Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Paulo André

[Arquivado] Vírus em MP3 Player

Por , em Tópicos Arquivados (Seguranca & Malwares)

Recommended Posts

Paulo André    0

Paulo André
Postado

Estou com um MP3 de uma amiga ai sempre que ele é inserido no computador, além do disco removível ele cria uma outra unidade (AMT_CDROM) e cria também um diretório em Programs File/AMT e acontece como se tivesse sido instalado este programa pois depois ele pede para reiniciar o Windows. Mas antes disto o Avast! reclama de vírus.

 

Tem como remover vírus de MP3?

 

[]'s

Compartilhar este post

Link para o post
Compartilhar em outros sites

Mário Monteiro    179

Mário Monteiro
Postado

seria como um virus em Pen Drive

 

post um log conforme este topico http://forum.imasters.com.br/index.php?showtopic=165906

Compartilhar este post

Link para o post
Compartilhar em outros sites

Paulo André    0

Paulo André
Postado

Certo, se o vírus é no pen drive, teria que analisar o pen drive e não o computador, não?

 

Logfile of HijackThis v1.99.1Scan saved at 01:11, on 2008-12-29Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Running processes:C:\windows\System32\smss.exeC:\windows\system32\winlogon.exeC:\windows\system32\services.exeC:\windows\system32\lsass.exeC:\windows\system32\svchost.exeC:\windows\System32\svchost.exeC:\ARQUIV~1\GbPlugin\GbpSv.exeC:\windows\system32\spoolsv.exeC:\windows\Explorer.EXEC:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\httpd.exeC:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Arquivos de programas\Bonjour\mDNSResponder.exeC:\Arquivos de programas\cvsnt\cvsservice.exeC:\Arquivos de programas\cvsnt\cvslock.exeC:\Arquivos de programas\Analog Devices\Core\smax4pnp.exeC:\ARQUIV~1\MICROS~3\MSSQL\binn\sqlservr.exeC:\Arquivos de programas\Google\Google Talk\googletalk.exeC:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exeC:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exeC:\windows\Mixer.exeC:\windows\system32\RUNDLL32.EXEC:\Arquivos de programas\iTunes\iTunesHelper.exeC:\windows\system32\ctfmon.exeC:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exeC:\Documents and Settings\Paulo Rodrigues\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exeC:\Arquivos de programas\DAEMON Tools Lite\daemon.exeC:\windows\system32\nvsvc32.exec:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exeC:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exeC:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exeC:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exeC:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\httpd.exeC:\Arquivos de programas\iPod\bin\iPodService.exeC:\Arquivos de programas\Windows Live\Messenger\usnsvc.exeC:\Arquivos de programas\Mozilla Firefox\firefox.exeC:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exeC:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exeC:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exeC:\Arquivos de programas\MySQL\MySQL Server 5.1\bin\mysqld.exeC:\windows\system32\svchost.exeC:\Arquivos de programas\Adobe\Reader 8.0\Reader\AcroRd32.exec:\arquivos de programas\avira\antivir personaledition classic\avcenter.exeC:\windows\system32\wscntfy.exeC:\Documents and Settings\Paulo Rodrigues\Desktop\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet ExplorerR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localO2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dllO2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dllO4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exeO4 - HKLM\..\Run: [SoundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exeO4 - HKLM\..\Run: [SoundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /trayO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostartO4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"O4 - HKLM\..\Run: [VaCtrl] C:\Arquivos de programas\VoiceAge\Common\VaCtrl.exeO4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe"  -osbootO4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startupO4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exeO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [AppleSyncNotifier] C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /minO4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exeO4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /backgroundO4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Paulo Rodrigues\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /cO4 - HKCU\..\Run: [Skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorunO4 - Global Startup: Monitor Apache Servers.lnk = C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exeO4 - Global Startup: Service Manager.lnk = C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exeO8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dllO11 - Options group: [INTERNATIONAL] International*O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.aspO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLLO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLLO20 - Winlogon Notify:  GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dllO20 - Winlogon Notify: WgaLogon - C:\windows\SYSTEM32\WgaLogon.dllO23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exeO23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exeO23 - Service: Apache2 - Unknown owner - C:\Arquivos de programas\Apache Group\Apache2\bin\Apache.exe" -k runservice (file missing)O23 - Service: Apache2.2 - Unknown owner - C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\httpd.exe" -k runservice (file missing)O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exeO23 - Service: CVSNT (CVS) - GNU - C:\Arquivos de programas\cvsnt\cvsservice.exeO23 - Service: CVSNT Locking Service (CVSLock) - Unknown owner - C:\Arquivos de programas\cvsnt\cvslock.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exeO23 - Service: MySQL5 - Unknown owner - C:\Arquivos.exe (file missing)O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exeO23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exeO23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exeO23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

Compartilhar este post

Link para o post
Compartilhar em outros sites

Mário Monteiro    179

Mário Monteiro
Postado

analise será feita sempre com o pen plugado

 

aguarde agora um analista

 

e sempre gere estes logs com o pen supostamente infectado na maquina

Compartilhar este post

Link para o post
Compartilhar em outros sites

MGuitar    11

MGuitar
Postado

- Faça o download do USBFix e salve-o no desktop (área de trabalho):

 

● Desative temporariamente seu antivírus;

● Dê um duplo clique no ícone do programa e instale-o clicando em (Suivant > Aceite o contrato > Suivant > Suivant > Démarrer > Quitter);

● Dê um duplo clique no ícone do USBFix criado no desktop para executá-lo;

● Insira seu MP3 na porta USB do PC e clique OK na mensagem;

● Tecle 1, pressione Enter e siga as instruções que aparecer. Seu computador será reiniciado, aguarde e espere-o reiniciar;

O PC será reiniciado. Mantenha o MP3 no local. Não remova!

● Quando seu computador estiver reiniciando aparecerá uma tela azul dizendo que a verificação está sendo feita;

● Ao reiniciar o PC a ferramenta será executada automaticamente. Apenas aguarde a conclusão;

● Ao receber a mensagem "Nettoyage effectue!", tecle ENTER

● Será aberto o log no bloco de notas automaticamente. O log também estará em C:\UsbFix.txt.

 

OBS: Se após reiniciar o desktop ficar somente com o plano de fundo, sem ícones e barras, tecle Ctrl + Alt + Delete para rodar o gerenciador de tarefas. Clique em Arquivo > Executar nova tarefa, digite: explorer.exe e dê um OK.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Paulo André    0

Paulo André
Postado

Acho que não funcionou... segue o log gerado:

 

-------------- UsbFix V2.413.9 ---------------* User : Paulo Rodrigues - C3PO* Outils mis a jours le 05/01/2009 par Chiquitine29 et Chimay8* Recherche effectuée à 15:55:19 le 2009-01-05* Windows Xp - Internet Explorer 7.0.5730.13     --------------- [ Processus actifs ] ----------------      C:\windows\System32\smss.exeC:\windows\system32\csrss.exeC:\windows\system32\winlogon.exeC:\windows\system32\services.exeC:\windows\system32\lsass.exeC:\windows\system32\svchost.exeC:\windows\system32\svchost.exeC:\windows\System32\svchost.exeC:\windows\system32\svchost.exeC:\windows\system32\svchost.exeC:\windows\system32\logonui.exeC:\ARQUIV~1\GbPlugin\GbpSv.exeC:\windows\system32\spoolsv.exeC:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exeC:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avwsc.exeC:\windows\system32\userinit.exeC:\windows\system32\WgaTray.exeC:\windows\Explorer.EXE  --------------- [ Informations lecteurs ] ----------------     C: - Unidade de disco fixoG: - Unidade de CD-ROMM: - Unidade de disco remov¡vel +- Contenu de l'autorun : G:\autorun.inf  [autorun]open=start.exe--------------- [ Lecteur C ] ---------------- C: - Unidade de disco fixo+- Listing des fichiers présents :[2004-08-03 23:38][-rahs----] C:\NTDETECT.COM   [2009-01-05 15:55][--a------] C:\UsbFix.txt   [2007-12-13 21:15][-rahs----] C:\IO.SYS   [2007-12-13 21:15][-rahs----] C:\MSDOS.SYS   [2007-12-13 21:15][-rahs----] C:\pagefile.sys   --------------- [ Lecteur G ] ---------------- G: - Unidade de CD-ROM+- Listing des fichiers présents :[2007-10-16 03:47][-r-------] G:\start.exe   [2007-05-17 02:33][-r-------] G:\autorun.inf   --------------- [ Lecteur M ] ---------------- M: - Unidade de disco remov¡vel+- Listing des fichiers présents :  --------------- [ Registre / Startup ] ----------------    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="C:\\windows\\system32\\userinit.exe,"  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch""Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]   CTFMON.EXE=C:\windows\system32\ctfmon.exe   msnmsgr="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background   Google Update="C:\Documents and Settings\Paulo Rodrigues\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c   Skype="C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized   DAEMON Tools Lite="C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorunHKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater=   <NO NAME>=[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]   High Definition Audio Property Page Shortcut=HDAShCut.exe   SoundMAXPnP=C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe   SoundMAX="C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray   NvCplDaemon=RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup   nwiz=nwiz.exe /install   googletalk=C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart   RemoteControl="C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"   LanguageShortcut="C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"   TkBellExe="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe"  -osboot   C-Media Mixer=Mixer.exe /startup   NeroFilterCheck=C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe   NvMediaCenter=RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit   AppleSyncNotifier=C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe   Adobe Reader Speed Launcher="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"   QuickTime Task="C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime   iTunesHelper="C:\Arquivos de programas\iTunes\iTunesHelper.exe"   avgnt="C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /minHKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=   <NO NAME>=HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=   Installed=1   <NO NAME>=HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=   NoChange=1   Installed=1   <NO NAME>=HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=   Installed=1   <NO NAME>=  --------------- [ Registre / Mountpoint2 ] ----------------     Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell\AutoRun\command  Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad1dd462-3864-11dd-9373-001d602f26dc}\Shell\AutoRun\command  Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd0fef09-4b00-11dd-939b-001d602f26dc}\Shell\AutoRun\command  Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd0fef09-4b00-11dd-939b-001d602f26dc}\Shell\explore\Command  Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd0fef09-4b00-11dd-939b-001d602f26dc}\Shell\open\Command  Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebce561d-6eb9-11dd-9885-001b1118ef84}\Shell\AutoRun\command  Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebce561d-6eb9-11dd-9885-001b1118ef84}\Shell\open\Command    --------------- [ Nettoyage des disques ] ----------------      Echec de la supression !! - [2007-05-17 02:33] G:\autorun.inf   Echec de la supression !! - [2007-05-17 02:33] G:\autorun.inf   Echec de la supression !! - [2007-05-17 02:33] G:\autorun.inf     --------------- [ Resumé ] ----------------      -> /!\ Le resultat doit etre [http://www.virustotal.com/fr/ interprété] par un spécialiste  /!\     [2004-08-03 23:38][-rahs----] C:\NTDETECT.COM   [2007-10-16 03:47][-r-------] G:\start.exe   [2007-05-17 02:33][-r-------] G:\autorun.inf      --------------- [ Vaccination ] ----------------      C:\autorun.inf -> Dossier autorun.inf crée par UsbFix !  Echec de la supression !! - [2007-05-17 02:33] G:\autorun.inf   Echec de la supression !! - [2007-05-17 02:33] G:\autorun.inf   M:\autorun.inf -> Dossier autorun.inf crée par UsbFix !   --------------- ! Fin du rapport ! ----------------

Compartilhar este post

Link para o post
Compartilhar em outros sites

MGuitar    11

MGuitar
Postado

- Faça o download do ComboFix e salve-o na área de trabalho;

 

● Desative temporariamente o seu antivirus para não detectar a ferramenta como vírus;

● Duplo clique no ícone combofix.exe para iniciar o scan;

● Leia o contrato que aparecerá e clique em Sim para continuar;

● Abrirá uma janela do Console de Recuperação, clique em Sim para instalar. Se aparecer outra janela do Console, clique em OK > Sim;

● Aguarde enquanto o ComboFix faz o scan;

● Se ocorrer algum problema durante o scan, reinicie seu computador em Modo de Segurança e repita o procedimento;

Não clique na janela do ComboFix e procure não utilizar o teclado também, para não atrapalhar a varredura da ferramenta;

● Se quiser sair ou parar o ComboFix, tecle N;

● Quando terminar seu micro será reiniciado. Após o reinicio, a ferramenta executará novamente, aguarde;

● Será gerado um log em C:\ComboFix.txt.

 

Cole este log em sua próxima resposta.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Paulo André    0

Paulo André
Postado

Fiz no modo normal e seguro e aparentemente o scan rodou normalmente mas não consegui encontrar o log gerado, este arquivo que você citou não foi criado no diretório raiz. Encontrei um ComboFix.txt no diretório ComboFix mas ao que parece não é um log.

 

Obrigado.

Compartilhar este post

Link para o post
Compartilhar em outros sites

MGuitar    11

MGuitar
Postado

- Faça o download do RSIT e salve no seu desktop;

 

● Dê dois cliques em RSIT.exe para executar o programa;

● Na janela que abrir clique no botão Continue para que a ferramenta comece a rodar;

● Quando a ferramenta terminar de rodar, abrirá um log automaticamente no bloco de notas contendo o resultado do scan. Cole o resultado desse log (log.txt) na sua próxima resposta;

● Cole também o conteúdo do arquivo info.txt que estará em C:\rsit\info.txt.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Paulo André    0

Paulo André
Postado

Ops.. desculpe a demora, na lista dos tópicos o fórum não atualizou a última postagem então eu estava achando que não tinha respondido. :)

 

