Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Opa...
Pesquisei hoje sobre um virus q surgiu na lista dos processos do meu pc e achei esse forum muito massa para resolver os problemas...
primeiro passei o combofix segui tudo certinho....
cara acho q sumiu alguns do malwares q estavam no pc...
melhorou bem..
depois lendo o forum achei o tal do hijackthis e passei ele tambem com todos os meus drivers conectador ao pc...
estou com o log dos dois...
Combofix:
ComboFix 09-04-01.01 - Felipe de Souza 2009-04-02 19:29:49.1 - NTFSx86
Executando de: e:\documents and settings\Felipe de Souza\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
E:\autorun.inf
e:\documents and settings\Felipe de Souza\Dados de aplicativos\inst.exe
e:\windows\system32\Core.dll
e:\windows\system32\msssc.dll
F:\Autorun.inf
.
(((((((((((((((( Arquivos/Ficheiros criados de 2009-03-02 to 2009-04-02 ))))))))))))))))))))))))))))
.
2009-04-02 19:13 . 2006-03-02 23:42 73,728 --a------ E:\pv.exe
2009-04-02 19:12 . 2009-04-02 19:12 <DIR> d-------- e:\documents and settings\Felipe de Souza\Dados de aplicativos\Windows Desktop Search
2009-04-02 16:25 . 2009-04-02 16:25 <DIR> d-------- e:\documents and settings\Felipe de Souza\Dados de aplicativos\Windows Search
2009-04-02 16:23 . 2009-04-02 16:23 <DIR> d-------- e:\arquivos de programas\Windows Desktop Search2009-04-02 16:22 . 2008-03-07 14:02 192,000 -----c--- e:\windows\system32\dllcache\offfilt.dll
2009-04-02 16:22 . 2008-03-07 14:02 98,304 -----c--- e:\windows\system32\dllcache\nlhtml.dll
2009-04-02 16:22 . 2008-03-07 14:02 29,696 -----c--- e:\windows\system32\dllcache\mimefilt.dll
2009-04-02 13:38 . 2009-01-09 16:19 1,089,883 -----c--- e:\windows\system32\dllcache\ntprint.cat
2009-04-01 14:10 . 2006-06-29 13:07 14,048 --------- e:\windows\system32\spmsg2.dll
2009-04-01 13:59 . 2009-04-01 14:10 <DIR> d-------- e:\windows\system32\XPSViewer
2009-04-01 13:58 . 2009-04-01 13:58 <DIR> d-------- e:\arquivos de programas\Reference Assemblies
2009-04-01 13:58 . 2009-04-01 13:58 <DIR> d-------- E:\82395a271562dfd27ce6b42009-04-01 13:58 . 2008-07-06 09:06 1,676,288 --------- e:\windows\system32\xpssvcs.dll
2009-04-01 13:58 . 2008-07-06 09:06 1,676,288 -----c--- e:\windows\system32\dllcache\xpssvcs.dll
2009-04-01 13:58 . 2008-07-06 07:50 597,504 -----c--- e:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-04-01 13:58 . 2008-07-06 09:06 575,488 --------- e:\windows\system32\xpsshhdr.dll
2009-04-01 13:58 . 2008-07-06 09:06 575,488 -----c--- e:\windows\system32\dllcache\xpsshhdr.dll
2009-04-01 13:58 . 2008-07-06 09:06 117,760 --------- e:\windows\system32\prntvpt.dll
2009-04-01 13:58 . 2008-07-06 09:06 89,088 -----c--- e:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-04-01 13:48 . 2009-04-01 13:48 <DIR> d-------- E:\1dbbb87d4aea535a613cdea85f1d
2009-03-31 16:26 . 2009-03-31 16:26 <DIR> d--hs---- e:\documents and settings\Felipe de Souza\PrivacIE
2009-03-31 16:26 . 2009-03-31 16:26 <DIR> d--hs---- e:\documents and settings\Felipe de Souza\IECompatCache
2009-03-31 15:50 . 2009-03-31 15:50 <DIR> d--hs---- e:\documents and settings\LocalService\IETldCache
2009-03-31 15:50 . 2009-03-31 15:50 <DIR> d--hs---- e:\documents and settings\Felipe de Souza\IETldCache
2009-03-31 15:31 . 2009-03-31 15:31 <DIR> d-------- e:\windows\ie8updates
2009-03-31 15:26 . 2009-03-31 15:30 <DIR> d--h-c--- e:\windows\ie82009-03-31 15:04 . 2009-02-28 01:55 105,984 -----c--- e:\windows\system32\dllcache\iecompat.dll
2009-03-25 22:15 . 2009-03-25 22:15 <DIR> d-------- e:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files
2009-03-19 18:27 . 2009-04-02 16:04 <DIR> d-------- e:\documents and settings\All Users\Dados de aplicativos\Google Updater
2009-03-19 16:23 . 2009-03-19 16:23 <DIR> d-------- e:\documents and settings\Felipe de Souza\Dados de aplicativos\Windows Live Writer
2009-03-19 15:17 . 2009-03-19 15:17 <DIR> d-------- e:\arquivos de programas\Microsoft Silverlight
2009-03-19 14:36 . 2009-03-19 14:36 <DIR> d-------- e:\windows\system32\config\systemprofile\Dados de aplicativos\SACore
2009-03-16 21:27 . 2009-03-16 21:56 <DIR> d-------- e:\documents and settings\Felipe de Souza\.receitanet2009-03-16 21:23 . 2008-12-23 17:01 69,632 --a------ e:\windows\system32\MSJCE.dll
2009-03-08 14:35 . 2009-03-08 14:35 53,248 --------- e:\windows\system32\msrating.dll.mui
2009-03-08 14:35 . 2009-03-08 14:35 2,560 --------- e:\windows\system32\mshta.exe.mui
2009-03-08 14:32 . 2009-03-08 14:32 81,920 --------- e:\windows\system32\iedkcs32.dll.mui
2009-03-08 14:32 . 2009-03-08 14:32 4,096 --------- e:\windows\system32\ie4uinit.exe.mui
2009-03-08 04:33 . 2009-03-08 04:33 18,944 -----c--- e:\windows\system32\dllcache\corpol.dll
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-02 22:32 --------- d-----w e:\documents and settings\Felipe de Souza\Dados de aplicativos\BitTorrent
2009-04-02 22:29 --------- d-----w e:\documents and settings\Felipe de Souza\Dados de aplicativos\DNA
2009-04-02 22:13 --------- d-----w e:\arquivos de programas\Mozilla Firefox 3.1 Beta 2
2009-04-02 22:09 --------- d-----w e:\arquivos de programas\DNA
2009-04-01 18:27 --------- d-----w e:\documents and settings\All Users\Dados de aplicativos\Babylon
2009-04-01 16:59 --------- d-----w e:\arquivos de programas\MSBuild
2009-03-31 23:55 --------- d-----w e:\documents and settings\Felipe de Souza\Dados de aplicativos\Babylon
2009-03-31 17:54 --------- d-----w e:\arquivos de programas\Hamachi
2009-03-31 17:54 --------- d-----w e:\arquivos de programas\GordianKnot
2009-03-31 17:53 --------- d-----w e:\arquivos de programas\Cheatbook Database 2008
2009-03-31 17:53 --------- d-----w e:\arquivos de programas\BitTorrent_DNA
2009-03-31 17:53 --------- d-----w e:\arquivos de programas\BitTorrent
2009-03-31 17:49 --------- d-----w e:\arquivos de programas\Acoustica Audio Converter Pro
2009-03-29 23:09 --------- d-----w e:\documents and settings\LocalService\Dados de aplicativos\SACore
2009-03-27 19:54 --------- d-----w e:\documents and settings\Felipe de Souza\Dados de aplicativos\Vso
2009-03-26 20:22 --------- d-----w e:\arquivos de programas\VDOWNLOADER
2009-03-26 01:18 --------- d-----w e:\arquivos de programas\AIMP2
2009-03-19 21:27 --------- d-----w e:\arquivos de programas\Google
2009-03-19 18:44 --------- d-----w e:\arquivos de programas\Windows Live
2009-03-19 16:19 --------- d-----w e:\arquivos de programas\McAfee
2009-03-17 01:15 --------- d-----w e:\arquivos de programas\Programas RFB
2009-03-13 15:58 --------- d-----w e:\documents and settings\All Users\Dados de aplicativos\Microsoft Help
2009-03-08 07:34 914,944 ----a-w e:\windows\system32\wininet.dll
2009-03-08 07:34 43,008 ----a-w e:\windows\system32\licmgr10.dll
2009-03-08 07:33 420,352 ----a-w e:\windows\system32\vbscript.dll
2009-03-08 07:33 18,944 ----a-w e:\windows\system32\corpol.dll
2009-03-08 07:32 72,704 ----a-w e:\windows\system32\admparse.dll
2009-03-08 07:32 71,680 ----a-w e:\windows\system32\iesetup.dll
2009-03-08 07:31 48,128 ----a-w e:\windows\system32\mshtmler.dll
2009-03-08 07:31 45,568 ----a-w e:\windows\system32\mshta.exe
2009-03-08 07:31 34,816 ----a-w e:\windows\system32\imgutil.dll
2009-03-08 07:22 156,160 ----a-w e:\windows\system32\msls31.dll
2009-02-09 14:06 1,846,912 ----a-w e:\windows\system32\win32k.sys
2009-02-08 00:16 --------- d--h--w e:\arquivos de programas\InstallShield Installation Information
2009-02-07 22:05 --------- d-----w e:\arquivos de programas\Messenger Plus! Live
2009-02-07 00:42 --------- d-----w e:\arquivos de programas\sXe Injected
2009-02-06 22:14 308,088 ----a-w e:\windows\WLXPGSS.SCR
2009-02-06 21:52 49,504 ----a-w e:\windows\system32\sirenacm.dll
2009-02-02 15:52 --------- d-----w e:\documents and settings\Felipe de Souza\Dados de aplicativos\SUPERAntiSpyware.com
2009-02-02 15:52 --------- d-----w e:\arquivos de programas\SUPERAntiSpyware
2009-01-07 21:21 26,144 ----a-w e:\windows\system32\spupdsvc.exe
2009-01-07 21:20 265,720 ----a-w e:\windows\system32\msdbg2.dll
2009-01-07 21:20 26,112 ----a-w e:\windows\system32\idndl.dll
2009-01-07 21:20 24,576 ----a-w e:\windows\system32\nlsdl.dll
2009-01-07 21:20 23,552 ----a-w e:\windows\system32\normaliz.dll
2008-03-08 21:06 47,360 ----a-w e:\documents and settings\Felipe de Souza\Dados de aplicativos\pcouffin.sys
2008-12-08 23:08 32,768 --sha-w e:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\MSHist012008120820081209\index.dat
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
Nota entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="e:\arquivos de programas\BitTorrent\bittorrent.exe" [2008-12-16 637232]
