Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

RafaSilveR

[Arquivado] Trojan Vundo e Malware Trace

Recommended Posts

Olá pessoal estou precisando de ajuda para remover esses malditos malwares!

Há dias que procuro na internet alguma forma de remove-los mais vejo que muita gente que posta acaba conseguindo.

 

Segue abaixo meu log:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:13:09, on 16/1/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Arquivos de programas\IDT\WDM\sttray.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Arquivos de programas\AppServ\Apache2.2\bin\httpd.exe

C:\Arquivos de programas\AppServ\Apache2.2\bin\httpd.exe

C:\WINDOWS\runservice.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\STacSV.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: &Research - {0B014B81-4E12-46F9-806F-55867AF8FD3C} - C:\WINDOWS\system32\winsystems.dll

O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Arquivos de programas\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {a29296d5-4e92-48f0-96ae-20b86742c2f6} - C:\WINDOWS\system32\vurifegu.dll (file missing)

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehuni.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [startCCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [gamahuhawu] Rundll32.exe "C:\WINDOWS\system32\joyiwila.dll",s

O4 - HKLM\..\Run: [40ccb00c] rundll32.exe "C:\WINDOWS\system32\nefavega.dll",b

O4 - HKLM\..\Run: [CPM43ff8390] Rundll32.exe "c:\windows\system32\doguzeri.dll",a

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\RunOnce: [shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)" -"http://www.jogos10.com/jogos/ffx-runner_5692.php"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [gamahuhawu] Rundll32.exe "C:\WINDOWS\system32\joyiwila.dll",s (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [gamahuhawu] Rundll32.exe "C:\WINDOWS\system32\joyiwila.dll",s (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: &Download All by FlashGet - C:\Arquivos de programas\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm

O8 - Extra context menu item: &Download by FlashGet - C:\Arquivos de programas\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1222291212015

O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{EDF3206B-6A19-4D29-8947-B1C418A67081}: NameServer = 200.165.132.154 200.165.132.148

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\WINDOWS\system32\zobuyewo.dll c:\windows\system32\doguzeri.dll

O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehuni.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\doguzeri.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\doguzeri.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apache2.2 - Apache Software Foundation - C:\Arquivos de programas\AppServ\Apache2.2\bin\httpd.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\WINDOWS\system32\STacSV.exe

 

--

End of file - 9396 bytes

 

 

Aguardo respostas de alguem,

Obrigado!

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Faça o download do Malwarebytes Anti-Malware e salve-o no desktop;

 

● Dê dois cliques no programa para iniciar a instalação. Selecione o idioma Português (Brasil);

● Ao final da instalação, marque as opções "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em Concluir;

● Após a instalação execute o programa;

● Marque a opção Verificação Rápida e depois clique em Verificar;

● Quando o scan terminar, clique em OK e o log será automaticamente aberto para você;

● Se algo for detectado, verifique se todos os itens estão marcados e clique no botão Remover.

OBS: Caso apareça uma mensagem pedindo para que você reinicie o computador para completar o processo de remoção, reinicie-o imediatamente;

● O log pode ser consultado clicando em Logs do menu principal também;

 

Copie e cole o conteúdo desse log na sua próxima resposta, juntamente com um novo log do HijackThis.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Que bom, alguem respondeu!

Então, já tinha o Malwarebyte instalado, só fiz atualizar!

 

Segue o log do Malwarebyte:

 

Malwarebytes' Anti-Malware 1.33

Versão do banco de dados: 1663

Windows 5.1.2600 Service Pack 3

 

2009-01-18 01:07:53

mbam-log-2009-01-18 (01-07-53).txt

 

Tipo de Verificação: Rápida

Objetos verificados: 103421

Tempo decorrido: 1 minute(s), 30 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 2

Chaves do Registro infectadas: 10

Valores do Registro infectados: 3

Ítens do Registro infectados: 2

Pastas infectadas: 0

Arquivos infectados: 17

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

c:\WINDOWS\system32\lotipizo.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\dlxabq.dll (Trojan.Vundo.H) -> Delete on reboot.

 

Chaves do Registro infectadas:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ddf0f4d9-aed6-44d7-96e4-b2a2e59d28e8} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{ddf0f4d9-aed6-44d7-96e4-b2a2e59d28e8} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a29296d5-4e92-48f0-96ae-20b86742c2f6} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{a29296d5-4e92-48f0-96ae-20b86742c2f6} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ddf0f4d9-aed6-44d7-96e4-b2a2e59d28e8} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

 

Valores do Registro infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm43ff8390 (Trojan.Vundo.H) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Delete on reboot.

 

Ítens do Registro infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\lotipizo.dll -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\lotipizo.dll -> Delete on reboot.

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

C:\WINDOWS\system32\dlxabq.dll (Trojan.Vundo.H) -> Delete on reboot.

c:\WINDOWS\system32\lotipizo.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\huninulo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\jirohowu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\sovagejo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\vodujiho.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\bufezika.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\fipufola.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\imqbhs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mwylwv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\svlqqu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\jewonere.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ninukoso.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\nivunaso.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\vuqihm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\wafatoto.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\sivosari.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

 

 

Log do HijackThis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:15, on 2009-01-18

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Arquivos de programas\IDT\WDM\sttray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Arquivos de programas\AppServ\Apache2.2\bin\httpd.exe

C:\Arquivos de programas\AppServ\Apache2.2\bin\httpd.exe

C:\WINDOWS\runservice.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\STacSV.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: &Research - {0B014B81-4E12-46F9-806F-55867AF8FD3C} - C:\WINDOWS\system32\winsystems.dll

O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Arquivos de programas\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: {b32d240d-69f7-ac3a-3dd4-a9165d5dc803} - {308cd5d5-619a-4dd3-a3ca-7f96d042d23b} - C:\WINDOWS\system32\pydkxv.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {a29296d5-4e92-48f0-96ae-20b86742c2f6} - C:\WINDOWS\system32\lodayija.dll (file missing)

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehuni.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [startCCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [gamahuhawu] Rundll32.exe "C:\WINDOWS\system32\waritili.dll",s

O4 - HKLM\..\Run: [40ccb00c] rundll32.exe "C:\WINDOWS\system32\jifakade.dll",b

O4 - HKLM\..\Run: [CPM43ff8390] Rundll32.exe "c:\windows\system32\hotomoho.dll",a

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\RunOnce: [shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)" -"http://www.jogos10.com/jogos/ffx-runner_5692.php"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [gamahuhawu] Rundll32.exe "C:\WINDOWS\system32\waritili.dll",s (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [gamahuhawu] Rundll32.exe "C:\WINDOWS\system32\waritili.dll",s (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: &Download All by FlashGet - C:\Arquivos de programas\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm

O8 - Extra context menu item: &Download by FlashGet - C:\Arquivos de programas\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1222291212015

O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{EDF3206B-6A19-4D29-8947-B1C418A67081}: NameServer = 200.165.132.154 200.165.132.148

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: G G C:\WINDOWS\system32\tikatabi.dll pydkxv.dll c:\windows\system32\hotomoho.dll

O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehuni.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\hotomoho.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\hotomoho.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apache2.2 - Apache Software Foundation - C:\Arquivos de programas\AppServ\Apache2.2\bin\httpd.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\WINDOWS\system32\STacSV.exe

 

--

End of file - 9202 bytes

 

 

Fico aguardando!

