022 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat

[2009/11/02 12:31:46 | 00,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009/11/02 12:31:46 | 00,079,980 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat

[2009/11/02 12:31:46 | 00,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009/11/02 12:31:45 | 01,061,902 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009/11/02 11:10:06 | 00,001,871 | ---- | M] () -- C:\Documents and Settings\Iniciar\Desktop\Windows Live Messenger .lnk

[2009/11/01 19:03:51 | 02,591,744 | ---- | M] ( ) -- C:\WINDOWS\System32\msvcr92d.dll

[2009/10/29 16:12:12 | 00,001,503 | ---- | M] () -- C:\Documents and Settings\Iniciar\Desktop\Paint.lnk

[2009/10/29 10:45:25 | 02,071,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009/10/28 15:22:45 | 00,044,608 | ---- | M] () -- C:\Documents and Settings\Iniciar\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT

[2009/10/27 13:08:38 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2009/10/26 16:51:21 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\Conts.ini

[2009/10/26 16:45:44 | 00,000,057 | ---- | M] () -- C:\WINDOWS\System32\LgPss.ini

[2009/10/24 19:46:25 | 00,711,680 | ---- | M] () -- C:\WINDOWS\System32\wmpnet.exe

[2009/10/24 12:35:47 | 00,000,048 | ---- | M] () -- C:\WINDOWS\System32\lj3j4j63kkj.cfg

[2009/10/24 12:35:46 | 00,000,072 | ---- | M] () -- C:\WINDOWS\System32\lj3j4j63kkj.usr

[2009/10/24 12:33:00 | 00,000,072 | ---- | M] () -- C:\WINDOWS\System32\msvcr92d.usr

[2009/10/24 12:33:00 | 00,000,048 | ---- | M] () -- C:\WINDOWS\System32\msvcr92d.cfg

[2009/10/24 11:09:40 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2009/10/24 11:08:54 | 00,000,877 | ---- | M] () -- C:\WINDOWS\win.ini

[2009/10/24 10:42:32 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf

[2009/10/23 16:59:43 | 00,251,696 | RHS- | M] () -- C:\ntldr

[2009/10/22 14:00:20 | 00,014,848 | ---- | M] () -- C:\Documents and Settings\Iniciar\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/10/19 19:52:54 | 00,000,619 | ---- | M] () -- C:\Documents and Settings\Iniciar\Desktop\contas mensais.lnk

[2009/10/18 13:51:16 | 00,001,769 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2009/10/16 13:22:44 | 00,291,328 | ---- | M] () -- C:\Documents and Settings\Iniciar\Desktop\gmer.exe

[2009/10/15 15:23:33 | 00,002,539 | ---- | M] () -- C:\Documents and Settings\Iniciar\Desktop\Microsoft Office PowerPoint 2003.lnk

[2009/10/10 16:46:19 | 00,000,828 | ---- | M] () -- C:\Documents and Settings\Iniciar\Desktop\Windows Media Player.lnk

[2009/10/10 16:26:57 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb

[2009/10/10 16:26:57 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb

[2009/10/10 16:08:29 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx

[2009/10/10 16:07:27 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf

[2009/10/09 15:30:22 | 00,002,521 | ---- | M] () -- C:\Documents and Settings\Iniciar\Desktop\Microsoft Office Excel 2003.lnk

[2009/10/07 17:50:07 | 00,000,711 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Discador Oi.lnk

[2009/10/05 12:18:58 | 00,000,682 | ---- | M] () -- C:\Documents and Settings\Iniciar\Desktop\Ares.lnk

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/02 13:03:08 | 00,523,776 | ---- | C] () -- C:\Documents and Settings\Iniciar\Desktop\dds.scr

[2009/11/02 12:48:51 | 00,001,781 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk

[2009/11/02 12:48:23 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx

[2009/11/02 11:10:06 | 00,001,871 | ---- | C] () -- C:\Documents and Settings\Iniciar\Desktop\Windows Live Messenger .lnk

[2009/11/01 18:42:12 | 00,291,328 | ---- | C] () -- C:\Documents and Settings\Iniciar\Desktop\gmer.exe

[2009/10/26 16:51:21 | 00,000,027 | ---- | C] () -- C:\WINDOWS\System32\Conts.ini

[2009/10/25 20:52:25 | 00,000,057 | ---- | C] () -- C:\WINDOWS\System32\LgPss.ini

[2009/10/24 19:46:32 | 00,711,680 | ---- | C] () -- C:\WINDOWS\System32\wmpnet.exe

[2009/10/24 12:35:31 | 00,000,072 | ---- | C] () -- C:\WINDOWS\System32\msvcr92d.usr

[2009/10/24 12:35:31 | 00,000,048 | ---- | C] () -- C:\WINDOWS\System32\msvcr92d.cfg

[2009/10/24 12:33:00 | 00,000,048 | ---- | C] () -- C:\WINDOWS\System32\lj3j4j63kkj.cfg

[2009/10/24 12:32:59 | 00,000,072 | ---- | C] () -- C:\WINDOWS\System32\lj3j4j63kkj.usr

[2009/10/24 10:44:24 | 01,089,883 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat

[2009/10/24 10:42:32 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf

[2009/10/23 13:55:25 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img

[2009/10/23 13:55:03 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty

[2009/10/23 13:52:19 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod

[2009/10/18 13:51:16 | 00,001,769 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2009/10/10 16:46:19 | 00,000,828 | ---- | C] () -- C:\Documents and Settings\Iniciar\Desktop\Windows Media Player.lnk

[2009/10/10 16:07:27 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf

[2009/10/08 21:27:36 | 00,000,236 | ---- | C] () -- C:\WINDOWS\tasks\OGALogon.job

[2009/10/06 20:58:29 | 00,000,711 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Discador Oi.lnk

[2009/10/05 12:18:58 | 00,000,682 | ---- | C] () -- C:\Documents and Settings\Iniciar\Desktop\Ares.lnk

[2009/09/13 20:13:02 | 00,014,848 | ---- | C] () -- C:\Documents and Settings\Iniciar\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/08/12 14:18:12 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2009/08/09 14:17:10 | 00,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009/08/09 14:15:01 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2009/08/09 14:14:59 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2009/08/09 14:14:59 | 00,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009/08/09 14:14:59 | 00,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2009/08/09 14:10:43 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll

[2009/08/09 13:20:38 | 05,334,830 | -H-- | C] () -- C:\Documents and Settings\Iniciar\Configurações locais\Dados de aplicativos\IconCache.db

[2009/08/09 13:15:10 | 00,044,608 | ---- | C] () -- C:\Documents and Settings\Iniciar\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT

[2009/08/09 13:10:34 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Iniciar\Dados de aplicativos\desktop.ini

[2009/08/09 09:30:01 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\desktop.ini

[2009/08/03 16:07:42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2007/12/24 08:47:52 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2007/12/24 08:40:26 | 00,404,992 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll

[2007/12/22 17:02:50 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll

[2007/12/22 16:27:22 | 03,104,256 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll

[2007/12/03 11:34:32 | 00,026,624 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll

[2007/12/01 08:43:30 | 00,520,192 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll

[2007/11/29 07:52:36 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2006/06/29 14:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

[2006/06/29 14:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont

[2006/04/18 15:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont

[2006/04/18 15:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont

[2004/10/03 14:50:54 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll

[2003/04/07 12:30:02 | 00,005,383 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2001/10/28 16:07:38 | 00,000,877 | ---- | C] () -- C:\WINDOWS\win.ini

[2001/10/28 16:07:30 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >

[2004/08/04 01:45:22 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=BD18C87A4E1EA136C44D374296B981DC -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

[2008/04/14 00:20:26 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=A8CDC8DECE4735B86BBEF28460996C30 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2004/08/04 01:45:22 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=BD18C87A4E1EA136C44D374296B981DC -- C:\WINDOWS\SoftwareDistribution\Download\be339b07d210ea88f2393519d2e5e7cf\backup\eventlog.dll

[2008/04/14 00:20:26 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=A8CDC8DECE4735B86BBEF28460996C30 -- C:\WINDOWS\system32\eventlog.dll

[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\scecli.dll /s /md5 >

[2004/08/04 01:45:26 | 00,183,808 | ---- | M] (Microsoft Corporation) MD5=E95230A31F912E07B19F8335D4DFF110 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

[2008/04/14 00:20:40 | 00,184,832 | ---- | M] (Microsoft Corporation) MD5=879E802EF4EF2405014B170EA41E552B -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2004/08/04 01:45:26 | 00,183,808 | ---- | M] (Microsoft Corporation) MD5=E95230A31F912E07B19F8335D4DFF110 -- C:\WINDOWS\SoftwareDistribution\Download\be339b07d210ea88f2393519d2e5e7cf\backup\scecli.dll

[2008/04/14 00:20:40 | 00,184,832 | ---- | M] (Microsoft Corporation) MD5=879E802EF4EF2405014B170EA41E552B -- C:\WINDOWS\system32\scecli.dll

[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >

[2009/02/06 16:46:47 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=B8F0B2CF73FD662A39F0E4392C28E73D -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll

[2009/02/06 16:46:47 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=B8F0B2CF73FD662A39F0E4392C28E73D -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll

[2004/08/04 01:45:26 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=82777C1BE8E9F0B1574DAC5BC29C7D6F -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

[2008/04/14 00:20:34 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=49897D67B04E62F8E59EB8B1C7DF7072 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2004/08/04 01:45:26 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=82777C1BE8E9F0B1574DAC5BC29C7D6F -- C:\WINDOWS\SoftwareDistribution\Download\be339b07d210ea88f2393519d2e5e7cf\backup\netlogon.dll

[2008/04/14 00:20:34 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=49897D67B04E62F8E59EB8B1C7DF7072 -- C:\WINDOWS\system32\netlogon.dll

[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >

< %SYSTEMDRIVE%\atapi.sys /s /md5 >

[2004/08/03 23:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

[2008/04/13 16:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2004/08/03 23:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SoftwareDistribution\Download\be339b07d210ea88f2393519d2e5e7cf\backup\atapi.sys

[2008/04/13 16:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[2004/08/03 23:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

[2004/08/03 23:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

========== Alternate Data Streams ==========

@Alternate Data Stream - 208 bytes -> C:\WINDOWS\System32\drivers:GbpKmAp.lst

@Alternate Data Stream - 2 bytes -> C:\WINDOWS\system32:E763C6DB_Cef.gbp

< End of report >

OTL Extras logfile created on: 3/11/2009 12:11:02 - Run 1

OTL by OldTimer - Version 3.1.3.3 Folder = C:\Documents and Settings\Iniciar\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

502,17 Mb Total Physical Memory | 182,74 Mb Available Physical Memory | 36,39% Memory free

1,20 Gb Paging File | 0,82 Gb Available in Paging File | 68,44% Paging File free

Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 78,13 Gb Total Space | 63,80 Gb Free Space | 81,66% Space Free | Partition Type: NTFS

Drive D: | 33,54 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Drive E: | 70,91 Gb Total Space | 70,22 Gb Free Space | 99,02% Space Free | Partition Type: NTFS

Drive F: | 4,39 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: 2009-E12

Current User Name: Iniciar

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

htmlfile [edit] -- "C:\Arquivos de programas\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [open] -- "C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Arquivos de programas\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- "C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

https [open] -- "C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Arquivos de programas\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 1

"FirewallDisableNotify" = 1

"UpdatesDisableNotify" = 1

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Arquivos de programas\MSN Messenger\livecall.exe" = C:\Arquivos de programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe" = C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" = C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Arquivos de programas\MSN Messenger\livecall.exe" = C:\Arquivos de programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found

"C:\WINDOWS\system32\rtcshare.exe" = C:\WINDOWS\system32\rtcshare.exe:*:Enabled:Compartilhamento de aplicativo RTC -- (Microsoft Corporation)