"ctfmon.exe"="e:\windows\system32\ctfmon.exe" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="e:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"MSConfig"="e:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-13 171520]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
e:\documents and settings\Felipe de Souza\Menu Iniciar\Programas\Inicializar\
Ferramenta de Verifica‡Æo de M¡dia do Cyber-shot Viewer.lnk - e:\arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-02-23 155648]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "e:\arquivos de programas\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Windows Search.lnk]
path=e:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Windows Search.lnk
backup=e:\windows\pss\Windows Search.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 00:04 39792 e:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
--a------ 2008-02-20 23:22 3165920 e:\arquivos de programas\Babylon\Babylon-Pro\Babylon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
--a------ 2008-12-16 17:16 637232 e:\arquivos de programas\BitTorrent\bittorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-12-19 08:22 342848 e:\arquivos de programas\DNA\btdna.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]
--a------ 2009-02-06 18:08 454000 e:\arquivos de programas\Windows Live\Family Safety\fsui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 06:00 33648 e:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2004-05-12 15:18 241664 e:\arquivos de programas\HP\hpcoretech\hpcmpmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-02-12 13:38 49152 e:\arquivos de programas\HP\HP Software Update\hpwuSchd2.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-13 23:21 1695232 e:\arquivos de programas\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2009-02-06 18:50 3885408 e:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-09 18:53 153136 e:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-10-22 13:22 7700480 e:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-10-22 13:22 86016 e:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-12-03 11:47 1205760 e:\arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2001-12-31 13:04 831488 e:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"e:\\Arquivos de programas\\DNA\\btdna.exe"=
"e:\\Arquivos de programas\\Shareaza\\Shareaza.exe"=
"e:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"=
"e:\\Arquivos de programas\\Valve\\hl.exe"=
"e:\\Arquivos de programas\\Valve\\hlds.exe"=
"e:\\Arquivos de programas\\Valve\\HLServer\\hlds.exe"=
"e:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=
R2 gupdate1c9a8d98cb40f30;Google Update Service (gupdate1c9a8d98cb40f30);e:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-03-19 133104]
R3 cpuz129;cpuz129;f:\felipe\Programas\pc wizz\pcwiz32.sys [2008-01-25 9600]
R3 Mkd2kfNt;Mkd2kfNt;e:\windows\system32\drivers\Mkd2kfNt.sys [2008-07-08 130560]
R3 Mkd2Nadr;Mkd2Nadr;e:\windows\system32\drivers\Mkd2Nadr.sys [2008-07-08 79104]
R3 XDva168;XDva168; [x]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;e:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S2 fssfltr;fssfltr;e:\windows\system32\DRIVERS\fssfltr_tdi.sys [2008-12-08 55136]
S2 fsssvc;Windows Live Proteção para a Família;e:\arquivos de programas\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;e:\arquivos de programas\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]
S2 SeaPort;SeaPort;e:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
--- ---
Deregistered - Aavmker4
Deregistered - AFD
Deregistered - ALG
Deregistered - aswFsBlk
Deregistered - aswMon2
Deregistered - aswRdr
Deregistered - aswSP
Deregistered - aswTdi
Deregistered - aswUpdSv
Deregistered - AudioSrv
Deregistered - audstub
Deregistered - avast! Antivirus
Deregistered - avast! Mail Scanner
Deregistered - avast! Web Scanner
Deregistered - Beep
Deregistered - BITS
Deregistered - Browser
Deregistered - Cdfs
Deregistered - CryptSvc
Deregistered - DcomLaunch
Deregistered - Dhcp
Deregistered - dmio
Deregistered - dmload
Deregistered - dmserver
Deregistered - Dnscache
Deregistered - ElbyCDIO
Deregistered - ERSvc
Deregistered - EventSystem
Deregistered - Fastfat
Deregistered - FastUserSwitchingCompatibility
Deregistered - Fips
Deregistered - FltMgr
Deregistered - fssfltr
Deregistered - fsssvc
Deregistered - Ftdisk
Deregistered - Gpc
Deregistered - gupdate1c9a8d98cb40f30
Deregistered - gusvc
Deregistered - helpsvc
Deregistered - HTTP
Deregistered - InCDfs
Deregistered - InCDsrv
Deregistered - IpNat
Deregistered - IPSec
Deregistered - KSecDD
Deregistered - lanmanserver
Deregistered - lanmanworkstation
Deregistered - LmHosts
Deregistered - McAfee SiteAdvisor Service
Deregistered - MDM
Deregistered - mnmdd
Deregistered - MountMgr
Deregistered - MRxDAV
Deregistered - MRxSmb
Deregistered - Msfs
Deregistered - mssmbios
Deregistered - Mup
Deregistered - NDIS
Deregistered - NdisTapi
Deregistered - Ndisuio
Deregistered - NdisWan
Deregistered - NDProxy
Deregistered - NetBIOS
Deregistered - NetBT
Deregistered - Netman
Deregistered - Nla
Deregistered - Npfs
Deregistered - Ntfs
Deregistered - Null
Deregistered - NVSvc
Deregistered - PartMgr
Deregistered - ParVdm
Deregistered - PCIIde
Deregistered - pcouffin
Deregistered - PolicyAgent
Deregistered - PptpMiniport
Deregistered - ProtectedStorage
Deregistered - PSched
Deregistered - RasAcd
Deregistered - Rasl2tp
Deregistered - RasMan
Deregistered - RasPppoe
Deregistered - Raspti
Deregistered - Rdbss
Deregistered - RDPCDD
Deregistered - rdpdr
Deregistered - RemoteRegistry
Deregistered - RpcSs
Deregistered - SamSs
Deregistered - SCDEmu
Deregistered - Schedule
Deregistered - SeaPort
Deregistered - seclogon
Deregistered - SENS
Deregistered - SharedAccess
Deregistered - ShellHWDetection
Deregistered - sisidex
Deregistered - SoundMAX Agent Service (default)
Deregistered - Spooler
Deregistered - sr
Deregistered - srservice
Deregistered - Srv
Deregistered - SSDPSRV
Deregistered - stisvc
Deregistered - swenum
Deregistered - TapiSrv
Deregistered - Tcpip
Deregistered - TermDD
Deregistered - TermService
Deregistered - Themes
Deregistered - TrkWks
Deregistered - Update
Deregistered - upnphost
Deregistered - VgaSave
Deregistered - VolSnap
Deregistered - W32Time
Deregistered - Wanarp
Deregistered - WebClient
Deregistered - winmgmt
Deregistered - wscsvc
Deregistered - WSearch
Deregistered - wuauserv
Deregistered - WudfPf
Deregistered - WudfSvc
Deregistered - WZCSVC
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02e24a10-e202-11dc-a4ba-806d6172696f}]
\Shell\AutoRun\command - m0vnonh.bat
\Shell\open\Command - m0vnonh.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02e24a12-e202-11dc-a4ba-806d6172696f}]
\Shell\AutoRun\command - m0vnonh.bat
\Shell\open\Command - m0vnonh.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a81d1e5-d761-11dd-85ca-00109588f044}]
\Shell\AutoRun\command - C:\ino6.com
\Shell\explore\Command - C:\ino6.com
\Shell\open\Command - C:\ino6.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{118fd434-c39b-11dd-8585-00109588f044}]
\Shell\AutoRun\command - C:\m0vnonh.bat
\Shell\open\Command - C:\m0vnonh.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b5c1600-e22d-11dc-8223-0011d8abaa45}]
\Shell\AutoRun\command - e:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wbsinstalls.exe
\Shell\infected\command - C:\wbsinstalls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{93c1bb04-f246-11dd-8611-00109588f044}]
\Shell\AutoRun\command - C:\pook.com
\Shell\open\Command - C:\pook.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa108ff5-7c46-11dd-848c-00109588f044}]
\Shell\AutoRun\command - e:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9da06ba-d793-11dd-85cb-00109588f044}]
\Shell\AutoRun\command - e:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d28d13e2-d79d-11dd-85cd-00109588f044}]
\Shell\Auto\command - MicrosoftPowerPoint.exe
\Shell\AutoRun\command - e:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4f8ddfe-7ad2-11dd-8481-00109588f044}]
\Shell\AutoRun\command - C:\jdhc2x2.com
\Shell\explore\Command - C:\jdhc2x2.com
\Shell\open\Command - C:\jdhc2x2.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd464f9c-406a-11dd-83a4-00109588f044}]
\Shell\AutoRun\command - C:\m0vnonh.bat
\Shell\open\Command - C:\m0vnonh.bat
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"e:\windows\system32\rundll32.exe" "e:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Conteúdo da pasta 'Tarefas Agendadas'
2009-03-27 e:\windows\Tasks\1-Click Maintenance.job
2009-04-02 e:\windows\Tasks\Google Software Updater.job
2009-04-02 e:\windows\Tasks\GoogleUpdateTaskMachine.job
2009-04-02 e:\windows\Tasks\User_Feed_Synchronization-{0C36095E-F041-48A4-8102-508217BE272F}.job
.
