[Resolvido!]Alguem analize meu log

[Daniel Couto 0]

por favor alguem pode analizar????? eu to achando meu pc muito lerdo!!!!!!! :thumbsup:

 

 

Logfile of HijackThis v1.99.1

Scan saved at 04:15:29, on 14/4/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

D:\DIVERSOS\PROGRAMAS\HijackThis.exe

 

O1 - Hosts: 66.98.148.65 auto.search.msn.com

O1 - Hosts: 66.98.148.65 auto.search.msn.es

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.1.3.19.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O8 - Extra context menu item: Download all links using BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Download all videos using BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Download link using &BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1175640150937

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{1FA97775-4782-4206-AB6D-C7533C0C97CD}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CCS\Services\Tcpip\..\{6137A17F-7829-42FD-A14C-606ED786864E}: NameServer = 200.204.0.10,200.204.0.138

O17 - HKLM\System\CS1\Services\Tcpip\..\{1FA97775-4782-4206-AB6D-C7533C0C97CD}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

[Sam Spade 2]

Olá Daniel Couto! Baixe > Hoster

 

Reinicie o PC e aperte F8 intermitentemente. No menu escolha: modo seguro.

 

Rode o Hoster e clique em Restore Microsoft's Hosts File.

 

Reinicie em modo normal, faça um scan com o HijackThis e salve o log.

 

Faça um scan on line com anti vírus: Symantec

 

Poste o resultado, juntamente com o log do HijackThis.

[Daniel Couto 0]

E ai cara valew por ajudar, eu fiz tudo q você pediu..............

 

no Symantec ele nao acho nada

 

 

ta ai o log:

 

Logfile of HijackThis v1.99.1

Scan saved at 13:28:02, on 15/4/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\wuauclt.exe

D:\DIVERSOS\PROGRAMAS\HijackThis.exe

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.1.3.19.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O8 - Extra context menu item: Download all links using BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Download all videos using BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Download link using &BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1175640150937

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{1FA97775-4782-4206-AB6D-C7533C0C97CD}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CCS\Services\Tcpip\..\{6137A17F-7829-42FD-A14C-606ED786864E}: NameServer = 200.204.0.10,200.204.0.138

O17 - HKLM\System\CS1\Services\Tcpip\..\{1FA97775-4782-4206-AB6D-C7533C0C97CD}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CS2\Services\Tcpip\..\{1FA97775-4782-4206-AB6D-C7533C0C97CD}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

[Sam Spade 2]

Bem, o log está limpo e o arquivo Hosts foi consertado, mas precisamos fazer mais um check pra ver se o malware que o alterou, foi removido anteriormente por algum programa de segurança ou ainda está no PC, através de um rootkit.

 

Baixe: F-Secure BlackLight > abra uma pasta própria em C:\ e salve nela.

 

Entre na pasta, dê um duplo-clique no ícone do BlackLight e faça um scan (mais nada, apenas o scan).

 

Será gerado um log que é um arquivo com este nome: fsb-seqüencia de números.log. Poste o mesmo.

[Daniel Couto 0]

opa e ai Sam Spade, eu baixei o F-Secure BlackLight mas quando executo nao aparece nada!!!!!!

[Sam Spade 2]

Olá, não aparece o log ou diz que não encontrou nada?

[Daniel Couto 0]

entao, eu executei o programa mas nao aparece nada........nada mesmo..........parece q nem executa o programa!

[Sam Spade 2]

Lá tem duas versões para baixar. A correta é esta: Download Blacklight Beta graphical user interface version Deve também aceitar o contrato com a F-Secure para que o programa funcione. Veja se consegue agora.

[Daniel Couto 0]

geralmente os contratos aparecem quando o programas sao executados........esse programa nem executa.........ou tem algum lugar nesse site para aceitar o contrato?????????????

[Daniel Couto 0]

olha eu achei aqui no site aceitei.............e deu na mesma

[Sam Spade 2]

Olá, é um programa que não dá problemas para rodar. Algo deve estar sendo feito errado para isso acontecer.Você deve abrir uma pasta própria, de preferência em C:\ e salvar a ferramenta nela. Só então, é que deve executá-la.

[Daniel Couto 0]

entao cara foi exatamente o q fiz......eu fiz tudo do jeito q você pediu.........realmente nao to entendendo o q ta acontecendo

[Sam Spade 2]

Bem, um malware que alterava o Hosts exatamente desta forma era o Look2Me:

 

O1 - Hosts: 66.98.148.65 auto.search.msn.com

O1 - Hosts: 66.98.148.65 auto.search.msn.es

Atualmente, não vejo mais casos em que faz isso, mas ele também retira os privilégios de administrador, o que é necessário para rodar o BlackLight.

 

Baixe: Look2Me-Destroyer > salve no desktop.

 

Salve ou imprima estas instruções, pois vai segui-las desconectado e sem acesso a esta página:

 

1 - Dê um duplo-clique no Look2Me-Destroyer.exe (todas as janelas e programas deverão estar fechados). Marque Run this program as a task e na mensagem de que o programa vai fechar e reabrir em alguns segundos, clique em OK.

 

2 - Quando abrir novamente, clique em Scan for L2M. Faz parte do processo, ícones e desktop desaparecerem. Ao final do scan, clique em Remove L2M. Na mensagem Done Scanning, clique em OK.

 

3- Aguarde até aparecer esta mensagem: Done removing infected files! Look2Me-Destroyer will now shutdown your computer e então clique em OK.

 

O computador irá desligar e precisará ligá-lo novamente.