Obrigado

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Faça o download do ComboFix e salve-o na área de trabalho;

 

● Desative temporariamente o seu antivirus para não detectar a ferramenta como vírus;

● Duplo clique no ícone combofix.exe para iniciar o scan;

● Leia o contrato que aparecerá e clique em Sim para continuar;

● Abrirá uma janela do Console de Recuperação, clique em Sim para instalar. Se aparecer outra janela do Console, clique em OK > Sim;

● Aguarde enquanto o ComboFix faz o scan;

● Se ocorrer algum problema durante o scan, reinicie seu computador em Modo de Segurança e repita o procedimento;

Não clique na janela do ComboFix e procure não utilizar o teclado também, para não atrapalhar a varredura da ferramenta;

● Se quiser sair ou parar o ComboFix, tecle N;

● Quando terminar seu micro será reiniciado. Após o reinicio, a ferramenta executará novamente, aguarde;

● Será gerado um log em C:\ComboFix.txt.

 

Cole este log em sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Sim, tudo que você citou acima aconteceu mais chegou uma parte que dizia

sobre a modificação do relógio e para não restaurar o sistema o ComboFix reinicia o Windows.

Já tentei em Modo Seguro mais da a mesma coisa...

 

Me indique o proximo passo!!

 

Obrigado.

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Faça o download do RSIT e salve no seu desktop;

 

● Dê dois cliques em RSIT.exe para executar o programa;

● Na janela que abrir clique no botão Continue para que a ferramenta comece a rodar;

● Quando a ferramenta terminar de rodar, abrirá um log automaticamente no bloco de notas contendo o resultado do scan. Cole o resultado desse log (log.txt) na sua próxima resposta;

● Cole também o conteúdo do arquivo info.txt que estará em C:\rsit\info.txt.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Log.txt

 

Logfile of random's system information tool 1.05 (written by random/random)

Run by Administrador at 2009-01-21 16:28:20

Microsoft Windows XP Professional Service Pack 3

System drive C: has 8 GB (13%) free of 60 GB

Total RAM: 2047 MB (76% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:28, on 2009-01-21

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\IDT\WDM\sttray.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Arquivos de programas\AppServ\Apache2.2\bin\httpd.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\AppServ\Apache2.2\bin\httpd.exe

C:\WINDOWS\runservice.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\STacSV.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\FlashGet Network\FlashGet universal\FlashGet.exe

C:\Documents and Settings\Administrador\Desktop\RSIT.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Arquivos de programas\Trend Micro\HijackThis\Administrador.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: &Research - {0B014B81-4E12-46F9-806F-55867AF8FD3C} - C:\WINDOWS\system32\winsystems.dll

O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Arquivos de programas\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_04\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehuni.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [startCCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [gamahuhawu] Rundll32.exe "C:\WINDOWS\system32\tudoniga.dll",s

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_04\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\RunOnce: [shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)" -"http://www.jogos10.com/jogos/ffx-runner_5692.php"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [gamahuhawu] Rundll32.exe "C:\WINDOWS\system32\tudoniga.dll",s (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [gamahuhawu] Rundll32.exe "C:\WINDOWS\system32\tudoniga.dll",s (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: &Download All by FlashGet - C:\Arquivos de programas\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm

O8 - Extra context menu item: &Download by FlashGet - C:\Arquivos de programas\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1222291212015

O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{EDF3206B-6A19-4D29-8947-B1C418A67081}: NameServer = 200.165.132.154 200.165.132.148

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehuni.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apache2.2 - Apache Software Foundation - C:\Arquivos de programas\AppServ\Apache2.2\bin\httpd.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\WINDOWS\system32\STacSV.exe

 

--

End of file - 9052 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\fdbmxpat.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

AcroIEHlprObj Class - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0B014B81-4E12-46F9-806F-55867AF8FD3C}]

&Research - C:\WINDOWS\system32\winsystems.dll [2004-08-03 298496]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F364306-AA45-47B5-9F9D-39A8B94E7EF1}]

FG2CatchUrl - C:\Arquivos de programas\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll [2008-08-19 104016]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2E3C3651-B19C-4DD9-A979-901EC3E930AF}]

ssh2 Class - C:\Arquivos de programas\Scpad\scpsssh2.dll [2007-12-12 214272]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

AVG Safe Search

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Arquivos de programas\Java\jre1.6.0_04\bin\ssv.dll [2007-12-14 509328]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Auxiliar de Conexão do Windows Live - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-11-18 408952]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540008}]

GbIehObj Class - C:\ARQUIV~1\GbPlugin\gbiehuni.dll [2008-11-04 396192]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-07-05 16380416]

"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

"StartCCC"=C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-01 61440]

"SysTrayApp"=C:\Arquivos de programas\IDT\WDM\sttray.exe [2007-11-09 409600]

"gamahuhawu"=C:\WINDOWS\system32\tudoniga.dll []

"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

"SunJavaUpdateSched"=C:\Arquivos de programas\Java\jre1.6.0_04\bin\jusched.exe [2007-12-14 144784]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

"MSMSGS"=C:\Arquivos de programas\Messenger\msmsgs.exe [2008-04-13 1695232]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"Shockwave Updater"=C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE [2008-08-06 447928]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe [2007-08-03 202024]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

C:\Arquivos de programas\DAEMON Tools\ -lang 1033 -noicon []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe [2007-03-01 153136]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

C:\WINDOWS\SkyTel.EXE [2007-06-15 1826816]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar

Adobe Reader Speed Launch.lnk - C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

 

C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar

Adobe Gamma.lnk - C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginUni]

C:\ARQUIV~1\GbPlugin\gbiehuni.dll [2008-11-04 396192]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

C:\WINDOWS\system32\Ati2evxx.dll [2008-08-20 143360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll [2007-12-12 201984]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]

scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll [2007-12-12 201984]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399008}"=C:\ARQUIV~1\GbPlugin\gbiehuni.dll [2008-11-04 396192]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\Arquivos de programas\FlashGet\flashget.exe"="C:\Arquivos de programas\FlashGet\flashget.exe:*:Enabled:Flashget"

"C:\Arquivos de programas\Internet Explorer\iexplore.exe"="C:\Arquivos de programas\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"

"C:\Arquivos de programas\eMule\emule.exe"="C:\Arquivos de programas\eMule\emule.exe:*:Enabled:eMule"

"C:\Documents and Settings\Administrador\Application Data\PowerChallenge\PowerSoccer\PowerSoccer.exe"="C:\Documents and Settings\Administrador\Application Data\PowerChallenge\PowerSoccer\PowerSoccer.exe:*:Enabled:PowerSoccer"

"C:\Arquivos de programas\Electronic Arts\EADM\Core.exe"="C:\Arquivos de programas\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"

"D:\SecondLife\SLVoice.exe"="D:\SecondLife\SLVoice.exe:*:Enabled:SLVoice"

"C:\Arquivos de programas\Atari\Test Drive Unlimited\TestDriveUnlimited.exe"="C:\Arquivos de programas\Atari\Test Drive Unlimited\TestDriveUnlimited.exe:*:Enabled:Test Drive Unlimited"

"C:\Arquivos de programas\KONAMI\Pro Evolution Soccer 2009\pes2009.exe"="C:\Arquivos de programas\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009"

"C:\Arquivos de programas\UOL\UIM\uim.exe"="C:\Arquivos de programas\UOL\UIM\uim.exe:*:Enabled:UOL"

"C:\Arquivos de programas\SecondLife\SLVoice.exe"="C:\Arquivos de programas\SecondLife\SLVoice.exe:*:Enabled:SLVoice"

"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"

"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"

"C:\Arquivos de programas\FlashGet Network\FlashGet universal\FlashGet.exe"="C:\Arquivos de programas\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2"

"C:\Arquivos de programas\FlashGet Network\FlashGet universal\LiveUpdate.exe"="C:\Arquivos de programas\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate"

"C:\Arquivos de programas\FlashGet Network\FlashGet universal\LiveUpdateEx.exe"="C:\Arquivos de programas\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Arquivos de programas\Windows Live\Messenger\livecall.exe"="C:\Arquivos de programas\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\Documents and Settings\All Users\Dados de aplicativos\Chat Republic Games\.Superstar Racing\ChatRepublicPlayer.exe"="C:\Documents and Settings\All Users\Dados de aplicativos\Chat Republic Games\.Superstar Racing\ChatRepublicPlayer.exe:*:Enabled:Executable Install, Update, Uninstall"