log.txt

Logfile of random's system information tool 1.05 (written by random/random)Run by Paulo Rodrigues at 2009-01-13 08:28:29Microsoft Windows XP Professional Service Pack 3System drive C: has 29 GB (19%) free of 153 GBTotal RAM: 3455 MB (69% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 08:28, on 2009-01-13Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\ARQUIV~1\GbPlugin\GbpSv.exeC:\WINDOWS\system32\spoolsv.exeC:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exeC:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exeC:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\httpd.exeC:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Arquivos de programas\Bonjour\mDNSResponder.exeC:\Arquivos de programas\cvsnt\cvsservice.exeC:\Arquivos de programas\cvsnt\cvslock.exeC:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\httpd.exeC:\ARQUIV~1\MICROS~3\MSSQL\binn\sqlservr.exeC:\Arquivos de programas\MySQL\MySQL Server 5.1\bin\mysqld.exeC:\WINDOWS\system32\nvsvc32.exec:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exeC:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exeC:\WINDOWS\Explorer.EXEC:\Arquivos de programas\Analog Devices\Core\smax4pnp.exeC:\Arquivos de programas\Google\Google Talk\googletalk.exeC:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exeC:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exeC:\WINDOWS\Mixer.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Arquivos de programas\iTunes\iTunesHelper.exeC:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exeC:\WINDOWS\system32\ctfmon.exeC:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exeC:\Documents and Settings\Paulo Rodrigues\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exeC:\Arquivos de programas\Skype\Phone\Skype.exeC:\Arquivos de programas\DAEMON Tools Lite\daemon.exeC:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exeC:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exeC:\Arquivos de programas\iPod\bin\iPodService.exeC:\Arquivos de programas\Windows Live\Messenger\usnsvc.exeC:\Arquivos de programas\Skype\Plugin Manager\skypePM.exeC:\Arquivos de programas\Mozilla Firefox\firefox.exeC:\ARQUIV~1\MICROS~2\OFFICE11\OUTLOOK.EXEC:\Arquivos de programas\Microsoft Office\OFFICE11\WINWORD.EXEC:\Program Files\eclipse\eclipse.exeC:\Arquivos de programas\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exeC:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeC:\Arquivos de programas\iTunes\iTunes.exeC:\Arquivos de programas\Adobe\Reader 8.0\Reader\AcroRd32.exeC:\WINDOWS\system32\mmc.exeC:\WINDOWS\system32\wscntfy.exeC:\Documents and Settings\Paulo Rodrigues\Desktop\RSIT.exeC:\Arquivos de programas\trend micro\Paulo Rodrigues.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localO2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dllO2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dllO4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exeO4 - HKLM\..\Run: [SoundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exeO4 - HKLM\..\Run: [SoundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /trayO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostartO4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe"  -osbootO4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startupO4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exeO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [AppleSyncNotifier] C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /minO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /backgroundO4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Paulo Rodrigues\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /cO4 - HKCU\..\Run: [Skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorunO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Global Startup: Monitor Apache Servers.lnk = C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exeO4 - Global Startup: Service Manager.lnk = C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exeO8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.aspO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLLO20 - Winlogon Notify:  GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dllO23 - Service: Apache2 - Unknown owner - C:\Arquivos de programas\Apache Group\Apache2\bin\Apache.exe (file missing)O23 - Service: Apache2.2 - Apache Software Foundation - C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\httpd.exeO23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exeO23 - Service: CVSNT (CVS) - GNU - C:\Arquivos de programas\cvsnt\cvsservice.exeO23 - Service: CVSNT Locking Service (CVSLock) - Unknown owner - C:\Arquivos de programas\cvsnt\cvslock.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exeO23 - Service: MySQL5 - Unknown owner - C:\Arquivos.exe (file missing)O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exeO23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exeO23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe--End of file - 10111 bytes======Scheduled tasks folder======C:\WINDOWS\tasks\AppleSoftwareUpdate.jobC:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-861567501-2111687655-839522115-1003.job======Registry dump======[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]Facilitador de Leitor de Link Adobe PDF - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-07-01 308856][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]SSVHelper Class - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540000}]GbIehObj Class - C:\Arquivos de programas\GbPlugin\gbieh.dll [2008-09-01 384840][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2004-10-27 61952]"SoundMAXPnP"=C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe [2006-12-18 868352]"SoundMAX"=C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088]"NvCplDaemon"=C:\windows\system32\NvCpl.dll [2008-05-16 13529088]"nwiz"=nwiz.exe /install []"googletalk"=C:\Arquivos de programas\Google\Google Talk\googletalk.exe [2007-01-01 3739648]"RemoteControl"=C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe [2006-11-23 56928]"LanguageShortcut"=C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832]"TkBellExe"=C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe [2008-07-01 185896]"C-Media Mixer"=Mixer.exe /startup []"NeroFilterCheck"=C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]"NvMediaCenter"=C:\windows\system32\NvMcTray.dll [2008-05-16 86016]"AppleSyncNotifier"=C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-10-01 111936]"Adobe Reader Speed Launcher"=C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]"QuickTime Task"=C:\Arquivos de programas\QuickTime\qttask.exe [2008-11-04 413696]"iTunesHelper"=C:\Arquivos de programas\iTunes\iTunesHelper.exe [2008-11-20 290088]"avgnt"=C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497][HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]"msnmsgr"=C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]"Google Update"=C:\Documents and Settings\Paulo Rodrigues\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe [2008-09-06 133104]"Skype"=C:\Arquivos de programas\Skype\Phone\Skype.exe [2008-11-07 21633320]"DAEMON Tools Lite"=C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe [2008-12-10 216520]C:\Documents and Settings\All Users\Menu Iniciar\Programas\InicializarMonitor Apache Servers.lnk - C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exeService Manager.lnk - C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginBb]C:\Arquivos de programas\GbPlugin\gbieh.dll [2008-09-01 384840][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"=C:\Arquivos de programas\GbPlugin\gbieh.dll [2008-09-01 384840][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]"dontdisplaylastusername"=0"legalnoticecaption"="legalnoticetext"="shutdownwithoutlogon"=1"undockwithoutlogon"=1[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]"NoDriveTypeAutoRun"=149[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA""C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB""C:\Arquivos de programas\GameSpy\Comrade\Comrade.exe"="C:\Arquivos de programas\GameSpy\Comrade\Comrade.exe:*:Enabled:Comrade""C:\Documents and Settings\Paulo Rodrigues\Desktop\GuSTop.exe"="C:\Documents and Settings\Paulo Rodrigues\Desktop\GuSTop.exe:*:Enabled:GuSTop""C:\Arquivos de programas\Tibia\Tibia.exe"="C:\Arquivos de programas\Tibia\Tibia.exe:*:Enabled:Tibia Player""C:\Documents and Settings\Paulo Rodrigues\Desktop\TibiCAM\TibiCAM.exe"="C:\Documents and Settings\Paulo Rodrigues\Desktop\TibiCAM\TibiCAM.exe:*:Enabled:TibiCAM""C:\Util\Tibia\TibiCAM\TibiCAM.exe"="C:\Util\Tibia\TibiCAM\TibiCAM.exe:*:Enabled:TibiCAM""C:\Arquivos de programas\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe"="C:\Arquivos de programas\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9""C:\Arquivos de programas\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe"="C:\Arquivos de programas\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10""C:\Arquivos de programas\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe"="C:\Arquivos de programas\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update""C:\Arquivos de programas\Google\Google Talk\googletalk.exe"="C:\Arquivos de programas\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk""C:\Arquivos de programas\Zend\Zend Studio for Eclipse - 6.0.0\ZendStudio.exe"="C:\Arquivos de programas\Zend\Zend Studio for Eclipse - 6.0.0\ZendStudio.exe:*:Enabled:ZendStudio""C:\Arquivos de programas\phpDesigner 2008\phpDesigner2008.exe"="C:\Arquivos de programas\phpDesigner 2008\phpDesigner2008.exe:*:Enabled:phpDesigner2008""C:\eclipse\eclipse.exe"="C:\eclipse\eclipse.exe:*:Enabled:eclipse""C:\Arquivos de programas\IBM\Installation Manager\eclipse\jre\bin\javaw.exe"="C:\Arquivos de programas\IBM\Installation Manager\eclipse\jre\bin\javaw.exe:*:Enabled:Java launcher""C:\Arquivos de programas\IBM\SDP70\runtimes\base_v61\java\bin\java.exe"="C:\Arquivos de programas\IBM\SDP70\runtimes\base_v61\java\bin\java.exe:*:Enabled:Java launcher""C:\Arquivos de programas\IBM\SDP70\jdk\jre\bin\javaw.exe"="C:\Arquivos de programas\IBM\SDP70\jdk\jre\bin\javaw.exe:*:Enabled:Java launcher""C:\Arquivos de programas\Adobe\Flex Builder 3 Plug-in\jre\bin\javaw.exe"="C:\Arquivos de programas\Adobe\Flex Builder 3 Plug-in\jre\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary""%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000""C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger""C:\Arquivos de programas\Windows Live\Messenger\livecall.exe"="C:\Arquivos de programas\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)""C:\Arquivos de programas\IBM\SDP70\jdk\bin\javaw.exe"="C:\Arquivos de programas\IBM\SDP70\jdk\bin\javaw.exe:*:Enabled:Java launcher""C:\Program Files\eclipse\eclipse.exe"="C:\Program Files\eclipse\eclipse.exe:*:Enabled:eclipse""C:\Arquivos de programas\Java\jre1.6.0_06\bin\java.exe"="C:\Arquivos de programas\Java\jre1.6.0_06\bin\java.exe:*:Enabled:Java(TM) Platform SE binary""C:\Arquivos de programas\Java\jdk1.6.0_06\bin\java.exe"="C:\Arquivos de programas\Java\jdk1.6.0_06\bin\java.exe:*:Enabled:Java(TM) Platform SE binary""C:\Arquivos de programas\Java\jdk1.6.0_06\jre\bin\java.exe"="C:\Arquivos de programas\Java\jdk1.6.0_06\jre\bin\java.exe:*:Enabled:Java(TM) Platform SE binary""C:\Arquivos de programas\NetBeans 6.1\mobility8\WTK2.5.2\bin\emulator.exe"="C:\Arquivos de programas\NetBeans 6.1\mobility8\WTK2.5.2\bin\emulator.exe:*:Enabled:emulator""C:\Arquivos de programas\NetBeans 6.1\mobility8\WTK2.5.2\bin\zayit.exe"="C:\Arquivos de programas\NetBeans 6.1\mobility8\WTK2.5.2\bin\zayit.exe:*:Enabled:zayit""C:\WINDOWS\system32\java.exe"="C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary""C:\Arquivos de programas\JavaME_SDK_CLDC\WTK2\bin\emulator.exe"="C:\Arquivos de programas\JavaME_SDK_CLDC\WTK2\bin\emulator.exe:*:Enabled:emulator""C:\Arquivos de programas\JavaME_SDK_CLDC\OnDeviceDebug\bin\serialproxy.exe"="C:\Arquivos de programas\JavaME_SDK_CLDC\OnDeviceDebug\bin\serialproxy.exe:*:Enabled:serialproxy""C:\Arquivos de programas\JavaME_SDK_CLDC\OnDeviceDebug\bin\emulator.exe"="C:\Arquivos de programas\JavaME_SDK_CLDC\OnDeviceDebug\bin\emulator.exe:*:Enabled:emulator""C:\Arquivos de programas\BitLord\BitLord.exe"="C:\Arquivos de programas\BitLord\BitLord.exe:*:Enabled:BitLord""C:\Arquivos de programas\KONAMI\Pro Evolution Soccer 2008\PES2008.exe"="C:\Arquivos de programas\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008""C:\Arquivos de programas\Atari\Test Drive Unlimited\TestDriveUnlimited.exe"="C:\Arquivos de programas\Atari\Test Drive Unlimited\TestDriveUnlimited.exe:*:Enabled:Test Drive Unlimited""C:\Arquivos de programas\PC Satellite TV\PC Satellite TV.exe"="C:\Arquivos de programas\PC Satellite TV\PC Satellite TV.exe:*:Enabled:PC Satellite TV""C:\Arquivos de programas\Megacubo\megacubo.exe"="C:\Arquivos de programas\Megacubo\megacubo.exe:*:Enabled:MegaCubo""C:\Arquivos de programas\Megacubo\megasrv.exe"="C:\Arquivos de programas\Megacubo\megasrv.exe:*:Enabled:MegaSrv""C:\Documents and Settings\Paulo Rodrigues\Desktop\msftpsrvr.exe"="C:\Documents and Settings\Paulo Rodrigues\Desktop\msftpsrvr.exe:*:Enabled:Core FTP mini-sftp-server""C:\Arquivos de programas\WWW File Share Pro\Plugins\Chat Room\ChatRoom.exe"="C:\Arquivos de programas\WWW File Share Pro\Plugins\Chat Room\ChatRoom.exe:*:Enabled:ChatRoom""C:\Arquivos de programas\WWW File Share Pro\WWWFileSharePro.exe"="C:\Arquivos de programas\WWW File Share Pro\WWWFileSharePro.exe:*:Enabled:WWWFileSharePro""C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test""C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Executa uma DLL como um aplicativo""C:\Arquivos de programas\Autodesk\Maya2008\bin\maya.exe"="C:\Arquivos de programas\Autodesk\Maya2008\bin\maya.exe:*:Enabled:Maya""C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Console de gerenciamento Microsoft""C:\Arquivos de programas\Java\jre1.6.0_07\bin\java.exe"="C:\Arquivos de programas\Java\jre1.6.0_07\bin\java.exe:*:Enabled:Java(TM) Platform SE binary""C:\Arquivos de programas\NetBeans 6.1\mobility8\WTK2.5.2\bin\prefs.exe"="C:\Arquivos de programas\NetBeans 6.1\mobility8\WTK2.5.2\bin\prefs.exe:*:Enabled:prefs""C:\Arquivos de programas\NetBeans 6.1\mobility8\WTK2.5.2\bin\utils.exe"="C:\Arquivos de programas\NetBeans 6.1\mobility8\WTK2.5.2\bin\utils.exe:*:Enabled:utils""C:\Arquivos de programas\Opera\opera.exe"="C:\Arquivos de programas\Opera\opera.exe:*:Enabled:Opera Internet Browser""C:\Arquivos de programas\iTunes\iTunes.exe"="C:\Arquivos de programas\iTunes\iTunes.exe:*:Enabled:iTunes""C:\Arquivos de programas\Apache Group\Apache2\bin\Apache.exe"="C:\Arquivos de programas\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server""C:\Arquivos de programas\Bonjour\mDNSResponder.exe"="C:\Arquivos de programas\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour""C:\Arquivos de programas\Skype\Phone\Skype.exe"="C:\Arquivos de programas\Skype\Phone\Skype.exe:*:Enabled:Skype"[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000""C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger""C:\Arquivos de programas\Windows Live\Messenger\livecall.exe"="C:\Arquivos de programas\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]shell\AutoRun\command - F:\setup.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef184418-d35b-11dd-9938-001d602f26dc}]shell\AutoRun\command - G:\start.exe======List of files/folders created in the last 1 months======2009-01-13 08:23:05 ----D---- C:\rsit2009-01-13 08:23:05 ----D---- C:\Arquivos de programas\trend micro2009-01-12 20:11:19 ----D---- C:\Documents and Settings\Paulo Rodrigues\Dados de aplicativos\fltk.org2009-01-06 08:43:24 ----D---- C:\ComboFix2009-01-06 08:43:23 ----A---- C:\WINDOWS\system32\CF8094.exe2009-01-06 08:34:51 ----A---- C:\WINDOWS\NIRCMD.exe2009-01-06 08:34:45 ----A---- C:\WINDOWS\system32\CF6405.exe2009-01-06 08:33:31 ----A---- C:\BOOT.BAK2009-01-06 08:33:13 ----RSHD---- C:\cmdcons2009-01-06 08:32:48 ----D---- C:\WINDOWS\setupupd2009-01-06 08:22:15 ----RASH---- C:\boot.ini2009-01-06 08:17:10 ----D---- C:\WINDOWS\pss2009-01-06 07:44:38 ----A---- C:\WINDOWS\UPGRADE.TXT2009-01-06 07:44:30 ----D---- C:\WINDOWS\setup.pss2009-01-06 07:35:33 ----D---- C:\WINDOWS\CSC2009-01-06 07:32:47 ----A---- C:\WINDOWS\system32\CF27029.exe2009-01-06 07:31:29 ----A---- C:\WINDOWS\ntbtlog.txt2009-01-06 07:17:34 ----D---- C:\Qoobox2009-01-06 07:17:33 ----A---- C:\WINDOWS\system32\CF24047.exe2009-01-05 15:56:51 ----HD---- C:\autorun.inf2009-01-05 15:55:19 ----A---- C:\UsbFix.txt2009-01-05 15:51:47 ----D---- C:\Arquivos de programas\UsbFix2008-12-30 20:56:36 ----D---- C:\WINDOWS\system32\NtmsData2008-12-30 19:51:32 ----D---- C:\Arquivos de programas\CCleaner2008-12-28 22:53:19 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Avira2008-12-28 22:53:18 ----D---- C:\Arquivos de programas\Avira2008-12-26 16:05:29 ----D---- C:\Arquivos de programas\Unlocker2008-12-26 15:13:11 ----A---- C:\WINDOWS\system32\CF28290.exe2008-12-26 15:02:13 ----A---- C:\WINDOWS\system32\CF26138.exe2008-12-26 14:54:02 ----A---- C:\WINDOWS\system32\CF24538.exe2008-12-26 14:45:05 ----A---- C:\WINDOWS\zip.exe2008-12-26 14:45:05 ----A---- C:\WINDOWS\VFIND.exe2008-12-26 14:45:05 ----A---- C:\WINDOWS\SWXCACLS.exe2008-12-26 14:45:05 ----A---- C:\WINDOWS\SWSC.exe2008-12-26 14:45:05 ----A---- C:\WINDOWS\SWREG.exe2008-12-26 14:45:05 ----A---- C:\WINDOWS\sed.exe2008-12-26 14:45:05 ----A---- C:\WINDOWS\grep.exe2008-12-26 14:45:05 ----A---- C:\WINDOWS\fdsv.exe2008-12-26 14:45:01 ----D---- C:\WINDOWS\ERDNT2008-12-26 14:44:59 ----A---- C:\WINDOWS\system32\CF22768.exe2008-12-26 13:18:24 ----HD---- C:\WINDOWS\PIF2008-12-19 16:01:50 ----D---- C:\Documents and Settings\Paulo Rodrigues\Dados de aplicativos\AVS4YOU2008-12-19 16:01:49 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\AVS4YOU2008-12-19 15:59:45 ----D---- C:\Arquivos de programas\Arquivos comuns\AVSMedia2008-12-19 15:59:45 ----A---- C:\WINDOWS\system32\GdiPlus.dll2008-12-17 17:02:39 ----SHD---- C:\Config.Msi2008-12-17 07:25:01 ----D---- C:\Documents and Settings\Paulo Rodrigues\Dados de aplicativos\DAEMON Tools Pro2008-12-17 07:24:54 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\DAEMON Tools Lite2008-12-17 07:24:50 ----D---- C:\Arquivos de programas\DAEMON Tools Lite2008-12-17 07:24:16 ----D---- C:\Documents and Settings\Paulo Rodrigues\Dados de aplicativos\DAEMON Tools Lite2008-12-15 19:11:09 ----D---- C:\Arquivos de programas\Apache Software Foundation2008-12-15 18:47:41 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\MySQL2008-12-15 10:46:22 ----D---- C:\Arquivos de programas\GPLGS2008-12-15 10:45:43 ----A---- C:\WINDOWS\system32\cpwmon2k.dll2008-12-15 10:45:34 ----D---- C:\Arquivos de programas\Acro Software2008-12-15 10:27:00 ----D---- C:\Documents and Settings\Paulo Rodrigues\Dados de aplicativos\Download Manager======List of files/folders modified in the last 1 months======2009-01-13 08:27:52 ----D---- C:\WINDOWS\Prefetch2009-01-13 08:25:57 ----D---- C:\Documents and Settings\Paulo Rodrigues\Dados de aplicativos\Skype2009-01-13 08:23:05 ----D---- C:\Arquivos de programas2009-01-13 08:22:41 ----D---- C:\WINDOWS\Temp2009-01-13 06:43:16 ----D---- C:\Arquivos de programas\Mozilla Firefox2009-01-13 06:38:32 ----D---- C:\Documents and Settings\Paulo Rodrigues\Dados de aplicativos\skypePM2009-01-13 00:07:25 ----A---- C:\WINDOWS\SchedLgU.Txt2009-01-12 22:07:14 ----D---- C:\Documents and Settings\Paulo Rodrigues\Dados de aplicativos\FileZilla2009-01-12 11:02:46 ----D---- C:\WINDOWS\system32\CatRoot22009-01-12 09:27:52 ----D---- C:\WINDOWS\Debug2009-01-10 17:48:13 ----D---- C:\Temp2009-01-09 20:07:43 ----D---- C:\Arquivos de programas\FileZilla FTP Client2009-01-09 14:56:21 ----SD---- C:\Documents and Settings\Paulo Rodrigues\Dados de aplicativos\Microsoft2009-01-07 19:13:18 ----D---- C:\Documents and Settings\Paulo Rodrigues\Dados de aplicativos\MyPhoneExplorer2009-01-06 15:28:56 ----D---- C:\Util2009-01-06 08:43:52 ----D---- C:\WINDOWS\system322009-01-06 08:43:32 ----SHD---- C:\RECYCLER2009-01-06 08:37:07 ----D---- C:\WINDOWS2009-01-06 08:26:26 ----A---- C:\WINDOWS\win.ini2009-01-06 08:26:25 ----A---- C:\WINDOWS\system.ini2009-01-05 20:58:17 ----A---- C:\WINDOWS\NeroDigital.ini2009-01-05 15:52:46 ----D---- C:\Program Files2008-12-30 19:55:53 ----D---- C:\WINDOWS\Minidump2008-12-30 18:10:52 ----SD---- C:\WINDOWS\Tasks2008-12-29 09:55:21 ----A---- C:\WINDOWS\php.ini2008-12-28 22:53:20 ----D---- C:\WINDOWS\system32\drivers2008-12-26 15:54:50 ----D---- C:\Documents and Settings2008-12-26 12:46:08 ----HD---- C:\WINDOWS\inf2008-12-24 15:54:14 ----D---- C:\Arquivos de programas\Tibia2008-12-22 17:42:54 ----A---- C:\WINDOWS\avisplitter.INI2008-12-19 16:17:05 ----RSD---- C:\WINDOWS\Fonts2008-12-19 15:59:45 ----D---- C:\Arquivos de programas\Arquivos comuns2008-12-19 15:53:32 ----D---- C:\Documents and Settings\Paulo Rodrigues\Dados de aplicativos\Vso2008-12-19 00:13:57 ----RSHDC---- C:\WINDOWS\system32\dllcache2008-12-19 00:13:54 ----D---- C:\WINDOWS\ie7updates2008-12-19 00:13:30 ----HD---- C:\WINDOWS\$hf_mig$2008-12-18 10:13:17 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\FLEXnet2008-12-17 17:02:46 ----SHD---- C:\WINDOWS\Installer2008-12-17 17:02:44 ----D---- C:\Arquivos de programas\Bonjour2008-12-17 07:25:01 ----D---- C:\Documents and Settings\Paulo Rodrigues\Dados de aplicativos\DAEMON Tools2008-12-15 18:47:41 ----D---- C:\Arquivos de programas\MySQL======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R1 avgio;avgio; \??\C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgio.sys []R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072]R1 intelppm;Driver de Processador Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40448]R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720]R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-07-07 56108]R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-07-12 271360]R2 DS1410D;DS1410D; \??\C:\windows\system32\drivers\ds1410d.sys []R2 Hardlock;Hardlock; \??\C:\windows\system32\drivers\hardlock.sys []R2 Haspnt;Haspnt; \??\C:\windows\system32\drivers\Haspnt.sys []R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-07-12 18048]R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2001-06-21 73728]R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-01-15 293888]R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-06 93952]R3 avgntflt;avgntflt; \??\C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []R3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-11-18 377358]R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]R3 HDAudBus;Driver de Barramento Microsoft UAA para High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]R3 HidUsb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-09-06 12288]R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-07-31 47360]R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-02-06 90880]R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB); C:\WINDOWS\system32\DRIVERS\A3AB.sys [2007-05-23 547744]S3 ax1l97q0;ax1l97q0; C:\WINDOWS\system32\drivers\ax1l97q0.sys []S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-10-27 145920]S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]S3 npkcrypt;npkcrypt; \??\C:\Arquivos de programas\Lineage II\system\npkcrypt.sys []S3 npkcusb;npkcusb; \??\C:\Arquivos de programas\Lineage II\system\npkcusb.sys []S3 PciCon;PciCon; \??\D:\PciCon.sys []S3 s125bus;Sony Ericsson Device 125 driver (WDM); C:\WINDOWS\system32\DRIVERS\s125bus.sys [2007-04-24 83336]S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s125mdfl.sys [2007-04-24 15112]S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s125mdm.sys [2007-04-24 108680]S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s125mgmt.sys [2007-04-24 100488]S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s125obex.sys [2007-04-24 98696]S3 Sntnlusb;Rainbow USB SuperPro; C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS [2001-06-21 20032]S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]S3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]S3 XDva189;XDva189; \??\C:\windows\system32\XDva189.sys []S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R2 Apache2.2;Apache2.2; C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\httpd.exe [2008-12-10 24636]R2 Apple Mobile Device;Dispositivo Celular da Apple; C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]R2 Bonjour Service;Bonjour Service; C:\Arquivos de programas\Bonjour\mDNSResponder.exe [2008-12-12 238888]R2 CVS;CVSNT; C:\Arquivos de programas\cvsnt\cvsservice.exe [2003-04-01 45056]R2 CVSLock;CVSNT Locking Service; C:\Arquivos de programas\cvsnt\cvslock.exe [2003-04-01 45056]R2 MSSQLSERVER;MSSQLSERVER; C:\ARQUIV~1\MICROS~3\MSSQL\binn\sqlservr.exe [2008-05-25 9154560]R2 MySQL5;MySQL5; C:\Arquivos de programas\MySQL\MySQL Server 5.1\bin\mysqld --defaults-file=C:\Arquivos de programas\MySQL\MySQL Server 5.1\my.ini MySQL5 []R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]R2 PSI_SVC_2;Protexis Licensing V2; c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe [2005-08-08 167936]R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-09-23 654848]R3 iPod Service;iPod Service; C:\Arquivos de programas\iPod\bin\iPodService.exe [2008-11-20 536872]R3 usnjsvc;Serviço de Compartilhamento de Pastas Messenger do USN Journal Reader; C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]R4 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]R4 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]S2 Apache2;Apache2; C:\Arquivos de programas\Apache Group\Apache2\bin\Apache.exe -k runservice []S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]S3 IDriverT;InstallDriver Table Manager; C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2005-05-03 73728]S3 NBService;NBService; C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]S3 NMIndexingService;NMIndexingService; C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe [2007-05-08 271920]S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]S3 SQLSERVERAGENT;SQLSERVERAGENT; C:\Arquivos de programas\Microsoft SQL Server\MSSQL\binn\sqlagent.exe [2005-05-03 323584]S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]-----------------EOF-----------------