 

4 - Poste o Look2Me-Destroyer.txt que encontrará no C:\

[Daniel Couto 0]

fiz exatamente tudo q você pediu.......... quero agradecer a ajuda e pedir desculpas pelo seu tempo perdido!!!!vlw mm kara.já saiu ou falta alguma coisa????tá ai o resultado do Look2Me-DestroyerLook2Me-Destroyer V1.0.12Scanning for infected files.....Scan started at 16/4/2007 21:44:05Attempting to delete infected files...Making registry repairs.Restoring Windows certificates.Replaced hosts file with default windows hosts fileRestoring SeDebugPrivilege for Administradores - Succeeded

[Sam Spade 2]

Ok, não foi o Look2Me, mas se algum malware retirou os privilégios de administrador, ele foi restaurado:

 

Restoring SeDebugPrivilege for Administradores - Succeeded

Veja se consegue agora rodar o BlackLight.

[Daniel Couto 0]

Não vai ainda!

[Daniel Couto 0]

cara akabei de passar o panda e dei issoIncident Status Location Hacktool:HackTool/Flood Not disinfected C:\Arquivos de programas\CyberScript32\sistema\dlls\nHTMLn.dll Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Daniel Couto\Cookies\daniel couto@de.uol.com[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Daniel Couto\Cookies\daniel couto@ig.com[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Daniel Couto\Cookies\daniel couto@terra.com[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Daniel Couto\Cookies\daniel couto@uol.com[2].txt

[Sam Spade 2]

Olá, não há nenhuma infecção neste resultado. A nHTMLn.dll é legítima e é um falso positivo do Panda. Veja aqui.

 

O resto são apenas cookies, pequenos documentos de texto que lhe identificam perante um site. Pelos nomes poderá ver:

 

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Daniel Couto\Cookies\daniel couto@ig.com[1].txt > cookie da ig

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Daniel Couto\Cookies\daniel couto@terra.com[1].txt > cookie do Terra

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Daniel Couto\Cookies\daniel couto@uol.com[2].txt > cookie da UOL

 

Bem, vamos ver com uma ferramenta que inclui um detector de rootkits.

 

Baixe: ComboFix > salve no desktop.

 

Feche todas as janelas e programas.

Dê um duplo-clique no combofix.exe e tecle "Y" para prosseguir o Fix.

Dura uma média de 10 minutos.

Se forem encontradas infecções, o ComboFix reiniciará o PC automaticamente

para completar o processo de remoção. Se isso não acontecer, reinicie manualmente.

 

Quando acabar, será gerado um log, C:\ComboFix.txt.

 

Atenção:

Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto

estiver rodando, pois senão irá parar e seu desktop ficará em branco.

Para parar ou sair do ComboFix sempre tecle "N".

 

Selecione, copie todo o conteúdo do ComboFix.txt e cole na sua próxima resposta.

[Daniel Couto 0]

dá isso no link q você passou 404 Not FoundThe requested URL '/sUBs/combofix.exe' was not found on this server. --------------------------------------------------------------------------------thttpd

[Daniel Couto 0]

consegui baixar de outro lugar..................................

vlw cara

 

ta ai

 

 

"Daniel Couto" - 07-04-17 23:53:34 Service Pack 2

ComboFix 07-04-18.V - Running from: C:\Documents and Settings\Daniel Couto\Desktop\

 

 

((((((((((((((((((((((((((((((( Files Created from 2007-03-17 to 2007-04-17 ))))))))))))))))))))))))))))))))))

 

 

2007-04-17 18:18 <DIR> d-------- C:\DOCUME~1\DANIEL~1\DADOSD~1\Corel

2007-04-17 17:59 <DIR> d-------- C:\WINDOWS\Corel

2007-04-17 17:58 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Corel

2007-04-17 17:56 <DIR> d-------- C:\Arquivos de programas\Corel

2007-04-16 23:00 <DIR> d-------- C:\WINDOWS\system32\ActiveScan

2007-04-16 13:32 <DIR> d-------- C:\F-Secure BlackLight

2007-04-14 04:19 532 --a------ C:\WINDOWS\eReg.dat

2007-04-13 21:21 <DIR> d-------- C:\DOCUME~1\DANIEL~1\DADOSD~1\Help

2007-04-13 16:45 <DIR> d-------- C:\DOCUME~1\DANIEL~1\DADOSD~1\Hamachi

2007-04-13 12:30 <DIR> d-------- C:\Arquivos de programas\directx

2007-04-13 12:29 <DIR> d--h----- C:\Arquivos de programas\InstallShield Installation Information

2007-04-11 22:08 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll

2007-04-11 22:08 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll

2007-04-11 22:08 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll

2007-04-11 22:08 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll

2007-04-11 22:08 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll

2007-04-11 22:08 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll

2007-04-11 22:08 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll

2007-04-11 22:08 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll

2007-04-11 22:08 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll

2007-04-11 21:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\nView_Profiles

2007-04-11 21:49 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe

2007-04-11 21:49 <DIR> d-------- C:\WINDOWS\nview

2007-04-11 21:48 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE

2007-04-11 21:48 <DIR> d-------- C:\Arquivos de programas\NVIDIA

2007-04-11 21:48 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\InstallShield

2007-04-10 01:21 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\DADOSD~1\TEMP