HKU-Default-Run-Nokia.PCSync - e:\arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe
SafeBoot-Wdf01000.sys
MSConfigStartUp-amva - e:\windows\system32\amvo.exe
MSConfigStartUp-cdoosoft - e:\windows\system32\olhrwef.exe
MSConfigStartUp-mstwain32 - e:\windows\mstwain32.exe
MSConfigStartUp-Nokia - e:\arquivos de programas\Nokia\Nokia PC Suite 6\PCSync2.exe
MSConfigStartUp-SiteAdvisor - e:\arquivos de programas\SiteAdvisor\6253\SiteAdv.exe
.
------- Scan Suplementar -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://br.search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xportar para o Microsoft Excel - e:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Translate with &Babylon - e:\arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
DPF: {A1D886C6-4039-4451-97A9-515F5BE5D4C2} - hxxps://secwebclinic.ahnlab.com/asp/cab/mkdplus.cab
FF - ProfilePath - e:\documents and settings\Felipe de Souza\Dados de aplicativos\Mozilla\Firefox\Profiles\5o2cppyd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - www.orkut.com
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: e:\documents and settings\Felipe de Souza\Dados de aplicativos\Mozilla\Firefox\Profiles\5o2cppyd.default\extensions\{f592709f-ff4a-4862-b659-4afabda56312}\components\FFExternalAlert.dll
FF - plugin: e:\arquivos de programas\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: e:\arquivos de programas\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: e:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: e:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: e:\arquivos de programas\Microsoft\Office Live\npOLW.dll
FF - plugin: e:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll
---- FIREFOX POLICIES ----
e:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("media.enforce_same_site_origin", false);
e:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("media.ogg.enabled", true);
e:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("media.wave.enabled", true);
e:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("media.autoplay.enabled", true);
e:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
e:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
e:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
e:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
e:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
e:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
e:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
e:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
e:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
e:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
e:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
e:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
.**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-02 19:33:10
Windows 5.1.2600 Service Pack 3 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1220945662-573735546-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5A52899D-87F3-097F-6051-C61BEBFA4271}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Tempo para conclusão: 2009-04-02 19:35:54
ComboFix-quarantined-files.txt 2009-04-02 22:35:48
Pré-execução: 1,773,019,136 bytes disponíveis
Pós execução: 1,789,616,128 bytes disponíveis
Current=5 Default=5 Failed=3 LastKnownGood=1 Sets=1,2,3,5
422 --- E O F --- 2009-04-02 17:31:31
Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:06:12, on 2/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
E:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Arquivos de programas\Windows Live\Family Safety\fsssvc.exe
E:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
E:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe
E:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe
E:\Arquivos de programas\Google\Update\GoogleUpdate.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
E:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\SearchIndexer.exe
E:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
E:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
E:\WINDOWS\Explorer.EXE
E:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
E:\Arquivos de programas\BitTorrent\bittorrent.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
E:\Arquivos de programas\Mozilla Firefox 3.1 Beta 2\firefox.exe
E:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
E:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
E:\Arquivos de programas\Windows Live\Mail\wlmail.exe
E:\Hijack\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.search.yahoo.com/search?fr=mcafee&p=%s
R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - E:\Arquivos de programas\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - E:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - E:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - e:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - E:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - E:\Arquivos de programas\Babylon\Babylon Toolbar\BabylonIEToolBar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - e:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - E:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [avast!] E:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [bitTorrent] "E:\Arquivos de programas\BitTorrent\bittorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1220945662-573735546-839522115-1003\..\Run: [bitTorrent] "E:\Arquivos de programas\BitTorrent\bittorrent.exe" (User '?')
O4 - HKUS\S-1-5-21-1220945662-573735546-839522115-1003\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-1220945662-573735546-839522115-1003 Startup: Ferramenta de Verificação de Mídia do Cyber-shot Viewer.lnk = E:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (User '?')
O4 - Startup: Ferramenta de Verificação de Mídia do Cyber-shot Viewer.lnk = E:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://E:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://E:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - E:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1228502599578
O16 - DPF: {A1D886C6-4039-4451-97A9-515F5BE5D4C2} (mkdplusCtrl Class) - https://secwebclinic.ahnlab.com/asp/cab/mkdplus.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - e:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Update Service (gupdate1c9a8d98cb40f30) (gupdate1c9a8d98cb40f30) - Google Inc. - E:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - E:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - E:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - E:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: NBService - Nero AG - E:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - E:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - E:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - E:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 10970 bytes
Agradeço desde ja...
Opa....
Não achei q seria tão rapido...
vlw mesmo!
tá ai o log
-------------- UsbFix V2.395 ---------------
* User : Felipe de Souza - ACAS-7189DF506C
* Outils mis a jours le 20/10/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 19:56:25 le --- 03/04/2009
* Windows Xp - Internet Explorer 8.0.6001.18702
--------------- [ Processus actifs ] ----------------
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
E:\WINDOWS\system32\logonui.exe
E:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Arquivos de programas\Alwil Software\Avast4\setup\avast.setup
E:\Arquivos de programas\Windows Live\Family Safety\fsssvc.exe
E:\Arquivos de programas\Google\Update\GoogleUpdate.exe
E:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
E:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
E:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe
E:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe
E:\Arquivos de programas\Google\Update\GoogleUpdate.exe
E:\Arquivos de programas\Google\Update\GoogleUpdate.exeE:\WINDOWS\system32\nvsvc32.exe
E:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
E:\Arquivos de programas\Google\Update\GoogleUpdate.exe
E:\WINDOWS\system32\WgaTray.exe
E:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\SearchIndexer.exe
E:\DOCUME~1\FELIPE~1\CONFIG~1\Temp\4.tmp\b2e.exe
--------------- [ Informations lecteurs ] ----------------
C: - Unidade de disco remov¡vel
E: - Unidade de disco fixo
F: - Unidade de disco fixo
G: - Unidade de disco remov¡vel
H: - Unidade de disco remov¡vel
+- Contenu de l'autorun : C:\autorun.inf
[AutoRun]
;q217Akjdk9l3sKaroliwwpaa45JsDmKwaDD2JJl2S90jFd3
open=m0vnonh.bat
;Lji1HajonSwKwD
shell\open\Command=m0vnonh.bat
+- Contenu de l'autorun : H:\autorun.inf
-------------------------------------------------
-------------------------------------------------
-------------------------------------------------
--------------- [ Registre / Startup ] ----------------
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
avast! REG_SZ E:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
NvCplDaemon REG_SZ RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
BitTorrent REG_SZ "E:\Arquivos de programas\BitTorrent\bittorrent.exe"
ctfmon.exe REG_SZ E:\WINDOWS\system32\ctfmon.exe
--------------- [ Registre / Mountpoint2 ] ----------------
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a81d1e5-d761-11dd-85ca-00109588f044}\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\S-1-5-21-1220945662-573735546-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a81d1e5-d761-11dd-85ca-00109588f044}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a81d1e5-d761-11dd-85ca-00109588f044}\Shell\explore\Command
Supprimé ! - HKEY_USERS\S-1-5-21-1220945662-573735546-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a81d1e5-d761-11dd-85ca-00109588f044}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a81d1e5-d761-11dd-85ca-00109588f044}\Shell\open\Command
Supprimé ! - HKEY_USERS\S-1-5-21-1220945662-573735546-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a81d1e5-d761-11dd-85ca-00109588f044}\Shell\open\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b5c1600-e22d-11dc-8223-0011d8abaa45}\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\S-1-5-21-1220945662-573735546-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b5c1600-e22d-11dc-8223-0011d8abaa45}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a1d9a8f-1fdd-11de-87ce-0016b68d581a}\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\S-1-5-21-1220945662-573735546-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a1d9a8f-1fdd-11de-87ce-0016b68d581a}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{93c1bb04-f246-11dd-8611-00109588f044}\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\S-1-5-21-1220945662-573735546-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{93c1bb04-f246-11dd-8611-00109588f044}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{93c1bb04-f246-11dd-8611-00109588f044}\Shell\open\Command
Supprimé ! - HKEY_USERS\S-1-5-21-1220945662-573735546-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{93c1bb04-f246-11dd-8611-00109588f044}\Shell\open\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa108ff5-7c46-11dd-848c-00109588f044}\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\S-1-5-21-1220945662-573735546-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa108ff5-7c46-11dd-848c-00109588f044}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9da06ba-d793-11dd-85cb-00109588f044}\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\S-1-5-21-1220945662-573735546-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9da06ba-d793-11dd-85cb-00109588f044}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d28d13e2-d79d-11dd-85cd-00109588f044}\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\S-1-5-21-1220945662-573735546-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d28d13e2-d79d-11dd-85cd-00109588f044}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4f8ddfe-7ad2-11dd-8481-00109588f044}\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\S-1-5-21-1220945662-573735546-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4f8ddfe-7ad2-11dd-8481-00109588f044}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4f8ddfe-7ad2-11dd-8481-00109588f044}\Shell\explore\Command
Supprimé ! - HKEY_USERS\S-1-5-21-1220945662-573735546-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4f8ddfe-7ad2-11dd-8481-00109588f044}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4f8ddfe-7ad2-11dd-8481-00109588f044}\Shell\open\Command
Supprimé ! - HKEY_USERS\S-1-5-21-1220945662-573735546-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4f8ddfe-7ad2-11dd-8481-00109588f044}\Shell\open\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd464f9c-406a-11dd-83a4-00109588f044}\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\S-1-5-21-1220945662-573735546-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd464f9c-406a-11dd-83a4-00109588f044}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd464f9c-406a-11dd-83a4-00109588f044}\Shell\open\Command
Supprimé ! - HKEY_USERS\S-1-5-21-1220945662-573735546-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd464f9c-406a-11dd-83a4-00109588f044}\Shell\open\Command
--------------- [ Nettoyage des disques ] ----------------
Supprimé ! - C:\autorun.inf
Supprimé ! - H:\autorun.inf
--------------- ! Fin du rapport ! ----------------
ah depois de reiniciar...
eu loguei o usuário ai ele estava esfetuando limpeza de disco nos discos locais (nao sei quais...) ai eu cancelei sera q deu algum problema?
Vlw...
Abrass
ah depois de reiniciar...eu loguei o usuário ai ele estava esfetuando limpeza de disco nos discos locais (nao sei quais...) ai eu cancelei sera q deu algum problema?