"C:\Arquivos de programas\NetMeeting\conf.exe" = C:\Arquivos de programas\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting® -- (Microsoft Corporation)

"C:\Arquivos de programas\Ares\Ares.exe" = C:\Arquivos de programas\Ares\Ares.exe:*:Enabled:Ares p2p for windows -- (Ares Development Group)

"C:\Arquivos de programas\Megacubo\megacubo.exe" = C:\Arquivos de programas\Megacubo\megacubo.exe:*:Enabled:MegaCubo -- File not found

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe" = C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" = C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{32BC546A-8AA3-4239-AE92-9CF3291C35A6}" = Windows Live Call

"{350C9416-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player

"{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}" = Assistente de Conexão do Windows Live

"{6E19F210-3813-4002-B561-94D66AA182B6}" = Atheros Communications Inc.® L1 Gigabit Ethernet Driver

"{90110416-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edição 2003

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{AAB93551-3FFE-42B2-8315-96252BBC1046}" = Nero 7 Essentials

"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B5ED7AB0-3838-4389-8549-7C8E22DD48F4}" = Windows Live Messenger

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{DB0A8A2A-4EA7-4FE3-802E-8A6DEE32696C}_is1" = Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0

"{DBC3FDEC-D5F4-439C-9A18-EF454A74E3DE}_is1" = NOD32 FiX v2.1

"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F2CD4651-F948-467C-B014-71FD981B7F59}" = Windows Live Essentials

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Ares" = Ares 2.1.1

"avast!" = avast! Antivirus

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"DiscadorCompitelefonica" = Discador iTelefonica

"HDMI" = Intel® Graphics Media Accelerator Driver

"ie8" = Windows Internet Explorer 8

"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 3.9.0

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"oigsm_is1" = Discador Oi

"SMSERIAL" = Motorola SM56 Speakerphone Modem

"SopCast" = SopCast 3.0.3

"WIC" = Windows Imaging Component

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = Arquivo do WinRAR

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"XP Codec Pack" = XP Codec Pack

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]

Error - 13/8/2009 19:10:01 | Computer Name = 2009-E12 | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\WINDOWS\SoftwareDistribution\Download\dd530e3e5fcfd628a386e12da7254e90\BIT4F.tmp

failed, 00000026.

Error - 13/8/2009 19:20:01 | Computer Name = 2009-E12 | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\WINDOWS\SoftwareDistribution\Download\78616a41a3b5fb4713f8817a1edd1b25\BIT4D.tmp

failed, 00000026.

Error - 13/8/2009 19:26:26 | Computer Name = 2009-E12 | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\WINDOWS\SoftwareDistribution\Download\d10bc6556c709623dedb355769e1b04d\BIT50.tmp

failed, 00000026.

Error - 13/8/2009 19:31:26 | Computer Name = 2009-E12 | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\WINDOWS\SoftwareDistribution\Download\571867b7c43bc6489fcbeeba6935b901\BIT54.tmp

failed, 00000026.

Error - 13/8/2009 19:42:00 | Computer Name = 2009-E12 | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\WINDOWS\SoftwareDistribution\Download\70a87929d0d0d6fe587c15b30220752f\BIT28.tmp

failed, 00000026.

Error - 13/8/2009 19:46:22 | Computer Name = 2009-E12 | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\WINDOWS\SoftwareDistribution\Download\30dfdd8768b1abb69d27f98811ffe767\BIT29.tmp

failed, 00000026.

Error - 13/8/2009 19:57:53 | Computer Name = 2009-E12 | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\WINDOWS\SoftwareDistribution\Download\2b7b5710b3647247599b4eb3eb612a6e\BIT2A.tmp

failed, 00000026.

Error - 13/8/2009 20:44:49 | Computer Name = 2009-E12 | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\WINDOWS\SoftwareDistribution\Download\7fcb5211403444fdd069bc59fd883df9\BIT35.tmp

failed, 00000026.

Error - 13/8/2009 20:49:49 | Computer Name = 2009-E12 | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\WINDOWS\SoftwareDistribution\Download\015ceb8059ea2d22a57ef7b0f6a350eb\BIT36.tmp

failed, 00000026.

Error - 13/8/2009 20:54:49 | Computer Name = 2009-E12 | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\WINDOWS\SoftwareDistribution\Download\484c431c1724e615839a90696fac1087\BIT37.tmp

failed, 00000026.

[ Application Events ]

Error - 29/10/2009 12:09:52 | Computer Name = 2009-E12 | Source = Application Error | ID = 1000

Description = Aplicativo com falha explorer.exe, versão 6.0.2900.5512, módulo com

falha unknown, versão 0.0.0.0, endereço com falha 0x051c2649.

Error - 29/10/2009 12:35:40 | Computer Name = 2009-E12 | Source = Application Hang | ID = 1002

Description = Aplicativo com falha msnmsgr.exe, versão 14.0.8089.726, módulo com

falha hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

Error - 29/10/2009 12:35:40 | Computer Name = 2009-E12 | Source = Application Hang | ID = 1002

Description = Aplicativo com falha msnmsgr.exe, versão 14.0.8089.726, módulo com

falha hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

Error - 29/10/2009 12:35:42 | Computer Name = 2009-E12 | Source = Application Hang | ID = 1002

Description = Aplicativo com falha msnmsgr.exe, versão 14.0.8089.726, módulo com

falha hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

Error - 29/10/2009 14:21:50 | Computer Name = 2009-E12 | Source = Application Hang | ID = 1002

Description = Aplicativo com falha WINWORD.EXE, versão 11.0.8307.0, módulo com falha

hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

Error - 29/10/2009 17:18:21 | Computer Name = 2009-E12 | Source = Application Hang | ID = 1002

Description = Aplicativo com falha iexplore.exe, versão 8.0.6001.18702, módulo com

falha hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

Error - 1/11/2009 20:45:51 | Computer Name = 2009-E12 | Source = Application Hang | ID = 1002

Description = Aplicativo com falha rundll32.exe, versão 5.1.2600.5512, módulo com

falha hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

Error - 2/11/2009 10:54:25 | Computer Name = 2009-E12 | Source = Application Error | ID = 1000

Description = Aplicativo com falha dds.exe, versão 0.0.0.0, módulo com falha kernel32.dll,

versão 5.1.2600.5781, endereço com falha 0x00012afb.

Error - 2/11/2009 10:54:31 | Computer Name = 2009-E12 | Source = Application Error | ID = 1000

Description = Aplicativo com falha dds.exe, versão 0.0.0.0, módulo com falha kernel32.dll,

versão 5.1.2600.5781, endereço com falha 0x00012afb.

Error - 2/11/2009 10:54:38 | Computer Name = 2009-E12 | Source = Application Error | ID = 1000

Description = Aplicativo com falha dds.exe, versão 0.0.0.0, módulo com falha kernel32.dll,

versão 5.1.2600.5781, endereço com falha 0x00012afb.

[ System Events ]

Error - 1/11/2009 20:06:13 | Computer Name = 2009-E12 | Source = Service Control Manager | ID = 7000

Description = Não foi possível iniciar o serviço adfs devido ao seguinte erro: %%2

Error - 1/11/2009 20:06:21 | Computer Name = 2009-E12 | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume

foi interrompido.

Error - 2/11/2009 08:44:33 | Computer Name = 2009-E12 | Source = Service Control Manager | ID = 7000

Description = Não foi possível iniciar o serviço adfs devido ao seguinte erro: %%2

Error - 2/11/2009 08:44:37 | Computer Name = 2009-E12 | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume

foi interrompido.

Error - 2/11/2009 10:51:27 | Computer Name = 2009-E12 | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume

foi interrompido.

Error - 2/11/2009 10:51:28 | Computer Name = 2009-E12 | Source = Service Control Manager | ID = 7000

Description = Não foi possível iniciar o serviço adfs devido ao seguinte erro: %%2

Error - 3/11/2009 09:38:46 | Computer Name = 2009-E12 | Source = Service Control Manager | ID = 7000

Description = Não foi possível iniciar o serviço adfs devido ao seguinte erro: %%2

Error - 3/11/2009 09:38:49 | Computer Name = 2009-E12 | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume

foi interrompido.

Error - 3/11/2009 10:03:54 | Computer Name = 2009-E12 | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume

foi interrompido.

Error - 3/11/2009 10:03:54 | Computer Name = 2009-E12 | Source = Service Control Manager | ID = 7000

Description = Não foi possível iniciar o serviço adfs devido ao seguinte erro: %%2

< End of report >

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro _AlexF

Acesse o site 4y6d3b8.gif" Jotti's malware scan "

  • Na caixa que fica em cima (File to upload & scan);
  • Copie e cole o(s) seguinte(s) arquivo(s) um de cada vez:
    • C:\WINDOWS\System32\msvcr92d.cfg
    • C:\WINDOWS\System32\lj3j4j63kkj.usr
    • C:\WINDOWS\System32\wmpnet.exe
    • C:\WINDOWS\System32\LgPss.ini

    [*]Clique no botão 688godt.jpg[*] O(s) arquivo(s) irá(serão) ser examinado(s) por diferentes programas antivirus, por favor aguarde.[*] Copie e cole o(s) resultado(s).

Se o site acima estiver muito congestionado, tente num desses sites:

Alternativa 1

Alternativa 2

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

C:\WINDOWS\System32\msvcr92d.cfg

2009-11-04 Nada encontrado

2009-11-04 Nada encontrado

2009-11-04 Nada encontrado

2009-11-04 Nada encontrado

2009-11-03 Nada encontrado

2009-11-04 Nada encontrado

2009-11-04 Nada encontrado

2009-11-04 Nada encontrado

2009-11-04 Nada encontrado

2009-11-04 Nada encontrado

2009-11-04 Nada encontrado

2009-11-03 Nada encontrado

2009-11-04 Nada encontrado

2009-11-04 Nada encontrado

2009-11-04 Nada encontrado

2009-11-04 Nada encontrado

2009-11-04 Nada encontrado

2009-11-03 Nada encontrado

2009-11-04 Nada encontrado

2009-11-04 Nada encontrado

2009-11-04 Nada encontrado

C:\WINDOWS\System32\lj3j4j63kkj.usr

2009-11-04 Nada encontrado

2009-11-04 Nada encontrado

2009-11-04 Nada encontrado

2009-11-04 Nada encontrado

2009-11-03 Nada encontrado

2009-11-04 Nada encontrado

2009-11-04 Nada encontrado

2009-11-04 Nada encontrado

2009-11-04 Nada encontrado

2009-11-04 Nada encontrado

2009-11-04 Nada encontrado

2009-11-03 Nada encontrado

2009-11-04 Nada encontrado

2009-11-04 Nada encontrado

2009-11-04 Nada encontrado

2009-11-04 Nada encontrado

2009-11-04 Nada encontrado

2009-11-03 Nada encontrado

2009-11-04 Nada encontrado

2009-11-04 Nada encontrado

2009-11-04 Nada encontrado

C:\WINDOWS\System32\wmpnet.exe

2009-11-03 Nada encontrado

2009-11-04 Nada encontrado

2009-11-04 Nada encontrado

2009-11-04 Nada encontrado

2009-11-03 Nada encontrado

2009-11-04 Nada encontrado

2009-11-03 Nada encontrado

2009-11-04 Nada encontrado

2009-11-03 Nada encontrado

2009-11-03 Nada encontrado

2009-11-04 Nada encontrado

2009-11-03 Nada encontrado

2009-11-04 Nada encontrado

2009-11-04 Nada encontrado

2009-11-04 Nada encontrado

2009-11-04 Nada encontrado

2009-11-04 Nada encontrado

2009-11-03 Nada encontrado

2009-11-03 Nada encontrado

2009-11-03 Nada encontrado

2009-11-04 Nada encontrado

C:\WINDOWS\System32\LgPss.ini

2009-11-04 Nada encontrado

2009-11-04 Nada encontrado

2009-11-04 Nada encontrado

2009-11-04 Nada encontrado

2009-11-03 Nada encontrado

2009-11-04 Nada encontrado

2009-11-04 Nada encontrado

2009-11-04 Nada encontrado

2009-11-04 Nada encontrado

2009-11-04 Nada encontrado

2009-11-04 Nada encontrado

2009-11-03 Nada encontrado

2009-11-04 Nada encontrado

2009-11-04 Nada encontrado

2009-11-04 Nada encontrado

2009-11-04 Nada encontrado

2009-11-04 Nada encontrado

2009-11-03 Nada encontrado

2009-11-04 Nada encontrado

2009-11-04 Nada encontrado

2009-11-04 Nada encontrado

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro _AlexF

# Etapa nº 1 #

Novamente com o OTL

  • Clique duas vezes no ícone 3984478580_7ed4cabc45_o.gif
  • Copie e cole o conteúdo abaixo, no espaço logo após 3979150640_113dbcd345_o.jpg