2007-04-10 00:52 <DIR> d-------- C:\WINDOWS\system32\appmgmt

2007-04-09 22:03 <DIR> d-------- C:\DOCUME~1\DANIEL~1\DADOSD~1\fretsonfire

2007-04-06 01:10 <DIR> d-------- C:\DOCUME~1\DANIEL~1\DADOSD~1\WholeSecurity

2007-04-05 19:45 <DIR> d-------- C:\DOCUME~1\DANIEL~1\DADOSD~1\uTorrent

2007-04-04 00:53 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll

2007-04-04 00:53 <DIR> d-------- C:\Arquivos de programas\EA GAMES

2007-04-04 00:04 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys

2007-04-03 23:43 <DIR> d-------- C:\WINDOWS\system32\Adobe

2007-04-03 23:43 <DIR> d-------- C:\WINDOWS\Profiles

2007-04-03 23:43 <DIR> d-------- C:\DOCUME~1\DANIEL~1\DADOSD~1\InterTrust

2007-04-03 23:43 <DIR> d-------- C:\DOCUME~1\DANIEL~1\DADOSD~1\Adobe

2007-04-03 23:43 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Adobe

2007-04-03 23:42 306,688 --a------ C:\WINDOWS\IsUninst.exe

2007-04-03 23:41 306,688 --a------ C:\WINDOWS\IsUn0804.exe

2007-04-03 23:35 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll

2007-04-03 23:35 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll

2007-04-03 23:34 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll

2007-04-03 23:34 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll

2007-04-03 23:34 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll

2007-04-03 23:34 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe

2007-04-03 23:34 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll

2007-04-03 23:34 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ahead

2007-04-03 23:34 <DIR> d-------- C:\Arquivos de programas\Ahead

2007-04-03 23:20 <DIR> d-------- C:\Arquivos de programas\Alcohol Soft

2007-04-03 23:19 <DIR> d-------- C:\Arquivos de programas\SystemRequirementsLab

2007-04-03 23:17 804,754 -ra------ C:\WINDOWS\system32\drivers\vpctcom.sys

2007-04-03 23:17 703,737 -ra------ C:\WINDOWS\system32\drivers\vmodem.sys

2007-04-03 23:17 70,384 -ra------ C:\WINDOWS\system32\drivers\vvoice.sys

2007-04-03 23:17 362,878 -ra------ C:\WINDOWS\system32\drivers\ptserial.sys

2007-04-03 23:17 180,224 -ra------ C:\WINDOWS\system32\pctspk.exe

2007-04-03 23:17 175,104 --a------ C:\WINDOWS\system32\csamsp.dll

2007-04-03 23:17 16,128 --a------ C:\WINDOWS\system32\drivers\MODEMCSA.sys

2007-04-03 23:17 159,744 -ra------ C:\WINDOWS\system32\ptsetup.dll

2007-04-03 23:17 131,072 -ra------ C:\WINDOWS\system32\ptuninst.exe

2007-04-03 23:17 1,536 --a------ C:\WINDOWS\system32\TrueSoft.dat

2007-04-03 23:17 0 --a------ C:\WINDOWS\system32\PTPTT.dat

2007-04-03 23:17 0 --a------ C:\WINDOWS\system32\PTHSP.dat

2007-04-03 23:15 9,410,048 -ra------ C:\WINDOWS\system32\RTLCPL.EXE

2007-04-03 23:15 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys

2007-04-03 23:15 77,824 -ra------ C:\WINDOWS\SOUNDMAN.EXE

2007-04-03 23:15 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys

2007-04-03 23:15 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys

2007-04-03 23:15 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys

2007-04-03 23:15 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys

2007-04-03 23:15 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys

2007-04-03 23:15 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys

2007-04-03 23:15 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2007-04-03 23:15 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys

2007-04-03 23:15 4,096 --a------ C:\WINDOWS\system32\ksuser.dll

2007-04-03 23:15 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys

2007-04-03 23:15 2,324,480 -ra------ C:\WINDOWS\system32\drivers\ALCXWDM.SYS

2007-04-03 23:15 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys

2007-04-03 23:15 156,672 -ra------ C:\WINDOWS\system32\RTLCPAPI.dll

2007-04-03 23:15 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys

2007-04-03 23:15 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys

2007-04-03 23:04 <DIR> d-------- C:\DOCUME~1\DANIEL~1\DADOSD~1\Media Player Classic

2007-04-03 23:03 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll

2007-04-03 23:03 73,728 --a------ C:\WINDOWS\system32\dpl100.dll

2007-04-03 23:03 639,066 --a------ C:\WINDOWS\system32\divx.dll

2007-04-03 23:03 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll

2007-04-03 23:03 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll

2007-04-03 23:03 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll

2007-04-03 23:03 196,608 --a------ C:\WINDOWS\system32\dtu100.dll

2007-04-03 23:03 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll

2007-04-03 23:03 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll

2007-04-03 23:03 1,565,480 --a------ C:\WINDOWS\system32\wmv9vcm.dll

2007-04-03 23:03 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll

2007-04-03 23:03 <DIR> d-------- C:\Arquivos de programas\K-Lite Codec Pack

2007-04-03 23:00 <DIR> d-------- C:\WINDOWS\RegisteredPackages

2007-04-03 22:48 <DIR> d-------- C:\WINDOWS\pss

2007-04-03 22:28 <DIR> d-------- C:\DOCUME~1\DANIEL~1\DADOSD~1\WinRAR

2007-04-03 22:25 <DIR> d-------- C:\DOCUME~1\DANIEL~1\Contacts

2007-04-03 22:24 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2007-04-03 22:24 <DIR> d-------- C:\Arquivos de programas\MSN Messenger

2007-04-03 22:15 <DIR> d-------- C:\Arquivos de programas\uTorrent

2007-04-03 22:13 <DIR> d-------- C:\Arquivos de programas\Soulseek-Test

2007-04-03 22:12 <DIR> d-------- C:\Arquivos de programas\eMule

2007-04-03 22:01 <DIR> d-------- C:\DOCUME~1\DANIEL~1\DADOSD~1\Google

2007-04-03 22:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Google

2007-04-03 22:01 <DIR> d-------- C:\Arquivos de programas\BitComet

2007-04-03 21:52 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2007-04-03 20:43 <DIR> d-------- C:\Arquivos de programas\Windows Media Connect 2

2007-04-03 20:42 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

2007-04-03 20:41 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups

2007-04-03 20:10 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll

2007-04-03 20:10 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll

2007-04-03 20:08 <DIR> d--hs---- C:\RECYCLER

2007-04-03 20:08 <DIR> d-------- C:\Arquivos de programas\CCleaner

2007-04-03 20:06 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL

2007-04-03 20:06 <DIR> d-------- C:\Arquivos de programas\SpywareBlaster

2007-04-03 19:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Spybot - Search & Destroy