 

info.txt

info.txt logfile of random's system information tool 1.05 2009-01-13 08:23:15======Uninstall list======-->C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0-->C:\Arquivos de programas\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL-->C:\windows\UNNeroBackItUp.exe /UNINSTALL-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.infAdobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}Adobe Color Common Settings-->C:\Arquivos de programas\Arquivos comuns\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exeAdobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}Adobe Dreamweaver CS3-->C:\Arquivos de programas\Arquivos comuns\Adobe\Installers\435a6af7459cb02a9c1138113a26e93\Setup.exeAdobe Dreamweaver CS3-->MsiExec.exe /I{F01D5ED5-D53A-4468-B428-149DC2CB3110}Adobe ExtendScript Toolkit 2-->C:\Arquivos de programas\Arquivos comuns\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exeAdobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}Adobe Extension Manager CS3-->MsiExec.exe /I{D7A53E41-3F32-4A44-989C-53DDEBB2130C}Adobe Fireworks CS3-->C:\Arquivos de programas\Arquivos comuns\Adobe\Installers\bbef028176efa5abf0233d3e1747be8\Setup.exeAdobe Fireworks CS3-->MsiExec.exe /I{E16110F7-1C85-4675-99F4-7938F832C825}Adobe Flash Player 10 Plugin-->C:\windows\system32\Macromed\Flash\uninstall_plugin.exeAdobe Flash Player ActiveX-->C:\windows\system32\Macromed\Flash\uninstall_activeX.exeAdobe Flex Builder 3-->"C:\Arquivos de programas\Adobe\Flex Builder 3\Uninstall Adobe Flex Builder 3\Uninstall Adobe Flex Builder 3.exe"Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}Adobe Photoshop CS3-->C:\Arquivos de programas\Arquivos comuns\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exeAdobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}Adobe Reader 8.1.3 - Português-->MsiExec.exe /I{AC76BA86-7AD7-1046-7B44-A81300000003}Adobe Setup-->MsiExec.exe /I{15C768E2-AB61-4DE3-952F-6B237A834951}Adobe Setup-->MsiExec.exe /I{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}Adobe Setup-->MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.logAdobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}Apache HTTP Server 2.2.11-->MsiExec.exe /I{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC}Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}Arquivo do WinRAR-->C:\Arquivos de programas\WinRAR\uninstall.exeAssassin's Creed-->C:\Arquivos de programas\InstallShield Installation Information\{8CFA9151-6404-409A-AF22-4632D04582FD}\setup.exe -runfromtemp -l0x0009 -removeonlyASUSUpdate-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\setup.exe" -l0x9 Atualização de Segurança para o Windows Media Player (KB952069)-->"C:\windows\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"Atualização de Segurança para o Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"Atualização de Segurança para Windows Internet Explorer 7 (KB938127-v2)-->"C:\windows\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"Atualização de Segurança para Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"Atualização de Segurança para Windows Internet Explorer 7 (KB953838)-->"C:\windows\ie7updates\KB953838-IE7\spuninst\spuninst.exe"Atualização de Segurança para Windows Internet Explorer 7 (KB956390)-->"C:\windows\ie7updates\KB956390-IE7\spuninst\spuninst.exe"Atualização de Segurança para Windows Internet Explorer 7 (KB958215)-->"C:\windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe"Atualização de Segurança para Windows Internet Explorer 7 (KB960714)-->"C:\windows\ie7updates\KB960714-IE7\spuninst\spuninst.exe"Atualização de Segurança para Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.infAtualização de Segurança para Windows XP (KB938464)-->"C:\windows\$NtUninstallKB938464$\spuninst\spuninst.exe"Atualização de Segurança para Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"Atualização de Segurança para Windows XP (KB946648)-->"C:\windows\$NtUninstallKB946648$\spuninst\spuninst.exe"Atualização de Segurança para Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"Atualização de Segurança para Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"Atualização de Segurança para Windows XP (KB950974)-->"C:\windows\$NtUninstallKB950974$\spuninst\spuninst.exe"Atualização de Segurança para Windows XP (KB951066)-->"C:\windows\$NtUninstallKB951066$\spuninst\spuninst.exe"Atualização de Segurança para Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"Atualização de Segurança para Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"Atualização de Segurança para Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"Atualização de Segurança para Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"Atualização de Segurança para Windows XP (KB952954)-->"C:\windows\$NtUninstallKB952954$\spuninst\spuninst.exe"Atualização de Segurança para Windows XP (KB953839)-->"C:\windows\$NtUninstallKB953839$\spuninst\spuninst.exe"Atualização de Segurança para Windows XP (KB954211)-->"C:\windows\$NtUninstallKB954211$\spuninst\spuninst.exe"Atualização de Segurança para Windows XP (KB954459)-->"C:\windows\$NtUninstallKB954459$\spuninst\spuninst.exe"Atualização de Segurança para Windows XP (KB954600)-->"C:\windows\$NtUninstallKB954600$\spuninst\spuninst.exe"Atualização de Segurança para Windows XP (KB955069)-->"C:\windows\$NtUninstallKB955069$\spuninst\spuninst.exe"Atualização de Segurança para Windows XP (KB956391)-->"C:\windows\$NtUninstallKB956391$\spuninst\spuninst.exe"Atualização de Segurança para Windows XP (KB956802)-->"C:\windows\$NtUninstallKB956802$\spuninst\spuninst.exe"Atualização de Segurança para Windows XP (KB956803)-->"C:\windows\$NtUninstallKB956803$\spuninst\spuninst.exe"Atualização de Segurança para Windows XP (KB956841)-->"C:\windows\$NtUninstallKB956841$\spuninst\spuninst.exe"Atualização de Segurança para Windows XP (KB957095)-->"C:\windows\$NtUninstallKB957095$\spuninst\spuninst.exe"Atualização de Segurança para Windows XP (KB957097)-->"C:\windows\$NtUninstallKB957097$\spuninst\spuninst.exe"Atualização de Segurança para Windows XP (KB958644)-->"C:\windows\$NtUninstallKB958644$\spuninst\spuninst.exe"Atualização para Windows XP (KB951072-v2)-->"C:\windows\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"Atualização para Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"Atualização para Windows XP (KB955839)-->"C:\windows\$NtUninstallKB955839$\spuninst\spuninst.exe"Avira AntiVir Personal - Free Antivirus-->C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVEBitLord 1.1-->C:\Arquivos de programas\BitLord\uninst.exeBonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch-->C:\Arquivos de programas\InstallShield Installation Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch-->C:\Arquivos de programas\InstallShield Installation Information\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\setup.exe -runfromtemp -l0x0409CCleaner (remove only)-->"C:\Arquivos de programas\CCleaner\uninst.exe"ConvertXtoDVD 3.1.3.40c-->"C:\Arquivos de programas\VSO\ConvertX\3\unins000.exe"CorelDRAW Graphics Suite X4 - Capture-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF012}CorelDRAW Graphics Suite X4 - Content-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF016}CorelDRAW Graphics Suite X4 - Draw-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF013}CorelDRAW Graphics Suite X4 - Filters-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF017}CorelDRAW Graphics Suite X4 - FontNav-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF019}CorelDRAW Graphics SUite X4 - ICA-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF010}CorelDRAW Graphics Suite X4 - IPM-->MsiExec.exe /I{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}CorelDRAW Graphics Suite X4 - Lang EN-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF100}CorelDRAW Graphics Suite X4 - PP-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF014}CorelDRAW Graphics Suite X4 - VBA-->MsiExec.exe /I{BF439B41-0252-48DE-8B8B-0430CB26A181}CorelDRAW Graphics Suite X4-->MsiExec.exe /I{44A27085-0616-4181-A0C3-81C7ECA17F73}CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension-->c:\Arquivos de programas\Arquivos comuns\Corel\Shared\Shell Extension\Uninst.exeCorelDRAW(R) Graphics Suite X4 - Windows Shell Extension-->MsiExec.exe /X{CE2DA11A-917F-4CF5-AB55-755EC115DD10}CorelDRAW(R) Graphics Suite X4-->c:\Arquivos de programas\Corel\CorelDRAW Graphics Suite X4\Setup\SetupARP.exe /arpCutePDF Writer 2.7-->C:\Arquivos de programas\Acro Software\CutePDF Writer\uninscpw.exeCVSNT-->"C:\Arquivos de programas\cvsnt\unins000.exe"DVD Suite-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe"  -uninstallEAX Unified-->C:\windows\IsUninst.exe -f"C:\Arquivos de programas\Creative\EAX Unified\Uninst.isu"FileZilla Client 3.2.0-->C:\Arquivos de programas\FileZilla FTP Client\uninstall.exeFlock 1.2-->C:\Arquivos de programas\Flock\uninst.exeFree YouTube to Mp3 Converter version 3.1-->"C:\Arquivos de programas\DVDVideoSoft\Free YouTube to Mp3 Converter\unins000.exe"GlassFish V2 UR2-->"C:\Arquivos de programas\glassfish-v2ur2\uninstall.exe"Google Talk (remove only)-->"C:\Arquivos de programas\Google\Google Talk\uninstall.exe"High Definition Audio Driver Package - KB888111-->C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exeHijackThis 2.0.2-->"C:\Arquivos de programas\trend micro\HijackThis.exe" /uninstallHotfix 2050 for SQL Server 2000 ENU (KB948110)-->"C:\windows\$SQLUninstallSQL2000-KB948110-v8.00.2050-x86-ENU$\spuninst\spuninst.exe"Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"Hotfix para o Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"Hotfix para Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"Hotfix para Windows XP (KB952287)-->"C:\windows\$NtUninstallKB952287$\spuninst\spuninst.exe"IBM Installation Manager-->"C:\Documents and Settings\All Users\Dados de aplicativos\IBM\Installation Manager\uninstall\uninstall.exe"IBM Software Development Platform-->"C:\Documents and Settings\All Users\Dados de aplicativos\IBM\Installation Manager\uninstall\uninstall.exe" -input "C:\Arquivos de programas\IBM\SDP70\uninstall\uninstall.xml"IDE NetBeans 6.1-->"C:\Arquivos de programas\NetBeans 6.1\uninstall.exe"ILOG Elixir 1.0-->"C:\Program Files\ILOG\ILOG Elixir 1.0\Uninstall ILOG Elixir 1.0\Uninstall ILOG Elixir 1.0.exe"iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}Java DB 10.3.1.4-->MsiExec.exe /X{CD49361E-3FE6-457E-90A1-9C59E29B5D02}Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}Java(TM) SE Development Kit 6 Update 6-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160060}K-Lite Codec Pack 3.9.0 Full-->"C:\Arquivos de programas\K-Lite Codec Pack\unins000.exe"LS-USBMX1/2/3 Steering...-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{CC7F0FAA-9768-4CE2-B133-72C66492EC06}\setup.exe" -l0x9  -removeonlyMicrosoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exeMicrosoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"Microsoft MPEG-4 VKI Video Codec V1/V2/V3-->rundll32.exe setupapi,InstallHinfSection DefaultUninstall 132 C:\windows\INF\mpg4c32.infMicrosoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"Microsoft Office Professional Edição 2003-->MsiExec.exe /I{90110416-6000-11D3-8CFE-0150048383C9}Microsoft SQL Server 2000-->C:\windows\IsUninst.exe -f"C:\Arquivos de programas\Microsoft SQL Server\MSSQL\Uninst.isu" -c"C:\Arquivos de programas\Microsoft SQL Server\MSSQL\sqlsun.dll" -msql.mif i=MSSQLSERVERMicrosoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}MobileMe Control Panel-->MsiExec.exe /I{2604C0F9-BFD3-4BA0-9EB5-22537C648F03}Mozilla Firefox (3.0.5)-->C:\Arquivos de programas\Mozilla Firefox\uninstall\helper.exeMSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}MSXML 6.0 Parser-->MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}MultipleIEs-->"C:\Arquivos de programas\MultipleIEs\unins000.exe"MyPhoneExplorer-->C:\Arquivos de programas\MyPhoneExplorer\uninstall.exeMySQL Server 5.1-->MsiExec.exe /I{01D76D8E-A496-4870-8357-87C6D2B5E807}Nero 7 Essentials-->MsiExec.exe /X{9B4E6CB9-E54D-47F7-A414-E2D5740E1046}neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}NVIDIA Drivers-->C:\windows\system32\nvuninst.exe UninstallGUIOpenAL-->"C:\Arquivos de programas\OpenAL\OalinstGridRelease.exe" /UOpera 9.62-->MsiExec.exe /X{8318FEFD-F467-44D6-82B8-129374BFE9B1}PCI Audio Driver-->cmuninst.exePDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}PowerDVD-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe"  -uninstallPowerISO-->"C:\Arquivos de programas\PowerISO\uninstall.exe"PunkBuster Services-->C:\windows\system32\pbsvc.exe -uQuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}RealPlayer-->C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Arquivos de programas\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\Setup.exe -runfromtemp -l0x0416 -removeonlySafari-->MsiExec.exe /I{582D2A53-F426-4C5E-A2E6-43C1AB36B907}Security Update para o produto Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}Sony Ericsson SDK 2.5.0.2 for the Java(TM) ME Platform-->C:\Arquivos de programas\JavaME_SDK_CLDC\uninstall.exeSoundMAX-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x416  -removeonlySpelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}Tibia-->"C:\Arquivos de programas\Tibia\unins000.exe"Tomb Raider: Underworld 1.0-->C:\Arquivos de programas\Eidos\Tomb Raider - Underworld\uninst.exeUninstall 1.0.0.0-->"C:\Arquivos de programas\Arquivos comuns\DVDVideoSoft\unins000.exe"Unity Web Player-->C:\Arquivos de programas\Unity\WebPlayer\Uninstall.exeVDownloader  0.74-->"C:\Arquivos de programas\VDOWNLOADER\unins000.exe"WinAVI Video Converter-->"C:\Arquivos de programas\WinAVI Video Converter\unins000.exe"Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"Windows Live Messenger-->MsiExec.exe /X{8EADB73B-026D-4978-A8F0-1EEF5E1ECEC7}Windows Media Format Runtime-->"C:\Arquivos de programas\Windows Media Player\wmsetsdk.exe" /UninstallAllWindows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"XviD MPEG-4 Video Codec-->C:\windows\system32\rundll32.exe setupapi,InstallHinfSection Remove_XviD 132 C:\windows\INF\xvid.infZD Soft Game Recorder-->"C:\Arquivos de programas\ZD Soft\Game Recorder\Uninstall.exe"======Hosts File======192.168.0.100   roma======Security center information======AV: Avira AntiVir PersonalEdition (disabled)System event logComputer Name: C3POEvent Code: 7028Message: A chave de Registro GbpSv negou acesso aos programas da conta SYSTEM e o Gerenciador de controle de serviços apropriou-se da chave.Record Number: 5Source Name: Service Control ManagerTime Written: 20081226145658.000000-120Event Type: ErroUser: Computer Name: C3POEvent Code: 3Message: Record Number: 4Source Name: HaspntTime Written: 20081226145641.000000-120Event Type: ErroUser: Computer Name: C3POEvent Code: 1001Message: O computador foi reinicializado através de uma verificação de defeito. Essa verificação foi:0x00000093 (0x0000060c, 0x00000000, 0x00000000, 0x00000000).Um despejo de memória foi salvo em: C:\windows\Minidump\Mini122608-02.dmp.Record Number: 3Source Name: Save DumpTime Written: 20081226145621.000000-120Event Type: InformaçõesUser: Computer Name: C3POEvent Code: 6005Message: O serviço Log de eventos foi iniciado.Record Number: 2Source Name: EventLogTime Written: 20081226145620.000000-120Event Type: InformaçõesUser: Computer Name: C3POEvent Code: 6009Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Multiprocessor Free.Record Number: 1Source Name: EventLogTime Written: 20081226145620.000000-120Event Type: InformaçõesUser: Application event logComputer Name: C3POEvent Code: 102Message: msnmsgr (3788) \\.\C:\Documents and Settings\Paulo Rodrigues\Configurações locais\Dados de aplicativos\Microsoft\Messenger\pauloandreget@gmail.com\SharingMetadata\Working\database_800C_50A7_C50_9A4C\dfsr.db:  O mecanismo de banco de dados iniciou uma nova instância (0).Record Number: 13158Source Name: ESENTTime Written: 20081223171126.000000-120Event Type: InformaçõesUser: Computer Name: C3POEvent Code: 100Message: msnmsgr (3788) O mecanismo de banco de dados 5.01.2600.5512 foi iniciado.Record Number: 13157Source Name: ESENTTime Written: 20081223171126.000000-120Event Type: InformaçõesUser: Computer Name: C3POEvent Code: 101Message: msnmsgr (3788)  O mecanismo de banco de dados parou.Record Number: 13156Source Name: ESENTTime Written: 20081223170537.000000-120Event Type: InformaçõesUser: Computer Name: C3POEvent Code: 103Message: msnmsgr (3788) \\.\C:\Documents and Settings\Paulo Rodrigues\Configurações locais\Dados de aplicativos\Microsoft\Messenger\pauloandreget@gmail.com\SharingMetadata\Working\database_800C_50A7_C50_9A4C\dfsr.db: O mecanismo de banco de dados interrompeu uma instância (0).Record Number: 13155Source Name: ESENTTime Written: 20081223170537.000000-120Event Type: InformaçõesUser: Computer Name: C3POEvent Code: 302Message: msnmsgr (3788) \\.\C:\Documents and Settings\Paulo Rodrigues\Configurações locais\Dados de aplicativos\Microsoft\Messenger\pauloandreget@gmail.com\SharingMetadata\Working\database_800C_50A7_C50_9A4C\dfsr.db: O mecanismo de banco de dados concluiu com êxito as etapas de recuperação.Record Number: 13154Source Name: ESENTTime Written: 20081223103944.000000-120Event Type: InformaçõesUser: ======Environment variables======"ComSpec"=%SystemRoot%\system32\cmd.exe"FP_NO_HOST_CHECK"=NO"JAVA_HOME"=C:\Arquivos de programas\Java\jdk1.6.0_06"NUMBER_OF_PROCESSORS"=2"OS"=Windows_NT"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Arquivos de programas\Microsoft SQL Server\80\Tools\BINN;;C:\Arquivos de programas\Java\jdk1.6.0_06\bin;C:\Arquivos de programas\Java\jdk1.6.0_06\lib;C:\Arquivos de programas\Arquivos comuns\Teleca Shared;C:\Arquivos de programas\VoiceAge\Common;C:\Arquivos de programas\cvsnt;C:\Arquivos de programas\QuickTime\QTSystem"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH"PROCESSOR_ARCHITECTURE"=x86"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel"PROCESSOR_LEVEL"=6"PROCESSOR_REVISION"=0f0b"TEMP"=%SystemRoot%\TEMP"TMP"=%SystemRoot%\TEMP"windir"=%SystemRoot%"CLASSPATH"=.;C:\Arquivos de programas\Java\jre1.6.0_07\lib\ext\QTJava.zip"QTJAVA"=C:\Arquivos de programas\Java\jre1.6.0_07\lib\ext\QTJava.zip-----------------EOF-----------------