"D:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="D:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"

"D:\Rockstar Games\Grand Theft Auto IV\GTAIV.exe"="D:\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV"

"C:\Arquivos de programas\Skype\Phone\Skype.exe"="C:\Arquivos de programas\Skype\Phone\Skype.exe:*:Enabled:Skype"

"D:\Ubisoft\Prince of Persia\Prince of Persia.exe"="D:\Ubisoft\Prince of Persia\Prince of Persia.exe:*:Enabled:Prince of Persia Dx"

"D:\Ubisoft\Prince of Persia\PrinceOfPersia_Launcher.exe"="D:\Ubisoft\Prince of Persia\PrinceOfPersia_Launcher.exe:*:Enabled:Prince of Persia Update"

"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"

"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"

"C:\Arquivos de programas\AVG8\avgrsx.exe"="C:\Arquivos de programas\AVG8\avgrsx.exe:*:Enabled:avgrsx"

"C:\WINDOWS\system32\cmd.exe"="C:\WINDOWS\system32\cmd.exe:*:Enabled:cmd"

"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"

"C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Enabled:lsass"

"C:\Arquivos de programas\GbPlugin\GbpSv.exe"="C:\Arquivos de programas\GbPlugin\GbpSv.exe:*:Enabled:GbpSv"

"C:\WINDOWS\system32\services.exe"="C:\WINDOWS\system32\services.exe:*:Enabled:services"

"C:\Arquivos de programas\Megacubo\megacubo.exe"="C:\Arquivos de programas\Megacubo\megacubo.exe:*:Enabled:MegaCubo"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Arquivos de programas\Windows Live\Messenger\livecall.exe"="C:\Arquivos de programas\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e0531b17-cf70-11dd-a931-001e90f30cf5}]

shell\AutoRun\command - RECYCLER\restore.exe

shell\open\command - RECYCLER\restore.exe

 

 

======List of files/folders created in the last 1 months======

 

65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\zojimazi.dll

65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\zobuyewo.dll.tmp

65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\wugonihi.dll

65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\wijidapa.dll

65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\tikatabi.dll.tmp

65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\pepunelo.dll

65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\lejufomu.dll

65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\kilatape.dll

65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\jewipaje.dll

65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\hotomoho.dll

65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\goralaro.dll

65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\gizokoro.dll

65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\domemaha.dll

65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\doguzeri.dll

2009-01-21 16:28:20 ----D---- C:\rsit

2009-01-21 15:19:56 ----A---- C:\WINDOWS\system32\javaws.exe

2009-01-21 15:19:56 ----A---- C:\WINDOWS\system32\javaw.exe

2009-01-21 15:19:56 ----A---- C:\WINDOWS\system32\java.exe

2009-01-21 15:19:27 ----D---- C:\Arquivos de programas\Java

2009-01-21 15:16:40 ----D---- C:\Arquivos de programas\Arquivos comuns\Java

2009-01-21 15:16:23 ----D---- C:\Arquivos de programas\LimeWire

2009-01-21 03:16:28 ----D---- C:\ComboFix

2009-01-21 03:16:27 ----A---- C:\WINDOWS\system32\CF26453.exe

2009-01-21 02:19:30 ----A---- C:\WINDOWS\system32\CF15292.exe

2009-01-21 02:17:29 ----A---- C:\WINDOWS\system32\CF14896.exe

2009-01-21 01:37:57 ----A---- C:\FindyKill.txt

2009-01-21 01:35:39 ----D---- C:\Arquivos de programas\FindyKill

2009-01-21 00:27:59 ----A---- C:\WINDOWS\system32\CF26200.exe

2009-01-21 00:25:21 ----A---- C:\WINDOWS\system32\CF25697.exe

2009-01-21 00:24:30 ----A---- C:\WINDOWS\system32\CF25527.exe

2009-01-20 19:23:35 ----A---- C:\WINDOWS\system32\MRT.exe

2009-01-20 17:47:39 ----A---- C:\WINDOWS\system32\CF13303.exe

2009-01-20 17:19:03 ----A---- C:\WINDOWS\system32\CF7699.exe

2009-01-20 17:08:03 ----A---- C:\WINDOWS\system32\CF5551.exe

2009-01-20 17:04:59 ----A---- C:\WINDOWS\system32\CF4946.exe

2009-01-20 17:00:42 ----A---- C:\WINDOWS\system32\CF4088.exe

2009-01-20 16:57:52 ----A---- C:\WINDOWS\system32\CF3552.exe

2009-01-20 16:52:38 ----A---- C:\Boot.bak

2009-01-20 16:52:35 ----RASHD---- C:\cmdcons

2009-01-20 16:42:39 ----D---- C:\Qoobox

2009-01-20 16:42:39 ----A---- C:\WINDOWS\system32\CF574.exe

2009-01-20 14:13:18 ----ASH---- C:\WINDOWS\system32\ubptly.dll

2009-01-20 02:13:00 ----ASH---- C:\WINDOWS\system32\sanshy.dll

2009-01-19 20:27:00 ----A---- C:\WINDOWS\system32\CF24527.exe

2009-01-19 14:12:34 ----ASH---- C:\WINDOWS\system32\bkzkwe.dll

2009-01-19 08:51:11 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\InstallShield