Vlw...
Abrass
<><><><><><><><><>
Opa! Felipe7l
<!> Não! Pois o relatório parece-me completo.
<><><><><><><><><>
<@> Baixe: < RSIT > ( ...by random/random )
<@> Salve-o,diretamente,no Disco Local ( E ).
<@> Dê um duplo clique em RSIT.exe,para executar a ferramenta.
<@> Na janela que abrir,disclamer,clique em "Continue".
<@> Aguarde a conclusão de "Running HijackThis". <-- Pseudo!
<@> Terminando,abrir-se-à o Bloco de Notas com o relatório: log.txt <-- Relatório para postagem!
<@> Poste,também,na sua resposta: info.txt,que estará em E:\rsit\info.txt <--
Abraços!
>
ah depois de reiniciar...eu loguei o usuário ai ele estava esfetuando limpeza de disco nos discos locais (nao sei quais...) ai eu cancelei sera q deu algum problema?
Vlw...
Abrass
<><><><><><><><><>
Opa! Felipe7l
<!> Não! Pois o relatório parece-me completo.
<><><><><><><><><>
<@> Baixe: < RSIT > ( ...by random/random )
<@> Salve-o,diretamente,no Disco Local ( E ).
<@> Dê um duplo clique em RSIT.exe,para executar a ferramenta.
<@> Na janela que abrir,disclamer,clique em "Continue".
<@> Aguarde a conclusão de "Running HijackThis". <-- Pseudo!
<@> Terminando,abrir-se-à o Bloco de Notas com o relatório: log.txt <-- Relatório para postagem!
<@> Poste,também,na sua resposta: info.txt,que estará em E:\rsit\info.txt <--
Abraços!
Fla ae....
Log:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Felipe de Souza at 2009-04-05 20:00:28
WIN_XP Service Pack 3
System drive E: has 2 GB (3%) free of 60 GB
Total RAM: 512 MB (8% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:00:57, on 5/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
E:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Arquivos de programas\Windows Live\Family Safety\fsssvc.exe
E:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
E:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe
E:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe
E:\Arquivos de programas\Google\Update\GoogleUpdate.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
E:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\SearchIndexer.exe
E:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
E:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
E:\WINDOWS\Explorer.EXE
E:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
E:\Arquivos de programas\BitTorrent\bittorrent.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
E:\Arquivos de programas\Mozilla Firefox 3.1 Beta 2\firefox.exe
E:\Arquivos de programas\Windows Media Player\wmplayer.exe
E:\WINDOWS\system32\SearchProtocolHost.exe
E:\RSIT.exe
E:\Hijack\Felipe de Souza.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.search.yahoo.com/search?fr=mcafee&p=%s
R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - E:\Arquivos de programas\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - E:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - E:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - e:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - E:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - E:\Arquivos de programas\Babylon\Babylon Toolbar\BabylonIEToolBar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - e:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - E:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [avast!] E:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [bitTorrent] "E:\Arquivos de programas\BitTorrent\bittorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1220945662-573735546-839522115-1003\..\Run: [bitTorrent] "E:\Arquivos de programas\BitTorrent\bittorrent.exe" (User '?')
O4 - HKUS\S-1-5-21-1220945662-573735546-839522115-1003\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-1220945662-573735546-839522115-1003 Startup: Ferramenta de Verificação de Mídia do Cyber-shot Viewer.lnk = E:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (User '?')
O4 - Startup: Ferramenta de Verificação de Mídia do Cyber-shot Viewer.lnk = E:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://E:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://E:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - E:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1228502599578
O16 - DPF: {A1D886C6-4039-4451-97A9-515F5BE5D4C2} (mkdplusCtrl Class) - https://secwebclinic.ahnlab.com/asp/cab/mkdplus.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - e:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Update Service (gupdate1c9a8d98cb40f30) (gupdate1c9a8d98cb40f30) - Google Inc. - E:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - E:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - E:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - E:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: NBService - Nero AG - E:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - E:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - E:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - E:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 10917 bytes
======Scheduled tasks folder======
E:\WINDOWS\tasks\1-Click Maintenance.job
E:\WINDOWS\tasks\Google Software Updater.job
E:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
E:\WINDOWS\tasks\User_Feed_Synchronization-{0C36095E-F041-48A4-8102-508217BE272F}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Facilitador de Leitor de Link Adobe PDF - E:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
Windows Live Family Safety Browser Helper Class - E:\Arquivos de programas\Windows Live\Family Safety\fssbho.dll [2009-02-06 61808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
Click-to-Call BHO - E:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll [2009-02-06 73072]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - E:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2008-12-04 92504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - E:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - E:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Auxiliar de Conexão do Windows Live - E:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - E:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-25 668656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - e:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - E:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{965B54B0-71E0-4611-8DE7-F73FA0B20E26} - Babylon - E:\Arquivos de programas\Babylon\Babylon Toolbar\BabylonIEToolBar.dll [2008-02-06 267488]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - e:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - E:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=E:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"NvCplDaemon"=E:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"=E:\Arquivos de programas\BitTorrent\bittorrent.exe [2008-12-16 637232]
"ctfmon.exe"=E:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
E:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
E:\Arquivos de programas\Babylon\Babylon-Pro\Babylon.exe [2008-02-20 3165920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
E:\Arquivos de programas\BitTorrent\bittorrent.exe [2008-12-16 637232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
E:\Arquivos de programas\DNA\btdna.exe [2008-12-19 342848]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]
E:\Arquivos de programas\Windows Live\Family Safety\fsui.exe [2009-02-06 454000]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
E:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
E:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
E:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe [2004-02-12 49152][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
E:\Arquivos de programas\Messenger\msmsgs.exe [2008-04-13 1695232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
E:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
E:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe [2007-03-09 153136]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
E:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
E:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
E:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe [2008-12-03 1205760]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Windows Search.lnk]
E:\ARQUIV~1\WI459E~1\WINDOW~1.EXE [2008-05-26 123904]
E:\Documents and Settings\Felipe de Souza\Menu Iniciar\Programas\Inicializar
Ferramenta de Verificação de Mídia do Cyber-shot Viewer.lnk - E:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
E:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=E:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=E:\Arquivos de programas\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"E:\Arquivos de programas\DNA\btdna.exe"="E:\Arquivos de programas\DNA\btdna.exe:*:Enabled:DNA"
"E:\Arquivos de programas\Shareaza\Shareaza.exe"="E:\Arquivos de programas\Shareaza\Shareaza.exe:*:Enabled:Shareaza"
"E:\Arquivos de programas\BitTorrent\bittorrent.exe"="E:\Arquivos de programas\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"E:\Arquivos de programas\Valve\hl.exe"="E:\Arquivos de programas\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"E:\Arquivos de programas\Valve\hlds.exe"="E:\Arquivos de programas\Valve\hlds.exe:*:Enabled:HLDS Launcher"
"E:\Arquivos de programas\Valve\HLServer\hlds.exe"="E:\Arquivos de programas\Valve\HLServer\hlds.exe:*:Enabled:HLDS Launcher"
"E:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="E:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"E:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe"="E:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="E:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"E:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe"="E:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
======List of files/folders created in the last 1 months======
2009-04-05 20:00:28 ----D---- E:\rsit
2009-04-05 19:59:11 ----A---- E:\RSIT.exe
2009-04-03 19:56:25 ----A---- E:\UsbFix.txt
2009-04-03 19:38:50 ----D---- E:\Arquivos de programas\UsbFix
2009-04-02 21:25:36 ----SHD---- E:\RECYCLER
2009-04-02 20:47:57 ----D---- E:\Hijack
2009-04-02 19:43:45 ----D---- E:\ComboFix
2009-04-02 19:35:56 ----A---- E:\ComboFix.txt
2009-04-02 19:21:36 ----A---- E:\Boot.bak
2009-04-02 19:21:17 ----D---- E:\cmdcons
2009-04-02 19:14:15 ----D---- E:\WINDOWS\ERDNT
2009-04-02 19:12:16 ----D---- E:\Documents and Settings\Felipe de Souza\Dados de aplicativos\Windows Desktop Search
2009-04-02 16:25:25 ----D---- E:\Documents and Settings\Felipe de Souza\Dados de aplicativos\Windows Search
2009-04-02 16:23:49 ----D---- E:\Arquivos de programas\Windows Desktop Search
2009-04-02 16:23:30 ----HDC---- E:\WINDOWS\$NtUninstallKB940157$
2009-04-02 16:23:05 ----HDC---- E:\WINDOWS\$NtUninstallKB915800-v4$
2009-04-02 14:29:52 ----HDC---- E:\WINDOWS\$NtUninstallKB961118$
2009-04-01 14:10:59 ----N---- E:\WINDOWS\system32\spmsg2.dll
2009-04-01 14:10:58 ----HDC---- E:\WINDOWS\$NtUninstallXPSEPSCLP$
2009-04-01 13:59:18 ----D---- E:\WINDOWS\system32\XPSViewer
2009-04-01 13:58:54 ----D---- E:\WINDOWS\system32\en-US