2007-04-03 19:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Windows Genuine Advantage

2007-04-03 19:47 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe

2007-04-03 19:47 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2007-04-03 19:47 <DIR> d-------- C:\WINDOWS\system32\PreInstall

2007-04-03 19:46 611,328 --------- C:\WINDOWS\system32\_000010_.tmp.dll

2007-04-03 19:46 1,022,464 --------- C:\WINDOWS\system32\_000006_.tmp.dll

2007-04-03 19:43 18,200 --a------ C:\WINDOWS\system32\wups2.dll

2007-04-03 19:43 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution

2007-04-03 19:42 <DIR> d---s---- C:\DOCUME~1\DANIEL~1\UserData

2007-04-03 19:42 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2007-04-03 19:25 2,883,584 --ah----- C:\DOCUME~1\DANIEL~1\NTUSER.DAT

2007-04-03 19:25 <DIR> dr-h----- C:\DOCUME~1\DANIEL~1\Dados de aplicativos

2007-04-03 19:25 <DIR> dr------- C:\DOCUME~1\DANIEL~1\Meus documentos

2007-04-03 19:25 <DIR> dr------- C:\DOCUME~1\DANIEL~1\Menu Iniciar

2007-04-03 19:25 <DIR> dr------- C:\DOCUME~1\DANIEL~1\Favoritos

2007-04-03 19:25 <DIR> d--h----- C:\DOCUME~1\DANIEL~1\Modelos

2007-04-03 19:25 <DIR> d--h----- C:\DOCUME~1\DANIEL~1\Configura‡äes locais

2007-04-03 19:25 <DIR> d--h----- C:\DOCUME~1\DANIEL~1\Ambiente de rede

2007-04-03 19:25 <DIR> d--h----- C:\DOCUME~1\DANIEL~1\Ambiente de impressÆo

2007-04-03 19:24 786,432 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT

2007-04-03 19:24 <DIR> d--h----- C:\DOCUME~1\LOCALS~1\Configura‡äes locais

2007-04-03 19:24 <DIR> d-------- C:\WINDOWS\SoftwareDistribution

2007-04-03 19:24 <DIR> d-------- C:\WINDOWS\Prefetch

2007-04-03 19:24 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Dados de aplicativos

2007-04-03 19:23 786,432 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT

2007-04-03 19:23 <DIR> d--h----- C:\DOCUME~1\NETWOR~1\Configura‡äes locais

2007-04-03 19:23 <DIR> d-------- C:\DOCUME~1\NETWOR~1\Dados de aplicativos

2007-04-03 19:20 229,376 ---h----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT

2007-04-03 19:20 112,128 --a------ C:\WINDOWS\system32\mapi32.dll

2007-04-03 19:20 0 -rahs---- C:\MSDOS.SYS

2007-04-03 19:20 0 -rahs---- C:\IO.SYS

2007-04-03 19:20 0 --a------ C:\CONFIG.SYS

2007-04-03 19:20 0 --a------ C:\AUTOEXEC.BAT

2007-04-03 19:20 <DIR> d-------- C:\WINDOWS\system32\xircom

2007-04-03 19:20 <DIR> d-------- C:\Arquivos de programas\microsoft frontpage

2007-04-03 19:19 <DIR> dr------- C:\WINDOWS\Offline Web Pages

2007-04-03 19:19 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM

2007-04-03 19:19 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files

2007-04-03 19:18 11,264 --a------ C:\WINDOWS\system32\atrace.dll

2007-04-03 19:18 <DIR> d--h----- C:\Arquivos de programas\WindowsUpdate

2007-04-03 19:18 <DIR> d-------- C:\WINDOWS\system32\DirectX

2007-04-03 19:18 <DIR> d-------- C:\Arquivos de programas\Servi‡os on-line

2007-04-03 19:17 86,016 --a------ C:\WINDOWS\system32\isign32.dll

2007-04-03 19:17 81,920 --a------ C:\WINDOWS\system32\ils.dll

2007-04-03 19:17 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll

2007-04-03 19:17 73,728 --a------ C:\WINDOWS\system32\icwdial.dll

2007-04-03 19:17 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys

2007-04-03 19:17 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll

2007-04-03 19:17 69,632 --a------ C:\WINDOWS\system32\msconf.dll

2007-04-03 19:17 68,096 --a------ C:\WINDOWS\system32\acctres.dll

2007-04-03 19:17 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll

2007-04-03 19:17 67,584 --a------ C:\WINDOWS\system32\srclient.dll

2007-04-03 19:17 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll

2007-04-03 19:17 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll

2007-04-03 19:17 49,664 --a------ C:\WINDOWS\system32\inetres.dll

2007-04-03 19:17 466,200 --a------ C:\WINDOWS\system32\wuapi.dll

2007-04-03 19:17 45,568 --a------ C:\WINDOWS\system32\safrslv.dll

2007-04-03 19:17 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll

2007-04-03 19:17 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll

2007-04-03 19:17 41,240 --a------ C:\WINDOWS\system32\wups.dll

2007-04-03 19:17 382,464 --a------ C:\WINDOWS\system32\qmgr.dll

2007-04-03 19:17 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll

2007-04-03 19:17 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe

2007-04-03 19:17 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll

2007-04-03 19:17 29,696 --a------ C:\WINDOWS\system32\safrdm.dll

2007-04-03 19:17 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll

2007-04-03 19:17 278,528 --a------ C:\WINDOWS\system32\mstask.dll

2007-04-03 19:17 278,528 --a------ C:\WINDOWS\system32\inetcfg.dll

2007-04-03 19:17 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll

2007-04-03 19:17 240,640 --a------ C:\WINDOWS\system32\srrstr.dll

2007-04-03 19:17 23,040 --a------ C:\WINDOWS\system32\fltmc.exe

2007-04-03 19:17 194,840 --a------ C:\WINDOWS\system32\wuaueng1.dll

2007-04-03 19:17 192,000 --a------ C:\WINDOWS\system32\schedsvc.dll

2007-04-03 19:17 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll

2007-04-03 19:17 174,872 --a------ C:\WINDOWS\system32\wuauclt1.exe

2007-04-03 19:17 173,536 --a------ C:\WINDOWS\system32\wuweb.dll

2007-04-03 19:17 171,008 --a------ C:\WINDOWS\system32\srsvc.dll

2007-04-03 19:17 16,896 --a------ C:\WINDOWS\system32\fltlib.dll

2007-04-03 19:17 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll

2007-04-03 19:17 128,896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys

2007-04-03 19:17 127,768 --a------ C:\WINDOWS\system32\wucltui.dll

2007-04-03 19:17 125,208 --a------ C:\WINDOWS\system32\wuauclt.exe

2007-04-03 19:17 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll

2007-04-03 19:17 12,288 --a------ C:\WINDOWS\system32\mstinit.exe

2007-04-03 19:17 105,984 --a------ C:\WINDOWS\system32\msoert2.dll

2007-04-03 19:17 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll

2007-04-03 19:17 <DIR> d---s---- C:\WINDOWS\Tasks

2007-04-03 19:17 <DIR> d-------- C:\WINDOWS\system32\Restore

2007-04-03 19:17 <DIR> d-------- C:\WINDOWS\system32\Macromed

2007-04-03 19:17 <DIR> d-------- C:\WINDOWS\srchasst

2007-04-03 19:17 <DIR> d-------- C:\Arquivos de programas\Movie Maker

2007-04-03 19:17 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Servi‡os

2007-04-03 19:17 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\MSSoap

2007-04-03 19:16 21,844 --a------ C:\WINDOWS\system32\emptyregdb.dat

2007-04-03 19:16 <DIR> d-------- C:\WINDOWS\Registration

2007-04-03 19:16 <DIR> d-------- C:\Arquivos de programas\Messenger

2007-04-03 19:15 97,792 --a------ C:\WINDOWS\system32\comrepl.dll

2007-04-03 19:15 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll

2007-04-03 19:15 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll

2007-04-03 19:15 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll

2007-04-03 19:15 9,728 --a------ C:\WINDOWS\system32\reset.exe

2007-04-03 19:15 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll

2007-04-03 19:15 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll

2007-04-03 19:15 80,896 --a------ C:\WINDOWS\system32\charmap.exe

2007-04-03 19:15 73,216 --a------ C:\WINDOWS\system32\avwav.dll

2007-04-03 19:15 67,072 --a------ C:\WINDOWS\system32\rdshost.exe

2007-04-03 19:15 655,360 --a------ C:\WINDOWS\system32\mstscax.dll

2007-04-03 19:15 640,512 --a------ C:\WINDOWS\system32\getuname.dll

2007-04-03 19:15 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll

2007-04-03 19:15 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe

2007-04-03 19:15 61,440 --a------ C:\WINDOWS\system32\remotepg.dll

2007-04-03 19:15 60,416 --a------ C:\WINDOWS\system32\colbact.dll

2007-04-03 19:15 6,144 --a------ C:\WINDOWS\system32\msdtc.exe

2007-04-03 19:15 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll

2007-04-03 19:15 58,880 --a------ C:\WINDOWS\system32\licwmi.dll

2007-04-03 19:15 57,344 --a------ C:\WINDOWS\system32\sol.exe

2007-04-03 19:15 56,320 --a------ C:\WINDOWS\system32\servdeps.dll

2007-04-03 19:15 55,808 --a------ C:\WINDOWS\system32\freecell.exe

2007-04-03 19:15 540,160 --a------ C:\WINDOWS\system32\comuid.dll

2007-04-03 19:15 54,272 --a------ C:\WINDOWS\system32\stclient.dll

2007-04-03 19:15 539,136 --a------ C:\WINDOWS\system32\spider.exe

2007-04-03 19:15 5,632 --a------ C:\WINDOWS\system32\write.exe

2007-04-03 19:15 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe

2007-04-03 19:15 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll

2007-04-03 19:15 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe

2007-04-03 19:15 44,544 --a------ C:\WINDOWS\system32\hticons.dll

2007-04-03 19:15 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll

2007-04-03 19:15 409,088 --a------ C:\WINDOWS\system32\mstsc.exe

2007-04-03 19:15 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys

2007-04-03 19:15 4,608 --a------ C:\WINDOWS\system32\rdpcfgex.dll

2007-04-03 19:15 4,096 --a------ C:\WINDOWS\system32\mtxex.dll

2007-04-03 19:15 39,424 --a------ C:\WINDOWS\system32\cfgbkend.dll

2007-04-03 19:15 352,768 --a------ C:\WINDOWS\system32\hypertrm.dll