2009-01-19 03:19:11 ----A---- C:\WINDOWS\system32\CF19753.exe

2009-01-19 01:33:28 ----A---- C:\WINDOWS\system32\CF31807.exe

2009-01-19 01:25:54 ----A---- C:\WINDOWS\system32\CF30305.exe

2009-01-19 01:16:21 ----A---- C:\WINDOWS\system32\CF28453.exe

2009-01-19 01:12:11 ----ASH---- C:\WINDOWS\system32\qnaaam.dll

2009-01-19 01:04:32 ----A---- C:\WINDOWS\system32\CF26138.exe

2009-01-19 00:57:55 ----A---- C:\WINDOWS\system32\CF24835.exe

2009-01-19 00:57:55 ----A---- C:\WINDOWS\system32\CF24829.exe

2009-01-18 23:48:38 ----A---- C:\WINDOWS\system32\CF11267.exe

2009-01-18 23:34:10 ----A---- C:\WINDOWS\system32\CF8426.exe

2009-01-18 23:25:27 ----A---- C:\WINDOWS\system32\CF6724.exe

2009-01-18 23:24:45 ----A---- C:\WINDOWS\system32\CF6587.exe

2009-01-18 23:24:04 ----A---- C:\WINDOWS\system32\CF6430.exe

2009-01-18 23:24:02 ----A---- C:\WINDOWS\system32\CF6424.exe

2009-01-18 23:20:23 ----A---- C:\WINDOWS\system32\CF5735.exe

2009-01-18 01:12:20 ----ASH---- C:\WINDOWS\system32\pydkxv.dll

2009-01-18 00:23:05 ----D---- C:\Arquivos de programas\Megacubo

2009-01-17 23:16:26 ----A---- C:\WINDOWS\system32\CF17714.exe

2009-01-17 23:08:21 ----A---- C:\WINDOWS\system32\CF16133.exe

2009-01-17 23:01:19 ----A---- C:\WINDOWS\system32\CF14758.exe

2009-01-17 22:57:12 ----A---- C:\WINDOWS\system32\CF13945.exe

2009-01-17 22:46:23 ----A---- C:\WINDOWS\system32\CF11836.exe

2009-01-17 22:44:47 ----A---- C:\WINDOWS\system32\CF11525.exe

2009-01-17 22:40:45 ----A---- C:\WINDOWS\system32\CF10722.exe

2009-01-17 22:31:58 ----A---- C:\WINDOWS\system32\CF9011.exe

2009-01-17 22:26:52 ----A---- C:\WINDOWS\system32\CF8008.exe

2009-01-17 22:26:19 ----A---- C:\WINDOWS\system32\CF7891.exe

2009-01-17 22:26:18 ----A---- C:\WINDOWS\system32\CF7888.exe

2009-01-17 21:55:57 ----A---- C:\WINDOWS\system32\CF1951.exe

2009-01-17 21:52:03 ----A---- C:\WINDOWS\system32\CF1183.exe

2009-01-17 21:40:42 ----A---- C:\WINDOWS\system32\CF31734.exe

2009-01-17 21:37:13 ----A---- C:\WINDOWS\system32\CF31045.exe

2009-01-17 21:17:15 ----A---- C:\WINDOWS\zip.exe

2009-01-17 21:17:15 ----A---- C:\WINDOWS\VFIND.exe

2009-01-17 21:17:15 ----A---- C:\WINDOWS\SWXCACLS.exe

2009-01-17 21:17:15 ----A---- C:\WINDOWS\SWSC.exe

2009-01-17 21:17:15 ----A---- C:\WINDOWS\SWREG.exe

2009-01-17 21:17:15 ----A---- C:\WINDOWS\sed.exe

2009-01-17 21:17:15 ----A---- C:\WINDOWS\NIRCMD.exe

2009-01-17 21:17:15 ----A---- C:\WINDOWS\grep.exe

2009-01-17 21:17:15 ----A---- C:\WINDOWS\fdsv.exe

2009-01-17 21:17:12 ----A---- C:\WINDOWS\system32\CF27133.exe

2009-01-17 21:14:53 ----A---- C:\WINDOWS\system32\CF26656.exe

2009-01-17 21:01:09 ----A---- C:\WINDOWS\system32\CF23982.exe

2009-01-17 18:06:59 ----A---- C:\WINDOWS\system32\CF22624.exe

2009-01-17 01:10:15 ----ASH---- C:\WINDOWS\system32\igdqjl.dll

2009-01-16 22:45:02 ----A---- C:\WINDOWS\system32\wrap_oal.dll

2009-01-16 22:45:02 ----A---- C:\WINDOWS\system32\OpenAL32.dll

2009-01-16 14:45:58 ----A---- C:\WINDOWS\system32\CF28772.exe

2009-01-16 14:45:58 ----A---- C:\WINDOWS\system32\CF28769.exe

2009-01-16 12:09:46 ----SH---- C:\WINDOWS\system32\puyinohe.dll

2009-01-15 23:56:00 ----A---- C:\WINDOWS\system32\CF18243.exe

2009-01-15 23:51:18 ----A---- C:\WINDOWS\system32\CF17316.exe

2009-01-15 23:47:46 ----D---- C:\WINDOWS\ERDNT

2009-01-15 23:47:45 ----A---- C:\WINDOWS\system32\CF16623.exe

2009-01-15 23:34:06 ----SHD---- C:\WINDOWS\CSC

2009-01-15 23:21:23 ----A---- C:\WINDOWS\system32\CF11457.exe

2009-01-15 22:32:49 ----D---- C:\Arquivos de programas\Trend Micro

2009-01-15 20:36:09 ----A---- C:\WINDOWS\ntbtlog.txt

2009-01-15 17:04:04 ----D---- C:\Arquivos de programas\directx

2009-01-15 17:00:52 ----D---- C:\Arquivos de programas\CAPCOM

2009-01-15 12:09:24 ----SH---- C:\WINDOWS\system32\mebarepo.dll

2009-01-15 00:09:41 ----SH---- C:\WINDOWS\system32\gehuseda.dll

2009-01-15 00:09:41 ----SH---- C:\WINDOWS\system32\bahabona.dll

2009-01-14 22:24:51 ----N---- C:\WINDOWS\system32\spmsg.dll

2009-01-14 22:24:50 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$

2009-01-14 20:13:47 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2009-01-14 20:13:47 ----D---- C:\Arquivos de programas\Spybot - Search & Destroy

2009-01-14 20:13:06 ----D---- C:\Arquivos de programas\Avast4

2009-01-14 20:11:29 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Avg8

2009-01-13 03:23:33 ----N---- C:\WINDOWS\system32\avgrsstx.dll.install_backup

2009-01-13 03:23:18 ----D---- C:\Arquivos de programas\AVG

2009-01-09 10:10:27 ----SHD---- C:\WINDOWS\ftpcache

2009-01-06 22:16:37 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\NCH Swift Sound

2009-01-06 22:16:35 ----D---- C:\Arquivos de programas\NCH Software

2009-01-06 22:16:34 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\NCH Swift Sound

2009-01-06 22:00:58 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\Sony

2009-01-06 21:59:26 ----D---- C:\Arquivos de programas\Sony

2009-01-06 21:58:58 ----D---- C:\Arquivos de programas\Sony Setup

2009-01-03 19:23:36 ----D---- C:\Program Files

2009-01-02 01:01:23 ----RASH---- C:\boot.ini

2009-01-01 23:02:43 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Chat Republic Games