2009-04-01 13:58:41 ----D---- E:\Arquivos de programas\Reference Assemblies
2009-04-01 13:58:02 ----N---- E:\WINDOWS\system32\xpssvcs.dll
2009-04-01 13:58:02 ----N---- E:\WINDOWS\system32\xpsshhdr.dll
2009-04-01 13:58:02 ----N---- E:\WINDOWS\system32\prntvpt.dll
2009-04-01 13:58:01 ----D---- E:\82395a271562dfd27ce6b4
2009-04-01 13:48:39 ----D---- E:\1dbbb87d4aea535a613cdea85f1d
2009-03-31 15:31:35 ----D---- E:\WINDOWS\ie8updates
2009-03-31 15:26:51 ----HDC---- E:\WINDOWS\ie8
2009-03-25 22:15:09 ----D---- E:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files
2009-03-19 18:27:10 ----D---- E:\Documents and Settings\All Users\Dados de aplicativos\Google Updater
2009-03-19 16:23:52 ----D---- E:\Documents and Settings\Felipe de Souza\Dados de aplicativos\Windows Live Writer
2009-03-19 15:17:28 ----D---- E:\Arquivos de programas\Microsoft Silverlight
2009-03-16 21:23:36 ----A---- E:\WINDOWS\system32\MSJCE.dll
2009-03-13 12:59:09 ----HDC---- E:\WINDOWS\$NtUninstallKB960225$
2009-03-13 12:59:02 ----HDC---- E:\WINDOWS\$NtUninstallKB938464-v2$
2009-03-13 12:58:47 ----HDC---- E:\WINDOWS\$NtUninstallKB958690$
2009-03-13 12:58:17 ----HDC---- E:\WINDOWS\$NtUninstallKB959772_WM11$
2009-03-08 14:35:16 ----N---- E:\WINDOWS\system32\msrating.dll.mui
2009-03-08 14:35:00 ----N---- E:\WINDOWS\system32\mshta.exe.mui
2009-03-08 14:32:34 ----N---- E:\WINDOWS\system32\ie4uinit.exe.mui
2009-03-08 14:32:16 ----N---- E:\WINDOWS\system32\iedkcs32.dll.mui
======List of files/folders modified in the last 1 months======
2009-04-05 20:00:59 ----D---- E:\Documents and Settings\Felipe de Souza\Dados de aplicativos\BitTorrent
2009-04-05 20:00:20 ----D---- E:\WINDOWS\Prefetch
2009-04-05 19:50:31 ----D---- E:\WINDOWS\Temp
2009-04-05 19:50:12 ----D---- E:\Arquivos de programas\Mozilla Firefox 3.1 Beta 2
2009-04-05 19:48:42 ----SD---- E:\WINDOWS\Tasks
2009-04-05 12:33:27 ----A---- E:\WINDOWS\SchedLgU.Txt
2009-04-04 06:09:23 ----A---- E:\WINDOWS\NeroDigital.ini
2009-04-04 00:24:05 ----D---- E:\WINDOWS\system32\CatRoot2
2009-04-04 00:22:31 ----D---- E:\Documents and Settings\Felipe de Souza\Dados de aplicativos\Vso
2009-04-03 21:10:51 ----D---- E:\WINDOWS
2009-04-03 19:38:50 ----RD---- E:\Arquivos de programas
2009-04-03 18:52:53 ----D---- E:\WINDOWS\network diagnostic
2009-04-02 21:04:58 ----HD---- E:\WINDOWS\inf
2009-04-02 19:43:52 ----D---- E:\WINDOWS\system32
2009-04-02 19:39:34 ----D---- E:\Documents and Settings\Felipe de Souza\Dados de aplicativos\DNA
2009-04-02 19:33:13 ----A---- E:\WINDOWS\system.ini
2009-04-02 19:31:51 ----D---- E:\WINDOWS\system32\drivers
2009-04-02 19:31:51 ----D---- E:\WINDOWS\AppPatch
2009-04-02 19:31:50 ----D---- E:\Arquivos de programas\Arquivos comuns
2009-04-02 19:24:24 ----D---- E:\WINDOWS\pss
2009-04-02 19:24:24 ----A---- E:\WINDOWS\win.ini
2009-04-02 19:21:36 ----RASH---- E:\boot.ini
2009-04-02 19:09:42 ----D---- E:\Arquivos de programas\DNA
2009-04-02 16:48:48 ----D---- E:\WINDOWS\Debug
2009-04-02 16:24:20 ----SD---- E:\Documents and Settings\All Users\Dados de aplicativos\Microsoft
2009-04-02 16:24:12 ----A---- E:\WINDOWS\system32\PerfStringBackup.INI
2009-04-02 16:23:49 ----D---- E:\WINDOWS\system32\wbem
2009-04-02 16:23:10 ----RSHDC---- E:\WINDOWS\system32\dllcache
2009-04-02 14:54:18 ----D---- E:\WINDOWS\Microsoft.NET
2009-04-02 14:54:15 ----RSD---- E:\WINDOWS\assembly
2009-04-02 14:45:55 ----SHD---- E:\WINDOWS\Installer
2009-04-02 14:45:54 ----HD---- E:\Config.Msi
2009-04-02 14:31:42 ----D---- E:\WINDOWS\system32\CatRoot
2009-04-01 15:27:33 ----D---- E:\Documents and Settings\All Users\Dados de aplicativos\Babylon
2009-04-01 14:10:41 ----D---- E:\WINDOWS\system32\pt-br
2009-04-01 14:07:17 ----D---- E:\WINDOWS\WinSxS
2009-04-01 13:59:04 ----D---- E:\Arquivos de programas\MSBuild
2009-04-01 13:58:48 ----RSD---- E:\WINDOWS\Fonts
2009-04-01 13:58:24 ----D---- E:\WINDOWS\system32\spool
2009-03-31 20:55:13 ----D---- E:\Documents and Settings\Felipe de Souza\Dados de aplicativos\Babylon
2009-03-31 15:50:07 ----D---- E:\WINDOWS\Media
2009-03-31 15:50:07 ----D---- E:\WINDOWS\Help
2009-03-31 15:50:07 ----D---- E:\Arquivos de programas\Internet Explorer
2009-03-31 15:31:30 ----D---- E:\WINDOWS\$hf_mig$
2009-03-31 14:54:42 ----D---- E:\Arquivos de programas\Hamachi
2009-03-31 14:54:29 ----D---- E:\Arquivos de programas\GordianKnot
2009-03-31 14:53:46 ----D---- E:\Arquivos de programas\Cheatbook Database 2008
2009-03-31 14:53:38 ----D---- E:\Arquivos de programas\BitTorrent_DNA
2009-03-31 14:53:37 ----D---- E:\Arquivos de programas\BitTorrent
2009-03-31 14:49:27 ----D---- E:\Arquivos de programas\Acoustica Audio Converter Pro
2009-03-31 14:46:30 ----D---- E:\WINDOWS\system32\config
2009-03-31 14:43:19 ----D---- E:\WINDOWS\San Andreas Mod Installer
2009-03-31 14:40:33 ----D---- E:\WINDOWS\CS Online Pro Addons
2009-03-31 14:40:33 ----D---- E:\WINDOWS\CS Online Mega Addons (sem Bot)
2009-03-31 14:29:07 ----D---- E:\WINDOWS\SoftwareDistribution
2009-03-26 22:39:47 ----AD---- E:\Arqs DownLoads LimeWire
2009-03-26 17:22:54 ----D---- E:\Arquivos de programas\VDOWNLOADER
2009-03-25 22:18:31 ----D---- E:\Arquivos de programas\AIMP2
2009-03-19 18:27:44 ----D---- E:\Arquivos de programas\Google
2009-03-19 16:18:54 ----SD---- E:\Documents and Settings\Felipe de Souza\Dados de aplicativos\Microsoft
2009-03-19 15:44:35 ----D---- E:\Arquivos de programas\Windows Live
2009-03-19 15:42:25 ----D---- E:\WINDOWS\system32\DirectX
2009-03-19 13:19:39 ----D---- E:\Arquivos de programas\McAfee
2009-03-16 22:15:00 ----D---- E:\Arquivos de programas\Programas RFB
2009-03-13 12:58:01 ----D---- E:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help
2009-03-08 14:35:34 ----A---- E:\WINDOWS\system32\ieframe.dll.mui
2009-03-08 14:32:32 ----A---- E:\WINDOWS\system32\advpack.dll.mui
2009-03-08 14:09:26 ----A---- E:\WINDOWS\system32\iedkcs32.dll
2009-03-08 04:41:16 ----A---- E:\WINDOWS\system32\mshtml.dll
2009-03-08 04:39:48 ----A---- E:\WINDOWS\system32\ieframe.dll
2009-03-08 04:34:58 ----A---- E:\WINDOWS\system32\wininet.dll
2009-03-08 04:34:56 ----A---- E:\WINDOWS\system32\urlmon.dll
2009-03-08 04:34:48 ----A---- E:\WINDOWS\system32\WinFXDocObj.exe
2009-03-08 04:34:48 ----A---- E:\WINDOWS\system32\webcheck.dll
2009-03-08 04:34:30 ----A---- E:\WINDOWS\system32\licmgr10.dll
2009-03-08 04:34:28 ----A---- E:\WINDOWS\system32\url.dll
2009-03-08 04:34:18 ----A---- E:\WINDOWS\system32\occache.dll
2009-03-08 04:34:18 ----A---- E:\WINDOWS\system32\msrating.dll
2009-03-08 04:33:40 ----A---- E:\WINDOWS\system32\corpol.dll
2009-03-08 04:33:26 ----A---- E:\WINDOWS\system32\jsproxy.dll
2009-03-08 04:33:16 ----A---- E:\WINDOWS\system32\jscript.dll
2009-03-08 04:33:08 ----A---- E:\WINDOWS\system32\ieaksie.dll
2009-03-08 04:33:06 ----A---- E:\WINDOWS\system32\vbscript.dll
2009-03-08 04:33:02 ----A---- E:\WINDOWS\system32\ieakeng.dll
2009-03-08 04:32:56 ----A---- E:\WINDOWS\system32\admparse.dll
2009-03-08 04:32:54 ----A---- E:\WINDOWS\system32\ie4uinit.exe
2009-03-08 04:32:52 ----A---- E:\WINDOWS\system32\ieudinit.exe
2009-03-08 04:32:52 ----A---- E:\WINDOWS\system32\ieakui.dll
2009-03-08 04:32:50 ----A---- E:\WINDOWS\system32\iesetup.dll
2009-03-08 04:32:50 ----A---- E:\WINDOWS\system32\iernonce.dll
2009-03-08 04:32:48 ----A---- E:\WINDOWS\system32\advpack.dll
2009-03-08 04:32:46 ----A---- E:\WINDOWS\system32\inseng.dll
2009-03-08 04:32:26 ----A---- E:\WINDOWS\system32\msfeeds.dll
2009-03-08 04:32:22 ----A---- E:\WINDOWS\system32\iertutil.dll
2009-03-08 04:32:04 ----A---- E:\WINDOWS\system32\mstime.dll
2009-03-08 04:31:56 ----A---- E:\WINDOWS\system32\iepeers.dll
2009-03-08 04:31:54 ----A---- E:\WINDOWS\system32\msfeedssync.exe
2009-03-08 04:31:52 ----A---- E:\WINDOWS\system32\msfeedsbs.dll
2009-03-08 04:31:52 ----A---- E:\WINDOWS\system32\icardie.dll
2009-03-08 04:31:44 ----A---- E:\WINDOWS\system32\dxtmsft.dll
2009-03-08 04:31:38 ----A---- E:\WINDOWS\system32\imgutil.dll
2009-03-08 04:31:38 ----A---- E:\WINDOWS\system32\dxtrans.dll
2009-03-08 04:31:36 ----A---- E:\WINDOWS\system32\pngfilt.dll
2009-03-08 04:31:26 ----A---- E:\WINDOWS\system32\mshtmled.dll
2009-03-08 04:31:18 ----A---- E:\WINDOWS\system32\mshtmler.dll
2009-03-08 04:31:02 ----A---- E:\WINDOWS\system32\mshta.exe
2009-03-08 04:22:46 ----A---- E:\WINDOWS\system32\ieui.dll
2009-03-08 04:22:38 ----A---- E:\WINDOWS\system32\msls31.dll
2009-03-08 04:11:12 ----A---- E:\WINDOWS\system32\ieapfltr.dll
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; E:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 aswSP;avast! Self Protection; E:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; E:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 ElbyCDIO;ElbyCDIO Driver; E:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-02-28 15440]
R1 InCDPass;InCDPass; E:\WINDOWS\system32\drivers\InCDPass.sys [2007-03-12 37040]
R1 incdrm;InCD Reader; E:\WINDOWS\system32\drivers\InCDRm.sys [2007-03-12 38576]
R1 intelppm;Driver de Processador Intel; E:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40448]
R1 SCDEmu;SCDEmu; E:\WINDOWS\system32\drivers\SCDEmu.sys [2007-08-06 33052]
R2 aswFsBlk;aswFsBlk; E:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; E:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R2 fssfltr;FssFltr; E:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2008-12-08 55136]
R3 aeaudio;aeaudio; E:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 AnyDVD;AnyDVD; E:\WINDOWS\System32\Drivers\AnyDVD.sys [2007-05-20 96328]
R3 aswRdr;aswRdr; E:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 nv;nv; E:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 pcouffin;VSO Software pcouffin; E:\WINDOWS\System32\Drivers\pcouffin.sys [2008-03-08 47360]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; E:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-08-03 32768]
R3 smwdm;smwdm; E:\WINDOWS\system32\drivers\smwdm.sys [2003-08-29 578304]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; E:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; E:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; E:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R4 InCDfs;InCD File System; E:\WINDOWS\system32\drivers\InCDFs.sys [2007-03-12 118064]
S3 catchme;catchme; \??\E:\DOCUME~1\FELIPE~1\CONFIG~1\Temp\catchme.sys []
S3 cpuz129;cpuz129; \??\F:\felipe\Programas\pc wizz\pcwiz32.sys []
S3 EagleNT;EagleNT; \??\E:\WINDOWS\system32\drivers\EagleNT.sys []
S3 ENTECH;ENTECH; \??\E:\WINDOWS\system32\DRIVERS\ENTECH.SYS []
S3 hamachi;Hamachi Network Interface; E:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-11-22 25280]
S3 hidusb;Driver de classe HID da Microsoft; E:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; E:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-06-21 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; E:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-06-21 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; E:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-06-21 21744]
S3 Mkd2kfNt;Mkd2kfNt; E:\WINDOWS\system32\drivers\Mkd2kfNt.sys [2008-07-08 130560]