:OTL
O33 - MountPoints2\{acce4cc0-b2cb-11de-b26b-0026183c16d2}\Shell - "" = AutoRun
O33 - MountPoints2\{acce4cc0-b2cb-11de-b26b-0026183c16d2}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008/03/20 15:28:14 | 00,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{acce4cc4-b2cb-11de-b26b-0026183c16d2}\Shell - "" = AutoRun
O33 - MountPoints2\{acce4cc4-b2cb-11de-b26b-0026183c16d2}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008/03/20 15:28:14 | 00,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{d773fca6-b378-11de-b26c-0026183c16d2}\Shell - "" = AutoRun
O33 - MountPoints2\{d773fca6-b378-11de-b26c-0026183c16d2}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008/03/20 15:28:14 | 00,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{d773fca7-b378-11de-b26c-0026183c16d2}\Shell - "" = AutoRun
O33 - MountPoints2\{d773fca7-b378-11de-b26c-0026183c16d2}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008/03/20 15:28:14 | 00,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)

:Processes

:Services

:Reg

:Commands
[emptytemp]
[purity]
[reboot]

  • Clique no botão 3978388571_46074d225b_o.jpg
  • Quando reiniciar vai aparecer uma janela, clique em executar;
  • Salve (arquivo > salvar como) o log no desktop com um nome que desejar;
  • Atenção: se fechar o log sem ter salvo antes ele sumirá.
  • Poste todo o conteúdo em sua próxima resposta.

# Etapa nº 2 #

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde. [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

All processes killed

========== OTL ==========

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{acce4cc0-b2cb-11de-b26b-0026183c16d2}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{acce4cc0-b2cb-11de-b26b-0026183c16d2}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{acce4cc0-b2cb-11de-b26b-0026183c16d2}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{acce4cc0-b2cb-11de-b26b-0026183c16d2}\ not found.

File move failed. F:\AutoRun.exe scheduled to be moved on reboot.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{acce4cc4-b2cb-11de-b26b-0026183c16d2}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{acce4cc4-b2cb-11de-b26b-0026183c16d2}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{acce4cc4-b2cb-11de-b26b-0026183c16d2}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{acce4cc4-b2cb-11de-b26b-0026183c16d2}\ not found.

File move failed. F:\AutoRun.exe scheduled to be moved on reboot.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d773fca6-b378-11de-b26c-0026183c16d2}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d773fca6-b378-11de-b26c-0026183c16d2}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d773fca6-b378-11de-b26c-0026183c16d2}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d773fca6-b378-11de-b26c-0026183c16d2}\ not found.

File move failed. F:\AutoRun.exe scheduled to be moved on reboot.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d773fca7-b378-11de-b26c-0026183c16d2}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d773fca7-b378-11de-b26c-0026183c16d2}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d773fca7-b378-11de-b26c-0026183c16d2}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d773fca7-b378-11de-b26c-0026183c16d2}\ not found.

File move failed. F:\AutoRun.exe scheduled to be moved on reboot.

========== PROCESSES ==========

========== SERVICES/DRIVERS ==========

========== REGISTRY ==========

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Iniciar

->Temp folder emptied: -1027429576 bytes

->Temporary Internet Files folder emptied: 264998587 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2134162 bytes

%systemroot%\System32 .tmp files removed: 2676121 bytes

Windows Temp folder emptied: 18398950 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = -704,88 mb

OTL by OldTimer - Version 3.1.3.3 log created on 11042009_173951

Files\Folders moved on Reboot...

File move failed. F:\AutoRun.exe scheduled to be moved on reboot.

File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.

C:\WINDOWS\temp\Perflib_Perfdata_67c.dat moved successfully.

Registry entries deleted on Reboot...

ComboFix 09-11-04.02 - Iniciar 04/11/2009 17:58.1.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.502.240 [GMT -2:00]

Executando de: c:\documents and settings\Iniciar\Desktop\ComboFix.exe

AV: avast! antivirus 4.8.1356 [VPS 091104-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

ADS - system32: deleted 2 bytes in 1 streams.

ADS - drivers: deleted 262 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\arquivos de programas\SGPSA

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-10-04 to 2009-11-04 ))))))))))))))))))))))))))))

.

2009-11-04 19:39 . 2009-11-04 19:39 -------- d-----w- C:\_OTL

2009-11-03 16:53 . 2009-11-03 16:53 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\ESET

2009-11-02 14:48 . 2009-09-15 09:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2009-11-02 14:48 . 2009-09-15 09:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2009-11-02 14:48 . 2009-09-15 09:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2009-11-02 14:48 . 2009-09-15 09:53 97480 ----a-w- c:\windows\system32\AvastSS.scr

2009-11-02 14:48 . 2009-09-15 09:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2009-11-02 14:48 . 2009-09-15 09:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys

2009-11-02 14:48 . 2009-09-15 09:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2009-11-02 14:48 . 2009-09-15 09:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys

2009-11-02 14:48 . 2009-09-15 09:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe

2009-11-02 13:08 . 2009-11-02 13:08 -------- d-----w- c:\arquivos de programas\Microsoft

2009-11-02 13:07 . 2009-11-02 13:08 -------- d-----w- c:\arquivos de programas\Windows Live

2009-10-30 00:12 . 2008-05-29 06:03 37176 ----a-w- c:\documents and settings\Iniciar\Dados de aplicativos\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2009-10-29 17:32 . 2009-10-29 17:32 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-10-28 17:22 . 2009-10-29 17:17 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\FLEXnet

2009-10-28 17:16 . 2009-10-28 17:16 -------- d-----w- c:\arquivos de programas\Adobe Media Player

2009-10-28 17:14 . 2009-10-28 17:14 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe AIR

2009-10-27 00:19 . 2009-09-30 18:57 30488 ----a-w- c:\windows\system32\drivers\gbpkm.sys

2009-10-27 00:11 . 2009-10-27 00:19 -------- d-----w- c:\arquivos de programas\GbPlugin

2009-10-27 00:11 . 2009-10-27 00:19 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2009-10-24 21:46 . 2009-10-24 21:46 711680 ----a-w- c:\windows\system32\wmpnet.exe

2009-10-24 14:35 . 2009-11-01 21:03 2591744 ----a-w- c:\windows\system32\msvcr92d.dll

2009-10-24 12:47 . 2008-05-09 10:55 90112 -c----w- c:\windows\system32\dllcache\wshext.dll

2009-10-24 12:47 . 2008-05-09 10:55 180224 -c----w- c:\windows\system32\dllcache\scrobj.dll

2009-10-24 12:47 . 2008-05-09 10:55 172032 -c----w- c:\windows\system32\dllcache\scrrun.dll

2009-10-24 12:47 . 2008-05-09 08:45 135168 -c----w- c:\windows\system32\dllcache\cscript.exe

2009-10-24 12:47 . 2008-05-08 11:24 155648 -c----w- c:\windows\system32\dllcache\wscript.exe

2009-10-23 19:06 . 2009-10-23 19:06 -------- d-----w- c:\windows\l2schemas

2009-10-23 19:06 . 2009-10-23 19:06 -------- d-----w- c:\windows\system32\bits

2009-10-23 15:52 . 2004-08-04 03:36 701440 ------w- c:\windows\system32\drivers\ati2mtag.sys

2009-10-23 15:06 . 2009-10-23 15:06 -------- d-----w- c:\windows\system32\XPSViewer

2009-10-23 15:06 . 2009-10-23 15:06 -------- d-----w- c:\arquivos de programas\MSBuild

2009-10-23 15:06 . 2009-10-23 15:06 -------- d-----w- c:\arquivos de programas\Reference Assemblies

2009-10-23 15:05 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-10-23 15:05 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2009-10-23 15:05 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2009-10-23 15:05 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2009-10-23 15:05 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2009-10-23 15:05 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2009-10-23 15:05 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-10-23 15:01 . 2009-10-23 15:01 -------- d-----w- c:\arquivos de programas\MSXML 6.0

2009-10-15 17:26 . 2009-10-15 17:27 -------- d-----w- c:\documents and settings\Iniciar\Dados de aplicativos\Teleca

2009-10-15 17:26 . 2009-10-15 17:26 -------- d-----w- c:\documents and settings\Iniciar\Dados de aplicativos\Sony Ericsson

2009-10-15 17:18 . 2009-10-16 15:55 -------- d-----w- c:\windows\Downloaded Installations

2009-10-15 13:16 . 2009-10-15 13:16 -------- d-----w- c:\documents and settings\Iniciar\Dados de aplicativos\Leadertech

2009-10-15 13:01 . 2009-10-15 13:01 -------- d-----w- c:\documents and settings\Iniciar\Dados de aplicativos\AdobeUM

2009-10-12 21:22 . 2009-10-12 21:25 -------- d-----w- c:\documents and settings\Iniciar\Dados de aplicativos\Nokia

2009-10-12 21:20 . 2009-10-12 21:20 -------- d-----w- c:\arquivos de programas\DIFX

2009-10-12 21:19 . 2009-10-12 21:20 -------- d-----w- c:\documents and settings\Iniciar\Dados de aplicativos\PC Suite

2009-10-12 21:19 . 2009-10-12 21:19 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\PC Suite

2009-10-12 21:19 . 2006-03-24 11:31 48128 ----a-w- c:\windows\system32\nmwcdcls.dll

2009-10-12 21:19 . 2009-10-16 15:45 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Downloaded Installations

2009-10-10 18:37 . 2008-04-14 02:20 26624 ----a-w- c:\documents and settings\LocalService\Dados de aplicativos\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

2009-10-10 18:09 . 2009-10-10 18:09 -------- d-----w- c:\arquivos de programas\Windows Media Connect 2

2009-10-10 18:07 . 2009-10-24 12:42 -------- d-----w- c:\windows\system32\drivers\UMDF

2009-10-10 18:07 . 2009-10-10 18:07 -------- d-----w- c:\windows\system32\LogFiles

2009-10-07 22:47 . 2009-10-07 22:47 -------- d-----w- c:\arquivos de programas\SopCast

2009-10-07 22:47 . 2009-10-07 22:47 -------- d-----w- c:\arquivos de programas\Orban

2009-10-06 22:59 . 2009-06-29 15:16 7680 ----a-w- c:\windows\system32\drivers\massfilter.sys

2009-10-06 22:59 . 2009-06-29 15:16 13824 ----a-w- c:\windows\system32\drivers\ZTEusbccid.sys

2009-10-06 22:59 . 2009-06-29 15:16 104960 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys

2009-10-06 22:59 . 2009-06-29 15:16 104960 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys

2009-10-06 22:59 . 2009-06-29 15:16 104960 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys

2009-10-06 22:58 . 2009-06-08 19:06 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys

2009-10-06 22:58 . 2009-06-08 19:06 101120 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys

2009-10-06 22:58 . 2009-06-08 19:06 100992 ----a-w- c:\windows\system32\drivers\ewusbnet.sys

2009-10-06 22:58 . 2009-06-08 19:06 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys

2009-10-06 22:58 . 2009-06-08 19:06 103168 ----a-w- c:\windows\system32\drivers\ewusbfake.sys

2009-10-06 22:58 . 2009-10-06 22:58 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\OI

2009-10-06 22:58 . 2009-10-06 22:58 -------- d-----w- c:\arquivos de programas\OI

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-11-03 16:53 . 2009-08-09 16:14 -------- d-----w- c:\arquivos de programas\Eset

2009-11-02 14:31 . 2001-10-28 18:07 79980 ----a-w- c:\windows\system32\perfc016.dat

2009-11-02 14:31 . 2001-10-28 18:07 471022 ----a-w- c:\windows\system32\perfh016.dat

2009-10-30 00:09 . 2009-08-30 14:26 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2009-10-18 14:33 . 2009-08-09 22:45 -------- d-----w- c:\arquivos de programas\Discador itelefonica

2009-10-15 17:18 . 2009-08-09 16:11 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield

2009-10-05 14:19 . 2009-10-05 14:18 -------- d-----w- c:\arquivos de programas\Ares

2009-09-18 15:21 . 2009-09-18 15:21 -------- d-----w- c:\arquivos de programas\Windows Live SkyDrive

2009-09-15 21:02 . 2009-09-15 21:02 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Windows Live

2009-09-11 14:19 . 2004-08-04 03:45 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-04 21:04 . 2004-08-04 03:45 58880 ----a-w- c:\windows\system32\msasn1.dll

2009-08-29 07:57 . 2004-08-04 03:45 916480 ----a-w- c:\windows\system32\wininet.dll

2009-08-26 08:01 . 2004-08-04 03:45 247326 ----a-w- c:\windows\system32\strmdll.dll

2009-08-18 22:44 . 2009-08-18 22:44 15240 ----a-w- c:\documents and settings\Iniciar\Dados de aplicativos\Microsoft\IdentityCRL\PROD\ppcrlconfig.dll

2009-08-10 20:06 . 2009-08-09 14:41 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-08-09 16:11 . 2009-08-09 16:11 315392 ----a-w- c:\windows\HideWin.exe

2009-08-09 14:38 . 2009-08-09 14:38 21844 ----a-w- c:\windows\system32\emptyregdb.dat

2009-08-06 21:24 . 2009-08-09 14:39 327896 ----a-w- c:\windows\system32\wucltui.dll

2009-08-06 21:24 . 2009-08-09 14:39 209632 ----a-w- c:\windows\system32\wuweb.dll

2009-08-06 21:24 . 2009-08-10 00:04 44768 ----a-w- c:\windows\system32\wups2.dll

2009-08-06 21:24 . 2009-08-09 14:39 35552 ----a-w- c:\windows\system32\wups.dll

2009-08-06 21:24 . 2009-08-09 14:39 53472 ----a-w- c:\windows\system32\wuauclt.exe

2009-08-06 21:24 . 2004-08-04 03:45 96480 ----a-w- c:\windows\system32\cdm.dll

2009-08-06 21:23 . 2009-08-09 14:39 575704 ----a-w- c:\windows\system32\wuapi.dll

2009-08-06 21:23 . 2009-09-16 16:13 274288 ----a-w- c:\windows\system32\mucltui.dll

2009-08-06 21:23 . 2009-09-16 16:13 215920 ----a-w- c:\windows\system32\muweb.dll

2009-08-06 21:23 . 2009-08-09 14:39 1929952 ----a-w- c:\windows\system32\wuaueng.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ABAB7830-3B37-421B-B7AE-8BE5B6F2B550}]

2009-11-01 21:03 2591744 ----a-w- c:\windows\system32\msvcr92d.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-20 142104]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-20 162584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-20 138008]

"SMSERIAL"="c:\windows\sm56hlpr.exe" [2006-04-05 565248]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-04-10 16126464]

"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-04-04 1822720]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= "c:\arquivos de programas\GbPlugin\gbiehcef.dll" [2009-09-30 305704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

2009-09-30 19:00 305704 ----a-w- c:\arquivos de programas\GbPlugin\gbiehcef.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\rtcshare.exe"=

"c:\\Arquivos de programas\\NetMeeting\\conf.exe"=

"c:\\Arquivos de programas\\Ares\\Ares.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [26/10/2009 22:19 30488]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2/11/2009 12:48 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/11/2009 12:48 20560]

R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [26/10/2009 22:19 53808]

R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [9/8/2009 14:09 39424]

S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [6/10/2009 20:59 7680]

--- =Outros Serviços/Drivers Na Memória ---

*NewlyCreated* - MBR

*NewlyCreated* - PROCEXP113

*Deregistered* - mbr

*Deregistered* - PROCEXP113

.

Conteúdo da pasta 'Tarefas Agendadas'

2009-11-04 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 18:07]

2009-11-04 c:\windows\Tasks\User_Feed_Synchronization-{0C147914-CBB4-43CD-803C-EE0F8B091F68}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: {32F5158C-0E12-40A8-8B50-3849C4E36951} = 200.222.0.34 200.202.193.75

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://imagem.caixa.gov.br/cab/gbpdist.cab

.

- - - - ORFÃOS REMOVIDOS - - - -

BHO-{C21DB80B-5EC5-4A58-9D82-6124A50B0DDB}9D82-6124A50B0DDB} - (no file)

HKLM-Run-Adobe Photo Downloader - c:\arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

AddRemove-DiscadorCompitelefonica - c:\arquivos de programas\Discador itelefonica\DiscadorCompitelefonica u

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-11-04 18:02

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|þ»Òw*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(544)

c:\arquivos de programas\GbPlugin\gbiehcef.dll

- - - - - - - > 'explorer.exe'(828)

c:\windows\system32\WININET.dll

c:\arquiv~1\WINDOW~2\wmpband.dll

c:\arquivos de programas\GbPlugin\gbiehcef.dll

c:\windows\system32\webcheck.dll

c:\arquivos de programas\Scpad\scpLIB.dll

c:\arquivos de programas\Scpad\scpMIB.dll

c:\arquivos de programas\Scpad\sshib.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Tempo para conclusão: 2009-11-04 18:04

ComboFix-quarantined-files.txt 2009-11-04 20:04

Pré-execução: 8 pasta(s) 71.546.753.024 bytes disponíveis

Pós execução: 11 pasta(s) 71.532.806.144 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro _AlexF

Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":

http://forum.clubedohardware.com.br/ajuda-wmpnet-exe/733228

Collect::[84]
C:\WINDOWS\System32\Conts.ini
C:\WINDOWS\System32\LgPss.ini
C:\WINDOWS\System32\wmpnet.exe
C:\WINDOWS\System32\lj3j4j63kkj.cfg
C:\WINDOWS\System32\lj3j4j63kkj.usr
C:\WINDOWS\System32\msvcr92d.usr
c:\windows\system32\msvcr92d.dll
c:\windows\system32\msvcr92d.cfg

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ABAB7830-3B37-421B-B7AE-8BE5B6F2B550}]

Salve este arquivo como: CFScript.txt

2872959479_997d4500c4_o.gif

Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para dentro do ComboFix.exe. Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

**Nota**

  • Quando o ComboFix terminar, o log surgirá junto com uma caixa de mensagem. De acordo com o script acima, o ComboFix irá coletar os arquivos para serem analisados.
  • Certifique-se de estar conectado à internet e clique em OK na mensagem.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá já fiz conforme sua orientação.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Na pasta C:\ComboFix.txt o bloco de notas está em branco.

Quando o combofix terminou o bloco de notas estava em branco.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro _AlexF

Veja se tem em: C:\QooBox\ComboFix2.txt

Caso esteja em branco, repita a operação, por favor.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 09-11-04.02 - Iniciar 04/11/2009 17:58.1.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.502.240 [GMT -2:00]

Executando de: c:\documents and settings\Iniciar\Desktop\ComboFix.exe

AV: avast! antivirus 4.8.1356 [VPS 091104-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

ADS - system32: deleted 2 bytes in 1 streams.

ADS - drivers: deleted 262 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\arquivos de programas\SGPSA

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-10-04 to 2009-11-04 ))))))))))))))))))))))))))))

.

2009-11-04 19:39 . 2009-11-04 19:39 -------- d-----w- C:\_OTL

2009-11-03 16:53 . 2009-11-03 16:53 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\ESET

2009-11-02 14:48 . 2009-09-15 09:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2009-11-02 14:48 . 2009-09-15 09:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2009-11-02 14:48 . 2009-09-15 09:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2009-11-02 14:48 . 2009-09-15 09:53 97480 ----a-w- c:\windows\system32\AvastSS.scr

2009-11-02 14:48 . 2009-09-15 09:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2009-11-02 14:48 . 2009-09-15 09:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys

2009-11-02 14:48 . 2009-09-15 09:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2009-11-02 14:48 . 2009-09-15 09:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys

2009-11-02 14:48 . 2009-09-15 09:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe

2009-11-02 13:08 . 2009-11-02 13:08 -------- d-----w- c:\arquivos de programas\Microsoft

2009-11-02 13:07 . 2009-11-02 13:08 -------- d-----w- c:\arquivos de programas\Windows Live

2009-10-30 00:12 . 2008-05-29 06:03 37176 ----a-w- c:\documents and settings\Iniciar\Dados de aplicativos\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2009-10-29 17:32 . 2009-10-29 17:32 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-10-28 17:22 . 2009-10-29 17:17 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\FLEXnet

2009-10-28 17:16 . 2009-10-28 17:16 -------- d-----w- c:\arquivos de programas\Adobe Media Player

2009-10-28 17:14 . 2009-10-28 17:14 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe AIR

2009-10-27 00:19 . 2009-09-30 18:57 30488 ----a-w- c:\windows\system32\drivers\gbpkm.sys

2009-10-27 00:11 . 2009-10-27 00:19 -------- d-----w- c:\arquivos de programas\GbPlugin

2009-10-27 00:11 . 2009-10-27 00:19 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2009-10-24 21:46 . 2009-10-24 21:46 711680 ----a-w- c:\windows\system32\wmpnet.exe

2009-10-24 14:35 . 2009-11-01 21:03 2591744 ----a-w- c:\windows\system32\msvcr92d.dll

2009-10-24 12:47 . 2008-05-09 10:55 90112 -c----w- c:\windows\system32\dllcache\wshext.dll

2009-10-24 12:47 . 2008-05-09 10:55 180224 -c----w- c:\windows\system32\dllcache\scrobj.dll

2009-10-24 12:47 . 2008-05-09 10:55 172032 -c----w- c:\windows\system32\dllcache\scrrun.dll

2009-10-24 12:47 . 2008-05-09 08:45 135168 -c----w- c:\windows\system32\dllcache\cscript.exe

2009-10-24 12:47 . 2008-05-08 11:24 155648 -c----w- c:\windows\system32\dllcache\wscript.exe

2009-10-23 19:06 . 2009-10-23 19:06 -------- d-----w- c:\windows\l2schemas

2009-10-23 19:06 . 2009-10-23 19:06 -------- d-----w- c:\windows\system32\bits

2009-10-23 15:52 . 2004-08-04 03:36 701440 ------w- c:\windows\system32\drivers\ati2mtag.sys

2009-10-23 15:06 . 2009-10-23 15:06 -------- d-----w- c:\windows\system32\XPSViewer

2009-10-23 15:06 . 2009-10-23 15:06 -------- d-----w- c:\arquivos de programas\MSBuild