2009-01-01 01:02:50 ----D---- C:\Arquivos de programas\3GP Video Converter

2008-12-31 00:39:27 ----D---- C:\Arquivos de programas\Arquivos comuns\snpp106

2008-12-31 00:39:27 ----A---- C:\WINDOWS\vsnpp106.exe

2008-12-31 00:39:27 ----A---- C:\WINDOWS\system32\vsnpp106.dll

2008-12-31 00:39:27 ----A---- C:\WINDOWS\system32\dsnpp106.dll

2008-12-31 00:39:27 ----A---- C:\WINDOWS\snpp106.ini

2008-12-31 00:39:27 ----A---- C:\WINDOWS\dsnpp106.exe

2008-12-31 00:02:42 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$

2008-12-31 00:02:13 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$

2008-12-31 00:01:49 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$

2008-12-31 00:01:19 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$

2008-12-31 00:00:38 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$

2008-12-30 23:59:59 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$

2008-12-30 23:59:31 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

2008-12-30 23:59:04 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$

2008-12-30 23:58:37 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$

2008-12-30 23:58:11 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$

2008-12-30 23:57:47 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$

2008-12-30 23:57:20 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$

2008-12-30 23:56:55 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$

2008-12-30 23:56:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$

2008-12-30 23:55:57 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$

2008-12-30 23:55:19 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$

2008-12-30 23:54:54 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$

2008-12-30 23:54:30 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$

2008-12-30 23:53:00 ----A---- C:\WINDOWS\000001_.tmp

2008-12-28 20:02:42 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$

2008-12-28 20:02:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$

2008-12-28 20:01:49 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$

2008-12-28 04:25:11 ----A---- C:\WINDOWS\system32\mfc71.dll

2008-12-28 04:25:11 ----A---- C:\WINDOWS\system32\gdiplus.dll

2008-12-28 02:53:19 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_1$

2008-12-28 02:52:38 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_1$

2008-12-28 02:52:03 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_1$

2008-12-28 02:51:27 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_1$

2008-12-28 02:50:50 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_1$

2008-12-28 02:50:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_1$

2008-12-28 02:49:36 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_1$

2008-12-28 02:49:01 ----HDC---- C:\WINDOWS\$NtUninstallKB954600_1$

2008-12-28 02:48:25 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_1$

2008-12-28 02:47:47 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_1$

2008-12-28 02:47:12 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_1$

2008-12-28 02:46:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_1$

2008-12-28 02:45:57 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_1$

2008-12-28 02:45:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_1$

2008-12-28 02:44:41 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_1$

2008-12-28 02:44:06 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_1$

2008-12-28 02:43:33 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_1$

2008-12-28 02:42:54 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_1$

2008-12-28 02:41:04 ----N---- C:\WINDOWS\system32\msxml6r.dll

2008-12-28 02:41:04 ----D---- C:\Arquivos de programas\Messenger

2008-12-28 02:41:04 ----A---- C:\WINDOWS\system32\msxml6.dll

2008-12-28 02:41:00 ----N---- C:\WINDOWS\system32\smtpapi.dll

2008-12-28 02:41:00 ----N---- C:\WINDOWS\system32\rwnh.dll

2008-12-28 02:41:00 ----N---- C:\WINDOWS\system32\comsdupd.exe

2008-12-28 02:40:58 ----N---- C:\WINDOWS\system32\bitsprx4.dll

2008-12-28 02:40:58 ----N---- C:\WINDOWS\system32\azroles.dll

2008-12-28 02:40:58 ----N---- C:\WINDOWS\system32\ativtmxx.dll

2008-12-28 02:40:58 ----N---- C:\WINDOWS\system32\ati3d1ag.dll

2008-12-28 02:40:58 ----N---- C:\WINDOWS\system32\ati2dvaa.dll

2008-12-28 02:40:58 ----N---- C:\WINDOWS\system32\aaclient.dll

2008-12-28 02:40:57 ----N---- C:\WINDOWS\system32\eapsvc.dll

2008-12-28 02:40:57 ----N---- C:\WINDOWS\system32\eapqec.dll

2008-12-28 02:40:57 ----N---- C:\WINDOWS\system32\eappprxy.dll

2008-12-28 02:40:57 ----N---- C:\WINDOWS\system32\eapphost.dll

2008-12-28 02:40:57 ----N---- C:\WINDOWS\system32\eappgnui.dll

2008-12-28 02:40:57 ----N---- C:\WINDOWS\system32\eappcfg.dll

2008-12-28 02:40:57 ----N---- C:\WINDOWS\system32\eapp3hst.dll

2008-12-28 02:40:57 ----N---- C:\WINDOWS\system32\eapolqec.dll

2008-12-28 02:40:57 ----N---- C:\WINDOWS\system32\dot3ui.dll

2008-12-28 02:40:57 ----N---- C:\WINDOWS\system32\dot3svc.dll

2008-12-28 02:40:57 ----N---- C:\WINDOWS\system32\dot3msm.dll

2008-12-28 02:40:57 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll

2008-12-28 02:40:57 ----N---- C:\WINDOWS\system32\dot3dlg.dll

2008-12-28 02:40:57 ----N---- C:\WINDOWS\system32\dot3cfg.dll

2008-12-28 02:40:57 ----N---- C:\WINDOWS\system32\dot3api.dll

2008-12-28 02:40:57 ----N---- C:\WINDOWS\system32\dimsroam.dll

2008-12-28 02:40:57 ----N---- C:\WINDOWS\system32\dimsntfy.dll

2008-12-28 02:40:57 ----N---- C:\WINDOWS\system32\dhcpqec.dll

2008-12-28 02:40:57 ----N---- C:\WINDOWS\system32\credssp.dll

2008-12-28 02:40:56 ----N---- C:\WINDOWS\system32\hsfcisp2.dll

2008-12-28 02:40:55 ----N---- C:\WINDOWS\system32\mmcperf.exe

2008-12-28 02:40:55 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll

2008-12-28 02:40:55 ----N---- C:\WINDOWS\system32\mmcex.dll

2008-12-28 02:40:55 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll

2008-12-28 02:40:55 ----N---- C:\WINDOWS\system32\mdmxsdk.dll

2008-12-28 02:40:55 ----N---- C:\WINDOWS\system32\l2gpstore.dll

2008-12-28 02:40:55 ----N---- C:\WINDOWS\system32\kmsvc.dll

2008-12-28 02:40:55 ----N---- C:\WINDOWS\system32\kbdukx.dll

2008-12-28 02:40:55 ----N---- C:\WINDOWS\system32\kbdsmsno.dll

2008-12-28 02:40:55 ----N---- C:\WINDOWS\system32\kbdsmsfi.dll

2008-12-28 02:40:55 ----N---- C:\WINDOWS\system32\kbdpash.dll

2008-12-28 02:40:55 ----N---- C:\WINDOWS\system32\kbdno1.dll

2008-12-28 02:40:55 ----N---- C:\WINDOWS\system32\kbdnepr.dll

2008-12-28 02:40:55 ----N---- C:\WINDOWS\system32\kbdmlt48.dll

2008-12-28 02:40:55 ----N---- C:\WINDOWS\system32\kbdmlt47.dll

2008-12-28 02:40:55 ----N---- C:\WINDOWS\system32\kbdmaori.dll

2008-12-28 02:40:55 ----N---- C:\WINDOWS\system32\kbdiultn.dll

2008-12-28 02:40:55 ----N---- C:\WINDOWS\system32\kbdinmal.dll

2008-12-28 02:40:55 ----N---- C:\WINDOWS\system32\kbdinben.dll

2008-12-28 02:40:55 ----N---- C:\WINDOWS\system32\kbdinbe1.dll

2008-12-28 02:40:55 ----N---- C:\WINDOWS\system32\kbdfi1.dll

2008-12-28 02:40:55 ----N---- C:\WINDOWS\system32\kbdbhc.dll

2008-12-28 02:40:54 ----N---- C:\WINDOWS\system32\onex.dll

2008-12-28 02:40:54 ----N---- C:\WINDOWS\system32\nv4_disp.dll

2008-12-28 02:40:54 ----N---- C:\WINDOWS\system32\napstat.exe

2008-12-28 02:40:54 ----N---- C:\WINDOWS\system32\napmontr.dll

2008-12-28 02:40:54 ----N---- C:\WINDOWS\system32\napipsec.dll

2008-12-28 02:40:54 ----N---- C:\WINDOWS\system32\mtxparhd.dll

2008-12-28 02:40:54 ----N---- C:\WINDOWS\system32\msshavmsg.dll

2008-12-28 02:40:54 ----N---- C:\WINDOWS\system32\mssha.dll

2008-12-28 02:40:53 ----N---- C:\WINDOWS\system32\slserv.exe

2008-12-28 02:40:53 ----N---- C:\WINDOWS\system32\slrundll.exe

2008-12-28 02:40:53 ----N---- C:\WINDOWS\system32\slgen.dll

2008-12-28 02:40:53 ----N---- C:\WINDOWS\system32\slextspk.dll

2008-12-28 02:40:53 ----N---- C:\WINDOWS\system32\slcoinst.dll

2008-12-28 02:40:53 ----N---- C:\WINDOWS\system32\setupn.exe

2008-12-28 02:40:53 ----N---- C:\WINDOWS\system32\s3gnb.dll

2008-12-28 02:40:53 ----N---- C:\WINDOWS\system32\rhttpaa.dll

2008-12-28 02:40:53 ----N---- C:\WINDOWS\system32\rasqec.dll

2008-12-28 02:40:53 ----N---- C:\WINDOWS\system32\qutil.dll

2008-12-28 02:40:53 ----N---- C:\WINDOWS\system32\qcliprov.dll

2008-12-28 02:40:53 ----N---- C:\WINDOWS\system32\qagentrt.dll

2008-12-28 02:40:53 ----N---- C:\WINDOWS\system32\qagent.dll

2008-12-28 02:40:52 ----N---- C:\WINDOWS\system32\tspkg.dll

2008-12-28 02:40:52 ----N---- C:\WINDOWS\system32\tsgqec.dll

2008-12-28 02:40:51 ----N---- C:\WINDOWS\system32\wlanapi.dll

2008-12-28 02:40:50 ----N---- C:\WINDOWS\slrundll.exe

2008-12-28 02:40:49 ----D---- C:\WINDOWS\system32\bits

2008-12-28 02:40:49 ----D---- C:\WINDOWS\l2schemas

2008-12-28 02:38:25 ----D---- C:\WINDOWS\ServicePackFiles

2008-12-28 02:36:13 ----D---- C:\WINDOWS\network diagnostic

2008-12-28 02:34:55 ----A---- C:\WINDOWS\002906_.tmp

2008-12-28 02:32:22 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$

2008-12-27 22:30:12 ----D---- C:\Arquivos de programas\GbPlugin

2008-12-27 21:44:49 ----D---- C:\WINDOWS\system32\xlive

2008-12-27 21:44:49 ----D---- C:\Arquivos de programas\Microsoft Games for Windows - LIVE