 

[]'s

Compartilhar este post

Link para o post
Compartilhar em outros sites

MGuitar    11

MGuitar
Postado

Vá em Iniciar > Executar, digite: gpedit.msc e dê um OK. Caminhe nestas chaves: Configuração do Computador > Modelos Administrativos > Clique sobre Sistema. Ao lado direito do painel, dê um duplo clique em Desativar AutoExecutar e clique em Ativado. Logo abaixo selecione a opção "Todas as unidades". Dê um Aplicar e OK.

 

Se o procedimento abaixo não remover a infecção de seu MP3, creio que será difícil removê-la e a solução será apenas formatando a mídia. Pois já era pra ter sido removida na hora em que rodou o USBFix.

 

- Faça o download do PenClean e salve no desktop (para baixar, no final da página clique em Iniciar Download);

 

- Execute o programa;

- Conecte o seu MP3 ao computador. De preferência, conecte suas mídias responsáveis pelas unidades F: e G:

- Selecione a opção Verificar o computador e clique no botão Verificar. Aguarde;

- Será informado se algo foi encontrado, se for encontrado será pedido para reiniciar, clique em Sim. O computador será reiniciado;

- Será gerado um log em C:\PenClean\PenClean.txt.

 

Poste este log em sua próxima resposta, juntamente com um novo log do RSIT.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Paulo André    0

Paulo André
Postado

Com a opção 'meu computador' selecionada ele não encontra nada, mas eu tentei selecionar onde realmente está com o arquivo que é a unidade G, que é criada junto com a outra unidade normal do MP3 mas esgotou o tempo limite informando que o arquivo G:\autorun.inf não pode ser deletado. Antes eu já tinha tentado remover este arquivo a mão e com outros programas e não consegui. Meu antivirus sempre acusa vírus nestes arquivos desta unidade, além deste, tem outros dois: AMT.sn e start.exe

 

Minha primeira tentativa tinha sido formatar, a formatação ocorreu normalmente mas esta unidade que está causando isto ainda persiste. Formatei do jeito convencional, não sei se tem outra maneira de formatar.

 

Enfim, acho que vou largar então esse MP3 pra lá... valeu pela ajuda... ;)

 

Como eu faço para voltar com a minha configuração de relógio normal? Após usar o combofix essa configuração mudou, como o próprio programa informou mas disse que depois ia voltar ao normal mas não voltou.

 

[]'s

Compartilhar este post

Link para o post
Compartilhar em outros sites

MGuitar    11

MGuitar
Postado
Como eu faço para voltar com a minha configuração de relógio normal? Após usar o combofix essa configuração mudou, como o próprio programa informou mas disse que depois ia voltar ao normal mas não voltou.

Pode corrigir a configuração manualmente. Vá em Painel de Controle > Data e hora. Coloque a hora e a data corretas > Aplicar > OK. Se alterou o fuso horário também, clique nesta aba e selecione (GMT-03:00) Brasilia.

 

Vamos tentar uma última alternativa na remoção dos malwares do MP3. Se não der, formate o MP3 que daí então limparemos apenas a unidade infectada.

 

Conecte o MP3 na porta USB durante o procedimento com o Avenger.

 

- Baixe o Avenger e salve no desktop;

 

- Extraia a ferramenta do zip para o desktop;

 

IMPORTANTE: O programa avenger.exe tem que ser salvo na área de trabalho, para que o procedimento funcione corretamente.

 

Baixe o arquivo que upei no host abaixo:

http://rapidshare.com/files/183462716/Scripts.zip.html

 

Extraia os dois arquivos do zip (AvengerScript.txt e Fix.reg) para sua unidade C:. Ambos têm que ser salvos em C: para que o Avenger possa ser executado com sucesso.

 

Desabilite temporariamente seu antivirus, pois ele poderá bloquear a execução do script durante o reboot. O script é seguro.

 

Vá em Iniciar > Executar e digite esta linha em negrito abaixo (ou copie e cole):

 

"%userprofile%\desktop\avenger.exe" /nogui /scan /disable /reboot %systemdrive%\avengerscript.txt

 

Sua área de trabalho irá sumir e o pc será reiniciado.

Quando o Windows retornar, será perguntado se você deseja incorporar as informações ao registro. Clique em Sim.

Será exibido o avenger.txt Pode fechá-lo, pois uma cópia ficará salva em C:\avenger.txt.

 

Execute novamente o RSIT e faça um log como passei anteriormente. Cole este log em sua próxima resposta.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Paulo André    0

Paulo André
Postado

O relógio está certo, o que aconteceu é que ele está no formato americano... aliás, várias unidades numéricas estão no formato americano... os tamanhos dos arquivos em bytes por exemplo...

 

log.txt

 