2009-10-23 15:06 . 2009-10-23 15:06 -------- d-----w- c:\arquivos de programas\Reference Assemblies

2009-10-23 15:05 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-10-23 15:05 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2009-10-23 15:05 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2009-10-23 15:05 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2009-10-23 15:05 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2009-10-23 15:05 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2009-10-23 15:05 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-10-23 15:01 . 2009-10-23 15:01 -------- d-----w- c:\arquivos de programas\MSXML 6.0

2009-10-15 17:26 . 2009-10-15 17:27 -------- d-----w- c:\documents and settings\Iniciar\Dados de aplicativos\Teleca

2009-10-15 17:26 . 2009-10-15 17:26 -------- d-----w- c:\documents and settings\Iniciar\Dados de aplicativos\Sony Ericsson

2009-10-15 17:18 . 2009-10-16 15:55 -------- d-----w- c:\windows\Downloaded Installations

2009-10-15 13:16 . 2009-10-15 13:16 -------- d-----w- c:\documents and settings\Iniciar\Dados de aplicativos\Leadertech

2009-10-15 13:01 . 2009-10-15 13:01 -------- d-----w- c:\documents and settings\Iniciar\Dados de aplicativos\AdobeUM

2009-10-12 21:22 . 2009-10-12 21:25 -------- d-----w- c:\documents and settings\Iniciar\Dados de aplicativos\Nokia

2009-10-12 21:20 . 2009-10-12 21:20 -------- d-----w- c:\arquivos de programas\DIFX

2009-10-12 21:19 . 2009-10-12 21:20 -------- d-----w- c:\documents and settings\Iniciar\Dados de aplicativos\PC Suite

2009-10-12 21:19 . 2009-10-12 21:19 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\PC Suite

2009-10-12 21:19 . 2006-03-24 11:31 48128 ----a-w- c:\windows\system32\nmwcdcls.dll

2009-10-12 21:19 . 2009-10-16 15:45 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Downloaded Installations

2009-10-10 18:37 . 2008-04-14 02:20 26624 ----a-w- c:\documents and settings\LocalService\Dados de aplicativos\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

2009-10-10 18:09 . 2009-10-10 18:09 -------- d-----w- c:\arquivos de programas\Windows Media Connect 2

2009-10-10 18:07 . 2009-10-24 12:42 -------- d-----w- c:\windows\system32\drivers\UMDF

2009-10-10 18:07 . 2009-10-10 18:07 -------- d-----w- c:\windows\system32\LogFiles

2009-10-07 22:47 . 2009-10-07 22:47 -------- d-----w- c:\arquivos de programas\SopCast

2009-10-07 22:47 . 2009-10-07 22:47 -------- d-----w- c:\arquivos de programas\Orban

2009-10-06 22:59 . 2009-06-29 15:16 7680 ----a-w- c:\windows\system32\drivers\massfilter.sys

2009-10-06 22:59 . 2009-06-29 15:16 13824 ----a-w- c:\windows\system32\drivers\ZTEusbccid.sys

2009-10-06 22:59 . 2009-06-29 15:16 104960 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys

2009-10-06 22:59 . 2009-06-29 15:16 104960 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys

2009-10-06 22:59 . 2009-06-29 15:16 104960 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys

2009-10-06 22:58 . 2009-06-08 19:06 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys

2009-10-06 22:58 . 2009-06-08 19:06 101120 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys

2009-10-06 22:58 . 2009-06-08 19:06 100992 ----a-w- c:\windows\system32\drivers\ewusbnet.sys

2009-10-06 22:58 . 2009-06-08 19:06 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys

2009-10-06 22:58 . 2009-06-08 19:06 103168 ----a-w- c:\windows\system32\drivers\ewusbfake.sys

2009-10-06 22:58 . 2009-10-06 22:58 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\OI

2009-10-06 22:58 . 2009-10-06 22:58 -------- d-----w- c:\arquivos de programas\OI

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-11-03 16:53 . 2009-08-09 16:14 -------- d-----w- c:\arquivos de programas\Eset

2009-11-02 14:31 . 2001-10-28 18:07 79980 ----a-w- c:\windows\system32\perfc016.dat

2009-11-02 14:31 . 2001-10-28 18:07 471022 ----a-w- c:\windows\system32\perfh016.dat

2009-10-30 00:09 . 2009-08-30 14:26 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2009-10-18 14:33 . 2009-08-09 22:45 -------- d-----w- c:\arquivos de programas\Discador itelefonica

2009-10-15 17:18 . 2009-08-09 16:11 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield

2009-10-05 14:19 . 2009-10-05 14:18 -------- d-----w- c:\arquivos de programas\Ares

2009-09-18 15:21 . 2009-09-18 15:21 -------- d-----w- c:\arquivos de programas\Windows Live SkyDrive

2009-09-15 21:02 . 2009-09-15 21:02 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Windows Live

2009-09-11 14:19 . 2004-08-04 03:45 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-04 21:04 . 2004-08-04 03:45 58880 ----a-w- c:\windows\system32\msasn1.dll

2009-08-29 07:57 . 2004-08-04 03:45 916480 ----a-w- c:\windows\system32\wininet.dll

2009-08-26 08:01 . 2004-08-04 03:45 247326 ----a-w- c:\windows\system32\strmdll.dll

2009-08-18 22:44 . 2009-08-18 22:44 15240 ----a-w- c:\documents and settings\Iniciar\Dados de aplicativos\Microsoft\IdentityCRL\PROD\ppcrlconfig.dll

2009-08-10 20:06 . 2009-08-09 14:41 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-08-09 16:11 . 2009-08-09 16:11 315392 ----a-w- c:\windows\HideWin.exe

2009-08-09 14:38 . 2009-08-09 14:38 21844 ----a-w- c:\windows\system32\emptyregdb.dat

2009-08-06 21:24 . 2009-08-09 14:39 327896 ----a-w- c:\windows\system32\wucltui.dll

2009-08-06 21:24 . 2009-08-09 14:39 209632 ----a-w- c:\windows\system32\wuweb.dll

2009-08-06 21:24 . 2009-08-10 00:04 44768 ----a-w- c:\windows\system32\wups2.dll

2009-08-06 21:24 . 2009-08-09 14:39 35552 ----a-w- c:\windows\system32\wups.dll

2009-08-06 21:24 . 2009-08-09 14:39 53472 ----a-w- c:\windows\system32\wuauclt.exe

2009-08-06 21:24 . 2004-08-04 03:45 96480 ----a-w- c:\windows\system32\cdm.dll

2009-08-06 21:23 . 2009-08-09 14:39 575704 ----a-w- c:\windows\system32\wuapi.dll

2009-08-06 21:23 . 2009-09-16 16:13 274288 ----a-w- c:\windows\system32\mucltui.dll

2009-08-06 21:23 . 2009-09-16 16:13 215920 ----a-w- c:\windows\system32\muweb.dll

2009-08-06 21:23 . 2009-08-09 14:39 1929952 ----a-w- c:\windows\system32\wuaueng.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ABAB7830-3B37-421B-B7AE-8BE5B6F2B550}]

2009-11-01 21:03 2591744 ----a-w- c:\windows\system32\msvcr92d.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-20 142104]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-20 162584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-20 138008]

"SMSERIAL"="c:\windows\sm56hlpr.exe" [2006-04-05 565248]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-04-10 16126464]

"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-04-04 1822720]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= "c:\arquivos de programas\GbPlugin\gbiehcef.dll" [2009-09-30 305704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

2009-09-30 19:00 305704 ----a-w- c:\arquivos de programas\GbPlugin\gbiehcef.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\rtcshare.exe"=

"c:\\Arquivos de programas\\NetMeeting\\conf.exe"=

"c:\\Arquivos de programas\\Ares\\Ares.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [26/10/2009 22:19 30488]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2/11/2009 12:48 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/11/2009 12:48 20560]

R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [26/10/2009 22:19 53808]

R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [9/8/2009 14:09 39424]

S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [6/10/2009 20:59 7680]

--- =Outros Serviços/Drivers Na Memória ---

*NewlyCreated* - MBR

*NewlyCreated* - PROCEXP113

*Deregistered* - mbr

*Deregistered* - PROCEXP113

.

Conteúdo da pasta 'Tarefas Agendadas'

2009-11-04 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 18:07]

2009-11-04 c:\windows\Tasks\User_Feed_Synchronization-{0C147914-CBB4-43CD-803C-EE0F8B091F68}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: {32F5158C-0E12-40A8-8B50-3849C4E36951} = 200.222.0.34 200.202.193.75

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://imagem.caixa.gov.br/cab/gbpdist.cab

.

- - - - ORFÃOS REMOVIDOS - - - -

BHO-{C21DB80B-5EC5-4A58-9D82-6124A50B0DDB}9D82-6124A50B0DDB} - (no file)

HKLM-Run-Adobe Photo Downloader - c:\arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

AddRemove-DiscadorCompitelefonica - c:\arquivos de programas\Discador itelefonica\DiscadorCompitelefonica u

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-11-04 18:02

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|þ»Òw*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(544)

c:\arquivos de programas\GbPlugin\gbiehcef.dll

- - - - - - - > 'explorer.exe'(828)

c:\windows\system32\WININET.dll

c:\arquiv~1\WINDOW~2\wmpband.dll

c:\arquivos de programas\GbPlugin\gbiehcef.dll

c:\windows\system32\webcheck.dll

c:\arquivos de programas\Scpad\scpLIB.dll

c:\arquivos de programas\Scpad\scpMIB.dll

c:\arquivos de programas\Scpad\sshib.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Tempo para conclusão: 2009-11-04 18:04

ComboFix-quarantined-files.txt 2009-11-04 20:04

Pré-execução: 8 pasta(s) 71.546.753.024 bytes disponíveis

Pós execução: 11 pasta(s) 71.532.806.144 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro _AlexF

Este log é o mesmo que o outro, veja se tem o novo, caso não refaça a operação.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá, refiz o processo porém o log está sendo enviado pelo combofix, e quando termina o bloco de notas está em branco.:)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro _AlexF

Delete o ComboFix.exe de seu desktop, baixe outra versão, faça um scan e poste o log aqui.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá :) desculpe minha desatenção mas achei os arquivos que pediu. Estou mandando os logs CFScript.txt:

ComboFix 09-11-04.02 - Iniciar 04/11/2009 20:39:28.2.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.502.209 [GMT -2:00]

Executando de: C:\Documents and Settings\Iniciar\Desktop\ComboFix.exe

Comandos utilizados :: C:\Documents and Settings\Iniciar\Desktop\CFScript.txt

AV: avast! antivirus 4.8.1356 [VPS 091104-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

file zipped: C:\WINDOWS\System32\Conts.ini

file zipped: C:\WINDOWS\System32\LgPss.ini

file zipped: C:\WINDOWS\System32\lj3j4j63kkj.cfg

file zipped: C:\WINDOWS\System32\lj3j4j63kkj.usr

file zipped: c:\windows\system32\msvcr92d.cfg

file zipped: c:\windows\system32\msvcr92d.dll

file zipped: C:\WINDOWS\System32\msvcr92d.usr

file zipped: C:\WINDOWS\System32\wmpnet.exe

.

ADS - drivers: deleted 208 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\System32\Conts.ini

C:\WINDOWS\System32\LgPss.ini

C:\WINDOWS\System32\lj3j4j63kkj.cfg

C:\WINDOWS\System32\lj3j4j63kkj.usr

c:\windows\system32\msvcr92d.cfg

c:\windows\system32\msvcr92d.dll

C:\WINDOWS\System32\msvcr92d.usr

C:\WINDOWS\System32\wmpnet.exe

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-10-04 to 2009-11-04 ))))))))))))))))))))))))))))

.