2008-12-25 22:19:06 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-12-25 15:01:53 ----HDC---- C:\WINDOWS\$NtUninstallWIC$

2008-12-25 15:01:45 ----D---- C:\Arquivos de programas\Microsoft SQL Server Compact Edition

2008-12-25 10:43:38 ----D---- C:\Arquivos de programas\Windows Live SkyDrive

2008-12-25 10:34:34 ----D---- C:\Arquivos de programas\Arquivos comuns\Windows Live

 

======List of files/folders modified in the last 1 months======

 

2009-01-21 16:28:20 ----HD---- C:\Temp

2009-01-21 16:27:23 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\BITS

2009-01-21 15:28:28 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\LimeWire

2009-01-21 15:24:07 ----D---- C:\Downloads

2009-01-21 15:20:02 ----D---- C:\WINDOWS\Prefetch

2009-01-21 15:19:58 ----SHD---- C:\WINDOWS\Installer

2009-01-21 15:19:56 ----D---- C:\WINDOWS\system32

2009-01-21 15:19:27 ----D---- C:\Arquivos de programas

2009-01-21 15:16:40 ----D---- C:\Arquivos de programas\Arquivos comuns

2009-01-21 14:02:56 ----AD---- C:\WINDOWS\system32\drivers

2009-01-21 11:22:28 ----D---- C:\WINDOWS\system32\CatRoot2

2009-01-21 10:48:28 ----D---- C:\WINDOWS\Temp

2009-01-21 03:18:04 ----D---- C:\WINDOWS

2009-01-21 03:16:34 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-01-21 02:22:11 ----D---- C:\WINDOWS\Minidump

2009-01-21 01:42:42 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-01-20 22:55:28 ----D---- C:\WINDOWS\system32\config

2009-01-19 20:22:22 ----D---- C:\Arquivos de programas\MV RegClean 5.5

2009-01-19 18:27:38 ----D---- C:\WINDOWS\system32\DirectX

2009-01-19 18:27:33 ----HD---- C:\WINDOWS\inf

2009-01-19 18:26:09 ----RSD---- C:\WINDOWS\assembly

2009-01-19 08:51:54 ----HD---- C:\Arquivos de programas\InstallShield Installation Information

2009-01-18 01:05:19 ----D---- C:\Arquivos de programas\Malwarebytes' Anti-Malware

2009-01-16 18:16:35 ----A---- C:\WINDOWS\NeroDigital.ini

2009-01-16 16:02:57 ----AD---- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2009-01-16 08:51:48 ----A---- C:\WINDOWS\system32\PnkBstrB.exe

2009-01-15 23:01:19 ----SHD---- C:\System Volume Information

2009-01-15 23:01:19 ----D---- C:\WINDOWS\system32\Restore

2009-01-15 14:23:34 ----RSHDC---- C:\WINDOWS\system32\dllcache

2009-01-14 22:25:52 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2009-01-14 22:24:43 ----HD---- C:\WINDOWS\$hf_mig$

2009-01-14 20:24:38 ----A---- C:\WINDOWS\WININIT.INI

2009-01-14 16:24:59 ----D---- C:\Arquivos de programas\eMule

2009-01-13 03:01:22 ----D---- C:\Arquivos de programas\AVG8

2009-01-09 10:28:34 ----A---- C:\WINDOWS\system32\PnkBstrA.exe

2009-01-09 10:28:34 ----A---- C:\WINDOWS\system32\pbsvc.exe

2009-01-09 03:37:23 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\Skype

2009-01-09 01:34:34 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\skypePM

2009-01-07 19:09:07 ----SD---- C:\WINDOWS\Tasks

2009-01-07 01:06:11 ----D---- C:\WINDOWS\system32\CatRoot

2009-01-06 21:28:42 ----SD---- C:\Documents and Settings\Administrador\Dados de aplicativos\Microsoft

2009-01-05 19:55:17 ----D---- C:\Arquivos de programas\Messenger Plus! Live

2009-01-03 20:51:22 ----SD---- C:\WINDOWS\Downloaded Program Files

2009-01-03 17:55:35 ----D---- C:\Arquivos de programas\Google

2009-01-03 17:54:56 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Google

2009-01-03 17:53:58 ----D---- C:\Arquivos de programas\Windows Live

2009-01-03 17:50:49 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\Any Video Converter

2009-01-03 17:49:25 ----DC---- C:\WINDOWS\system32\DRVSTORE

2009-01-02 21:37:43 ----A---- C:\WINDOWS\win.ini

2009-01-02 21:37:43 ----A---- C:\WINDOWS\system.ini

2009-01-01 01:04:15 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\Real

2008-12-31 00:35:58 ----D---- C:\WINDOWS\twain_32

2008-12-31 00:00:03 ----D---- C:\WINDOWS\security

2008-12-30 23:53:35 ----D---- C:\WINDOWS\Help

2008-12-30 23:53:34 ----D---- C:\WINDOWS\system32\oobe

2008-12-30 23:52:59 ----D---- C:\WINDOWS\system32\ReinstallBackups

2008-12-30 23:52:39 ----D---- C:\WINDOWS\ehome

2008-12-28 02:58:24 ----A---- C:\WINDOWS\OEWABLog.txt

2008-12-28 02:56:02 ----D---- C:\WINDOWS\system32\Setup

2008-12-28 02:56:02 ----D---- C:\WINDOWS\AppPatch

2008-12-28 02:56:01 ----D---- C:\WINDOWS\system32\wbem

2008-12-28 02:41:00 ----D---- C:\WINDOWS\system32\inetsrv

2008-12-28 02:40:59 ----D---- C:\WINDOWS\ime

2008-12-28 02:40:50 ----D---- C:\WINDOWS\system32\usmt

2008-12-28 02:40:49 ----D---- C:\WINDOWS\PeerNet

2008-12-28 02:40:49 ----D---- C:\Arquivos de programas\Movie Maker

2008-12-28 02:38:13 ----D---- C:\WINDOWS\system32\npp

2008-12-28 02:38:12 ----D---- C:\WINDOWS\msagent

2008-12-28 02:38:10 ----D---- C:\WINDOWS\system32\Com

2008-12-28 02:38:10 ----D---- C:\WINDOWS\srchasst

2008-12-28 02:38:07 ----D---- C:\Arquivos de programas\Windows NT

2008-12-28 02:38:07 ----D---- C:\Arquivos de programas\Windows Media Player

2008-12-28 02:38:07 ----D---- C:\Arquivos de programas\Outlook Express

2008-12-28 02:38:03 ----D---- C:\Arquivos de programas\Arquivos comuns\System

2008-12-28 02:37:47 ----D---- C:\WINDOWS\system

2008-12-28 00:16:18 ----D---- C:\WINDOWS\SoftwareDistribution

2008-12-26 19:43:42 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

2008-12-25 14:54:32 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-12-25 10:57:29 ----D---- C:\Arquivos de programas\Windows Media Connect 2

2008-12-25 10:43:43 ----SD---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft

2008-12-25 10:43:43 ----D---- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 intelppm;Driver de Processador Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40448]

R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-08-21 3299840]

R3 HDAudBus;Driver de Barramento Microsoft UAA para High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-05-31 96896]

R3 STHDA;IDT High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-11-09 1260744]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