2007-04-03 19:15 35,328 --a------ C:\WINDOWS\system32\winchat.exe

2007-04-03 19:15 345,600 --a------ C:\WINDOWS\system32\mspaint.exe

2007-04-03 19:15 33,792 --a------ C:\WINDOWS\system32\regini.exe

2007-04-03 19:15 296,960 --a------ C:\WINDOWS\system32\termsrv.dll

2007-04-03 19:15 25,600 --a------ C:\WINDOWS\system32\comaddin.dll

2007-04-03 19:15 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll

2007-04-03 19:15 231,424 --a------ C:\WINDOWS\system32\avtapi.dll

2007-04-03 19:15 225,792 --a------ C:\WINDOWS\system32\catsrv.dll

2007-04-03 19:15 22,528 --a------ C:\WINDOWS\system32\qwinsta.exe

2007-04-03 19:15 22,016 --a------ C:\WINDOWS\system32\msg.exe

2007-04-03 19:15 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys

2007-04-03 19:15 20,480 --a------ C:\WINDOWS\system32\qprocess.exe

2007-04-03 19:15 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll

2007-04-03 19:15 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys

2007-04-03 19:15 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll

2007-04-03 19:15 188,928 --a------ C:\WINDOWS\system32\cmprops.dll

2007-04-03 19:15 187,904 --a------ C:\WINDOWS\system32\accwiz.exe

2007-04-03 19:15 17,920 --a------ C:\WINDOWS\system32\mmfutil.dll

2007-04-03 19:15 17,408 --a------ C:\WINDOWS\system32\tsshutdn.exe

2007-04-03 19:15 17,408 --a------ C:\WINDOWS\system32\qappsrv.exe

2007-04-03 19:15 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll

2007-04-03 19:15 16,384 --a------ C:\WINDOWS\system32\tskill.exe

2007-04-03 19:15 16,384 --a------ C:\WINDOWS\system32\rwinsta.exe

2007-04-03 19:15 16,384 --a------ C:\WINDOWS\system32\avmeter.dll

2007-04-03 19:15 15,872 --a------ C:\WINDOWS\system32\logoff.exe

2007-04-03 19:15 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll

2007-04-03 19:15 15,360 --a------ C:\WINDOWS\system32\tsdiscon.exe

2007-04-03 19:15 15,360 --a------ C:\WINDOWS\system32\tscon.exe

2007-04-03 19:15 15,360 --a------ C:\WINDOWS\system32\shadow.exe

2007-04-03 19:15 147,968 --a------ C:\WINDOWS\system32\rdchost.dll

2007-04-03 19:15 147,456 --a------ C:\WINDOWS\system32\comsnap.dll

2007-04-03 19:15 142,336 --a------ C:\WINDOWS\system32\sessmgr.exe

2007-04-03 19:15 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys

2007-04-03 19:15 139,264 --a------ C:\WINDOWS\system32\sndvol32.exe

2007-04-03 19:15 132,608 --a------ C:\WINDOWS\system32\sndrec32.exe

2007-04-03 19:15 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe

2007-04-03 19:15 128,000 --a------ C:\WINDOWS\system32\mshearts.exe

2007-04-03 19:15 124,416 --a------ C:\WINDOWS\system32\mplay32.exe

2007-04-03 19:15 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys

2007-04-03 19:15 119,808 --a------ C:\WINDOWS\system32\winmine.exe

2007-04-03 19:15 115,200 --a------ C:\WINDOWS\system32\calc.exe

2007-04-03 19:15 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll

2007-04-03 19:15 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll

2007-04-03 19:15 11,264 --a------ C:\WINDOWS\system32\icaapi.dll

2007-04-03 19:15 104,960 --a------ C:\WINDOWS\system32\clipbrd.exe

2007-04-03 19:15 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll

2007-04-03 19:15 1,221 --a------ C:\WINDOWS\system32\usrlogon.cmd

2007-04-03 19:15 <DIR> d-------- C:\WINDOWS\system32\MsDtc

2007-04-03 19:15 <DIR> d-------- C:\WINDOWS\system32\Com

2007-04-03 19:15 <DIR> d-------- C:\Arquivos de programas\Windows NT

2007-04-03 19:15 <DIR> d-------- C:\Arquivos de programas\MSN Gaming Zone

2007-04-03 16:07 57,984 --a------ C:\WINDOWS\system32\drivers\redbook.sys

2007-04-03 16:07 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys

2007-04-03 16:06 76,288 --a------ C:\WINDOWS\system32\usbui.dll

2007-04-03 16:06 44,672 --a------ C:\WINDOWS\system32\drivers\UAGP35.SYS

2007-04-03 16:06 4,527,488 --a------ C:\WINDOWS\system32\nv4_disp.dll

2007-04-03 16:06 3,994,624 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys

2007-04-03 16:06 27,165 --a------ C:\WINDOWS\system32\drivers\fetnd5.sys

2007-04-03 16:05 9,072 --a------ C:\WINDOWS\system\VER.DLL

2007-04-03 16:05 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll

2007-04-03 16:05 83,456 --a------ C:\WINDOWS\system\OLECLI.DLL

2007-04-03 16:05 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll

2007-04-03 16:05 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll

2007-04-03 16:05 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll

2007-04-03 16:05 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll

2007-04-03 16:05 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll

2007-04-03 16:05 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll

2007-04-03 16:05 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll

2007-04-03 16:05 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll

2007-04-03 16:05 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll

2007-04-03 16:05 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll

2007-04-03 16:05 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll

2007-04-03 16:05 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL

2007-04-03 16:05 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll

2007-04-03 16:05 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll

2007-04-03 16:05 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll

2007-04-03 16:05 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll

2007-04-03 16:05 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll

2007-04-03 16:05 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll

2007-04-03 16:05 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll

2007-04-03 16:05 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll

2007-04-03 16:05 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll

2007-04-03 16:05 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll

2007-04-03 16:05 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll

2007-04-03 16:05 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll

2007-04-03 16:05 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll

2007-04-03 16:05 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll

2007-04-03 16:05 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll

2007-04-03 16:05 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll

2007-04-03 16:05 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll

2007-04-03 16:05 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll

2007-04-03 16:05 5,120 --a------ C:\WINDOWS\system\SHELL.DLL

2007-04-03 16:05 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll

2007-04-03 16:05 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL

2007-04-03 16:05 19,200 --a------ C:\WINDOWS\system\TAPI.DLL

2007-04-03 16:05 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll

2007-04-03 16:05 13,312 --a------ C:\WINDOWS\system32\irclass.dll

2007-04-03 16:05 127,120 --a------ C:\WINDOWS\system\MSVIDEO.DLL

2007-04-03 16:05 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll

2007-04-03 16:05 <DIR> dr------- C:\Arquivos de programas

2007-04-03 16:05 <DIR> d--hs---- C:\WINDOWS\Installer

2007-04-03 16:05 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\SpeechEngines