2009-11-04 19:39:51 . 2009-11-04 19:39:51 0 d-----w- C:\_OTL

2009-11-03 16:53:51 . 2009-11-03 16:53:51 0 d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\ESET

2009-11-02 14:48:50 . 2009-09-15 09:54:30 52368 ----a-w- C:\WINDOWS\system32\drivers\aswTdi.sys

2009-11-02 14:48:50 . 2009-09-15 09:54:21 23152 ----a-w- C:\WINDOWS\system32\drivers\aswRdr.sys

2009-11-02 14:48:49 . 2009-09-15 09:53:24 27408 ----a-w- C:\WINDOWS\system32\drivers\aavmker4.sys

2009-11-02 14:48:46 . 2009-09-15 09:53:01 97480 ----a-w- C:\WINDOWS\system32\AvastSS.scr

2009-11-02 14:48:44 . 2009-09-15 09:55:19 20560 ----a-w- C:\WINDOWS\system32\drivers\aswFsBlk.sys

2009-11-02 14:48:43 . 2009-09-15 09:56:21 93424 ----a-w- C:\WINDOWS\system32\drivers\aswmon.sys

2009-11-02 14:48:43 . 2009-09-15 09:56:14 94160 ----a-w- C:\WINDOWS\system32\drivers\aswmon2.sys

2009-11-02 14:48:43 . 2009-09-15 09:55:30 114768 ----a-w- C:\WINDOWS\system32\drivers\aswSP.sys

2009-11-02 14:48:23 . 2009-09-15 09:59:36 1279968 ----a-w- C:\WINDOWS\system32\aswBoot.exe

2009-11-02 13:08:31 . 2009-11-02 13:08:31 0 d-----w- C:\Arquivos de programas\Microsoft

2009-11-02 13:07:59 . 2009-11-02 13:08:26 0 d-----w- C:\Arquivos de programas\Windows Live

2009-10-30 00:12:57 . 2008-05-29 06:03:08 37176 ----a-w- C:\Documents and Settings\Iniciar\Dados de aplicativos\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2009-10-29 17:32:06 . 2009-10-29 17:32:06 0 d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2009-10-28 17:22:38 . 2009-10-29 17:17:11 0 d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\FLEXnet

2009-10-28 17:16:53 . 2009-10-28 17:16:53 0 d-----w- C:\Arquivos de programas\Adobe Media Player

2009-10-28 17:14:28 . 2009-10-28 17:14:28 0 d-----w- C:\Arquivos de programas\Arquivos comuns\Adobe AIR

2009-10-27 00:19:14 . 2009-09-30 18:57:38 30488 ----a-w- C:\WINDOWS\system32\drivers\gbpkm.sys

2009-10-27 00:11:37 . 2009-10-27 00:19:14 0 d-----w- C:\Arquivos de programas\GbPlugin

2009-10-27 00:11:37 . 2009-10-27 00:19:13 0 d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2009-10-24 12:47:21 . 2008-05-09 10:55:06 90112 -c----w- C:\WINDOWS\system32\dllcache\wshext.dll

2009-10-24 12:47:21 . 2008-05-09 10:55:05 180224 -c----w- C:\WINDOWS\system32\dllcache\scrobj.dll

2009-10-24 12:47:21 . 2008-05-09 10:55:05 172032 -c----w- C:\WINDOWS\system32\dllcache\scrrun.dll

2009-10-24 12:47:21 . 2008-05-09 08:45:51 135168 -c----w- C:\WINDOWS\system32\dllcache\cscript.exe

2009-10-24 12:47:21 . 2008-05-08 11:24:44 155648 -c----w- C:\WINDOWS\system32\dllcache\wscript.exe

2009-10-23 19:06:53 . 2009-10-23 19:06:54 0 d-----w- C:\WINDOWS\l2schemas

2009-10-23 19:06:53 . 2009-10-23 19:06:53 0 d-----w- C:\WINDOWS\system32\bits

2009-10-23 15:52:19 . 2004-08-04 03:36:02 701440 ------w- C:\WINDOWS\system32\drivers\ati2mtag.sys

2009-10-23 15:06:44 . 2009-10-23 15:06:44 0 d-----w- C:\WINDOWS\system32\XPSViewer

2009-10-23 15:06:40 . 2009-10-23 15:06:40 0 d-----w- C:\Arquivos de programas\MSBuild

2009-10-23 15:06:32 . 2009-10-23 15:06:32 0 d-----w- C:\Arquivos de programas\Reference Assemblies

2009-10-23 15:05:58 . 2008-07-06 12:06:10 89088 -c----w- C:\WINDOWS\system32\dllcache\filterpipelineprintproc.dll

2009-10-23 15:05:58 . 2008-07-06 12:06:10 575488 -c----w- C:\WINDOWS\system32\dllcache\xpsshhdr.dll

2009-10-23 15:05:58 . 2008-07-06 12:06:10 575488 ------w- C:\WINDOWS\system32\xpsshhdr.dll

2009-10-23 15:05:58 . 2008-07-06 12:06:10 1676288 -c----w- C:\WINDOWS\system32\dllcache\xpssvcs.dll

2009-10-23 15:05:58 . 2008-07-06 12:06:10 1676288 ------w- C:\WINDOWS\system32\xpssvcs.dll

2009-10-23 15:05:58 . 2008-07-06 12:06:10 117760 ------w- C:\WINDOWS\system32\prntvpt.dll

2009-10-23 15:05:58 . 2008-07-06 10:50:03 597504 -c----w- C:\WINDOWS\system32\dllcache\printfilterpipelinesvc.exe

2009-10-23 15:01:29 . 2009-10-23 15:01:29 0 d-----w- C:\Arquivos de programas\MSXML 6.0

2009-10-15 17:26:35 . 2009-10-15 17:27:13 0 d-----w- C:\Documents and Settings\Iniciar\Dados de aplicativos\Teleca

2009-10-15 17:26:24 . 2009-10-15 17:26:24 0 d-----w- C:\Documents and Settings\Iniciar\Dados de aplicativos\Sony Ericsson

2009-10-15 17:18:38 . 2009-10-16 15:55:16 0 d-----w- C:\WINDOWS\Downloaded Installations

2009-10-15 13:16:14 . 2009-10-15 13:16:14 0 d-----w- C:\Documents and Settings\Iniciar\Dados de aplicativos\Leadertech

2009-10-15 13:01:02 . 2009-10-15 13:01:02 0 d-----w- C:\Documents and Settings\Iniciar\Dados de aplicativos\AdobeUM

2009-10-12 21:22:20 . 2009-10-12 21:25:58 0 d-----w- C:\Documents and Settings\Iniciar\Dados de aplicativos\Nokia

2009-10-12 21:20:14 . 2009-10-12 21:20:14 0 d-----w- C:\Arquivos de programas\DIFX

2009-10-12 21:19:46 . 2009-10-12 21:20:17 0 d-----w- C:\Documents and Settings\Iniciar\Dados de aplicativos\PC Suite

2009-10-12 21:19:45 . 2009-10-12 21:19:45 0 d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\PC Suite

2009-10-12 21:19:35 . 2006-03-24 11:31:58 48128 ----a-w- C:\WINDOWS\system32\nmwcdcls.dll

2009-10-12 21:19:16 . 2009-10-16 15:45:52 0 d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\Downloaded Installations

2009-10-10 18:37:44 . 2008-04-14 02:20:40 26624 ----a-w- C:\Documents and Settings\LocalService\Dados de aplicativos\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

2009-10-10 18:09:34 . 2009-10-10 18:09:35 0 d-----w- C:\Arquivos de programas\Windows Media Connect 2

2009-10-10 18:07:23 . 2009-10-24 12:42:32 0 d-----w- C:\WINDOWS\system32\drivers\UMDF

2009-10-10 18:07:23 . 2009-10-10 18:07:23 0 d-----w- C:\WINDOWS\system32\LogFiles

2009-10-07 22:47:35 . 2009-10-07 22:47:37 0 d-----w- C:\Arquivos de programas\SopCast

2009-10-07 22:47:32 . 2009-10-07 22:47:32 0 d-----w- C:\Arquivos de programas\Orban

2009-10-06 22:59:04 . 2009-06-29 15:16:40 7680 ----a-w- C:\WINDOWS\system32\drivers\massfilter.sys

2009-10-06 22:59:04 . 2009-06-29 15:16:40 13824 ----a-w- C:\WINDOWS\system32\drivers\ZTEusbccid.sys

2009-10-06 22:59:04 . 2009-06-29 15:16:40 104960 ----a-w- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys

2009-10-06 22:59:04 . 2009-06-29 15:16:40 104960 ----a-w- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys

2009-10-06 22:59:04 . 2009-06-29 15:16:40 104960 ----a-w- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys

2009-10-06 22:58:54 . 2009-06-08 19:06:48 621056 ----a-w- C:\WINDOWS\system32\drivers\mod7700.sys

2009-10-06 22:58:54 . 2009-06-08 19:06:48 101120 ----a-w- C:\WINDOWS\system32\drivers\ewusbmdm.sys

2009-10-06 22:58:54 . 2009-06-08 19:06:48 100992 ----a-w- C:\WINDOWS\system32\drivers\ewusbnet.sys

2009-10-06 22:58:53 . 2009-06-08 19:06:48 24448 ----a-w- C:\WINDOWS\system32\drivers\ewdcsc.sys

2009-10-06 22:58:53 . 2009-06-08 19:06:48 103168 ----a-w- C:\WINDOWS\system32\drivers\ewusbfake.sys

2009-10-06 22:58:26 . 2009-10-06 22:58:26 0 d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\OI

2009-10-06 22:58:25 . 2009-10-06 22:58:26 0 d-----w- C:\Arquivos de programas\OI

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-11-03 16:53:51 . 2009-08-09 16:14:37 0 d-----w- C:\Arquivos de programas\Eset

2009-11-02 14:31:46 . 2001-10-28 18:07:18 79980 ----a-w- C:\WINDOWS\system32\perfc016.dat

2009-11-02 14:31:46 . 2001-10-28 18:07:18 471022 ----a-w- C:\WINDOWS\system32\perfh016.dat

2009-10-30 00:09:23 . 2009-08-30 14:26:23 0 d-----w- C:\Arquivos de programas\Arquivos comuns\Adobe

2009-10-18 14:33:24 . 2009-08-09 22:45:17 0 d-----w- C:\Arquivos de programas\Discador itelefonica

2009-10-15 17:18:33 . 2009-08-09 16:11:03 0 d-----w- C:\Arquivos de programas\Arquivos comuns\InstallShield

2009-10-05 14:19:01 . 2009-10-05 14:18:50 0 d-----w- C:\Arquivos de programas\Ares

2009-09-18 15:21:11 . 2009-09-18 15:21:11 0 d-----w- C:\Arquivos de programas\Windows Live SkyDrive

2009-09-15 21:02:51 . 2009-09-15 21:02:51 0 d-----w- C:\Arquivos de programas\Arquivos comuns\Windows Live

2009-09-11 14:19:14 . 2004-08-04 03:45:26 136192 ----a-w- C:\WINDOWS\system32\msv1_0.dll

2009-09-04 21:04:39 . 2004-08-04 03:45:24 58880 ----a-w- C:\WINDOWS\system32\msasn1.dll

2009-08-29 07:57:54 . 2004-08-04 03:45:28 916480 ------w- C:\WINDOWS\system32\wininet.dll

2009-08-26 08:01:18 . 2004-08-04 03:45:28 247326 ----a-w- C:\WINDOWS\system32\strmdll.dll

2009-08-18 22:44:38 . 2009-08-18 22:44:38 15240 ----a-w- C:\Documents and Settings\Iniciar\Dados de aplicativos\Microsoft\IdentityCRL\PROD\ppcrlconfig.dll

2009-08-10 20:06:25 . 2009-08-09 14:41:06 86327 ----a-w- C:\WINDOWS\pchealth\helpctr\OfflineCache\index.dat

2009-08-09 16:11:06 . 2009-08-09 16:11:06 315392 ----a-w- C:\WINDOWS\HideWin.exe

2009-08-09 14:38:37 . 2009-08-09 14:38:38 21844 ----a-w- C:\WINDOWS\system32\emptyregdb.dat

.