S3 arnuldwa;arnuldwa; C:\WINDOWS\system32\drivers\arnuldwa.sys []

S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 EagleNT;EagleNT; C:\WINDOWS\system32\drivers\EagleNT.sys []

S3 HidUsb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-07-09 4449280]

S3 MSTEE;Conversor em T entre locais de fluxo contínuo Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Conexão de TV e vídeo da Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 SNPP106;PC Camera (6029 CIF); C:\WINDOWS\system32\DRIVERS\snpp106.sys [2003-04-09 227200]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 usbaudio;Driver de áudio USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]

S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 usbvideo;Dispositivo de vídeo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]

S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2007-06-10 234752]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 Apache2.2;Apache2.2; C:\Arquivos de programas\AppServ\Apache2.2\bin\httpd.exe [2007-01-09 20539]

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-08-20 573440]

R2 GbpSv;Gbp Service; C:\ARQUIV~1\GbPlugin\GbpSv.exe [2008-11-04 52608]

R2 LicCtrlService;LicCtrl Service; C:\WINDOWS\runservice.exe [2008-10-14 2560]

R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-01-09 66872]

R2 STacSV;Audio Service; C:\WINDOWS\system32\STacSV.exe [2007-11-09 212992]

R3 usnjsvc;Serviço de Compartilhamento de Pastas Messenger do USN Journal Reader; C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-08-20 593920]

S3 Adobe LM Service;Adobe LM Service; C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-11-29 72704]

S3 aspnet_state;Serviço de estado do ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]

S3 IDriverT;InstallDriver Table Manager; C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

S3 idsvc;Windows CardSpace; C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]

S3 NMIndexingService;NMIndexingService; C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe [2007-08-03 382248]

S3 odserv;Microsoft Office Diagnostics Service; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]

S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]

S3 WLSetupSvc;Windows Live Setup Service; C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

S3 WMPNetworkSvc;Serviço de Partilha de Rede do Windows Media Player; C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe [2006-11-02 914944]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

 

-----------------EOF-----------------

 

 

 

 

 

 

 

info.txt logfile of random's system information tool 1.05 2009-01-21 16:28:26

 

======Uninstall list======

 

-->C:\Arquivos de programas\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL

-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0416-0000-0000000FF1CE} /uninstall {669EB263-0AFE-4FCB-A068-DB082CA6273C}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0416-0000-0000000FF1CE} /uninstall {98003BDC-1B68-4970-B28E-ACC8000D2F3E}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}

9Dragons-->MsiExec.exe /I{EB0508A0-162A-4996-85A1-00C07D33445A}

Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}

Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}

Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}

Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}

Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log

Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}

AppServ 2.5.9 (remove only)-->C:\Arquivos de programas\AppServ\Uninstall-AppServ2.5.9.exe

Arquivo do WinRAR-->C:\Arquivos de programas\WinRAR\uninstall.exe

Assistente de Conexão do Windows Live-->MsiExec.exe /I{51A857F8-35FA-42B2-A7BE-FBD5BAFDD84A}

ATI - Software Uninstall Utility-->C:\Arquivos de programas\ATI Technologies\UninstallAll\AtiCimUn.exe

ATI Catalyst Control Center-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0

ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

Atualização de Segurança para o Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"

Atualização de Segurança para o Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"

Atualização de Segurança para o Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"

Atualização de Segurança para o Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf

Atualização de Segurança para Windows XP (KB938464)-->"C:\windows\$NtUninstallKB938464$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB946648)-->"C:\windows\$NtUninstallKB946648$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB950762)-->"C:\windows\$NtUninstallKB950762$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB950974)-->"C:\windows\$NtUninstallKB950974$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB951066)-->"C:\windows\$NtUninstallKB951066$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB951376-v2)-->"C:\windows\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB951698)-->"C:\windows\$NtUninstallKB951698$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB951748)-->"C:\windows\$NtUninstallKB951748$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB952954)-->"C:\windows\$NtUninstallKB952954$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB954211)-->"C:\windows\$NtUninstallKB954211$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB954459)-->"C:\windows\$NtUninstallKB954459$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB954600)-->"C:\windows\$NtUninstallKB954600$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB955069)-->"C:\windows\$NtUninstallKB955069$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB956802)-->"C:\windows\$NtUninstallKB956802$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB956803)-->"C:\windows\$NtUninstallKB956803$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB956841)-->"C:\windows\$NtUninstallKB956841$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB957095)-->"C:\windows\$NtUninstallKB957095$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB957097)-->"C:\windows\$NtUninstallKB957097$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB958644)-->"C:\windows\$NtUninstallKB958644$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"

Atualização para Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"

Atualização para Windows XP (KB951978)-->"C:\windows\$NtUninstallKB951978$\spuninst\spuninst.exe"

Atualização para Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"

Call of Duty® - World at War 1.1 Patch-->C:\Arquivos de programas\InstallShield Installation Information\{AFAE2B15-89A0-4215-A030-F7B5B478886B}\setup.exe -runfromtemp -l0x0409

Catalyst Control Center - Branding-->MsiExec.exe /I{FA3A247D-437A-455E-A88F-7EB6E5F9E799}

DEVIL MAY CRY 4-->MsiExec.exe /I{D4E5A687-797D-44B1-8F96-4FD7A24166A9}

Ferramenta de Carregamento do Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

FindyKill-->C:\Arquivos de programas\FindyKill\Uninstal.exe

FlashGet 2.0-->C:\Arquivos de programas\FlashGet Network\FlashGet universal\uninst.exe

Florensia-->C:\Arquivos de programas\InstallShield Installation Information\{69AB0E59-F19A-4BA2-BB51-B0A25B8B405A}\setup.exe -runfromtemp -l0x0009 -removeonly

Grand Theft Auto IV-->"C:\Arquivos de programas\InstallShield Installation Information\{579BA58C-F33D-4970-9953-B94B43768AC3}\setup.exe" -runfromtemp -l0x0009 -removeonly

HijackThis 2.0.2-->"C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe" /uninstall

Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

Hotfix para o Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"

Hotfix para Windows XP (KB952287)-->"C:\windows\$NtUninstallKB952287$\spuninst\spuninst.exe"

IDT Audio-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe" -l0x416 -remove -removeonly

Java 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}

K-Lite Mega Codec Pack 3.5.7-->"C:\Arquivos de programas\K-Lite Codec Pack\unins000.exe"

LimeWire 4.16.4-->"C:\Arquivos de programas\LimeWire\uninstall.exe"

Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}

Macromedia Flash 8 Video Encoder-->MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}

Macromedia Flash 8-->MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}

Macromedia Flash Player 8 Plugin-->MsiExec.exe /X{91057632-CA70-413C-B628-2D3CDBBB906B}

Malwarebytes' Anti-Malware-->"C:\Arquivos de programas\Malwarebytes' Anti-Malware\unins000.exe"

Megacubo 5.0.9-->"C:\Arquivos de programas\Megacubo\unins000.exe"

Messenger Plus! Live-->"C:\Arquivos de programas\Messenger Plus! Live\Uninstall.exe"

Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - PTB-->MsiExec.exe /I{EDA9F30A-8B65-3E6F-B353-CCA1C9241471}

Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}

Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - PTB-->MsiExec.exe /I{94C65B81-1CCE-3D93-95B5-853B1A3DA539}

Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}

Microsoft .NET Framework 3.5 Language Pack - ptb-->C:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - ptb\setup.exe

Microsoft .NET Framework 3.5 Language Pack - ptb-->MsiExec.exe /I{AA6E423F-CBDF-3608-AC30-0CF08D7C9A07}

Microsoft .NET Framework 3.5-->C:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe

Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}

Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{FD052FB9-FE90-4438-B355-15EDC89D8FB1}

Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"

Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"

Microsoft Office Access MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0015-0416-0000-0000000FF1CE}

Microsoft Office Enterprise 2007-->"C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL

Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0016-0416-0000-0000000FF1CE}