Logfile of random's system information tool 1.05 (written by random/random)Run by Paulo Rodrigues at 2009-01-15 08:07:37Microsoft Windows XP Professional Service Pack 3System drive C: has 27 GB (18%) free of 153 GBTotal RAM: 3455 MB (82% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 08:07, on 2009-01-15Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\ARQUIV~1\GbPlugin\GbpSv.exeC:\WINDOWS\system32\spoolsv.exeC:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exeC:\WINDOWS\Explorer.EXEC:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exeC:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\httpd.exeC:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Arquivos de programas\Bonjour\mDNSResponder.exeC:\Arquivos de programas\cvsnt\cvsservice.exeC:\Arquivos de programas\cvsnt\cvslock.exeC:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\httpd.exeC:\ARQUIV~1\MICROS~3\MSSQL\binn\sqlservr.exeC:\Arquivos de programas\MySQL\MySQL Server 5.1\bin\mysqld.exeC:\WINDOWS\system32\nvsvc32.exec:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exeC:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exeC:\WINDOWS\system32\wscntfy.exeC:\Arquivos de programas\Analog Devices\Core\smax4pnp.exeC:\Arquivos de programas\Google\Google Talk\googletalk.exeC:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exeC:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exeC:\WINDOWS\Mixer.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exeC:\Arquivos de programas\iTunes\iTunesHelper.exeC:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exeC:\WINDOWS\system32\ctfmon.exeC:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exeC:\Documents and Settings\Paulo Rodrigues\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exeC:\Arquivos de programas\DAEMON Tools Lite\daemon.exeC:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exeC:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exeC:\Arquivos de programas\iPod\bin\iPodService.exeC:\WINDOWS\system32\wuauclt.exeC:\Arquivos de programas\Windows Live\Contacts\wlcomm.exeC:\Arquivos de programas\Mozilla Firefox\firefox.exeC:\Documents and Settings\Paulo Rodrigues\Desktop\RSIT.exeC:\Arquivos de programas\trend micro\Paulo Rodrigues.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localO2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dllO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dllO2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dllO4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exeO4 - HKLM\..\Run: [SoundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exeO4 - HKLM\..\Run: [SoundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /trayO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostartO4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe"  -osbootO4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startupO4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exeO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [AppleSyncNotifier] C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /minO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /backgroundO4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Paulo Rodrigues\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /cO4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorunO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Global Startup: Monitor Apache Servers.lnk = C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exeO4 - Global Startup: Service Manager.lnk = C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exeO8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.aspO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLLO20 - Winlogon Notify:  GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dllO23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exeO23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exeO23 - Service: Apache2 - Unknown owner - C:\Arquivos de programas\Apache Group\Apache2\bin\Apache.exe (file missing)O23 - Service: Apache2.2 - Apache Software Foundation - C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\httpd.exeO23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exeO23 - Service: CVSNT (CVS) - GNU - C:\Arquivos de programas\cvsnt\cvsservice.exeO23 - Service: CVSNT Locking Service (CVSLock) - Unknown owner - C:\Arquivos de programas\cvsnt\cvslock.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exeO23 - Service: MySQL5 - Unknown owner - C:\Arquivos.exe (file missing)O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exeO23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exeO23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe--End of file - 10069 bytes======Scheduled tasks folder======C:\WINDOWS\tasks\AppleSoftwareUpdate.jobC:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-861567501-2111687655-839522115-1003.job======Registry dump======[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]Facilitador de Leitor de Link Adobe PDF - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-07-01 308856][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]SSVHelper Class - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]Auxiliar de Conexão do Windows Live - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-11-18 408952][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540000}]GbIehObj Class - C:\Arquivos de programas\GbPlugin\gbieh.dll [2008-09-01 384840][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2004-10-27 61952]"SoundMAXPnP"=C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe [2006-12-18 868352]"SoundMAX"=C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088]"NvCplDaemon"=C:\windows\system32\NvCpl.dll [2008-05-16 13529088]"nwiz"=nwiz.exe /install []"googletalk"=C:\Arquivos de programas\Google\Google Talk\googletalk.exe [2007-01-01 3739648]"RemoteControl"=C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe [2006-11-23 56928]"LanguageShortcut"=C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832]"TkBellExe"=C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe [2008-07-01 185896]"C-Media Mixer"=Mixer.exe /startup []"NeroFilterCheck"=C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]"NvMediaCenter"=C:\windows\system32\NvMcTray.dll [2008-05-16 86016]"AppleSyncNotifier"=C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-10-01 111936]"Adobe Reader Speed Launcher"=C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]"QuickTime Task"=C:\Arquivos de programas\QuickTime\qttask.exe [2008-11-04 413696]"iTunesHelper"=C:\Arquivos de programas\iTunes\iTunesHelper.exe [2008-11-20 290088]"avgnt"=C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497][HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]"msnmsgr"=C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe [2008-12-02 3882312]"Google Update"=C:\Documents and Settings\Paulo Rodrigues\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe [2008-09-06 133104]"DAEMON Tools Lite"=C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe [2008-12-10 216520]C:\Documents and Settings\All Users\Menu Iniciar\Programas\InicializarMonitor Apache Servers.lnk - C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exeService Manager.lnk - C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginBb]C:\Arquivos de programas\GbPlugin\gbieh.dll [2008-09-01 384840][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"=C:\Arquivos de programas\GbPlugin\gbieh.dll [2008-09-01 384840][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]"dontdisplaylastusername"=0"legalnoticecaption"="legalnoticetext"="shutdownwithoutlogon"=1"undockwithoutlogon"=1[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]"NoDriveTypeAutoRun"=149[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]"NoDriveTypeAutoRun"=[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA""C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB""C:\Arquivos de programas\GameSpy\Comrade\Comrade.exe"="C:\Arquivos de programas\GameSpy\Comrade\Comrade.exe:*:Enabled:Comrade""C:\Documents and Settings\Paulo Rodrigues\Desktop\GuSTop.exe"="C:\Documents and Settings\Paulo Rodrigues\Desktop\GuSTop.exe:*:Enabled:GuSTop""C:\Arquivos de programas\Tibia\Tibia.exe"="C:\Arquivos de programas\Tibia\Tibia.exe:*:Enabled:Tibia Player""C:\Documents and Settings\Paulo Rodrigues\Desktop\TibiCAM\TibiCAM.exe"="C:\Documents and Settings\Paulo Rodrigues\Desktop\TibiCAM\TibiCAM.exe:*:Enabled:TibiCAM""C:\Util\Tibia\TibiCAM\TibiCAM.exe"="C:\Util\Tibia\TibiCAM\TibiCAM.exe:*:Enabled:TibiCAM""C:\Arquivos de programas\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe"="C:\Arquivos de programas\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9""C:\Arquivos de programas\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe"="C:\Arquivos de programas\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10""C:\Arquivos de programas\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe"="C:\Arquivos de programas\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update""C:\Arquivos de programas\Google\Google Talk\googletalk.exe"="C:\Arquivos de programas\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk""C:\Arquivos de programas\Zend\Zend Studio for Eclipse - 6.0.0\ZendStudio.exe"="C:\Arquivos de programas\Zend\Zend Studio for Eclipse - 6.0.0\ZendStudio.exe:*:Enabled:ZendStudio""C:\Arquivos de programas\phpDesigner 2008\phpDesigner2008.exe"="C:\Arquivos de programas\phpDesigner 2008\phpDesigner2008.exe:*:Enabled:phpDesigner2008""C:\eclipse\eclipse.exe"="C:\eclipse\eclipse.exe:*:Enabled:eclipse""C:\Arquivos de programas\IBM\Installation Manager\eclipse\jre\bin\javaw.exe"="C:\Arquivos de programas\IBM\Installation Manager\eclipse\jre\bin\javaw.exe:*:Enabled:Java launcher""C:\Arquivos de programas\IBM\SDP70\runtimes\base_v61\java\bin\java.exe"="C:\Arquivos de programas\IBM\SDP70\runtimes\base_v61\java\bin\java.exe:*:Enabled:Java launcher""C:\Arquivos de programas\IBM\SDP70\jdk\jre\bin\javaw.exe"="C:\Arquivos de programas\IBM\SDP70\jdk\jre\bin\javaw.exe:*:Enabled:Java launcher""C:\Arquivos de programas\Adobe\Flex Builder 3 Plug-in\jre\bin\javaw.exe"="C:\Arquivos de programas\Adobe\Flex Builder 3 Plug-in\jre\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary""%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000""C:\Arquivos de programas\IBM\SDP70\jdk\bin\javaw.exe"="C:\Arquivos de programas\IBM\SDP70\jdk\bin\javaw.exe:*:Enabled:Java launcher""C:\Program Files\eclipse\eclipse.exe"="C:\Program Files\eclipse\eclipse.exe:*:Enabled:eclipse""C:\Arquivos de programas\Java\jre1.6.0_06\bin\java.exe"="C:\Arquivos de programas\Java\jre1.6.0_06\bin\java.exe:*:Enabled:Java(TM) Platform SE binary""C:\Arquivos de programas\Java\jdk1.6.0_06\bin\java.exe"="C:\Arquivos de programas\Java\jdk1.6.0_06\bin\java.exe:*:Enabled:Java(TM) Platform SE binary""C:\Arquivos de programas\Java\jdk1.6.0_06\jre\bin\java.exe"="C:\Arquivos de programas\Java\jdk1.6.0_06\jre\bin\java.exe:*:Enabled:Java(TM) Platform SE binary""C:\Arquivos de programas\NetBeans 6.1\mobility8\WTK2.5.2\bin\emulator.exe"="C:\Arquivos de programas\NetBeans 6.1\mobility8\WTK2.5.2\bin\emulator.exe:*:Enabled:emulator""C:\Arquivos de programas\NetBeans 6.1\mobility8\WTK2.5.2\bin\zayit.exe"="C:\Arquivos de programas\NetBeans 6.1\mobility8\WTK2.5.2\bin\zayit.exe:*:Enabled:zayit""C:\WINDOWS\system32\java.exe"="C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary""C:\Arquivos de programas\JavaME_SDK_CLDC\WTK2\bin\emulator.exe"="C:\Arquivos de programas\JavaME_SDK_CLDC\WTK2\bin\emulator.exe:*:Enabled:emulator""C:\Arquivos de programas\JavaME_SDK_CLDC\OnDeviceDebug\bin\serialproxy.exe"="C:\Arquivos de programas\JavaME_SDK_CLDC\OnDeviceDebug\bin\serialproxy.exe:*:Enabled:serialproxy""C:\Arquivos de programas\JavaME_SDK_CLDC\OnDeviceDebug\bin\emulator.exe"="C:\Arquivos de programas\JavaME_SDK_CLDC\OnDeviceDebug\bin\emulator.exe:*:Enabled:emulator""C:\Arquivos de programas\BitLord\BitLord.exe"="C:\Arquivos de programas\BitLord\BitLord.exe:*:Enabled:BitLord""C:\Arquivos de programas\KONAMI\Pro Evolution Soccer 2008\PES2008.exe"="C:\Arquivos de programas\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008""C:\Arquivos de programas\Atari\Test Drive Unlimited\TestDriveUnlimited.exe"="C:\Arquivos de programas\Atari\Test Drive Unlimited\TestDriveUnlimited.exe:*:Enabled:Test Drive Unlimited""C:\Arquivos de programas\PC Satellite TV\PC Satellite TV.exe"="C:\Arquivos de programas\PC Satellite TV\PC Satellite TV.exe:*:Enabled:PC Satellite TV""C:\Arquivos de programas\Megacubo\megacubo.exe"="C:\Arquivos de programas\Megacubo\megacubo.exe:*:Enabled:MegaCubo""C:\Arquivos de programas\Megacubo\megasrv.exe"="C:\Arquivos de programas\Megacubo\megasrv.exe:*:Enabled:MegaSrv""C:\Documents and Settings\Paulo Rodrigues\Desktop\msftpsrvr.exe"="C:\Documents and Settings\Paulo Rodrigues\Desktop\msftpsrvr.exe:*:Enabled:Core FTP mini-sftp-server""C:\Arquivos de programas\WWW File Share Pro\Plugins\Chat Room\ChatRoom.exe"="C:\Arquivos de programas\WWW File Share Pro\Plugins\Chat Room\ChatRoom.exe:*:Enabled:ChatRoom""C:\Arquivos de programas\WWW File Share Pro\WWWFileSharePro.exe"="C:\Arquivos de programas\WWW File Share Pro\WWWFileSharePro.exe:*:Enabled:WWWFileSharePro""C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test""C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Executa uma DLL como um aplicativo""C:\Arquivos de programas\Autodesk\Maya2008\bin\maya.exe"="C:\Arquivos de programas\Autodesk\Maya2008\bin\maya.exe:*:Enabled:Maya""C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Console de gerenciamento Microsoft""C:\Arquivos de programas\Java\jre1.6.0_07\bin\java.exe"="C:\Arquivos de programas\Java\jre1.6.0_07\bin\java.exe:*:Enabled:Java(TM) Platform SE binary""C:\Arquivos de programas\NetBeans 6.1\mobility8\WTK2.5.2\bin\prefs.exe"="C:\Arquivos de programas\NetBeans 6.1\mobility8\WTK2.5.2\bin\prefs.exe:*:Enabled:prefs""C:\Arquivos de programas\NetBeans 6.1\mobility8\WTK2.5.2\bin\utils.exe"="C:\Arquivos de programas\NetBeans 6.1\mobility8\WTK2.5.2\bin\utils.exe:*:Enabled:utils""C:\Arquivos de programas\Opera\opera.exe"="C:\Arquivos de programas\Opera\opera.exe:*:Enabled:Opera Internet Browser""C:\Arquivos de programas\iTunes\iTunes.exe"="C:\Arquivos de programas\iTunes\iTunes.exe:*:Enabled:iTunes""C:\Arquivos de programas\Bonjour\mDNSResponder.exe"="C:\Arquivos de programas\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour""C:\Arquivos de programas\Apache Group\Apache2\bin\Apache.exe"="C:\Arquivos de programas\Apache Group\Apache2\bin\Apache.exe:LocalSubNet:Enabled:Apache HTTP Server""C:\Arquivos de programas\Skype\Phone\Skype.exe"="C:\Arquivos de programas\Skype\Phone\Skype.exe:*:Enabled:Skype""C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call""C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000""C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call""C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"======List of files/folders created in the last 1 months======2009-01-15 08:03:02 ----D---- C:\Avenger2009-01-15 08:03:02 ----A---- C:\avenger.txt2009-01-15 07:59:05 ----A---- C:\AvengerScript.txt2009-01-14 20:36:15 ----D---- C:\Arquivos de programas\Microsoft2009-01-14 20:35:59 ----D---- C:\Arquivos de programas\Windows Live SkyDrive2009-01-14 20:29:30 ----D---- C:\Arquivos de programas\Arquivos comuns\Windows Live2009-01-14 07:51:23 ----HD---- C:\autorun.inf2009-01-14 07:24:18 ----D---- C:\PenClean2009-01-13 21:31:55 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$2009-01-13 15:31:00 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help2009-01-13 08:23:05 ----D---- C:\rsit2009-01-13 08:23:05 ----D---- C:\Arquivos de programas\trend micro2009-01-12 20:11:19 ----D---- C:\Documents and Settings\Paulo Rodrigues\Dados de aplicativos\fltk.org2009-01-06 08:43:24 ----D---- C:\ComboFix2009-01-06 08:43:23 ----A---- C:\WINDOWS\system32\CF8094.exe2009-01-06 08:34:51 ----A---- C:\WINDOWS\NIRCMD.exe2009-01-06 08:34:45 ----A---- C:\WINDOWS\system32\CF6405.exe2009-01-06 08:33:31 ----A---- C:\BOOT.BAK2009-01-06 08:33:13 ----RSHD---- C:\cmdcons2009-01-06 08:32:48 ----D---- C:\WINDOWS\setupupd2009-01-06 08:22:15 ----RASH---- C:\boot.ini2009-01-06 08:17:10 ----D---- C:\WINDOWS\pss2009-01-06 07:44:38 ----A---- C:\WINDOWS\UPGRADE.TXT2009-01-06 07:44:30 ----D---- C:\WINDOWS\setup.pss2009-01-06 07:41:53 ----A---- C:\WINDOWS\imsins.BAK2009-01-06 07:35:33 ----D---- C:\WINDOWS\CSC2009-01-06 07:32:47 ----A---- C:\WINDOWS\system32\CF27029.exe2009-01-06 07:31:29 ----A---- C:\WINDOWS\ntbtlog.txt2009-01-06 07:17:34 ----D---- C:\Qoobox2009-01-06 07:17:33 ----A---- C:\WINDOWS\system32\CF24047.exe2009-01-05 15:55:19 ----A---- C:\UsbFix.txt2009-01-05 15:51:47 ----D---- C:\Arquivos de programas\UsbFix2008-12-30 20:56:36 ----D---- C:\WINDOWS\system32\NtmsData2008-12-30 19:51:32 ----D---- C:\Arquivos de programas\CCleaner2008-12-28 22:53:19 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Avira2008-12-28 22:53:18 ----D---- C:\Arquivos de programas\Avira2008-12-26 16:05:29 ----D---- C:\Arquivos de programas\Unlocker2008-12-26 15:13:11 ----A---- C:\WINDOWS\system32\CF28290.exe2008-12-26 15:02:13 ----A---- C:\WINDOWS\system32\CF26138.exe2008-12-26 14:54:02 ----A---- C:\WINDOWS\system32\CF24538.exe2008-12-26 14:45:05 ----A---- C:\WINDOWS\zip.exe2008-12-26 14:45:05 ----A---- C:\WINDOWS\VFIND.exe2008-12-26 14:45:05 ----A---- C:\WINDOWS\SWXCACLS.exe2008-12-26 14:45:05 ----A---- C:\WINDOWS\SWSC.exe2008-12-26 14:45:05 ----A---- C:\WINDOWS\SWREG.exe2008-12-26 14:45:05 ----A---- C:\WINDOWS\sed.exe2008-12-26 14:45:05 ----A---- C:\WINDOWS\grep.exe2008-12-26 14:45:05 ----A---- C:\WINDOWS\fdsv.exe2008-12-26 14:45:01 ----D---- C:\WINDOWS\ERDNT2008-12-26 14:44:59 ----A---- C:\WINDOWS\system32\CF22768.exe2008-12-26 13:18:24 ----HD---- C:\WINDOWS\PIF2008-12-19 16:01:50 ----D---- C:\Documents and Settings\Paulo Rodrigues\Dados de aplicativos\AVS4YOU2008-12-19 16:01:49 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\AVS4YOU2008-12-19 15:59:45 ----D---- C:\Arquivos de programas\Arquivos comuns\AVSMedia2008-12-19 15:59:45 ----A---- C:\WINDOWS\system32\GdiPlus.dll2008-12-17 07:25:01 ----D---- C:\Documents and Settings\Paulo Rodrigues\Dados de aplicativos\DAEMON Tools Pro2008-12-17 07:24:54 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\DAEMON Tools Lite2008-12-17 07:24:50 ----D---- C:\Arquivos de programas\DAEMON Tools Lite2008-12-17 07:24:16 ----D---- C:\Documents and Settings\Paulo Rodrigues\Dados de aplicativos\DAEMON Tools Lite======List of files/folders modified in the last 1 months======2009-01-15 08:05:15 ----D---- C:\Arquivos de programas\Mozilla Firefox2009-01-15 08:04:13 ----D---- C:\WINDOWS\Temp2009-01-15 08:03:02 ----D---- C:\WINDOWS\system32\drivers2009-01-15 08:03:02 ----D---- C:\WINDOWS2009-01-15 08:02:07 ----A---- C:\WINDOWS\SchedLgU.Txt2009-01-15 07:57:30 ----D---- C:\WINDOWS\Prefetch2009-01-14 21:06:38 ----D---- C:\Documents and Settings\Paulo Rodrigues\Dados de aplicativos\Skype2009-01-14 20:37:47 ----SHD---- C:\WINDOWS\Installer2009-01-14 20:36:30 ----D---- C:\WINDOWS\system322009-01-14 20:36:27 ----D---- C:\WINDOWS\WinSxS2009-01-14 20:36:15 ----D---- C:\Arquivos de programas2009-01-14 20:36:10 ----D---- C:\Arquivos de programas\Windows Live2009-01-14 20:36:04 ----SD---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft2009-01-14 20:36:04 ----D---- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared2009-01-14 20:35:24 ----HD---- C:\WINDOWS\inf2009-01-14 20:29:30 ----D---- C:\Arquivos de programas\Arquivos comuns2009-01-14 20:24:25 ----D---- C:\Temp2009-01-14 18:59:00 ----D---- C:\WINDOWS\system32\CatRoot22009-01-14 09:24:28 ----D---- C:\Documents and Settings\Paulo Rodrigues\Dados de aplicativos\skypePM2009-01-14 09:13:27 ----D---- C:\Program Files2009-01-14 08:34:03 ----D---- C:\Documents and Settings\Paulo Rodrigues\Dados de aplicativos\FileZilla2009-01-13 21:31:57 ----RSHDC---- C:\WINDOWS\system32\dllcache2009-01-13 21:31:33 ----HD---- C:\WINDOWS\$hf_mig$2009-01-13 21:30:15 ----D---- C:\WINDOWS\Debug2009-01-13 20:28:38 ----A---- C:\WINDOWS\NeroDigital.ini2009-01-13 15:53:18 ----RSD---- C:\WINDOWS\assembly2009-01-13 15:53:16 ----D---- C:\Arquivos de programas\Microsoft Office2009-01-13 15:52:47 ----D---- C:\WINDOWS\SHELLNEW2009-01-13 15:41:45 ----SD---- C:\Documents and Settings\Paulo Rodrigues\Dados de aplicativos\Microsoft2009-01-13 15:32:50 ----D---- C:\WINDOWS\system32\config2009-01-13 15:32:25 ----RSD---- C:\WINDOWS\Fonts2009-01-09 23:35:28 ----A---- C:\WINDOWS\system32\MRT.exe2009-01-09 20:07:43 ----D---- C:\Arquivos de programas\FileZilla FTP Client2009-01-07 19:13:18 ----D---- C:\Documents and Settings\Paulo Rodrigues\Dados de aplicativos\MyPhoneExplorer2009-01-06 15:28:56 ----D---- C:\Util2009-01-06 08:43:32 ----SHD---- C:\RECYCLER2009-01-06 08:26:26 ----A---- C:\WINDOWS\win.ini2009-01-06 08:26:25 ----A---- C:\WINDOWS\system.ini2008-12-30 19:55:53 ----D---- C:\WINDOWS\Minidump2008-12-30 18:10:52 ----SD---- C:\WINDOWS\Tasks2008-12-29 09:55:21 ----A---- C:\WINDOWS\php.ini2008-12-26 15:54:50 ----D---- C:\Documents and Settings2008-12-24 15:54:14 ----D---- C:\Arquivos de programas\Tibia2008-12-22 17:42:54 ----A---- C:\WINDOWS\avisplitter.INI2008-12-19 15:53:32 ----D---- C:\Documents and Settings\Paulo Rodrigues\Dados de aplicativos\Vso2008-12-19 00:13:54 ----D---- C:\WINDOWS\ie7updates2008-12-18 10:13:17 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\FLEXnet2008-12-17 17:02:44 ----D---- C:\Arquivos de programas\Bonjour2008-12-17 07:25:01 ----D---- C:\Documents and Settings\Paulo Rodrigues\Dados de aplicativos\DAEMON Tools======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R1 avgio;avgio; \??\C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgio.sys []R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072]R1 intelppm;Driver de Processador Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40448]R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720]R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-07-07 56108]R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-07-12 271360]R2 DS1410D;DS1410D; \??\C:\windows\system32\drivers\ds1410d.sys []R2 Hardlock;Hardlock; \??\C:\windows\system32\drivers\hardlock.sys []R2 Haspnt;Haspnt; \??\C:\windows\system32\drivers\Haspnt.sys []R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-07-12 18048]R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2001-06-21 73728]R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-01-15 293888]R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-06 93952]R3 avgntflt;avgntflt; \??\C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []R3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-11-18 377358]R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]R3 HDAudBus;Driver de Barramento Microsoft UAA para High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]R3 HidUsb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-09-06 12288]R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-07-31 47360]R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-02-06 90880]R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB); C:\WINDOWS\system32\DRIVERS\A3AB.sys [2007-05-23 547744]S3 a7ewi2h9;a7ewi2h9; C:\WINDOWS\system32\drivers\a7ewi2h9.sys []S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-10-27 145920]S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]S3 npkcrypt;npkcrypt; \??\C:\Arquivos de programas\Lineage II\system\npkcrypt.sys []S3 npkcusb;npkcusb; \??\C:\Arquivos de programas\Lineage II\system\npkcusb.sys []S3 PciCon;PciCon; \??\D:\PciCon.sys []S3 s125bus;Sony Ericsson Device 125 driver (WDM); C:\WINDOWS\system32\DRIVERS\s125bus.sys [2007-04-24 83336]S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s125mdfl.sys [2007-04-24 15112]S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s125mdm.sys [2007-04-24 108680]S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s125mgmt.sys [2007-04-24 100488]S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s125obex.sys [2007-04-24 98696]S3 Sntnlusb;Rainbow USB SuperPro; C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS [2001-06-21 20032]S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]S3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]S3 XDva189;XDva189; \??\C:\windows\system32\XDva189.sys []S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]R2 Apache2.2;Apache2.2; C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\httpd.exe [2008-12-10 24636]R2 Apple Mobile Device;Dispositivo Celular da Apple; C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]R2 Bonjour Service;Bonjour Service; C:\Arquivos de programas\Bonjour\mDNSResponder.exe [2008-12-12 238888]R2 CVS;CVSNT; C:\Arquivos de programas\cvsnt\cvsservice.exe [2003-04-01 45056]R2 CVSLock;CVSNT Locking Service; C:\Arquivos de programas\cvsnt\cvslock.exe [2003-04-01 45056]R2 MSSQLSERVER;MSSQLSERVER; C:\ARQUIV~1\MICROS~3\MSSQL\binn\sqlservr.exe [2008-05-25 9154560]R2 MySQL5;MySQL5; C:\Arquivos de programas\MySQL\MySQL Server 5.1\bin\mysqld --defaults-file=C:\Arquivos de programas\MySQL\MySQL Server 5.1\my.ini MySQL5 []R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]R2 PSI_SVC_2;Protexis Licensing V2; c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe [2005-08-08 167936]R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]R3 iPod Service;iPod Service; C:\Arquivos de programas\iPod\bin\iPodService.exe [2008-11-20 536872]S2 Apache2;Apache2; C:\Arquivos de programas\Apache Group\Apache2\bin\Apache.exe -k runservice []S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-09-23 654848]S3 IDriverT;InstallDriver Table Manager; C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2005-05-03 73728]S3 NBService;NBService; C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]S3 NMIndexingService;NMIndexingService; C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe [2007-05-08 271920]S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]S3 SQLSERVERAGENT;SQLSERVERAGENT; C:\Arquivos de programas\Microsoft SQL Server\MSSQL\binn\sqlagent.exe [2005-05-03 323584]S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]-----------------EOF-----------------

 

O info.txt não mudou.