S3 Mkd2Nadr;Mkd2Nadr; E:\WINDOWS\system32\drivers\Mkd2Nadr.sys [2008-07-08 79104]
S3 mouhid;Mouse HID Driver; E:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-09-05 12288]
S3 nmwcd;Nokia USB Phone Parent; E:\WINDOWS\system32\drivers\ccdcmb.sys [2008-09-15 17664]
S3 nmwcdc;Nokia USB Generic; E:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-09-15 22016]
S3 npkcrypt;npkcrypt; \??\F:\felipe\Rag BRO\RRO\npkcrypt.sys []
S3 P2k;Motorola USB Device; E:\WINDOWS\system32\DRIVERS\P2k.sys [2004-05-27 16032]
S3 pccsmcfd;PCCS Mode Change Filter Driver; E:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); E:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 upperdev;upperdev; E:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-09-15 8064]
S3 usbccgp;Microsoft USB Generic Parent Driver; E:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; E:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; E:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; E:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; E:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-09-15 8064]
S3 USBSTOR;USB Mass Storage Driver; E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Wdf01000; E:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; E:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; E:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S3 XDva168;XDva168; \??\E:\WINDOWS\system32\XDva168.sys []
S4 IntelIde;IntelIde; E:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; E:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; E:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 fsssvc;Windows Live Proteção para a Família; E:\Arquivos de programas\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
R2 InCDsrv;InCD Helper; E:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe [2007-03-12 931376]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; E:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]
R2 MDM;Machine Debug Manager; E:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 NVSvc;NVIDIA Display Driver Service; E:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
R2 SeaPort;SeaPort; E:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; E:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 WSearch;Windows Search; E:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; E:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; E:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; E:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S2 gupdate1c9a8d98cb40f30;Google Update Service (gupdate1c9a8d98cb40f30); E:\Arquivos de programas\Google\Update\GoogleUpdate.exe [2009-03-19 133104]
S2 gusvc;Google Software Updater; E:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 183280]
S3 aspnet_state;ASP.NET State Service; E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; e:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; E:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; e:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; E:\Arquivos de programas\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 NBService;NBService; E:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-15 774144]
S3 NMIndexingService;NMIndexingService; E:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe [2007-03-12 271920]
S3 odserv;Microsoft Office Diagnostics Service; E:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; E:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Pml Driver HPZ12;Pml Driver HPZ12; E:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]
S3 ServiceLayer;ServiceLayer; E:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S3 usprserv;User Privilege Service; E:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WMPNetworkSvc;Serviço de Compartilhamento de Rede do Windows Media Player; E:\Arquivos de programas\Windows Media Player\WMPNetwk.exe [2006-11-02 914944]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; e:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Info:
info.txt logfile of random's system information tool 1.06 2009-04-05 20:01:02
======Uninstall list======
-->E:\Arquivos de programas\DivX\DivXConverterUninstall.exe /CONVERTER
-->E:\Arquivos de programas\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->E:\WINDOWS\NuNInst.exe /UNINSTALL
-->E:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->E:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->E:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->E:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->E:\WINDOWS\UNRecode.exe /UNINSTALL
-->RunDll32 E:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "E:\Arquivos de programas\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x416 -removeonly
-->RunDll32 E:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "E:\Arquivos de programas\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x416 -removeonly
-->RunDll32 E:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "E:\Arquivos de programas\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x416 -removeonly
-->RunDll32 E:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "E:\Arquivos de programas\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x416 -removeonly
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 E:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0416-0000-0000000FF1CE} /uninstall {669EB263-0AFE-4FCB-A068-DB082CA6273C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0416-0000-0000000FF1CE} /uninstall {98003BDC-1B68-4970-B28E-ACC8000D2F3E}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}
Acoustica Audio Converter Pro-->E:\ARQUIV~1\ACOUST~1\UNWISE.EXE E:\ARQUIV~1\ACOUST~1\INSTALL.LOG
Adobe AIR-->E:\Arquivos de programas\Arquivos comuns\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Flash Player 10 Plugin-->E:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->E:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Media Player-->msiexec /qb /x {1EBB57D4-63FF-87CC-A0F0-D73982CF6008}
Adobe Media Player-->MsiExec.exe /I{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}
Adobe Reader 8.1.4 - Português-->MsiExec.exe /I{AC76BA86-7AD7-1046-7B44-A81300000003}
Age of Empires III - The WarChiefs-->E:\ARQUIV~1\ARQUIV~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{1C08A24C-B168-407E-A826-68FAF5F20710}
AhnLab MyKeyDefense 2.0-->"E:\Arquivos de programas\AhnLab\ASP\Smart Update i\update\patch\e0\MyKD20setup.exe" -Uninstall
AhnLab Smart Update i-->"E:\Arquivos de programas\AhnLab\ASP\Smart Update i\update\patch\03\SUpdateiSetup.exe" -UninstallAnyDVD-->"E:\Arquivos de programas\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="E:\Arquivos de programas\SlySoft\AnyDVD"
Assistente de Conexão do Windows Live-->MsiExec.exe /I{381C70F0-FC2C-4BEF-B16C-B88FA67A6B7B}
Atualização Crítica para o Windows Media Player 11 (KB959772)-->"E:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Atualização de Segurança para o Windows Media Player (KB952069)-->"E:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Atualização de Segurança para o Windows Media Player 11 (KB936782)-->"E:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Atualização de Segurança para o Windows Media Player 11 (KB954154)-->"E:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Atualização de Segurança para Windows Internet Explorer 7 (KB938127-v2)-->"E:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Atualização de Segurança para Windows Internet Explorer 7 (KB956390)-->"E:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Atualização de Segurança para Windows Internet Explorer 7 (KB958215)-->"E:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Atualização de Segurança para Windows Internet Explorer 7 (KB960714)-->"E:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Atualização de Segurança para Windows Internet Explorer 7 (KB961260)-->"E:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB938464)-->"E:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB938464-v2)-->"E:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB941569)-->"E:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB946648)-->"E:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB950762)-->"E:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB950974)-->"E:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB951066)-->"E:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB951376-v2)-->"E:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB951698)-->"E:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB951748)-->"E:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB952954)-->"E:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB954211)-->"E:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB954459)-->"E:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB954600)-->"E:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB955069)-->"E:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB956391)-->"E:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB956802)-->"E:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB956803)-->"E:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB956841)-->"E:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB957095)-->"E:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB957097)-->"E:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB958644)-->"E:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB958687)-->"E:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB958690)-->"E:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB960225)-->"E:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB960715)-->"E:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Atualização para Windows Internet Explorer 8 (KB968220)-->"E:\WINDOWS\ie8updates\KB968220-IE8\spuninst\spuninst.exe"
Atualização para Windows XP (KB951072-v2)-->"E:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Atualização para Windows XP (KB951978)-->"E:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Atualização para Windows XP (KB955839)-->"E:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Atualização para Windows XP (KB967715)-->"E:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
avast! Antivirus-->E:\Arquivos de programas\Alwil Software\Avast4\aswRunDll.exe "E:\Arquivos de programas\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Babylon Toolbar-->MsiExec.exe /I{67A339E5-D8AA-4E88-9278-A571B397F798}
Babylon-->E:\Arquivos de programas\Babylon\Babylon-Pro\Utils\uninstbb.exe
CCleaner (remove only)-->"E:\Arquivos de programas\CCleaner\uninst.exe"
Cheatbook Database 2008-->"E:\Arquivos de programas\Cheatbook Database 2008\Uninstal.exe"
Cheetah Audio Converter-->RunDll32 E:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Arquivos de programas\InstallShield Installation Information\{B1914510-38B5-4835-83D8-A188073E542F}\Setup.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
ConvertXtoDVD 2.2.3.258h-->"E:\Arquivos de programas\VSO\ConvertXtoDVD\unins000.exe"
ConvertXtoDVD 3.3.1.99-->"E:\Arquivos de programas\VSO\ConvertX\3\unins000.exe"