Microsoft Office Groove MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-00BA-0416-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0044-0416-0000-0000000FF1CE}

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-00A1-0416-0000-0000000FF1CE}

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001A-0416-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0018-0416-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001F-0416-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-002C-0416-0000-0000000FF1CE}

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0019-0416-0000-0000000FF1CE}

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-006E-0416-0000-0000000FF1CE}

Microsoft Office Word MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001B-0416-0000-0000000FF1CE}

Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}

MSXML 4.0-->MsiExec.exe /I{428102E6-8A39-48B9-8389-847F5A44A600}

MSXML 4.0-->MsiExec.exe /I{54BB0384-1C33-488F-A95B-877E480D3EDC}

MV RegClean 5.5-->"C:\Arquivos de programas\MV RegClean 5.5\unins000.exe"

Nero 8-->MsiExec.exe /X{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1046}

PC Camera (6029 CIF)-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{54DC27A1-2708-421E-8915-119955DB3B92}\Setup.exe" -l0x9

Prince of Persia-->"C:\Arquivos de programas\InstallShield Installation Information\{7C11154F-3539-4CB5-979D-EF7913473E53}\setup.exe" -runfromtemp -l0x0009 -removeonly

Pro Evolution Soccer 2009-->MsiExec.exe /X{A8DB611A-D80E-450D-85F6-3ACDD164BE31}

PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u

Realtek High Definition Audio Driver-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x416 -removeonly

Rockstar Games Social Club-->"C:\Arquivos de programas\InstallShield Installation Information\{08B3869E-D282-424C-9AFC-870E04A4BA14}\setup.exe" -runfromtemp -l0x0009 -removeonly

SecondLife (remove only)-->"C:\Arquivos de programas\SecondLife\uninst.exe" /P="SecondLife"

Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}

Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}

Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}

Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}

Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}

Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}

Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}

Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}

Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}

Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}

Serif PhotoPlus 6.0-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{0609D0AF-1382-42BE-81DB-CF30F8B0F6E2}\Setup.exe" -l0x9

Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}

Sony Noise Reduction Plug-In 2.0h-->MsiExec.exe /X{06A1BE8A-4CA4-4A39-B9E4-E815AA8FE05C}

SopCast 3.0.3-->C:\Arquivos de programas\SopCast\uninst.exe

Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}

Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}

Update for Outlook 2007 Junk Email Filter (kb959141)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CC6191C2-B0CE-473C-AD77-61EA3497D796}

Visual C++ 8.0 CRT (x86) WinSXS MSM-->MsiExec.exe /I{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}

Windows Imaging Component-->"C:\windows\$NtUninstallWIC$\spuninst\spuninst.exe"

Windows Live installer-->MsiExec.exe /X{3A417047-2E30-4D05-8977-F706D40BFF39}

Windows Live Messenger-->MsiExec.exe /X{8EADB73B-026D-4978-A8F0-1EEF5E1ECEC7}

Windows Live Writer-->MsiExec.exe /X{FB61641F-6892-4926-A5CD-DB131DC6BE08}

Windows Media Format 11 runtime-->"C:\Arquivos de programas\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Media Player 11-->"C:\Arquivos de programas\Windows Media Player\Setup_wm.exe" /Uninstall

Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

Windows XP Service Pack 3-->"C:\windows\$NtServicePackUninstall$\spuninst\spuninst.exe"

Xbox 360 Controller for Windows-->"C:\WINDOWS\$NtUninstall_Xbox_360_CC_Driver$\spuninst\spuninst.exe"

XML Paper Specification Shared Components Language Pack 1.0-->"C:\windows\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

 

=====HijackThis Backups=====

 

O4 - HKLM\..\Run: [gamahuhawu] Rundll32.exe "C:\WINDOWS\system32\joyiwila.dll",s

O4 - HKUS\S-1-5-19\..\Run: [gamahuhawu] Rundll32.exe "C:\WINDOWS\system32\joyiwila.dll",s (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [gamahuhawu] Rundll32.exe "C:\WINDOWS\system32\joyiwila.dll",s (User 'NETWORK SERVICE')

 

System event log

 

Computer Name: RAFADIGOW

Event Code: 4226

Message: TCP/IP alcançou o limite de segurança imposto sobre o número de tentativas de conexão TCP simultâneas.

 

Record Number: 5772

Source Name: Tcpip

Time Written: 20090114162405.000000-180

Event Type: aviso

User:

 

Computer Name: RAFADIGOW

Event Code: 7036

Message: O serviço IMAPI CD-Burning COM Service entrou no estado interrompido.

 

Record Number: 5771

Source Name: Service Control Manager

Time Written: 20090114160604.000000-180

Event Type: Informações

User:

 

Computer Name: RAFADIGOW

Event Code: 7036

Message: O serviço IMAPI CD-Burning COM Service entrou no estado executando.

 

Record Number: 5770

Source Name: Service Control Manager

Time Written: 20090114160558.000000-180

Event Type: Informações

User:

 

Computer Name: RAFADIGOW

Event Code: 7035

Message: O serviço IMAPI CD-Burning COM Service recebeu com êxito um controle Iniciar.

 

Record Number: 5769

Source Name: Service Control Manager

Time Written: 20090114160558.000000-180

Event Type: Informações

User: AUTORIDADE NT\SYSTEM

 

Computer Name: RAFADIGOW

Event Code: 7035

Message: O serviço NPPTNT2 recebeu com êxito um controle Iniciar.

 

Record Number: 5768

Source Name: Service Control Manager

Time Written: 20090114154553.000000-180

Event Type: Informações

User: RAFADIGOW\Administrador

 

Application event log

 

Computer Name: RAFADIGOW

Event Code: 1000

Message: Aplicativo com falha scsdestinations.exe, versão 1.1.0.273, módulo com falha msvcr80.dll, versão 8.0.50727.762, endereço com falha 0x0000f19a.

 

Record Number: 1553

Source Name: Application Error

Time Written: 20081122213556.000000-180

Event Type: Erro

User:

 

Computer Name: RAFADIGOW

Event Code: 1000

Message: Aplicativo com falha scsdestinations.exe, versão 1.1.0.273, módulo com falha msvcr80.dll, versão 8.0.50727.762, endereço com falha 0x0000f19a.

 

Record Number: 1552

Source Name: Application Error

Time Written: 20081122194046.000000-180

Event Type: Erro

User:

 

Computer Name: RAFADIGOW

Event Code: 1000

Message: Aplicativo com falha scsdestinations.exe, versão 1.1.0.273, módulo com falha msvcr80.dll, versão 8.0.50727.762, endereço com falha 0x0000f19a.

 

Record Number: 1551

Source Name: Application Error

Time Written: 20081122191458.000000-180

Event Type: Erro

User:

 

Computer Name: RAFADIGOW

Event Code: 101

Message: msnmsgr (2544) O mecanismo de banco de dados parou.

 

Record Number: 1550

Source Name: ESENT

Time Written: 20081122142814.000000-180

Event Type: Informações

User:

 

Computer Name: RAFADIGOW

Event Code: 103

Message: msnmsgr (2544) \\.\C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Messenger\silveira.digo@hotmail.com\SharingMetadata\Working\database_F640_CCE8_40CC_B0A3\dfsr.db: O mecanismo de banco de dados interrompeu uma instância (0).

 

Record Number: 1549

Source Name: ESENT

Time Written: 20081122142814.000000-180

Event Type: Informações

User:

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static;C:\Arquivos de programas\Arquivos comuns\Adobe\AGL

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel

"PROCESSOR_REVISION"=0f06

"NUMBER_OF_PROCESSORS"=2

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"RGSCLauncher"=D:\Rockstar Games\Rockstar Games Social Club

"RGSC"=D:\Rockstar Games\Rockstar Games Social Club\1_0_0_0

 

-----------------EOF-----------------

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.