((((((((((((((((((((((((((((( SnapShot@2009-11-04_20.02.25 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-11-04 21:53:09 . 2009-11-04 21:53:09 16384 C:\WINDOWS\Temp\Perflib_Perfdata_67c.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-04-20 05:57:36 142104]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-04-20 05:57:20 162584]

"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-04-20 05:57:30 138008]

"SMSERIAL"="C:\WINDOWS\sm56hlpr.exe" [2006-04-05 10:36:52 565248]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 06:08:38 35696]

"Adobe ARM"="C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 14:08:30 935288]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 09:56:48 81000]

"RTHDCPL"="RTHDCPL.EXE" - C:\WINDOWS\RTHDCPL.exe [2007-04-10 15:28:44 16126464]

"SkyTel"="SkyTel.EXE" - C:\WINDOWS\SkyTel.exe [2007-04-04 17:22:46 1822720]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 02:20:54 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= "C:\Arquivos de programas\GbPlugin\gbiehcef.dll" [2009-09-30 19:00:40 305704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

2009-09-30 19:00:40 305704 ----a-w- C:\Arquivos de programas\GbPlugin\gbiehcef.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\WINDOWS\\system32\\rtcshare.exe"=

"C:\\Arquivos de programas\\NetMeeting\\conf.exe"=

"C:\\Arquivos de programas\\Ares\\Ares.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 GbpKm;Gbp KernelMode;C:\WINDOWS\system32\drivers\gbpkm.sys [26/10/2009 22:19:14 30488]

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2/11/2009 12:48:43 114768]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\drivers\aswFsBlk.sys [2/11/2009 12:48:44 20560]

R2 GbpSv;Gbp Service;C:\ARQUIV~1\GbPlugin\GbpSv.exe [26/10/2009 22:19:12 53808]

R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\drivers\l151x86.sys [9/8/2009 14:09:27 39424]

S3 massfilter;ZTE Mass Storage Filter Driver;C:\WINDOWS\system32\drivers\massfilter.sys [6/10/2009 20:59:04 7680]

--- =Outros Serviços/Drivers Na Memória ---

*Deregistered* - PROCEXP113

.

Conteúdo da pasta 'Tarefas Agendadas'

2009-11-04 C:\WINDOWS\Tasks\OGALogon.job

- C:\WINDOWS\system32\OGAEXEC.exe [2009-08-03 18:07:42 . 2009-08-03 18:07:42]

2009-11-04 C:\WINDOWS\Tasks\User_Feed_Synchronization-{0C147914-CBB4-43CD-803C-EE0F8B091F68}.job

- C:\WINDOWS\system32\msfeedssync.exe [2009-03-08 07:31:54 . 2009-03-08 07:31:54]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xportar para o Microsoft Excel - C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: {32F5158C-0E12-40A8-8B50-3849C4E36951} = 200.222.0.34 200.202.193.75

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://imagem.caixa.gov.br/cab/gbpdist.cab

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-11-04 20:44:42

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|þ»Òw*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(540)

C:\Arquivos de programas\GbPlugin\gbiehcef.dll

.

Tempo para conclusão: 2009-11-04 20:46:29

ComboFix-quarantined-files.txt 2009-11-04 22:46:18

ComboFix2.txt 2009-11-04 20:04:22

Pré-execução: 9 pasta(s) 71.525.294.080 bytes disponíveis

Pós execução: 11 pasta(s) 71.529.992.192 bytes disponíveis

E os novos que pediu:

ComboFix 09-11-05.05 - Iniciar 06/11/2009 21:15:00.5.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.502.202 [GMT -2:00]

Executando de: C:\Documents and Settings\Iniciar\Desktop\ComboFix.exe

AV: avast! antivirus 4.8.1356 [VPS 091106-2] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

ADS - drivers: deleted 208 bytes in 1 streams.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-10-06 to 2009-11-06 ))))))))))))))))))))))))))))

.

2009-11-05 17:26:03 . 2009-11-05 17:26:59 0 d-----w- C:\TEMP

2009-11-04 19:39:51 . 2009-11-04 19:39:51 0 d-----w- C:\_OTL

2009-11-03 16:53:51 . 2009-11-03 16:53:51 0 d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\ESET

2009-11-02 14:48:50 . 2009-09-15 09:54:30 52368 ----a-w- C:\WINDOWS\system32\drivers\aswTdi.sys

2009-11-02 14:48:50 . 2009-09-15 09:54:21 23152 ----a-w- C:\WINDOWS\system32\drivers\aswRdr.sys

2009-11-02 14:48:49 . 2009-09-15 09:53:24 27408 ----a-w- C:\WINDOWS\system32\drivers\aavmker4.sys

2009-11-02 14:48:46 . 2009-09-15 09:53:01 97480 ----a-w- C:\WINDOWS\system32\AvastSS.scr

2009-11-02 14:48:44 . 2009-09-15 09:55:19 20560 ----a-w- C:\WINDOWS\system32\drivers\aswFsBlk.sys

2009-11-02 14:48:43 . 2009-09-15 09:56:21 93424 ----a-w- C:\WINDOWS\system32\drivers\aswmon.sys

2009-11-02 14:48:43 . 2009-09-15 09:56:14 94160 ----a-w- C:\WINDOWS\system32\drivers\aswmon2.sys

2009-11-02 14:48:43 . 2009-09-15 09:55:30 114768 ----a-w- C:\WINDOWS\system32\drivers\aswSP.sys

2009-11-02 14:48:23 . 2009-09-15 09:59:36 1279968 ----a-w- C:\WINDOWS\system32\aswBoot.exe

2009-11-02 13:08:31 . 2009-11-02 13:08:31 0 d-----w- C:\Arquivos de programas\Microsoft

2009-11-02 13:07:59 . 2009-11-02 13:08:26 0 d-----w- C:\Arquivos de programas\Windows Live

2009-10-30 00:12:57 . 2008-05-29 06:03:08 37176 ----a-w- C:\Documents and Settings\Iniciar\Dados de aplicativos\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2009-10-29 17:32:06 . 2009-10-29 17:32:06 0 d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2009-10-28 17:22:38 . 2009-10-29 17:17:11 0 d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\FLEXnet

2009-10-28 17:16:53 . 2009-10-28 17:16:53 0 d-----w- C:\Arquivos de programas\Adobe Media Player

2009-10-28 17:14:28 . 2009-10-28 17:14:28 0 d-----w- C:\Arquivos de programas\Arquivos comuns\Adobe AIR

2009-10-27 00:19:14 . 2009-09-30 18:57:38 30488 ----a-w- C:\WINDOWS\system32\drivers\gbpkm.sys

2009-10-27 00:11:37 . 2009-10-27 00:19:14 0 d-----w- C:\Arquivos de programas\GbPlugin

2009-10-27 00:11:37 . 2009-10-27 00:19:13 0 d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2009-10-24 12:47:21 . 2008-05-09 10:55:06 90112 -c----w- C:\WINDOWS\system32\dllcache\wshext.dll

2009-10-24 12:47:21 . 2008-05-09 10:55:05 180224 -c----w- C:\WINDOWS\system32\dllcache\scrobj.dll

2009-10-24 12:47:21 . 2008-05-09 10:55:05 172032 -c----w- C:\WINDOWS\system32\dllcache\scrrun.dll

2009-10-24 12:47:21 . 2008-05-09 08:45:51 135168 -c----w- C:\WINDOWS\system32\dllcache\cscript.exe

2009-10-24 12:47:21 . 2008-05-08 11:24:44 155648 -c----w- C:\WINDOWS\system32\dllcache\wscript.exe

2009-10-23 19:06:53 . 2009-10-23 19:06:54 0 d-----w- C:\WINDOWS\l2schemas

2009-10-23 19:06:53 . 2009-10-23 19:06:53 0 d-----w- C:\WINDOWS\system32\bits

2009-10-23 15:52:19 . 2004-08-04 03:36:02 701440 ------w- C:\WINDOWS\system32\drivers\ati2mtag.sys

2009-10-23 15:06:44 . 2009-10-23 15:06:44 0 d-----w- C:\WINDOWS\system32\XPSViewer

2009-10-23 15:06:40 . 2009-10-23 15:06:40 0 d-----w- C:\Arquivos de programas\MSBuild

2009-10-23 15:06:32 . 2009-10-23 15:06:32 0 d-----w- C:\Arquivos de programas\Reference Assemblies

2009-10-23 15:05:58 . 2008-07-06 12:06:10 89088 -c----w- C:\WINDOWS\system32\dllcache\filterpipelineprintproc.dll

2009-10-23 15:05:58 . 2008-07-06 12:06:10 575488 -c----w- C:\WINDOWS\system32\dllcache\xpsshhdr.dll

2009-10-23 15:05:58 . 2008-07-06 12:06:10 575488 ------w- C:\WINDOWS\system32\xpsshhdr.dll

2009-10-23 15:05:58 . 2008-07-06 12:06:10 1676288 -c----w- C:\WINDOWS\system32\dllcache\xpssvcs.dll

2009-10-23 15:05:58 . 2008-07-06 12:06:10 1676288 ------w- C:\WINDOWS\system32\xpssvcs.dll

2009-10-23 15:05:58 . 2008-07-06 12:06:10 117760 ------w- C:\WINDOWS\system32\prntvpt.dll

2009-10-23 15:05:58 . 2008-07-06 10:50:03 597504 -c----w- C:\WINDOWS\system32\dllcache\printfilterpipelinesvc.exe

2009-10-23 15:01:29 . 2009-10-23 15:01:29 0 d-----w- C:\Arquivos de programas\MSXML 6.0

2009-10-15 17:26:35 . 2009-10-15 17:27:13 0 d-----w- C:\Documents and Settings\Iniciar\Dados de aplicativos\Teleca

2009-10-15 17:26:24 . 2009-10-15 17:26:24 0 d-----w- C:\Documents and Settings\Iniciar\Dados de aplicativos\Sony Ericsson

2009-10-15 17:18:38 . 2009-10-16 15:55:16 0 d-----w- C:\WINDOWS\Downloaded Installations

2009-10-15 13:16:14 . 2009-10-15 13:16:14 0 d-----w- C:\Documents and Settings\Iniciar\Dados de aplicativos\Leadertech

2009-10-15 13:01:02 . 2009-10-15 13:01:02 0 d-----w- C:\Documents and Settings\Iniciar\Dados de aplicativos\AdobeUM

2009-10-12 21:22:20 . 2009-10-12 21:25:58 0 d-----w- C:\Documents and Settings\Iniciar\Dados de aplicativos\Nokia

2009-10-12 21:20:14 . 2009-10-12 21:20:14 0 d-----w- C:\Arquivos de programas\DIFX

2009-10-12 21:19:46 . 2009-10-12 21:20:17 0 d-----w- C:\Documents and Settings\Iniciar\Dados de aplicativos\PC Suite

2009-10-12 21:19:45 . 2009-10-12 21:19:45 0 d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\PC Suite

2009-10-12 21:19:35 . 2006-03-24 11:31:58 48128 ----a-w- C:\WINDOWS\system32\nmwcdcls.dll

2009-10-12 21:19:16 . 2009-10-16 15:45:52 0 d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\Downloaded Installations

2009-10-10 18:37:44 . 2008-04-14 02:20:40 26624 ----a-w- C:\Documents and Settings\LocalService\Dados de aplicativos\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

2009-10-10 18:09:34 . 2009-10-10 18:09:35 0 d-----w- C:\Arquivos de programas\Windows Media Connect 2

2009-10-10 18:07:23 . 2009-10-24 12:42:32 0 d-----w- C:\WINDOWS\system32\drivers\UMDF

2009-10-10 18:07:23 . 2009-10-10 18:07:23 0 d-----w- C:\WINDOWS\system32\LogFiles

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-11-05 19:45:43 . 2009-08-09 16:14:37 0 d-----w- C:\Arquivos de programas\Eset

2009-11-02 14:31:46 . 2001-10-28 18:07:18 79980 ----a-w- C:\WINDOWS\system32\perfc016.dat

2009-11-02 14:31:46 . 2001-10-28 18:07:18 471022 ----a-w- C:\WINDOWS\system32\perfh016.dat

2009-10-30 00:09:23 . 2009-08-30 14:26:23 0 d-----w- C:\Arquivos de programas\Arquivos comuns\Adobe

2009-10-18 14:33:24 . 2009-08-09 22:45:17 0 d-----w- C:\Arquivos de programas\Discador itelefonica

2009-10-15 17:18:33 . 2009-08-09 16:11:03 0 d-----w- C:\Arquivos de programas\Arquivos comuns\InstallShield

2009-10-07 22:47:37 . 2009-10-07 22:47:35 0 d-----w- C:\Arquivos de programas\SopCast

2009-10-07 22:47:32 . 2009-10-07 22:47:32 0 d-----w- C:\Arquivos de programas\Orban

2009-10-06 22:58:26 . 2009-10-06 22:58:26 0 d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\OI

2009-10-06 22:58:26 . 2009-10-06 22:58:25 0 d-----w- C:\Arquivos de programas\OI

2009-10-05 14:19:01 . 2009-10-05 14:18:50 0 d-----w- C:\Arquivos de programas\Ares

2009-09-18 15:21:11 . 2009-09-18 15:21:11 0 d-----w- C:\Arquivos de programas\Windows Live SkyDrive

2009-09-15 21:02:51 . 2009-09-15 21:02:51 0 d-----w- C:\Arquivos de programas\Arquivos comuns\Windows Live

2009-09-11 14:19:14 . 2004-08-04 03:45:26 136192 ----a-w- C:\WINDOWS\system32\msv1_0.dll

2009-09-04 21:04:39 . 2004-08-04 03:45:24 58880 ----a-w- C:\WINDOWS\system32\msasn1.dll

2009-08-29 07:57:54 . 2004-08-04 03:45:28 916480 ------w- C:\WINDOWS\system32\wininet.dll

2009-08-26 08:01:18 . 2004-08-04 03:45:28 247326 ----a-w- C:\WINDOWS\system32\strmdll.dll

2009-08-18 22:44:38 . 2009-08-18 22:44:38 15240 ----a-w- C:\Documents and Settings\Iniciar\Dados de aplicativos\Microsoft\IdentityCRL\PROD\ppcrlconfig.dll

2009-08-10 20:06:25 . 2009-08-09 14:41:06 86327 ----a-w- C:\WINDOWS\pchealth\helpctr\OfflineCache\index.dat

2009-08-09 16:11:06 . 2009-08-09 16:11:06 315392 ----a-w- C:\WINDOWS\HideWin.exe

2009-08-09 14:38:37 . 2009-08-09 14:38:38 21844 ----a-w- C:\WINDOWS\system32\emptyregdb.dat

.

((((((((((((((((((((((((((((( SnapShot@2009-11-04_20.02.25 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-11-06 22:32:08 . 2009-11-06 22:32:08 16384 C:\WINDOWS\Temp\Perflib_Perfdata_684.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 02:20:54 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-04-20 05:57:36 142104]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-04-20 05:57:20 162584]

"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-04-20 05:57:30 138008]

"SMSERIAL"="C:\WINDOWS\sm56hlpr.exe" [2006-04-05 10:36:52 565248]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 06:08:38 35696]

"Adobe ARM"="C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 14:08:30 935288]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 09:56:48 81000]

"RTHDCPL"="RTHDCPL.EXE" - C:\WINDOWS\RTHDCPL.exe [2007-04-10 15:28:44 16126464]

"SkyTel"="SkyTel.EXE" - C:\WINDOWS\SkyTel.exe [2007-04-04 17:22:46 1822720]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 02:20:54 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= "C:\Arquivos de programas\GbPlugin\gbiehcef.dll" [2009-09-30 19:00:40 305704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

2009-09-30 19:00:40 305704 ----a-w- C:\Arquivos de programas\GbPlugin\gbiehcef.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\WINDOWS\\system32\\rtcshare.exe"=

"C:\\Arquivos de programas\\NetMeeting\\conf.exe"=

"C:\\Arquivos de programas\\Ares\\Ares.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 GbpKm;Gbp KernelMode;C:\WINDOWS\system32\drivers\gbpkm.sys [26/10/2009 22:19:14 30488]

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2/11/2009 12:48:43 114768]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\drivers\aswFsBlk.sys [2/11/2009 12:48:44 20560]

R2 GbpSv;Gbp Service;C:\ARQUIV~1\GbPlugin\GbpSv.exe [26/10/2009 22:19:12 53808]

R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\drivers\l151x86.sys [9/8/2009 14:09:27 39424]

S3 massfilter;ZTE Mass Storage Filter Driver;C:\WINDOWS\system32\drivers\massfilter.sys [6/10/2009 20:59:04 7680]

--- =Outros Serviços/Drivers Na Memória ---

*Deregistered* - PROCEXP113

.

Conteúdo da pasta 'Tarefas Agendadas'

2009-11-06 C:\WINDOWS\Tasks\OGALogon.job

- C:\WINDOWS\system32\OGAEXEC.exe [2009-08-03 18:07:42 . 2009-08-03 18:07:42]

2009-11-06 C:\WINDOWS\Tasks\User_Feed_Synchronization-{0C147914-CBB4-43CD-803C-EE0F8B091F68}.job

- C:\WINDOWS\system32\msfeedssync.exe [2009-03-08 07:31:54 . 2009-03-08 07:31:54]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xportar para o Microsoft Excel - C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: {32F5158C-0E12-40A8-8B50-3849C4E36951} = 200.222.0.34 200.202.193.75

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://imagem.caixa.gov.br/cab/gbpdist.cab

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-11-06 21:19:48

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|þ»Òw*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(540)

C:\Arquivos de programas\GbPlugin\gbiehcef.dll

- - - - - - - > 'explorer.exe'(3456)

C:\WINDOWS\system32\WININET.dll

C:\ARQUIV~1\WINDOW~2\wmpband.dll

C:\Arquivos de programas\Scpad\scpLIB.dll

C:\Arquivos de programas\Scpad\scpMIB.dll

C:\Arquivos de programas\Scpad\sshib.dll

C:\WINDOWS\system32\webcheck.dll

C:\WINDOWS\system32\WPDShServiceObj.dll

C:\WINDOWS\system32\PortableDeviceTypes.dll

C:\WINDOWS\system32\PortableDeviceApi.dll

.

Tempo para conclusão: 2009-11-06 21:21:47

ComboFix-quarantined-files.txt 2009-11-06 23:21:44

ComboFix2.txt 2009-11-05 16:06:17

ComboFix3.txt 2009-11-04 22:53:30

ComboFix4.txt 2009-11-04 20:04:22

Pré-execução: 10 pasta(s) 71.309.643.776 bytes disponíveis

Pós execução: 12 pasta(s) 71.273.066.496 bytes disponíveis

- - End Of File - - 83CB9F0BF235B46FBEAB8320F16F8A53

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro _AlexF

Faça download do Kaspersky Removal Tool. Salve em seu desktop (área de trabalho).

  • Instale o programa normalmente, seguindo todas as instruções.
  • Uma pasta chamada Virus Removal Tool será criada no desktop.
  • Na tela principal do programa clique na opção Meu computador, Startup objects, Disk boot sectors e depois clique no botão Scan.
  • Seja paciente, o scan pode demorar
  • Se ele encontrar alguma infecção abrirá uma janela de alerta clique em skip.
  • Após completar tudo, clique no botão Reports... e clique em Save to file.
  • Dê um nome para o arquivo e salve numa pasta de sua preferência.
  • Feche o resultado clicando no X da janela.
  • Logo em seguida feche o programa também clicando no X da janela. Ao fazer isso será questionado se quer desinstalar a ferramenta, clique em No. Poste o conteúdo desse arquivo em sua próxima resposta e aguarde.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá

Scan

----

Scanned: 217876

Detected: 1

Untreated: 1

Start time: 10/11/2009 14:01:47

Duration: 01:51:39

Finish time: 10/11/2009 15:53:26

Detected

--------

Status Object

------ ------

detected: Trojan program Trojan-Banker.Win32.Banker.aotn File: C:\System Volume Information\_restore{B6839D1F-29AD-49BE-81EA-5F826A9B37DB}\RP104\A0024319.dll

Events

------

Time Name Status Reason

---- ---- ------ ------

10/11/2009 14:05:27 File: c:\windows\system32\mmdrv.dll ok scanned

10/11/2009 14:05:27 File: c:\windows\system\timer.drv ok scanned

10/11/2009 14:05:28 File: c:\windows\system32\mshta.exe ok scanned

10/11/2009 14:05:29 File: c:\windows\system32\notepad.exe ok scanned

Statistics

----------

Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted

------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------

Settings

--------

Parameter Value

--------- -----

Security Level Recommended

Action Prompt for action when the scan is complete

Run mode Manually

File types Scan all files

Scan only new and changed files No

Scan archives All

Scan embedded OLE objects All

Skip if object is larger than No

Skip if scan takes longer than No

Parse email formats No

Scan password-protected archives No

Enable iChecker technology No

Enable iSwift technology No

Show detected threats on "Detected" tab Yes

Rootkits search Yes

Deep rootkits search No

Use heuristic analyzer Yes

Quarantine

----------

Status Object Size Added

------ ------ ---- -----

Backup

------

Status Object Size

------ ------ ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro _AlexF

O que foi detectado pelo Kaspersky sai agora na limpeza... pode desinstalar o programa :)

>>>> Como está o computador?

Etapa nº 1 #

Vamos desinstalar o ComboFix:

Vá em,

iniciar > executar e digite Combofix /Uninstall e clique OK, na janela que aparecer clique em executar e aguarde o programa ser removido!

Etapa nº 2 #

Novamente com o OTL

  • Clique duas vezes no ícone 3984478580_7ed4cabc45_o.gif
  • Clique no botão 3979150508_cb492f5c9b_o.jpg
  • Aguarde...
  • Quando for pedido para reiniciar clique em OK.

Etapa nº 3 #

<<@>> Instale o CCleaner

O CCleaner é um excelente utilitário de limpeza para o computador, que lhe ajudará no desempenho do computador.

Faça o download dele aqui CCleaner


  • IMPORTANTE: Após a instalação vá até o local onde o programa foi instalado, C:\Arquivos de programas\CCleaner, clique duas vezes na pasta, numa área vazia desta janela, clique com o botão direito do mouse e escolha Novo > pasta e crie uma nova pasta; coloque o nome de backups!
  • Abra o programa e clique em Executar Limpeza;
  • clique no botão Registro > Procurar Erros > Corrigir erro(s) seleciona(s)...
    Obs: Não se esqueça de aceitar o backup das correções, e salvá-los nas pasta criada acima!

<<@>> Mantenha sempre seu Windows atualizado; mantenha uma vigilância constante com o firewall e antivírus e por fim, lembre-se que, a melhor forma de prevenir começa pelas nossas atitudes!

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá! :lol:o computador está ótimo. Já acabou? Então lhe agradeço pela sua ajuda, muito obrigado.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com a moderação solicitando o desbloqueio.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×