Counter-Strike 1.6-->RunDll32 E:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "E:\Arquivos de programas\InstallShield Installation Information\{13B792AA-C078-43A4-8A3A-8B12D629940D}\Setup.exe" -l0x19
CS Online Mega Addons (sem Bot)-->"E:\WINDOWS\CS Online Mega Addons (sem Bot)\uninstall.exe" "/U:E:\Arquivos de programas\Valve\HLServer\cstrike\Uninstall\uninstall.xml"
DivX Converter-->E:\Arquivos de programas\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->E:\Arquivos de programas\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->E:\Arquivos de programas\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Ferramenta de Carregamento do Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Google Earth-->MsiExec.exe /X{548EAC70-EE00-11DD-908C-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"E:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe" -uninstall
Half-Life Dedicated Server Update Tool-->E:\ARQUIV~1\Valve\HLServer\UNWISE.EXE E:\ARQUIV~1\Valve\HLServer\INSTALL.LOG
Hamachi 1.0.3.0-->E:\Arquivos de programas\Hamachi\uninstall.exe
HijackThis 2.0.2-->"E:\Hijack\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->E:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->E:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"E:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"E:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix para o Windows Media Player 11 (KB939683)-->"E:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix para Windows XP (KB952287)-->"E:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix para Windows XP (KB961118)-->"E:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
HP Image Zone 4.2-->E:\Arquivos de programas\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 4.2-->"E:\Arquivos de programas\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
HP Software Update-->MsiExec.exe /X{457791C5-D702-4143-A7B2-2744BE9573F2}
IRPF2008 - Declaração de Ajuste Anual-->E:\ARQUIV~1\PROGRA~1\IRPF2008\UNWISE.EXE E:\ARQUIV~1\PROGRA~1\IRPF2008\INSTALL.LOG
IRPF2009 - Declaração de Ajuste Anual e Final de Espólio-->F:\felipe\Jogos\IRPF2009\UNWISE.EXE F:\felipe\Jogos\IRPF2009\INSTALL.LOG
Java 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}K-Lite Mega Codec Pack 4.0.0-->"E:\Arquivos de programas\K-Lite Codec Pack\unins000.exe"
LimeWire 5.0.3-->"E:\Arquivos de programas\LimeWire\uninstall.exe"
McAfee SiteAdvisor-->E:\Arquivos de programas\McAfee\SiteAdvisor\Uninstall.exe
Messenger Plus! Live-->"E:\Arquivos de programas\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 Brazilian Portuguese Language Pack-->MsiExec.exe /X{0CBADDF4-2CF6-4CDB-B4F5-29B8FCA7FE07}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PTB-->MsiExec.exe /I{3F31F3B5-C1FF-3708-8611-869DE39C0CB6}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PTB-->MsiExec.exe /I{B1FA73D8-AB79-3A2E-81AC-DBBAC155B2FE}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - ptb-->MsiExec.exe /I{1438B41C-658C-35B7-9253-780F2E0A0B8E}
Microsoft .NET Framework 3.5 SP1-->E:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"E:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"E:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft Office Access MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0015-0416-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"E:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0016-0416-0000-0000000FF1CE}
Microsoft Office Groove MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-00BA-0416-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0044-0416-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-00A1-0416-0000-0000000FF1CE}
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0120-0416-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001A-0416-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0018-0416-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001F-0416-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-002C-0416-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0019-0416-0000-0000000FF1CE}
Microsoft Office Shared MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-006E-0416-0000-0000000FF1CE}
Microsoft Office Word MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001B-0416-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft User-Mode Driver Framework Feature Pack 1.5-->"E:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.4)-->E:\Arquivos de programas\Mozilla Firefox\uninstall\helper.exe
Mozilla Firefox (3.1b3)-->E:\Arquivos de programas\Mozilla Firefox 3.1 Beta 2\uninstall\helper.exe
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 7 Ultra Edition-->MsiExec.exe /I{06024F70-15BC-4447-B53A-F1A7BBA21046}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nokia Connectivity Cable Driver-->MsiExec.exe /X{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}
Nokia PC Suite-->E:\Documents and Settings\All Users\Dados de aplicativos\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Nokia_PC_Suite_7_1_18_0_por_br.exe
Nokia PC Suite-->MsiExec.exe /I{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}
NVIDIA Drivers-->E:\WINDOWS\system32\nvudisp.exe UninstallGUI
Pacote de Driver do Windows - Nokia Modem (02/15/2007 3.1)-->E:\ARQUIV~1\DIFX\270581355A767BF1\dpinst.exe /u E:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf
Pacote de Driver do Windows - Nokia Modem (02/15/2007 3.1)-->E:\ARQUIV~1\DIFX\270581355A767BF1\dpinst.exe /u E:\WINDOWS\system32\DRVSTORE\pccs_bluet_F12A08B6F776984A95553486F64C541356F86E38\pccs_bluetooth.inf
Pacote de Driver do Windows - Nokia Modem (03/05/2008 3.7)-->E:\ARQUIV~1\DIFX\270581355A767BF1\dpinst.exe /u E:\WINDOWS\system32\DRVSTORE\nokia_blue_635B28EFCFA9395123BB1C251595CB16129E2560\nokia_bluetooth.inf
Pacote de Driver do Windows - Nokia Modem (03/13/2008 6.86.0.1)-->E:\ARQUIV~1\DIFX\270581355A767BF1\dpinst.exe /u E:\WINDOWS\system32\DRVSTORE\nokbtmdm_28F2EAC406838DA65AFF6C6886FE9FE96AEF5186\nokbtmdm.inf
Pacote de Driver do Windows - Nokia Modem (05/22/2008 3.8)-->E:\ARQUIV~1\DIFX\270581355A767BF1\dpinst.exe /u E:\WINDOWS\system32\DRVSTORE\nokia_blue_6F90B0F4A73A2F780A1010B5D6CB5DDFB098181E\nokia_bluetooth.inf
Pacote de Driver do Windows - Nokia Modem (05/22/2008 7.00.0.1)-->E:\ARQUIV~1\DIFX\270581355A767BF1\dpinst.exe /u E:\WINDOWS\system32\DRVSTORE\nokbtmdm_E68D50F7E25BFE399D47C864C3B52557346242A9\nokbtmdm.inf
Pacote de Driver do Windows - Nokia Modem (05/24/2007 6.84.0.1)-->E:\ARQUIV~1\DIFX\270581355A767BF1\dpinst.exe /u E:\WINDOWS\system32\DRVSTORE\nokbtmdm_5E1541AFF1E1EA3554CE566743CCAD323ED1C108\nokbtmdm.inf
Pacote de Driver do Windows - Nokia Modem (10/27/2008 3.9)-->E:\ARQUIV~1\DIFX\270581355A767BF1\dpinst.exe /u E:\WINDOWS\system32\DRVSTORE\nokia_blue_79486EC6AA0D1732FB17E5167077C07ECAE1B870\nokia_bluetooth.inf
Pacote de Driver do Windows - Nokia Modem (10/27/2008 7.01.0.1)-->E:\ARQUIV~1\DIFX\270581355A767BF1\dpinst.exe /u E:\WINDOWS\system32\DRVSTORE\nokbtmdm_247189AEBF39EB69A7C75429610DFED2F2EDC1B6\nokbtmdm.inf
Pacote de Driver do Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->E:\ARQUIV~1\DIFX\270581355A767BF1\dpinst.exe /u E:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
Pacote de Idiomas do Microsoft .NET Framework 3.5 SP1 - PTB-->e:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - ptb\setup.exe
Patch SiteCS-->"E:\Arquivos de programas\Valve\unins000.exe"
PC Connectivity Solution-->MsiExec.exe /I{D848D140-41C3-4A53-86D8-E866A100B4CD}
PowerISO-->"E:\Arquivos de programas\PowerISO\uninstall.exe"
Ragnarok Online-->RunDll32 E:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "E:\Arquivos de programas\InstallShield Installation Information\{842CBB5A-8D50-4C28-8109-12C5C5C3F4A4}\setup.exe" -l0x416 -removeonly
Receitanet 2008-->E:\WINDOWS\DesinstRecnet.exe
Receitanet Java 2009.01-->E:\ARQUIV~1\PROGRA~1\RECEIT~1\DesinstJ.exe
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Shareaza 2.4.0.0-->"E:\Arquivos de programas\Shareaza\Uninstall\unins000.exe"
SiS 900 PCI Fast Ethernet Adapter Driver-->E:\Progra~1\SiSLan\Uninst.exe
Sony Noise Reduction Plug-In 2.0e-->MsiExec.exe /X{D533C9D4-ED96-4191-B9C3-279C0DD6BABA}
Sony Picture Utility-->RunDll32 E:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "E:\Arquivos de programas\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x416 /removeonly uninstall -removeonly
Sony USB Driver-->RunDll32 E:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Arquivos de programas\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
SoundMAX-->RunDll32 E:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Arquivos de programas\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
sXe Injected-->"E:\Arquivos de programas\sXe Injected\uninstall.exe"
sXe Injected-->E:\Arquivos de programas\sXe Injected\uninstall.exe
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb962871)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {297857BF-4011-449B-BD74-DB64D182821C}UsbFix-->E:\Arquivos de programas\UsbFix\Uninstal.exe
VDownloader 0.81-->"E:\Arquivos de programas\VDOWNLOADER\unins000.exe"
VSO CopyToDVD 4-->"E:\Arquivos de programas\VSO\unins000.exe"
Windows Imaging Component-->"E:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"E:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{32BC546A-8AA3-4239-AE92-9CF3291C35A6}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->E:\Arquivos de programas\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{3B96F4EA-CD82-4C57-B86A-646A017CAF18}
Windows Live Galeria de Fotos-->MsiExec.exe /X{50D918C3-1FAD-4BE0-89D1-7B7AAA2AF710}
Windows Live Mail-->MsiExec.exe /I{852E74A9-74F1-4F71-BE3E-991A48EF232D}
Windows Live Messenger-->MsiExec.exe /X{C8DD4EAD-674B-461B-94D5-4C80CCFB8401}
Windows Live Proteção para a Família-->MsiExec.exe /X{BA9A33CA-8ADF-4263-B2F4-B611245A37FF}
Windows Live Sync-->MsiExec.exe /X{D7A88CAC-67C3-4435-898E-2B7245F3E4BB}
Windows Live Toolbar-->MsiExec.exe /X{624DEAA0-B27D-444B-8BFE-70622B318A4A}
Windows Live Writer-->MsiExec.exe /X{32EF3D9D-B626-497C-8E93-EC4B24E20EDA}
Windows Media Format 11 runtime-->"E:\Arquivos de programas\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 11-->"E:\Arquivos de programas\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Search 4.0-->"E:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"E:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->E:\Arquivos de programas\WinRAR\uninstall.exe
WinZip-->"E:\Arquivos de programas\WinZip\WINZIP32.EXE" /uninstall
XML Paper Specification Shared Components Language Pack 1.0-->"E:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
Securitycenter WMI appears to be broken
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;E:\Arquivos de programas\PC Connectivity Solution
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0304
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
-----------------EOF-----------------
Abrass
Boa Tarde! Felipe7l
<@> Faça um scan online em: < Kaspersky >
<@> Utilize para isso,o navegador Internet Explorer.