2007-04-03 16:05 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\ODBC

2007-04-03 16:04 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL

2007-04-03 16:04 8,704 --a------ C:\WINDOWS\system32\batt.dll

2007-04-03 16:04 75,776 --a------ C:\WINDOWS\system32\storprop.dll

2007-04-03 16:04 70,144 --a------ C:\WINDOWS\system\AVICAP.DLL

2007-04-03 16:04 70,144 --a------ C:\WINDOWS\NOTEPAD.EXE

2007-04-03 16:04 70,080 --a------ C:\WINDOWS\system\MMSYSTEM.DLL

2007-04-03 16:04 33,504 --a------ C:\WINDOWS\system\COMMDLG.DLL

2007-04-03 16:04 15,360 --a------ C:\WINDOWS\TASKMAN.EXE

2007-04-03 16:04 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys

2007-04-03 16:04 109,536 --a------ C:\WINDOWS\system\AVIFILE.DLL

2007-04-03 16:04 <DIR> dr-h----- C:\DOCUME~1\DEFAUL~1\Dados de aplicativos

2007-04-03 16:04 <DIR> dr-h----- C:\DOCUME~1\DEFAUL~1\Configura‡äes locais

2007-04-03 16:04 <DIR> dr-h----- C:\DOCUME~1\ALLUSE~1\Dados de aplicativos

2007-04-03 16:04 <DIR> dr------- C:\DOCUME~1\DEFAUL~1\Menu Iniciar

2007-04-03 16:04 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Menu Iniciar

2007-04-03 16:04 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documentos

2007-04-03 16:04 <DIR> d--h----- C:\DOCUME~1\DEFAUL~1\Modelos

2007-04-03 16:04 <DIR> d--h----- C:\DOCUME~1\DEFAUL~1\Ambiente de rede

2007-04-03 16:04 <DIR> d--h----- C:\DOCUME~1\DEFAUL~1\Ambiente de impressÆo

2007-04-03 16:04 <DIR> d--h----- C:\DOCUME~1\ALLUSE~1\Modelos

2007-04-03 16:04 <DIR> d-------- C:\WINDOWS\system32\CatRoot2

2007-04-03 16:04 <DIR> d-------- C:\WINDOWS\system32\CatRoot

2007-04-03 16:04 <DIR> d-------- C:\Documents and Settings

2007-04-03 16:04 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Meus documentos