 

[]'s

Compartilhar este post

Link para o post
Compartilhar em outros sites

MGuitar    11

MGuitar
Postado

Vá em Painel de Controle > Opções regionais e de idioma. Veja se na aba Opções regionais, está marcada a opção Português (Brasil).

 

Quanto ao log, as entradas do vírus do MP3 foram removidas pelo Avenger.

 

Delete o AvengerScript.txt e o Avenger.txt em C:.

 

- Copie este conteúdo aqui abaixo:

 

Files to delete:

C:\autorun.inf

C:\WINDOWS\system32\CF8094.exe

C:\WINDOWS\system32\CF6405.exe

C:\WINDOWS\system32\CF24047.exe

C:\UsbFix.txt

C:\WINDOWS\system32\CF28290.exe

C:\WINDOWS\system32\CF26138.exe

C:\WINDOWS\system32\CF24538.exe

C:\WINDOWS\system32\CF22768.exe

 

Folders to delete:

C:\PenClean

C:\Qoobox

C:\Arquivos de programas\UsbFix

● Execute o programa Avenger, dando dois cliques em avenger.exe;

● Clique no menu Load Script > Paste from Clipboard;

● Clique no botão Execute > Yes > OK;

● Seu computador será reiniciado;

● Será gerado um log em C:\avenger.txt

 

Cole o log do Avenger e um novo log do RSIT.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Paulo André    0

Paulo André
Postado

avenger.txt

Logfile of The Avenger Version 2.0, (c) by Swandog46http://swandog46.geekstogo.comPlatform:  Windows XP*******************Script file opened successfully.Script file read successfully.Backups directory opened successfully at C:\Avenger*******************Beginning to process script file:Rootkit scan active.No rootkits found!File "C:\autorun.inf" deleted successfully.File "C:\WINDOWS\system32\CF8094.exe" deleted successfully.File "C:\WINDOWS\system32\CF6405.exe" deleted successfully.File "C:\WINDOWS\system32\CF24047.exe" deleted successfully.File "C:\UsbFix.txt" deleted successfully.File "C:\WINDOWS\system32\CF28290.exe" deleted successfully.File "C:\WINDOWS\system32\CF26138.exe" deleted successfully.File "C:\WINDOWS\system32\CF24538.exe" deleted successfully.File "C:\WINDOWS\system32\CF22768.exe" deleted successfully.Folder "C:\PenClean" deleted successfully.Folder "C:\Qoobox" deleted successfully.Folder "C:\Arquivos de programas\UsbFix" deleted successfully.Completed script processing.*******************Finished!  Terminate.

 

 

log.txt

Logfile of random's system information tool 1.05 (written by random/random)Run by Paulo Rodrigues at 2009-01-16 08:06:25Microsoft Windows XP Professional Service Pack 3System drive C: has 25 GB (17%) free of 153 GBTotal RAM: 3455 MB (81% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 08:06:25, on 16/1/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\ARQUIV~1\GbPlugin\GbpSv.exeC:\WINDOWS\system32\spoolsv.exeC:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exeC:\WINDOWS\Explorer.EXEC:\Arquivos de programas\Analog Devices\Core\smax4pnp.exeC:\Arquivos de programas\Google\Google Talk\googletalk.exeC:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exeC:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exeC:\WINDOWS\Mixer.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Arquivos de programas\iTunes\iTunesHelper.exeC:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exeC:\WINDOWS\system32\CTFMON.EXEC:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exeC:\Documents and Settings\Paulo Rodrigues\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exeC:\Arquivos de programas\DAEMON Tools Lite\daemon.exeC:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exeC:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exeC:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exeC:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\httpd.exeC:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Arquivos de programas\Bonjour\mDNSResponder.exeC:\Arquivos de programas\cvsnt\cvsservice.exeC:\Arquivos de programas\cvsnt\cvslock.exeC:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\httpd.exeC:\ARQUIV~1\MICROS~3\MSSQL\binn\sqlservr.exeC:\Arquivos de programas\MySQL\MySQL Server 5.1\bin\mysqld.exeC:\WINDOWS\system32\nvsvc32.exec:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exeC:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exeC:\Arquivos de programas\iPod\bin\iPodService.exeC:\Arquivos de programas\Windows Live\Contacts\wlcomm.exeC:\Arquivos de programas\Mozilla Firefox\firefox.exeC:\WINDOWS\system32\wscntfy.exeC:\Documents and Settings\Paulo Rodrigues\Desktop\RSIT.exeC:\Arquivos de programas\trend micro\Paulo Rodrigues.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localO2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dllO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dllO2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dllO4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exeO4 - HKLM\..\Run: [SoundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exeO4 - HKLM\..\Run: [SoundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /trayO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostartO4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe"  -osbootO4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startupO4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exeO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [AppleSyncNotifier] C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /minO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /backgroundO4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Paulo Rodrigues\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /cO4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorunO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Global Startup: Monitor Apache Servers.lnk = C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exeO4 - Global Startup: Service Manager.lnk = C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exeO8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.aspO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLLO20 - Winlogon Notify:  GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dllO23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exeO23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exeO23 - Service: Apache2 - Unknown owner - C:\Arquivos de programas\Apache Group\Apache2\bin\Apache.exe (file missing)O23 - Service: Apache2.2 - Apache Software Foundation - C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\httpd.exeO23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exeO23 - Service: CVSNT (CVS) - GNU - C:\Arquivos de programas\cvsnt\cvsservice.exeO23 - Service: CVSNT Locking Service (CVSLock) - Unknown owner - C:\Arquivos de programas\cvsnt\cvslock.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exeO23 - Service: MySQL5 - Unknown owner - C:\Arquivos.exe (file missing)O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exeO23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exeO23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe--End of file - 10051 bytes======Scheduled tasks folder======C:\WINDOWS\tasks\AppleSoftwareUpdate.jobC:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-861567501-2111687655-839522115-1003.job======Registry dump======[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]Facilitador de Leitor de Link Adobe PDF - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-07-01 308856][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]SSVHelper Class - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]Auxiliar de Conexão do Windows Live - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-11-18 408952][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540000}]GbIehObj Class - C:\Arquivos de programas\GbPlugin\gbieh.dll [2008-09-01 384840][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2004-10-27 61952]"SoundMAXPnP"=C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe [2006-12-18 868352]"SoundMAX"=C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088]"NvCplDaemon"=C:\windows\system32\NvCpl.dll [2008-05-16 13529088]"nwiz"=nwiz.exe /install []"googletalk"=C:\Arquivos de programas\Google\Google Talk\googletalk.exe [2007-01-01 3739648]"RemoteControl"=C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe [2006-11-23 56928]"LanguageShortcut"=C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832]"TkBellExe"=C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe [2008-07-01 185896]"C-Media Mixer"=Mixer.exe /startup []"NeroFilterCheck"=C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]"NvMediaCenter"=C:\windows\system32\NvMcTray.dll [2008-05-16 86016]"AppleSyncNotifier"=C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-10-01 111936]"Adobe Reader Speed Launcher"=C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]"QuickTime Task"=C:\Arquivos de programas\QuickTime\qttask.exe [2008-11-04 413696]"iTunesHelper"=C:\Arquivos de programas\iTunes\iTunesHelper.exe [2008-11-20 290088]"avgnt"=C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497][HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]"msnmsgr"=C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe [2008-12-02 3882312]"Google Update"=C:\Documents and Settings\Paulo Rodrigues\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe [2008-09-06 133104]"DAEMON Tools Lite"=C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe [2008-12-10 216520]C:\Documents and Settings\All Users\Menu Iniciar\Programas\InicializarMonitor Apache Servers.lnk - C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exeService Manager.lnk - C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginBb]C:\Arquivos de programas\GbPlugin\gbieh.dll [2008-09-01 384840][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"=C:\Arquivos de programas\GbPlugin\gbieh.dll [2008-09-01 384840][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]"dontdisplaylastusername"=0"legalnoticecaption"="legalnoticetext"="shutdownwithoutlogon"=1"undockwithoutlogon"=1[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]"NoDriveTypeAutoRun"=149[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]"NoDriveTypeAutoRun"=[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA""C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB""C:\Arquivos de programas\GameSpy\Comrade\Comrade.exe"="C:\Arquivos de programas\GameSpy\Comrade\Comrade.exe:*:Enabled:Comrade""C:\Documents and Settings\Paulo Rodrigues\Desktop\GuSTop.exe"="C:\Documents and Settings\Paulo Rodrigues\Desktop\GuSTop.exe:*:Enabled:GuSTop""C:\Arquivos de programas\Tibia\Tibia.exe"="C:\Arquivos de programas\Tibia\Tibia.exe:*:Enabled:Tibia Player""C:\Documents and Settings\Paulo Rodrigues\Desktop\TibiCAM\TibiCAM.exe"="C:\Documents and Settings\Paulo Rodrigues\Desktop\TibiCAM\TibiCAM.exe:*:Enabled:TibiCAM""C:\Util\Tibia\TibiCAM\TibiCAM.exe"="C:\Util\Tibia\TibiCAM\TibiCAM.exe:*:Enabled:TibiCAM""C:\Arquivos de programas\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe"="C:\Arquivos de programas\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9""C:\Arquivos de programas\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe"="C:\Arquivos de programas\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10""C:\Arquivos de programas\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe"="C:\Arquivos de programas\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update""C:\Arquivos de programas\Google\Google Talk\googletalk.exe"="C:\Arquivos de programas\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk""C:\Arquivos de programas\Zend\Zend Studio for Eclipse - 6.0.0\ZendStudio.exe"="C:\Arquivos de programas\Zend\Zend Studio for Eclipse - 6.0.0\ZendStudio.exe:*:Enabled:ZendStudio""C:\Arquivos de programas\phpDesigner 2008\phpDesigner2008.exe"="C:\Arquivos de programas\phpDesigner 2008\phpDesigner2008.exe:*:Enabled:phpDesigner2008""C:\eclipse\eclipse.exe"="C:\eclipse\eclipse.exe:*:Enabled:eclipse""C:\Arquivos de programas\IBM\Installation Manager\eclipse\jre\bin\javaw.exe"="C:\Arquivos de programas\IBM\Installation Manager\eclipse\jre\bin\javaw.exe:*:Enabled:Java launcher""C:\Arquivos de programas\IBM\SDP70\runtimes\base_v61\java\bin\java.exe"="C:\Arquivos de programas\IBM\SDP70\runtimes\base_v61\java\bin\java.exe:*:Enabled:Java launcher""C:\Arquivos de programas\IBM\SDP70\jdk\jre\bin\javaw.exe"="C:\Arquivos de programas\IBM\SDP70\jdk\jre\bin\javaw.exe:*:Enabled:Java launcher""C:\Arquivos de programas\Adobe\Flex Builder 3 Plug-in\jre\bin\javaw.exe"="C:\Arquivos de programas\Adobe\Flex Builder 3 Plug-in\jre\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary""%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000""C:\Arquivos de programas\IBM\SDP70\jdk\bin\javaw.exe"="C:\Arquivos de programas\IBM\SDP70\jdk\bin\javaw.exe:*:Enabled:Java launcher""C:\Program Files\eclipse\eclipse.exe"="C:\Program Files\eclipse\eclipse.exe:*:Enabled:eclipse""C:\Arquivos de programas\Java\jre1.6.0_06\bin\java.exe"="C:\Arquivos de programas\Java\jre1.6.0_06\bin\java.exe:*:Enabled:Java(TM) Platform SE binary""C:\Arquivos de programas\Java\jdk1.6.0_06\bin\java.exe"="C:\Arquivos de programas\Java\jdk1.6.0_06\bin\java.exe:*:Enabled:Java(TM) Platform SE binary""C:\Arquivos de programas\Java\jdk1.6.0_06\jre\bin\java.exe"="C:\Arquivos de programas\Java\jdk1.6.0_06\jre\bin\java.exe:*:Enabled:Java(TM) Platform SE binary""C:\Arquivos de programas\NetBeans 6.1\mobility8\WTK2.5.2\bin\emulator.exe"="C:\Arquivos de programas\NetBeans 6.1\mobility8\WTK2.5.2\bin\emulator.exe:*:Enabled:emulator""C:\Arquivos de programas\NetBeans 6.1\mobility8\WTK2.5.2\bin\zayit.exe"="C:\Arquivos de programas\NetBeans 6.1\mobility8\WTK2.5.2\bin\zayit.exe:*:Enabled:zayit""C:\WINDOWS\system32\java.exe"="C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary""C:\Arquivos de programas\JavaME_SDK_CLDC\WTK2\bin\emulator.exe"="C:\Arquivos de programas\JavaME_SDK_CLDC\WTK2\bin\emulator.exe:*:Enabled:emulator""C:\Arquivos de programas\JavaME_SDK_CLDC\OnDeviceDebug\bin\serialproxy.exe"="C:\Arquivos de programas\JavaME_SDK_CLDC\OnDeviceDebug\bin\serialproxy.exe:*:Enabled:serialproxy""C:\Arquivos de programas\JavaME_SDK_CLDC\OnDeviceDebug\bin\emulator.exe"="C:\Arquivos de programas\JavaME_SDK_CLDC\OnDeviceDebug\bin\emulator.exe:*:Enabled:emulator""C:\Arquivos de programas\BitLord\BitLord.exe"="C:\Arquivos de programas\BitLord\BitLord.exe:*:Enabled:BitLord""C:\Arquivos de programas\KONAMI\Pro Evolution Soccer 2008\PES2008.exe"="C:\Arquivos de programas\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008""C:\Arquivos de programas\Atari\Test Drive Unlimited\TestDriveUnlimited.exe"="C:\Arquivos de programas\Atari\Test Drive Unlimited\TestDriveUnlimited.exe:*:Enabled:Test Drive Unlimited""C:\Arquivos de programas\PC Satellite TV\PC Satellite TV.exe"="C:\Arquivos de programas\PC Satellite TV\PC Satellite TV.exe:*:Enabled:PC Satellite TV""C:\Arquivos de programas\Megacubo\megacubo.exe"="C:\Arquivos de programas\Megacubo\megacubo.exe:*:Enabled:MegaCubo""C:\Arquivos de programas\Megacubo\megasrv.exe"="C:\Arquivos de programas\Megacubo\megasrv.exe:*:Enabled:MegaSrv""C:\Documents and Settings\Paulo Rodrigues\Desktop\msftpsrvr.exe"="C:\Documents and Settings\Paulo Rodrigues\Desktop\msftpsrvr.exe:*:Enabled:Core FTP mini-sftp-server""C:\Arquivos de programas\WWW File Share Pro\Plugins\Chat Room\ChatRoom.exe"="C:\Arquivos de programas\WWW File Share Pro\Plugins\Chat Room\ChatRoom.exe:*:Enabled:ChatRoom""C:\Arquivos de programas\WWW File Share Pro\WWWFileSharePro.exe"="C:\Arquivos de programas\WWW File Share Pro\WWWFileSharePro.exe:*:Enabled:WWWFileSharePro""C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test""C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Executa uma DLL como um aplicativo""C:\Arquivos de programas\Autodesk\Maya2008\bin\maya.exe"="C:\Arquivos de programas\Autodesk\Maya2008\bin\maya.exe:*:Enabled:Maya""C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Console de gerenciamento Microsoft""C:\Arquivos de programas\Java\jre1.6.0_07\bin\java.exe"="C:\Arquivos de programas\Java\jre1.6.0_07\bin\java.exe:*:Enabled:Java(TM) Platform SE binary""C:\Arquivos de programas\NetBeans 6.1\mobility8\WTK2.5.2\bin\prefs.exe"="C:\Arquivos de programas\NetBeans 6.1\mobility8\WTK2.5.2\bin\prefs.exe:*:Enabled:prefs""C:\Arquivos de programas\NetBeans 6.1\mobility8\WTK2.5.2\bin\utils.exe"="C:\Arquivos de programas\NetBeans 6.1\mobility8\WTK2.5.2\bin\utils.exe:*:Enabled:utils""C:\Arquivos de programas\Opera\opera.exe"="C:\Arquivos de programas\Opera\opera.exe:*:Enabled:Opera Internet Browser""C:\Arquivos de programas\iTunes\iTunes.exe"="C:\Arquivos de programas\iTunes\iTunes.exe:*:Enabled:iTunes""C:\Arquivos de programas\Bonjour\mDNSResponder.exe"="C:\Arquivos de programas\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour""C:\Arquivos de programas\Apache Group\Apache2\bin\Apache.exe"="C:\Arquivos de programas\Apache Group\Apache2\bin\Apache.exe:LocalSubNet:Enabled:Apache HTTP Server""C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call""C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger""C:\Arquivos de programas\Skype\Phone\Skype.exe"="C:\Arquivos de programas\Skype\Phone\Skype.exe:*:Enabled:Skype"[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000""C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call""C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"======List of files/folders created in the last 1 months======2009-01-16 07:59:04 ----A---- C:\avenger.txt2009-01-15 18:56:07 ----A---- C:\eclipse.ini2009-01-15 09:27:59 ----D---- C:\Arquivos de programas\Microsoft Works2009-01-15 09:25:30 ----RHD---- C:\MSOCache2009-01-15 08:03:02 ----D---- C:\Avenger2009-01-14 20:36:15 ----D---- C:\Arquivos de programas\Microsoft2009-01-14 20:35:59 ----D---- C:\Arquivos de programas\Windows Live SkyDrive2009-01-14 20:29:30 ----D---- C:\Arquivos de programas\Arquivos comuns\Windows Live2009-01-13 21:31:55 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$2009-01-13 15:31:00 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help2009-01-13 08:23:05 ----D---- C:\rsit2009-01-13 08:23:05 ----D---- C:\Arquivos de programas\trend micro2009-01-12 20:11:19 ----D---- C:\Documents and Settings\Paulo Rodrigues\Dados de aplicativos\fltk.org2009-01-06 08:43:24 ----D---- C:\ComboFix2009-01-06 08:34:51 ----A---- C:\WINDOWS\NIRCMD.exe2009-01-06 08:33:31 ----A---- C:\BOOT.BAK2009-01-06 08:33:13 ----RSHD---- C:\cmdcons2009-01-06 08:32:48 ----D---- C:\WINDOWS\setupupd2009-01-06 08:22:15 ----RASH---- C:\boot.ini2009-01-06 08:17:10 ----D---- C:\WINDOWS\pss2009-01-06 07:44:38 ----A---- C:\WINDOWS\UPGRADE.TXT2009-01-06 07:44:30 ----D---- C:\WINDOWS\setup.pss2009-01-06 07:41:53 ----A---- C:\WINDOWS\imsins.BAK2009-01-06 07:35:33 ----D---- C:\WINDOWS\CSC2009-01-06 07:32:47 ----A---- C:\WINDOWS\system32\CF27029.exe2009-01-06 07:31:29 ----A---- C:\WINDOWS\ntbtlog.txt2008-12-30 20:56:36 ----D---- C:\WINDOWS\system32\NtmsData2008-12-30 19:51:32 ----D---- C:\Arquivos de programas\CCleaner2008-12-28 22:53:19 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Avira2008-12-28 22:53:18 ----D---- C:\Arquivos de programas\Avira2008-12-26 16:05:29 ----D---- C:\Arquivos de programas\Unlocker2008-12-26 14:45:05 ----A---- C:\WINDOWS\zip.exe2008-12-26 14:45:05 ----A---- C:\WINDOWS\VFIND.exe2008-12-26 14:45:05 ----A---- C:\WINDOWS\SWXCACLS.exe2008-12-26 14:45:05 ----A---- C:\WINDOWS\SWSC.exe2008-12-26 14:45:05 ----A---- C:\WINDOWS\SWREG.exe2008-12-26 14:45:05 ----A---- C:\WINDOWS\sed.exe2008-12-26 14:45:05 ----A---- C:\WINDOWS\grep.exe2008-12-26 14:45:05 ----A---- C:\WINDOWS\fdsv.exe2008-12-26 14:45:01 ----D---- C:\WINDOWS\ERDNT2008-12-26 13:18:24 ----HD---- C:\WINDOWS\PIF2008-12-19 16:01:50 ----D---- C:\Documents and Settings\Paulo Rodrigues\Dados de aplicativos\AVS4YOU2008-12-19 16:01:49 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\AVS4YOU2008-12-19 15:59:45 ----D---- C:\Arquivos de programas\Arquivos comuns\AVSMedia2008-12-19 15:59:45 ----A---- C:\WINDOWS\system32\GdiPlus.dll2008-12-17 07:25:01 ----D---- C:\Documents and Settings\Paulo Rodrigues\Dados de aplicativos\DAEMON Tools Pro2008-12-17 07:24:54 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\DAEMON Tools Lite2008-12-17 07:24:50 ----D---- C:\Arquivos de programas\DAEMON Tools Lite2008-12-17 07:24:16 ----D---- C:\Documents and Settings\Paulo Rodrigues\Dados de aplicativos\DAEMON Tools Lite======List of files/folders modified in the last 1 months======2009-01-16 08:05:54 ----D---- C:\WINDOWS\Prefetch2009-01-16 08:00:55 ----D---- C:\Arquivos de programas\Mozilla Firefox2009-01-16 08:00:00 ----D---- C:\WINDOWS\Temp2009-01-16 07:59:05 ----D---- C:\WINDOWS\system322009-01-16 07:59:05 ----D---- C:\Arquivos de programas2009-01-16 07:59:04 ----D---- C:\WINDOWS\system32\drivers2009-01-16 07:58:10 ----A---- C:\WINDOWS\SchedLgU.Txt2009-01-15 20:00:03 ----SHD---- C:\WINDOWS\Installer2009-01-15 19:52:13 ----D---- C:\Documents and Settings\Paulo Rodrigues\Dados de aplicativos\Skype2009-01-15 17:58:40 ----D---- C:\Temp2009-01-15 09:46:12 ----D---- C:\Documents and Settings\Paulo Rodrigues\Dados de aplicativos\skypePM2009-01-15 09:28:11 ----RSD---- C:\WINDOWS\assembly2009-01-15 09:27:59 ----D---- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared2009-01-15 09:27:52 ----D---- C:\Arquivos de programas\Microsoft Office2009-01-15 09:27:35 ----RSD---- C:\WINDOWS\Fonts2009-01-15 09:26:23 ----D---- C:\WINDOWS\SHELLNEW2009-01-15 08:03:02 ----D---- C:\WINDOWS2009-01-14 20:36:27 ----D---- C:\WINDOWS\WinSxS2009-01-14 20:36:10 ----D---- C:\Arquivos de programas\Windows Live2009-01-14 20:36:04 ----SD---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft2009-01-14 20:35:24 ----HD---- C:\WINDOWS\inf2009-01-14 20:29:30 ----D---- C:\Arquivos de programas\Arquivos comuns2009-01-14 18:59:00 ----D---- C:\WINDOWS\system32\CatRoot22009-01-14 09:13:27 ----D---- C:\Program Files2009-01-14 08:34:03 ----D---- C:\Documents and Settings\Paulo Rodrigues\Dados de aplicativos\FileZilla2009-01-13 21:31:57 ----RSHDC---- C:\WINDOWS\system32\dllcache2009-01-13 21:31:33 ----HD---- C:\WINDOWS\$hf_mig$2009-01-13 21:30:15 ----D---- C:\WINDOWS\Debug2009-01-13 20:28:38 ----A---- C:\WINDOWS\NeroDigital.ini2009-01-13 15:41:45 ----SD---- C:\Documents and Settings\Paulo Rodrigues\Dados de aplicativos\Microsoft2009-01-13 15:32:50 ----D---- C:\WINDOWS\system32\config2009-01-09 23:35:28 ----A---- C:\WINDOWS\system32\MRT.exe2009-01-09 20:07:43 ----D---- C:\Arquivos de programas\FileZilla FTP Client2009-01-07 19:13:18 ----D---- C:\Documents and Settings\Paulo Rodrigues\Dados de aplicativos\MyPhoneExplorer2009-01-06 15:28:56 ----D---- C:\Util2009-01-06 08:43:32 ----SHD---- C:\RECYCLER2009-01-06 08:26:26 ----A---- C:\WINDOWS\win.ini2009-01-06 08:26:25 ----A---- C:\WINDOWS\system.ini2008-12-30 19:55:53 ----D---- C:\WINDOWS\Minidump2008-12-30 18:10:52 ----SD---- C:\WINDOWS\Tasks2008-12-29 09:55:21 ----A---- C:\WINDOWS\php.ini2008-12-26 15:54:50 ----D---- C:\Documents and Settings2008-12-24 15:54:14 ----D---- C:\Arquivos de programas\Tibia2008-12-22 17:42:54 ----A---- C:\WINDOWS\avisplitter.INI2008-12-19 15:53:32 ----D---- C:\Documents and Settings\Paulo Rodrigues\Dados de aplicativos\Vso2008-12-19 00:13:54 ----D---- C:\WINDOWS\ie7updates2008-12-18 10:13:17 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\FLEXnet2008-12-17 17:02:44 ----D---- C:\Arquivos de programas\Bonjour2008-12-17 07:25:01 ----D---- C:\Documents and Settings\Paulo Rodrigues\Dados de aplicativos\DAEMON Tools======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R1 avgio;avgio; \??\C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgio.sys []R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072]R1 intelppm;Driver de Processador Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40448]R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720]R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-07-07 56108]R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-07-12 271360]R2 DS1410D;DS1410D; \??\C:\windows\system32\drivers\ds1410d.sys []R2 Hardlock;Hardlock; \??\C:\windows\system32\drivers\hardlock.sys []R2 Haspnt;Haspnt; \??\C:\windows\system32\drivers\Haspnt.sys []R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-07-12 18048]R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2001-06-21 73728]R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-01-15 293888]R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-06 93952]R3 avgntflt;avgntflt; \??\C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []R3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-11-18 377358]R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]R3 HDAudBus;Driver de Barramento Microsoft UAA para High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]R3 HidUsb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-09-06 12288]R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-07-31 47360]R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-02-06 90880]R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB); C:\WINDOWS\system32\DRIVERS\A3AB.sys [2007-05-23 547744]S3 adf9hw73;adf9hw73; C:\WINDOWS\system32\drivers\adf9hw73.sys []S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-10-27 145920]S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]S3 npkcrypt;npkcrypt; \??\C:\Arquivos de programas\Lineage II\system\npkcrypt.sys []S3 npkcusb;npkcusb; \??\C:\Arquivos de programas\Lineage II\system\npkcusb.sys []S3 PciCon;PciCon; \??\D:\PciCon.sys []S3 s125bus;Sony Ericsson Device 125 driver (WDM); C:\WINDOWS\system32\DRIVERS\s125bus.sys [2007-04-24 83336]S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s125mdfl.sys [2007-04-24 15112]S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s125mdm.sys [2007-04-24 108680]S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s125mgmt.sys [2007-04-24 100488]S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s125obex.sys [2007-04-24 98696]S3 Sntnlusb;Rainbow USB SuperPro; C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS [2001-06-21 20032]S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]S3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]S3 XDva189;XDva189; \??\C:\windows\system32\XDva189.sys []S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]R2 Apache2.2;Apache2.2; C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\httpd.exe [2008-12-10 24636]R2 Apple Mobile Device;Dispositivo Celular da Apple; C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]R2 Bonjour Service;Bonjour Service; C:\Arquivos de programas\Bonjour\mDNSResponder.exe [2008-12-12 238888]R2 CVS;CVSNT; C:\Arquivos de programas\cvsnt\cvsservice.exe [2003-04-01 45056]R2 CVSLock;CVSNT Locking Service; C:\Arquivos de programas\cvsnt\cvslock.exe [2003-04-01 45056]R2 MSSQLSERVER;MSSQLSERVER; C:\ARQUIV~1\MICROS~3\MSSQL\binn\sqlservr.exe [2008-05-25 9154560]R2 MySQL5;MySQL5; C:\Arquivos de programas\MySQL\MySQL Server 5.1\bin\mysqld --defaults-file=C:\Arquivos de programas\MySQL\MySQL Server 5.1\my.ini MySQL5 []R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]R2 PSI_SVC_2;Protexis Licensing V2; c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe [2005-08-08 167936]R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]R3 iPod Service;iPod Service; C:\Arquivos de programas\iPod\bin\iPodService.exe [2008-11-20 536872]S2 Apache2;Apache2; C:\Arquivos de programas\Apache Group\Apache2\bin\Apache.exe -k runservice []S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-09-23 654848]S3 IDriverT;InstallDriver Table Manager; C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2005-05-03 73728]S3 NBService;NBService; C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]S3 NMIndexingService;NMIndexingService; C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe [2007-05-08 271920]S3 odserv;Microsoft Office Diagnostics Service; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]S3 SQLSERVERAGENT;SQLSERVERAGENT; C:\Arquivos de programas\Microsoft SQL Server\MSSQL\binn\sqlagent.exe [2005-05-03 323584]S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]-----------------EOF-----------------