<!> Acesse o site,e clique em: < /applications/core/interface/imageproxy/imageproxy.php?img=http://img265.imageshack.us/img265/9241/kasperdx9.jpg&key=5da30928d6a3dc04edefe3b030dc936ff47d64c2422bfdf6f0d4c186b977d57c" alt="kasperdx9.jpg" /> >
<@> Na próxima página,clique em: I Accept
<@> Isto,para que se instale o controle ActiveX e,em seguida,atualize o banco de dados.
<@> Na próxima página,clique em: My Computer e faça o scan.
<@> Tenha paciência!
<@> Aguarde a atualização da base de dados,e também do exame,que é demorado.
<@> Terminando,salve e poste o relatório.
<@> Clique em Save Report As... para salvar o log. ( Kaspersky_Online_Scanner_7_Report.txt )
<@> Salve o resultado como .txt,segundo a imagem abaixo:
/applications/core/interface/imageproxy/imageproxy.php?img=http://img.photobucket.com/albums/v666/sUBs/Kas-Savetxt.gif&key=12df84cc9364ed13311153b7405127e0f208cd4a0679232596972a39ca5dfe36" alt="Kas-Savetxt.gif" />
<@> Poste,também,HijackThis atualizado.
Abraços!
Demoooooraaa! :closedeyes:
Demoooooraaa! :closedeyes:
<><><><><><><><><><>
Opa! Felipe7l
<!> A demora é compensada pela eficiência.Mas...caso não possa aguardar a conclusão,faça em Eset.
<><><><><><><><><><>
<@> Faça um escaneamento,online,em Eset.
<@> Utilize o navegador Internet Explorer.
<@> Marque a caixa: "SIM,aceito as condições de uso" --> Iniciar.
<@> Marque a caixa: "YES, I accept the Terms of Use" --> Start.
<@> Aceite a instalação do ActiveX e,ao terminar,salve e poste o relatório. ( E:\Arquivos de programas\EsetOnlineScanner\log )
<@> Poste,também,HijackThis atualizado.
Abraços!
Vlw ae pela ajuda....
Mas eu fiz m***** nos dois sites q você me passou...
amanha vo colocar o do kaspersky pra rodar..
ai posto o log...
abrass!
Opa DigRam.
Valeu pelo suporte q você ta me dando...
eh... a análise do kaspersky nao tive tempo de faze-la nem a do outro site...
eu baixei e instalei aki no meu pc o Kaspersky Anti-Vírus
to rodando ele aki belezinha...
aprendendo a mexer ainda...
fiz o scan no "meu computador" (igual nakele online fraga?)
nao sei ainda como pegar o relatorio para postar aki...
eu passei ele ai encontrou 2 virus quando estava em 80% da scan...
ai do nada o pc reiniciou e quando loguei de novo acousou o virus e exclui os 2...
estou fazendo ainda a scan do sistema mais ja peguei o novo log do hijackthis pra você analisar....
e pq q na pasta do "hijackthis" tem dois executaveis la um inclusive com meu nome? "Felipe de Souza.exe"??
LoG:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:46:41, on 8/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Arquivos de programas\Google\Update\GoogleUpdate.exe
E:\WINDOWS\Explorer.EXE
E:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
E:\Arquivos de programas\Windows Live\Family Safety\fsssvc.exe
E:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
E:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe
E:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
E:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
E:\WINDOWS\system32\svchost.exe
E:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
E:\WINDOWS\system32\SearchIndexer.exe
E:\Arquivos de programas\BitTorrent\bittorrent.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
E:\WINDOWS\system32\SearchProtocolHost.exe
E:\Arquivos de programas\Mozilla Firefox 3.1 Beta 2\firefox.exe
E:\Hijack\Felipe de Souza.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.search.yahoo.com/search?fr=mcafee&p=%s
R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - E:\Arquivos de programas\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - E:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - E:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - e:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - E:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - E:\Arquivos de programas\Babylon\Babylon Toolbar\BabylonIEToolBar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - e:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - E:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "E:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [bitTorrent] "E:\Arquivos de programas\BitTorrent\bittorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1220945662-573735546-839522115-1003\..\Run: [bitTorrent] "E:\Arquivos de programas\BitTorrent\bittorrent.exe" (User '?')
O4 - HKUS\S-1-5-21-1220945662-573735546-839522115-1003\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-1220945662-573735546-839522115-1003 Startup: Ferramenta de Verificação de Mídia do Cyber-shot Viewer.lnk = E:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (User '?')
O4 - Startup: Ferramenta de Verificação de Mídia do Cyber-shot Viewer.lnk = E:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://E:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://E:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - E:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - E:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1228502599578
O16 - DPF: {A1D886C6-4039-4451-97A9-515F5BE5D4C2} (mkdplusCtrl Class) - https://secwebclinic.ahnlab.com/asp/cab/mkdplus.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - e:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - E:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Google Update Service (gupdate1c9a8d98cb40f30) (gupdate1c9a8d98cb40f30) - Google Inc. - E:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - E:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - E:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - E:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: NBService - Nero AG - E:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - E:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - E:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - E:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 10697 bytes
Bom Dia! Felipe7l
estou fazendo ainda a scan do sistema mais ja peguei o novo log do hijackthis pra você analisar....
<!> Como não há possibilidade de realizar o online,envie esse mesmo!
e pq q na pasta do "hijackthis" tem dois executaveis la um inclusive com meu nome? "Felipe de Souza.exe"??
<!> Com certeza,é um bug na ferramenta...aonde: E:\Hijack\Felipe de Souza.exe ou E:\Hijack\HijackThis.exe,são os mesmos executáveis. Caso queira,delete um deles.
Abraços!
Bom dia fi...
mais como eu pego o relatorio la do kav?
abrats!
Bom dia fi...mais como eu pego o relatorio la do kav?
abrats!
<><><><><><><><><><>
Opa! Felipe7l
<!> Ainda não estou à par,do Tutorial do KIS 2009,e voçê terá que recorrer às orientações do fabricante.
<!> Acesse: < http://downloads.kaspersky-labs.com/docs/p.../kis2009_pt.pdf >
Abraços!
Tópico Arquivado
Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.
Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.
Boa Noite! Felipe7l
<@> Baixe: < UsbFix.exe > ( ...par Chiquitine29 et Chimay8 )
<@> Salve-o no Desktop! --> Tire-o do zip!
<@> Desabilite,temporariamente,seus programas de proteção. <-- ( antivírus,antispyware e firewall )
<@> Para maiores detalhes,na instalação,siga as recomendações deste Tutorial. <-- Link
<@> Execute a ferramenta,com um duplo-clique em UsbFix.exe.
<@> Surgirá uma mensagem,pedindo que seja conectada sua(s) mídia(s) removíveis,ao computador. ( pendrive,mp3,mp4,iPods,etc... )
<@> Aceite a solicitação,e dê o Ok. --> À seguir clique,novamente,em Ok.
<@> O computador irá reiniciar. <-- Aguarde!
<@> Terminando,clique em "Continue" e aguarde a finalização da ferramenta.
<@> Ps: Não desconecte,ainda,sua(s) mídia(s) removíveis! <-- Importante!
<@> Surgirá a mensagem: "Nettoyage effectue" --> Aperte Enter.
<@> Poste o relatório,que estará em: C:\UsbFix.txt
Abraços!