2007-04-03 16:04 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Favoritos

2007-04-03 16:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Favoritos

2007-04-03 16:02 <DIR> d--hs---- C:\System Volume Information

2007-04-03 15:58 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache

2007-04-03 15:58 <DIR> dr--s---- C:\WINDOWS\Fonts

2007-04-03 15:58 <DIR> dr------- C:\WINDOWS\Web

2007-04-03 15:58 <DIR> d--h----- C:\WINDOWS\inf

2007-04-03 15:58 <DIR> d-------- C:\WINDOWS\WinSxS

2007-04-03 15:58 <DIR> d-------- C:\WINDOWS\twain_32

2007-04-03 15:58 <DIR> d-------- C:\WINDOWS\system32\wins

2007-04-03 15:58 <DIR> d-------- C:\WINDOWS\system32\wbem

2007-04-03 15:58 <DIR> d-------- C:\WINDOWS\system32\usmt

2007-04-03 15:58 <DIR> d-------- C:\WINDOWS\system32\spool

2007-04-03 15:58 <DIR> d-------- C:\WINDOWS\system32\ShellExt

2007-04-03 15:58 <DIR> d-------- C:\WINDOWS\system32\Setup

2007-04-03 15:58 <DIR> d-------- C:\WINDOWS\system32\ras

2007-04-03 15:58 <DIR> d-------- C:\WINDOWS\system32\oobe

2007-04-03 15:58 <DIR> d-------- C:\WINDOWS\system32\npp

2007-04-03 15:58 <DIR> d-------- C:\WINDOWS\system32\mui

2007-04-03 15:58 <DIR> d-------- C:\WINDOWS\system32\inetsrv

2007-04-03 15:58 <DIR> d-------- C:\WINDOWS\system32\IME

2007-04-03 15:58 <DIR> d-------- C:\WINDOWS\system32\icsxml

2007-04-03 15:58 <DIR> d-------- C:\WINDOWS\system32\ias

2007-04-03 15:58 <DIR> d-------- C:\WINDOWS\system32\export

2007-04-03 15:58 <DIR> d-------- C:\WINDOWS\system32\drivers\etc

2007-04-03 15:58 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn

2007-04-03 15:58 <DIR> d-------- C:\WINDOWS\system32\drivers

2007-04-03 15:58 <DIR> d-------- C:\WINDOWS\system32\dhcp

2007-04-03 15:58 <DIR> d-------- C:\WINDOWS\system32\config

2007-04-03 15:58 <DIR> d-------- C:\WINDOWS\system32\3com_dmi

2007-04-03 15:58 <DIR> d-------- C:\WINDOWS\system32\3076

2007-04-03 15:58 <DIR> d-------- C:\WINDOWS\system32\2052

2007-04-03 15:58 <DIR> d-------- C:\WINDOWS\system32\1054

2007-04-03 15:58 <DIR> d-------- C:\WINDOWS\system32\1046

2007-04-03 15:58 <DIR> d-------- C:\WINDOWS\system32\1042

2007-04-03 15:58 <DIR> d-------- C:\WINDOWS\system32\1041

2007-04-03 15:58 <DIR> d-------- C:\WINDOWS\system32\1037

2007-04-03 15:58 <DIR> d-------- C:\WINDOWS\system32\1033

2007-04-03 15:58 <DIR> d-------- C:\WINDOWS\system32\1031

2007-04-03 15:58 <DIR> d-------- C:\WINDOWS\system32\1028

2007-04-03 15:58 <DIR> d-------- C:\WINDOWS\system32\1025

2007-04-03 15:58 <DIR> d-------- C:\WINDOWS\system32

2007-04-03 15:58 <DIR> d-------- C:\WINDOWS\system

2007-04-03 15:58 <DIR> d-------- C:\WINDOWS\security

2007-04-03 15:58 <DIR> d-------- C:\WINDOWS\Resources

2007-04-03 15:58 <DIR> d-------- C:\WINDOWS\repair

2007-04-03 15:58 <DIR> d-------- C:\WINDOWS\Provisioning

2007-04-03 15:58 <DIR> d-------- C:\WINDOWS\PeerNet

2007-04-03 15:58 <DIR> d-------- C:\WINDOWS\pchealth

2007-04-03 15:58 <DIR> d-------- C:\WINDOWS\mui

2007-04-03 15:58 <DIR> d-------- C:\WINDOWS\msapps

2007-04-03 15:58 <DIR> d-------- C:\WINDOWS\msagent

2007-04-03 15:58 <DIR> d-------- C:\WINDOWS\Media

2007-04-03 15:58 <DIR> d-------- C:\WINDOWS\java

2007-04-03 15:58 <DIR> d-------- C:\WINDOWS\ime

2007-04-03 15:58 <DIR> d-------- C:\WINDOWS\Help

2007-04-03 15:58 <DIR> d-------- C:\WINDOWS\ehome

2007-04-03 15:58 <DIR> d-------- C:\WINDOWS\Driver Cache

2007-04-03 15:58 <DIR> d-------- C:\WINDOWS\Debug

2007-04-03 15:58 <DIR> d-------- C:\WINDOWS\Cursors

2007-04-03 15:58 <DIR> d-------- C:\WINDOWS\Connection Wizard

2007-04-03 15:58 <DIR> d-------- C:\WINDOWS\Config

2007-04-03 15:58 <DIR> d-------- C:\WINDOWS\AppPatch

2007-04-03 15:58 <DIR> d-------- C:\WINDOWS\addins

2007-04-03 15:58 <DIR> d-------- C:\WINDOWS

 

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

2007-04-14 04:22 12400 --a------ C:\WINDOWS\system32\drivers\secdrv.sys

2007-04-11 20:34 48846 --a------ C:\WINDOWS\system32\perfc016.dat

2007-04-11 20:34 344734 --a------ C:\WINDOWS\system32\perfh016.dat

2007-04-03 22:05 2560 --a------ C:\WINDOWS\system32\bitcometres.dll

2007-04-03 16:04 62 --ahs---- C:\DOCUME~1\DANIEL~1\DADOSD~1\desktop.ini

2007-03-17 10:44 293376 --a------ C:\WINDOWS\system32\winsrv.dll

2007-03-08 12:36 578048 --a------ C:\WINDOWS\system32\user32.dll

2007-03-08 12:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll

2007-03-08 12:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll

2007-03-08 12:33 1843712 --a------ C:\WINDOWS\system32\win32k.sys

2007-02-05 17:18 185344 --a------ C:\WINDOWS\system32\upnphost.dll

2007-01-19 12:53 51056 --a------ C:\WINDOWS\system32\sirenacm.dll

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.1.3.19.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"AVG7_CC"="C:\\ARQUIV~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"

"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"

"nwiz"="nwiz.exe /install"

"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"

 

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa

Authentication Packages REG_MULTI_SZ msv1_0\

Security Packages REG_MULTI_SZ kerberosmsv1_0schannelwdigest\

Notification Packages REG_MULTI_SZ scecli\

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"hkey"="HKLM"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="MsnMsgr"

"hkey"="HKCU"

"command"="\"C:\\Arquivos de programas\\MSN Messenger\\MsnMsgr.Exe\" /background"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="NeroCheck"

"hkey"="HKLM"

"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVOICE]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="pctspk"

"hkey"="HKLM"

"command"="pctspk.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="SOUNDMAN"

"hkey"="HKLM"

"command"="SOUNDMAN.EXE"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="jusched"

"hkey"="HKLM"

"command"="\"C:\\Arquivos de programas\\Java\\jre1.6.0_01\\bin\\jusched.exe\""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]

HTTPFilter REG_MULTI_SZ HTTPFilter\

LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\

NetworkService REG_MULTI_SZ DnsCache\

DcomLaunch REG_MULTI_SZ DcomLaunchTermService\

rpcss REG_MULTI_SZ RpcSs\

imgsvc REG_MULTI_SZ StiSvc\

termsvcs REG_MULTI_SZ TermService\

WudfServiceGroup REG_MULTI_SZ WUDFSvc\

 

 

 

 

~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

 

backup-20070417-030745-949

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

backup-20070417-030745-175

O9 - Extra button: (no name) - AutorunsDisabled - (no file)

backup-20070417-030745-258

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

 

Contents of the 'Scheduled Tasks' folder

C:\WINDOWS\tasks\At1.job

 

********************************************************************

 

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006

http://www.gmer.net

 

scanning hidden processes ...

 

scanning hidden services ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

********************************************************************

 

Completion time: 07-04-17 23:54:59

C:\ComboFix-quarantined-files.txt ... 07-04-17 23:54

 

 

 

 

 

 

 

 

 

criou um arquivo ComboFix-quarantined-files.txt tbm o

 

Listagem de caminhos de pastaO n£mero de s‚rie do volume ‚ 2411-FCF2C:\QOOBOX\---Quarantine	\---Registry_backups