 

[]'s

Compartilhar este post

Link para o post
Compartilhar em outros sites

MGuitar    11

MGuitar
Postado

Vá em Iniciar > Executar, digite combofix /u e dê um OK. Delete a pasta C:\ComboFix. Delete o Avenger e sua pasta. Delete o RSIT, sua pasta e o seguinte arquivo em destaque > C:\Arquivos de programas\trend micro\Paulo Rodrigues.exe, criado pelo RSIT.

Vá na pasta à seguir e delete o arquivo em destaque > C:\WINDOWS\system32\CF27029.exe.

 

Os logs estão limpos.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Paulo André    0

Paulo André
Postado

Dê uma olhada nesta imagem que eu tirei...

 

É isso que acontece... eu coloco o MP3 e aparece a unidade do mp3 normal (M) e essa outra (G), que sempre acusa vírus.. tentei de todas as formas excluir estes 3 arquivos e diz que não tenho permissão... e tentei formatar também mas não dá certo.

 

[]'s

Compartilhar este post

Link para o post
Compartilhar em outros sites

MGuitar    11

MGuitar
Postado

Baixe o arquivo upado no host abaixo e salve no desktop:

http://rapidshare.com/files/161407701/DirReg.zip.html

 

Extraia o arquivo do zip. Ele deverá ficar com um ícone igual a este -> http://img146.imageshack.us/img146/2818/trala2nt6.jpg

 

Execute o arquivo DirReg.bat. O bloco de notas será aberto, com algumas informações, juntamente com uma tela do prompt. Feche o bloco de notas, pois uma cópia ficará salva em C:\DirReg.txt.

 

Copie o conteúdo desse arquivo e cole na sua próxima resposta.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Paulo André    0

Paulo André
Postado 

REGEDIT4[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\B]"BaseClass"="Drive"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]"BaseClass"="Drive"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]"BaseClass"="Drive"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]"BaseClass"="Drive"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]"BaseClass"="Drive"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]"BaseClass"="Drive"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ad63689-32e9-11dd-9362-001d602f26dc}]"BaseClass"="Drive""_AutorunStatus"=hex:01,01,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\  ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\  ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\  ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,00,00,00[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d70f891-e226-11dd-9962-001d602f26dc}]"BaseClass"="Drive""_AutorunStatus"=hex:01,01,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\  ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\  ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\  ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,00,00,00[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f8ee412-c743-11dc-b016-001d602f26dc}]"BaseClass"="Drive""_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\  5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\  cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\  ff,ff,00,00,10,00,00,08,01,00,00[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f8ee412-c743-11dc-b016-001d602f26dc}\shell]@="None"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f8ee412-c743-11dc-b016-001d602f26dc}\shell\Autoplay]"MUIVerb"="@shell32.dll,-8504"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f8ee412-c743-11dc-b016-001d602f26dc}\shell\Autoplay\DropTarget]"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a36ccc0-2ca9-11dd-9351-001d602f26dc}]"BaseClass"="Drive""_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\  5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\  5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\  ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,01,00,00,00,08,06,00,00[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a36ccc0-2ca9-11dd-9351-001d602f26dc}\shell]@="None"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a36ccc0-2ca9-11dd-9351-001d602f26dc}\shell\Autoplay]"MUIVerb"="@shell32.dll,-8504"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a36ccc0-2ca9-11dd-9351-001d602f26dc}\shell\Autoplay\DropTarget]"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ee6d642-a9bf-11dc-afd5-806d6172696f}]"BaseClass"="Drive""_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,01,00,01,01,ee,ff,ff,ff,ff,\  ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\  ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\  ff,ff,00,60,00,00,00,09,00,00,00[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ee6d642-a9bf-11dc-afd5-806d6172696f}\Name]@="The Sims 2"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ee6d642-a9bf-11dc-afd5-806d6172696f}\_Autorun][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ee6d642-a9bf-11dc-afd5-806d6172696f}\_Autorun\DefaultIcon]@="D:\\CyberLink.ico,0"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{369022de-a432-11dd-98e1-001d602f26dc}]"BaseClass"="Drive""_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\  5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\  5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,01,01,01,\  ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,00,00,00[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{369022de-a432-11dd-98e1-001d602f26dc}\shell]@="None"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{369022de-a432-11dd-98e1-001d602f26dc}\shell\Autoplay]"MUIVerb"="@shell32.dll,-8504"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{369022de-a432-11dd-98e1-001d602f26dc}\shell\Autoplay\DropTarget]"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d8329b0-5355-11dd-985d-806d6172696f}]"BaseClass"="Drive""_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\  5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\  5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,df,df,df,\  5f,df,df,01,01,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,01,00,00,00,08,00,00,00[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d8329b0-5355-11dd-985d-806d6172696f}\shell]@="None"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d8329b0-5355-11dd-985d-806d6172696f}\shell\Autoplay]"MUIVerb"="@shell32.dll,-8504"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d8329b0-5355-11dd-985d-806d6172696f}\shell\Autoplay\DropTarget]"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d8329b1-5355-11dd-985d-806d6172696f}]"BaseClass"="Drive""_AutorunStatus"=hex:01,01,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\  ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\  ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\  ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,e0,00,00,00,10,00,00,00[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d8329b1-5355-11dd-985d-806d6172696f}\Name]@="Need for Speed Carbon"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d8329b1-5355-11dd-985d-806d6172696f}\_Autorun][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d8329b1-5355-11dd-985d-806d6172696f}\_Autorun\DefaultIcon]@="F:\\setup.exe,0"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d8329b2-5355-11dd-985d-001d602f26dc}]"BaseClass"="Drive""_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\  5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\  5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,df,df,df,\  5f,df,df,00,5f,5f,5f,5f,5f,5f,5f,5f,5f,5f,00,01,00,00,00,08,00,00,00[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{690f9405-a9be-11dc-b55a-806d6172696f}]"BaseClass"="Drive"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{69cc0daa-3b42-11dd-937c-001d602f26dc}]"BaseClass"="Drive""_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\  5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\  5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\  ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,03,00,00[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{69cc0daa-3b42-11dd-937c-001d602f26dc}\shell]@="None"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{69cc0daa-3b42-11dd-937c-001d602f26dc}\shell\Autoplay]"MUIVerb"="@shell32.dll,-8504"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{69cc0daa-3b42-11dd-937c-001d602f26dc}\shell\Autoplay\DropTarget]"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{69cc0dab-3b42-11dd-937c-001d602f26dc}]"BaseClass"="Drive""_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\  5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\  5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,cf,cf,cf,\  5f,cf,cf,cf,5f,5f,5f,5f,5f,5f,5f,5f,5f,5f,00,00,10,00,00,00,00,00,00[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{69cc0dab-3b42-11dd-937c-001d602f26dc}\shell]@="None"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{69cc0dab-3b42-11dd-937c-001d602f26dc}\shell\Autoplay]"MUIVerb"="@shell32.dll,-8504"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{69cc0dab-3b42-11dd-937c-001d602f26dc}\shell\Autoplay\DropTarget]"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78b57bf3-96bf-11dd-98d3-001d602f26dc}]"BaseClass"="Drive""_AutorunStatus"=hex:01,01,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\  ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\  ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\  ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,20,00,00,00,09,00,00,00[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78b57bf3-96bf-11dd-98d3-001d602f26dc}\Name]@="Need for Speed Undercover"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78b57bf3-96bf-11dd-98d3-001d602f26dc}\_Autorun][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78b57bf3-96bf-11dd-98d3-001d602f26dc}\_Autorun\Action]@="Begin Office Installer"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78b57bf3-96bf-11dd-98d3-001d602f26dc}\_Autorun\DefaultIcon]@="E:\\Office.ico"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c9458a3-c603-11dd-9922-001d602f26dc}]"BaseClass"="Drive""_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\  5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\  5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\  ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,03,00,00[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c9458a3-c603-11dd-9922-001d602f26dc}\shell]@="None"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c9458a3-c603-11dd-9922-001d602f26dc}\shell\Autoplay]"MUIVerb"="@shell32.dll,-8504"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c9458a3-c603-11dd-9922-001d602f26dc}\shell\Autoplay\DropTarget]"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8cc629b7-df26-11dd-995a-001d602f26dc}]"BaseClass"="Drive""_AutorunStatus"=hex:01,01,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\  ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\  ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\  ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,00,00,00[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8eb9760e-b0ab-11dc-afe5-001d602f26dc}]"BaseClass"="Drive""_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,01,00,01,01,ee,ff,ff,ff,ff,\  ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\  ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\  ff,ff,00,20,00,00,00,09,00,00,00[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8eb9760e-b0ab-11dc-afe5-001d602f26dc}\Name]@="FIFA 08"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8eb9760e-b0ab-11dc-afe5-001d602f26dc}\_Autorun][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8eb9760e-b0ab-11dc-afe5-001d602f26dc}\_Autorun\DefaultIcon]@="E:\\autorun.ico"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95aebd93-b85c-11dc-aff7-001d602f26dc}]"BaseClass"="Drive"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99dcb581-4ecc-11dd-93a2-001d602f26dc}]"BaseClass"="Drive""_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,cf,5f,5f,5f,5f,cf,cf,5f,5f,\  5f,cf,cf,cf,5f,5f,5f,cf,cf,cf,5f,5f,5f,cf,cf,cf,5f,5f,5f,cf,cf,cf,5f,5f,cf,\  5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,df,df,5f,5f,5f,5f,cf,cf,cf,cf,cf,cf,cf,cf,\  5f,cf,cf,df,5f,5f,5f,5f,5f,5f,5f,5f,5f,5f,00,20,00,00,00,00,00,00,00[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99dcb581-4ecc-11dd-93a2-001d602f26dc}\GAME_EXE]@="\\TestDriveUnlimited.exe"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99dcb581-4ecc-11dd-93a2-001d602f26dc}\GAME_GUID]@="C37A0BC1-52EE-4F97-8223-5CA9FC0357B0"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99dcb581-4ecc-11dd-93a2-001d602f26dc}\GAME_NAME]@="Test Drive Unlimited"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99dcb581-4ecc-11dd-93a2-001d602f26dc}\Name]@="The Sims 2 Nightlife"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99dcb581-4ecc-11dd-93a2-001d602f26dc}\_Autorun][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99dcb581-4ecc-11dd-93a2-001d602f26dc}\_Autorun\DefaultIcon]@="E:\\autorun_PES2008.exe"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c5e913f9-36d8-11dd-936f-001d602f26dc}]"BaseClass"="Drive""_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\  5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\  5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\  ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,06,00,00[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c5e913f9-36d8-11dd-936f-001d602f26dc}\shell]@="None"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c5e913f9-36d8-11dd-936f-001d602f26dc}\shell\Autoplay]"MUIVerb"="@shell32.dll,-8504"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c5e913f9-36d8-11dd-936f-001d602f26dc}\shell\Autoplay\DropTarget]"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8cd05c4-b0f7-11dc-afe7-001d602f26dc}]"BaseClass"="Drive""_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\  5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\  5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\  ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,03,00,00[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8cd05c4-b0f7-11dc-afe7-001d602f26dc}\shell]@="None"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8cd05c4-b0f7-11dc-afe7-001d602f26dc}\shell\Autoplay]"MUIVerb"="@shell32.dll,-8504"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8cd05c4-b0f7-11dc-afe7-001d602f26dc}\shell\Autoplay\DropTarget]"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d35ad3b0-2b61-11dd-b0b2-001d602f26dc}]"BaseClass"="Drive"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da7ee7e7-a9d1-11dc-afd6-98b5806b5102}]"BaseClass"="Drive""_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\  5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\  5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,01,01,01,\  ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,00,00,00[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da7ee7e7-a9d1-11dc-afd6-98b5806b5102}\shell]@="None"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da7ee7e7-a9d1-11dc-afd6-98b5806b5102}\shell\Autoplay]"MUIVerb"="@shell32.dll,-8504"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da7ee7e7-a9d1-11dc-afd6-98b5806b5102}\shell\Autoplay\DropTarget]"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dac91898-ab76-11dc-afdd-001d602f26dc}]"BaseClass"="Drive""_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\  5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\  ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\  ff,ff,00,00,10,00,00,08,06,00,00[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dac91898-ab76-11dc-afdd-001d602f26dc}\shell]@="None"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dac91898-ab76-11dc-afdd-001d602f26dc}\shell\Autoplay]"MUIVerb"="@shell32.dll,-8504"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dac91898-ab76-11dc-afdd-001d602f26dc}\shell\Autoplay\DropTarget]"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef184414-d35b-11dd-9938-001d602f26dc}]"BaseClass"="Drive""_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\  5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\  5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\  ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,06,00,00[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef184414-d35b-11dd-9938-001d602f26dc}\shell]@="None"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef184414-d35b-11dd-9938-001d602f26dc}\shell\Autoplay]"MUIVerb"="@shell32.dll,-8504"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef184414-d35b-11dd-9938-001d602f26dc}\shell\Autoplay\DropTarget]"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef184418-d35b-11dd-9938-001d602f26dc}]"BaseClass"="Drive""_AutorunStatus"=hex:01,01,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\  ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\  ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\  ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,20,00,00,00,09,00,00,00[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef184418-d35b-11dd-9938-001d602f26dc}\Shell]@="AutoRun"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef184418-d35b-11dd-9938-001d602f26dc}\Shell\AutoRun]@="&Reprodução automática"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef184418-d35b-11dd-9938-001d602f26dc}\Shell\AutoRun\command]@="G:\\start.exe"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef184419-d35b-11dd-9938-001d602f26dc}]"BaseClass"="Drive""_AutorunStatus"=hex:01,01,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\  ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\  ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\  ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,00,00,00[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa3d99c0-3644-11dd-936c-001d602f26dc}]"BaseClass"="Drive"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fad825c6-ca34-11dd-992a-001d602f26dc}]"BaseClass"="Drive""_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\  5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\  5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\  ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,03,00,00[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fad825c6-ca34-11dd-992a-001d602f26dc}\shell]@="None"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fad825c6-ca34-11dd-992a-001d602f26dc}\shell\Autoplay]"MUIVerb"="@shell32.dll,-8504"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fad825c6-ca34-11dd-992a-001d602f26dc}\shell\Autoplay\DropTarget]"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb9c553a-2c27-11dd-934b-806d6172696f}]"BaseClass"="Drive""_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,01,00,01,01,ee,ff,ff,ff,ff,\  ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\  ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\  ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,20,00,00,00,09,00,00,00[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb9c553a-2c27-11dd-934b-806d6172696f}\Name]@="FIFA 07"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb9c553a-2c27-11dd-934b-806d6172696f}\_Autorun][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb9c553a-2c27-11dd-934b-806d6172696f}\_Autorun\DefaultIcon]@="D:\\AUTORUN.EXE,0"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\CPC][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\CPC\Volume][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\CPC\Volume\{4d8329b1-5355-11dd-985d-806d6172696f}]"Data"=hex:00,00,00,00,5c,00,5c,00,3f,00,5c,00,49,00,44,00,45,00,23,00,43,00,\  64,00,52,00,6f,00,6d,00,48,00,4c,00,2d,00,44,00,54,00,2d,00,53,00,54,00,5f,\  00,44,00,56,00,44,00,2d,00,52,00,41,00,4d,00,5f,00,47,00,53,00,41,00,2d,00,\  48,00,35,00,35,00,4e,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,\  00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,31,00,2e,00,30,00,35,00,5f,00,5f,00,\  5f,00,5f,00,23,00,35,00,26,00,32,00,30,00,66,00,32,00,39,00,31,00,35,00,66,\  00,26,00,30,00,26,00,30,00,2e,00,31,00,2e,00,30,00,23,00,7b,00,35,00,33,00,\  66,00,35,00,36,00,33,00,30,00,64,00,2d,00,62,00,36,00,62,00,66,00,2d,00,31,\  00,31,00,64,00,30,00,2d,00,39,00,34,00,66,00,32,00,2d,00,30,00,30,00,61,00,\  30,00,63,00,39,00,31,00,65,00,66,00,62,00,38,00,62,00,7d,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,\  65,00,7b,00,34,00,64,00,38,00,33,00,32,00,39,00,62,00,31,00,2d,00,35,00,33,\  00,35,00,35,00,2d,00,31,00,31,00,64,00,64,00,2d,00,39,00,38,00,35,00,64,00,\  2d,00,38,00,30,00,36,00,64,00,36,00,31,00,37,00,32,00,36,00,39,00,36,00,66,\  00,7d,00,5c,00,00,00,49,00,6e,00,76,00,61,00,6c,00,69,00,64,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,49,00,\  6e,00,76,00,61,00,6c,00,69,00,64,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,10,00,00,00,ff,01,00,\  00,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,00,00,00,00,\  00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,\  00"Generation"=dword:00000001[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\CPC\Volume\{690f9405-a9be-11dc-b55a-806d6172696f}]"Data"=hex:00,00,00,00,5c,00,5c,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,\  47,00,45,00,23,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,23,00,31,00,26,00,33,\  00,30,00,61,00,39,00,36,00,35,00,39,00,38,00,26,00,30,00,26,00,53,00,69,00,\  67,00,6e,00,61,00,74,00,75,00,72,00,65,00,38,00,42,00,35,00,37,00,37,00,4f,\  00,66,00,66,00,73,00,65,00,74,00,37,00,45,00,30,00,30,00,4c,00,65,00,6e,00,\  67,00,74,00,68,00,32,00,35,00,34,00,32,00,39,00,37,00,38,00,32,00,30,00,30,\  00,23,00,7b,00,35,00,33,00,66,00,35,00,36,00,33,00,30,00,64,00,2d,00,62,00,\  36,00,62,00,66,00,2d,00,31,00,31,00,64,00,30,00,2d,00,39,00,34,00,66,00,32,\  00,2d,00,30,00,30,00,61,00,30,00,63,00,39,00,31,00,65,00,66,00,62,00,38,00,\  62,00,7d,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,\  65,00,7b,00,36,00,39,00,30,00,66,00,39,00,34,00,30,00,35,00,2d,00,61,00,39,\  00,62,00,65,00,2d,00,31,00,31,00,64,00,63,00,2d,00,62,00,35,00,35,00,61,00,\  2d,00,38,00,30,00,36,00,64,00,36,00,31,00,37,00,32,00,36,00,39,00,36,00,66,\  00,7d,00,5c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,4e,00,\  54,00,46,00,53,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,08,00,00,00,01,10,00,\  00,ff,00,07,00,ff,00,00,00,16,00,00,00,4c,9a,50,0c,00,00,00,00,00,00,00,30,\  00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,\  00"Generation"=dword:00000001[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\CPC\Volume\{78b57bf3-96bf-11dd-98d3-001d602f26dc}]"Data"=hex:00,00,00,00,5c,00,5c,00,3f,00,5c,00,53,00,43,00,53,00,49,00,23,00,\  43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,65,00,6e,00,5f,00,57,00,46,00,4d,\  00,44,00,47,00,26,00,50,00,72,00,6f,00,64,00,5f,00,43,00,48,00,55,00,33,00,\  38,00,4c,00,32,00,4e,00,4b,00,54,00,32,00,42,00,26,00,52,00,65,00,76,00,5f,\  00,31,00,2e,00,30,00,33,00,23,00,35,00,26,00,33,00,36,00,65,00,35,00,39,00,\  37,00,32,00,26,00,31,00,26,00,30,00,30,00,30,00,23,00,7b,00,35,00,33,00,66,\  00,35,00,36,00,33,00,30,00,64,00,2d,00,62,00,36,00,62,00,66,00,2d,00,31,00,\  31,00,64,00,30,00,2d,00,39,00,34,00,66,00,32,00,2d,00,30,00,30,00,61,00,30,\  00,63,00,39,00,31,00,65,00,66,00,62,00,38,00,62,00,7d,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,\  65,00,7b,00,37,00,38,00,62,00,35,00,37,00,62,00,66,00,33,00,2d,00,39,00,36,\  00,62,00,66,00,2d,00,31,00,31,00,64,00,64,00,2d,00,39,00,38,00,64,00,33,00,\  2d,00,30,00,30,00,31,00,64,00,36,00,30,00,32,00,66,00,32,00,36,00,64,00,63,\  00,7d,00,5c,00,00,00,49,00,6e,00,76,00,61,00,6c,00,69,00,64,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,49,00,\  6e,00,76,00,61,00,6c,00,69,00,64,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,10,00,00,00,13,81,00,\  00,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,00,00,00,00,\  00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,\  00"Generation"=dword:00000001[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\CPC\Volume\{ef184418-d35b-11dd-9938-001d602f26dc}]"Data"=hex:36,0b,00,00,5c,00,5c,00,3f,00,5c,00,55,00,53,00,42,00,53,00,54,00,\  4f,00,52,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,65,00,6e,00,5f,\  00,41,00,4d,00,54,00,5f,00,4d,00,50,00,33,00,26,00,50,00,72,00,6f,00,64,00,\  5f,00,50,00,6c,00,61,00,79,00,65,00,72,00,26,00,52,00,65,00,76,00,5f,00,32,\  00,56,00,30,00,2e,00,23,00,34,00,37,00,31,00,39,00,34,00,35,00,31,00,35,00,\  39,00,38,00,33,00,34,00,39,00,26,00,31,00,23,00,7b,00,35,00,33,00,66,00,35,\  00,36,00,33,00,30,00,64,00,2d,00,62,00,36,00,62,00,66,00,2d,00,31,00,31,00,\  64,00,30,00,2d,00,39,00,34,00,66,00,32,00,2d,00,30,00,30,00,61,00,30,00,63,\  00,39,00,31,00,65,00,66,00,62,00,38,00,62,00,7d,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,\  65,00,7b,00,65,00,66,00,31,00,38,00,34,00,34,00,31,00,38,00,2d,00,64,00,33,\  00,35,00,62,00,2d,00,31,00,31,00,64,00,64,00,2d,00,39,00,39,00,33,00,38,00,\  2d,00,30,00,30,00,31,00,64,00,36,00,30,00,32,00,66,00,32,00,36,00,64,00,63,\  00,7d,00,5c,00,00,00,41,00,4d,00,54,00,5f,00,43,00,44,00,52,00,4f,00,4d,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,43,00,\  44,00,46,00,53,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,0f,00,00,40,11,00,00,00,10,00,00,00,00,80,00,\  00,05,00,08,00,6e,00,00,00,11,00,00,00,e4,2a,9e,07,00,00,00,00,00,00,00,30,\  00,60,04,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00"Generation"=dword:00000002[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\CPC\Volume\{ef184419-d35b-11dd-9938-001d602f26dc}]"Data"=hex:36,0b,00,00,5c,00,5c,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,\  47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,76,00,61,00,62,00,6c,00,65,00,4d,\  00,65,00,64,00,69,00,61,00,23,00,37,00,26,00,32,00,31,00,65,00,39,00,33,00,\  34,00,65,00,61,00,26,00,30,00,26,00,52,00,4d,00,23,00,7b,00,35,00,33,00,66,\  00,35,00,36,00,33,00,30,00,64,00,2d,00,62,00,36,00,62,00,66,00,2d,00,31,00,\  31,00,64,00,30,00,2d,00,39,00,34,00,66,00,32,00,2d,00,30,00,30,00,61,00,30,\  00,63,00,39,00,31,00,65,00,66,00,62,00,38,00,62,00,7d,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,\  65,00,7b,00,65,00,66,00,31,00,38,00,34,00,34,00,31,00,39,00,2d,00,64,00,33,\  00,35,00,62,00,2d,00,31,00,31,00,64,00,64,00,2d,00,39,00,39,00,33,00,38,00,\  2d,00,30,00,30,00,31,00,64,00,36,00,30,00,32,00,66,00,32,00,36,00,64,00,63,\  00,7d,00,5c,00,00,00,4a,00,45,00,53,00,53,00,49,00,51,00,55,00,49,00,4e,00,\  48,00,41,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,46,00,\  41,00,54,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,2f,00,00,00,11,00,00,00,04,00,00,00,01,90,00,\  00,06,00,00,00,ff,00,00,00,10,00,00,00,ce,e3,68,7c,00,00,00,00,00,00,00,30,\  00,20,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00"Generation"=dword:00000001

 

[]'s

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Arquivados (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito