Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Felipe7l

[Arquivado] Log do HijackThis e ComboFix

Recommended Posts

Opa...

Pesquisei hoje sobre um virus q surgiu na lista dos processos do meu pc e achei esse forum muito massa para resolver os problemas...

primeiro passei o combofix segui tudo certinho....

cara acho q sumiu alguns do malwares q estavam no pc...

melhorou bem..

depois lendo o forum achei o tal do hijackthis e passei ele tambem com todos os meus drivers conectador ao pc...

estou com o log dos dois...

 

Combofix:

ComboFix 09-04-01.01 - Felipe de Souza 2009-04-02 19:29:49.1 - NTFSx86

Executando de: e:\documents and settings\Felipe de Souza\Desktop\ComboFix.exe

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

E:\autorun.inf

e:\documents and settings\Felipe de Souza\Dados de aplicativos\inst.exe

e:\windows\system32\Core.dll

e:\windows\system32\msssc.dll

F:\Autorun.inf

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-03-02 to 2009-04-02 ))))))))))))))))))))))))))))

.

 

2009-04-02 19:13 . 2006-03-02 23:42 73,728 --a------ E:\pv.exe

2009-04-02 19:12 . 2009-04-02 19:12 <DIR> d-------- e:\documents and settings\Felipe de Souza\Dados de aplicativos\Windows Desktop Search

2009-04-02 16:25 . 2009-04-02 16:25 <DIR> d-------- e:\documents and settings\Felipe de Souza\Dados de aplicativos\Windows Search

2009-04-02 16:23 . 2009-04-02 16:23 <DIR> d-------- e:\arquivos de programas\Windows Desktop Search

2009-04-02 16:22 . 2008-03-07 14:02 192,000 -----c--- e:\windows\system32\dllcache\offfilt.dll

2009-04-02 16:22 . 2008-03-07 14:02 98,304 -----c--- e:\windows\system32\dllcache\nlhtml.dll

2009-04-02 16:22 . 2008-03-07 14:02 29,696 -----c--- e:\windows\system32\dllcache\mimefilt.dll

2009-04-02 13:38 . 2009-01-09 16:19 1,089,883 -----c--- e:\windows\system32\dllcache\ntprint.cat

2009-04-01 14:10 . 2006-06-29 13:07 14,048 --------- e:\windows\system32\spmsg2.dll

2009-04-01 13:59 . 2009-04-01 14:10 <DIR> d-------- e:\windows\system32\XPSViewer

2009-04-01 13:58 . 2009-04-01 13:58 <DIR> d-------- e:\arquivos de programas\Reference Assemblies

2009-04-01 13:58 . 2009-04-01 13:58 <DIR> d-------- E:\82395a271562dfd27ce6b4

2009-04-01 13:58 . 2008-07-06 09:06 1,676,288 --------- e:\windows\system32\xpssvcs.dll

2009-04-01 13:58 . 2008-07-06 09:06 1,676,288 -----c--- e:\windows\system32\dllcache\xpssvcs.dll

2009-04-01 13:58 . 2008-07-06 07:50 597,504 -----c--- e:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-04-01 13:58 . 2008-07-06 09:06 575,488 --------- e:\windows\system32\xpsshhdr.dll

2009-04-01 13:58 . 2008-07-06 09:06 575,488 -----c--- e:\windows\system32\dllcache\xpsshhdr.dll

2009-04-01 13:58 . 2008-07-06 09:06 117,760 --------- e:\windows\system32\prntvpt.dll

2009-04-01 13:58 . 2008-07-06 09:06 89,088 -----c--- e:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-04-01 13:48 . 2009-04-01 13:48 <DIR> d-------- E:\1dbbb87d4aea535a613cdea85f1d

2009-03-31 16:26 . 2009-03-31 16:26 <DIR> d--hs---- e:\documents and settings\Felipe de Souza\PrivacIE

2009-03-31 16:26 . 2009-03-31 16:26 <DIR> d--hs---- e:\documents and settings\Felipe de Souza\IECompatCache

2009-03-31 15:50 . 2009-03-31 15:50 <DIR> d--hs---- e:\documents and settings\LocalService\IETldCache

2009-03-31 15:50 . 2009-03-31 15:50 <DIR> d--hs---- e:\documents and settings\Felipe de Souza\IETldCache

2009-03-31 15:31 . 2009-03-31 15:31 <DIR> d-------- e:\windows\ie8updates

2009-03-31 15:26 . 2009-03-31 15:30 <DIR> d--h-c--- e:\windows\ie8

2009-03-31 15:04 . 2009-02-28 01:55 105,984 -----c--- e:\windows\system32\dllcache\iecompat.dll

2009-03-25 22:15 . 2009-03-25 22:15 <DIR> d-------- e:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files

2009-03-19 18:27 . 2009-04-02 16:04 <DIR> d-------- e:\documents and settings\All Users\Dados de aplicativos\Google Updater

2009-03-19 16:23 . 2009-03-19 16:23 <DIR> d-------- e:\documents and settings\Felipe de Souza\Dados de aplicativos\Windows Live Writer

2009-03-19 15:17 . 2009-03-19 15:17 <DIR> d-------- e:\arquivos de programas\Microsoft Silverlight

2009-03-19 14:36 . 2009-03-19 14:36 <DIR> d-------- e:\windows\system32\config\systemprofile\Dados de aplicativos\SACore

2009-03-16 21:27 . 2009-03-16 21:56 <DIR> d-------- e:\documents and settings\Felipe de Souza\.receitanet

2009-03-16 21:23 . 2008-12-23 17:01 69,632 --a------ e:\windows\system32\MSJCE.dll

2009-03-08 14:35 . 2009-03-08 14:35 53,248 --------- e:\windows\system32\msrating.dll.mui

2009-03-08 14:35 . 2009-03-08 14:35 2,560 --------- e:\windows\system32\mshta.exe.mui

2009-03-08 14:32 . 2009-03-08 14:32 81,920 --------- e:\windows\system32\iedkcs32.dll.mui

2009-03-08 14:32 . 2009-03-08 14:32 4,096 --------- e:\windows\system32\ie4uinit.exe.mui

2009-03-08 04:33 . 2009-03-08 04:33 18,944 -----c--- e:\windows\system32\dllcache\corpol.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-02 22:32 --------- d-----w e:\documents and settings\Felipe de Souza\Dados de aplicativos\BitTorrent

2009-04-02 22:29 --------- d-----w e:\documents and settings\Felipe de Souza\Dados de aplicativos\DNA

2009-04-02 22:13 --------- d-----w e:\arquivos de programas\Mozilla Firefox 3.1 Beta 2

2009-04-02 22:09 --------- d-----w e:\arquivos de programas\DNA

2009-04-01 18:27 --------- d-----w e:\documents and settings\All Users\Dados de aplicativos\Babylon

2009-04-01 16:59 --------- d-----w e:\arquivos de programas\MSBuild

2009-03-31 23:55 --------- d-----w e:\documents and settings\Felipe de Souza\Dados de aplicativos\Babylon

2009-03-31 17:54 --------- d-----w e:\arquivos de programas\Hamachi

2009-03-31 17:54 --------- d-----w e:\arquivos de programas\GordianKnot

2009-03-31 17:53 --------- d-----w e:\arquivos de programas\Cheatbook Database 2008

2009-03-31 17:53 --------- d-----w e:\arquivos de programas\BitTorrent_DNA

2009-03-31 17:53 --------- d-----w e:\arquivos de programas\BitTorrent

2009-03-31 17:49 --------- d-----w e:\arquivos de programas\Acoustica Audio Converter Pro

2009-03-29 23:09 --------- d-----w e:\documents and settings\LocalService\Dados de aplicativos\SACore

2009-03-27 19:54 --------- d-----w e:\documents and settings\Felipe de Souza\Dados de aplicativos\Vso

2009-03-26 20:22 --------- d-----w e:\arquivos de programas\VDOWNLOADER

2009-03-26 01:18 --------- d-----w e:\arquivos de programas\AIMP2

2009-03-19 21:27 --------- d-----w e:\arquivos de programas\Google

2009-03-19 18:44 --------- d-----w e:\arquivos de programas\Windows Live

2009-03-19 16:19 --------- d-----w e:\arquivos de programas\McAfee

2009-03-17 01:15 --------- d-----w e:\arquivos de programas\Programas RFB

2009-03-13 15:58 --------- d-----w e:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2009-03-08 07:34 914,944 ----a-w e:\windows\system32\wininet.dll

2009-03-08 07:34 43,008 ----a-w e:\windows\system32\licmgr10.dll

2009-03-08 07:33 420,352 ----a-w e:\windows\system32\vbscript.dll

2009-03-08 07:33 18,944 ----a-w e:\windows\system32\corpol.dll

2009-03-08 07:32 72,704 ----a-w e:\windows\system32\admparse.dll

2009-03-08 07:32 71,680 ----a-w e:\windows\system32\iesetup.dll

2009-03-08 07:31 48,128 ----a-w e:\windows\system32\mshtmler.dll

2009-03-08 07:31 45,568 ----a-w e:\windows\system32\mshta.exe

2009-03-08 07:31 34,816 ----a-w e:\windows\system32\imgutil.dll

2009-03-08 07:22 156,160 ----a-w e:\windows\system32\msls31.dll

2009-02-09 14:06 1,846,912 ----a-w e:\windows\system32\win32k.sys

2009-02-08 00:16 --------- d--h--w e:\arquivos de programas\InstallShield Installation Information

2009-02-07 22:05 --------- d-----w e:\arquivos de programas\Messenger Plus! Live

2009-02-07 00:42 --------- d-----w e:\arquivos de programas\sXe Injected

2009-02-06 22:14 308,088 ----a-w e:\windows\WLXPGSS.SCR

2009-02-06 21:52 49,504 ----a-w e:\windows\system32\sirenacm.dll

2009-02-02 15:52 --------- d-----w e:\documents and settings\Felipe de Souza\Dados de aplicativos\SUPERAntiSpyware.com

2009-02-02 15:52 --------- d-----w e:\arquivos de programas\SUPERAntiSpyware

2009-01-07 21:21 26,144 ----a-w e:\windows\system32\spupdsvc.exe

2009-01-07 21:20 265,720 ----a-w e:\windows\system32\msdbg2.dll

2009-01-07 21:20 26,112 ----a-w e:\windows\system32\idndl.dll

2009-01-07 21:20 24,576 ----a-w e:\windows\system32\nlsdl.dll

2009-01-07 21:20 23,552 ----a-w e:\windows\system32\normaliz.dll

2008-03-08 21:06 47,360 ----a-w e:\documents and settings\Felipe de Souza\Dados de aplicativos\pcouffin.sys

2008-12-08 23:08 32,768 --sha-w e:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\MSHist012008120820081209\index.dat

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BitTorrent"="e:\arquivos de programas\BitTorrent\bittorrent.exe" [2008-12-16 637232]

"ctfmon.exe"="e:\windows\system32\ctfmon.exe" [2008-04-13 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="e:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

"MSConfig"="e:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-13 171520]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

 

e:\documents and settings\Felipe de Souza\Menu Iniciar\Programas\Inicializar\

Ferramenta de Verifica‡Æo de M¡dia do Cyber-shot Viewer.lnk - e:\arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-02-23 155648]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "e:\arquivos de programas\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3fhg"= mp3fhg.acm

"msacm.divxa32"= divxa32.acm

"VIDC.X264"= x264vfw.dll

"VIDC.HFYU"= huffyuv.dll

"vidc.i263"= i263_32.drv

 

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Windows Search.lnk]

path=e:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Windows Search.lnk

backup=e:\windows\pss\Windows Search.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-10-15 00:04 39792 e:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]

--a------ 2008-02-20 23:22 3165920 e:\arquivos de programas\Babylon\Babylon-Pro\Babylon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]

--a------ 2008-12-16 17:16 637232 e:\arquivos de programas\BitTorrent\bittorrent.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

--a------ 2008-12-19 08:22 342848 e:\arquivos de programas\DNA\btdna.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]

--a------ 2009-02-06 18:08 454000 e:\arquivos de programas\Windows Live\Family Safety\fsui.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

--a------ 2007-08-24 06:00 33648 e:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]

--a------ 2004-05-12 15:18 241664 e:\arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2004-02-12 13:38 49152 e:\arquivos de programas\HP\HP Software Update\hpwuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2008-04-13 23:21 1695232 e:\arquivos de programas\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

--a------ 2009-02-06 18:50 3885408 e:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2007-03-09 18:53 153136 e:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2006-10-22 13:22 7700480 e:\windows\system32\nvcpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2006-10-22 13:22 86016 e:\windows\system32\nvmctray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]

--a------ 2008-12-03 11:47 1205760 e:\arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2001-12-31 13:04 831488 e:\windows\system32\nwiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"e:\\Arquivos de programas\\DNA\\btdna.exe"=

"e:\\Arquivos de programas\\Shareaza\\Shareaza.exe"=

"e:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"=

"e:\\Arquivos de programas\\Valve\\hl.exe"=

"e:\\Arquivos de programas\\Valve\\hlds.exe"=

"e:\\Arquivos de programas\\Valve\\HLServer\\hlds.exe"=

"e:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"e:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

 

R2 gupdate1c9a8d98cb40f30;Google Update Service (gupdate1c9a8d98cb40f30);e:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-03-19 133104]

R3 cpuz129;cpuz129;f:\felipe\Programas\pc wizz\pcwiz32.sys [2008-01-25 9600]

R3 Mkd2kfNt;Mkd2kfNt;e:\windows\system32\drivers\Mkd2kfNt.sys [2008-07-08 130560]

R3 Mkd2Nadr;Mkd2Nadr;e:\windows\system32\drivers\Mkd2Nadr.sys [2008-07-08 79104]

R3 XDva168;XDva168; [x]

S1 aswSP;avast! Self Protection; [x]

S2 aswFsBlk;aswFsBlk;e:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]

S2 fssfltr;fssfltr;e:\windows\system32\DRIVERS\fssfltr_tdi.sys [2008-12-08 55136]

S2 fsssvc;Windows Live Proteção para a Família;e:\arquivos de programas\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;e:\arquivos de programas\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]

S2 SeaPort;SeaPort;e:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]

 

 

--- ---

 

*Deregistered* - Aavmker4

*Deregistered* - AFD

*Deregistered* - ALG

*Deregistered* - aswFsBlk

*Deregistered* - aswMon2

*Deregistered* - aswRdr

*Deregistered* - aswSP

*Deregistered* - aswTdi

*Deregistered* - aswUpdSv

*Deregistered* - AudioSrv

*Deregistered* - audstub

*Deregistered* - avast! Antivirus

*Deregistered* - avast! Mail Scanner

*Deregistered* - avast! Web Scanner

*Deregistered* - Beep

*Deregistered* - BITS

*Deregistered* - Browser

*Deregistered* - Cdfs

*Deregistered* - CryptSvc

*Deregistered* - DcomLaunch

*Deregistered* - Dhcp

*Deregistered* - dmio

*Deregistered* - dmload

*Deregistered* - dmserver

*Deregistered* - Dnscache

*Deregistered* - ElbyCDIO

*Deregistered* - ERSvc

*Deregistered* - EventSystem

*Deregistered* - Fastfat

*Deregistered* - FastUserSwitchingCompatibility

*Deregistered* - Fips

*Deregistered* - FltMgr

*Deregistered* - fssfltr

*Deregistered* - fsssvc

*Deregistered* - Ftdisk

*Deregistered* - Gpc

*Deregistered* - gupdate1c9a8d98cb40f30

*Deregistered* - gusvc

*Deregistered* - helpsvc

*Deregistered* - HTTP

*Deregistered* - InCDfs

*Deregistered* - InCDsrv

*Deregistered* - IpNat

*Deregistered* - IPSec

*Deregistered* - KSecDD

*Deregistered* - lanmanserver

*Deregistered* - lanmanworkstation

*Deregistered* - LmHosts

*Deregistered* - McAfee SiteAdvisor Service

*Deregistered* - MDM

*Deregistered* - mnmdd

*Deregistered* - MountMgr

*Deregistered* - MRxDAV

*Deregistered* - MRxSmb

*Deregistered* - Msfs

*Deregistered* - mssmbios

*Deregistered* - Mup

*Deregistered* - NDIS

*Deregistered* - NdisTapi

*Deregistered* - Ndisuio

*Deregistered* - NdisWan

*Deregistered* - NDProxy

*Deregistered* - NetBIOS

*Deregistered* - NetBT

*Deregistered* - Netman

*Deregistered* - Nla

*Deregistered* - Npfs

*Deregistered* - Ntfs

*Deregistered* - Null

*Deregistered* - NVSvc

*Deregistered* - PartMgr

*Deregistered* - ParVdm

*Deregistered* - PCIIde

*Deregistered* - pcouffin

*Deregistered* - PolicyAgent

*Deregistered* - PptpMiniport

*Deregistered* - ProtectedStorage

*Deregistered* - PSched

*Deregistered* - RasAcd

*Deregistered* - Rasl2tp

*Deregistered* - RasMan

*Deregistered* - RasPppoe

*Deregistered* - Raspti

*Deregistered* - Rdbss

*Deregistered* - RDPCDD

*Deregistered* - rdpdr

*Deregistered* - RemoteRegistry

*Deregistered* - RpcSs

*Deregistered* - SamSs

*Deregistered* - SCDEmu

*Deregistered* - Schedule

*Deregistered* - SeaPort

*Deregistered* - seclogon

*Deregistered* - SENS

*Deregistered* - SharedAccess

*Deregistered* - ShellHWDetection

*Deregistered* - sisidex

*Deregistered* - SoundMAX Agent Service (default)

*Deregistered* - Spooler

*Deregistered* - sr

*Deregistered* - srservice

*Deregistered* - Srv

*Deregistered* - SSDPSRV

*Deregistered* - stisvc

*Deregistered* - swenum

*Deregistered* - TapiSrv

*Deregistered* - Tcpip

*Deregistered* - TermDD

*Deregistered* - TermService

*Deregistered* - Themes

*Deregistered* - TrkWks

*Deregistered* - Update

*Deregistered* - upnphost

*Deregistered* - VgaSave

*Deregistered* - VolSnap

*Deregistered* - W32Time

*Deregistered* - Wanarp

*Deregistered* - WebClient

*Deregistered* - winmgmt

*Deregistered* - wscsvc

*Deregistered* - WSearch

*Deregistered* - wuauserv

*Deregistered* - WudfPf

*Deregistered* - WudfSvc

*Deregistered* - WZCSVC

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02e24a10-e202-11dc-a4ba-806d6172696f}]

\Shell\AutoRun\command - m0vnonh.bat

\Shell\open\Command - m0vnonh.bat

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02e24a12-e202-11dc-a4ba-806d6172696f}]

\Shell\AutoRun\command - m0vnonh.bat

\Shell\open\Command - m0vnonh.bat

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a81d1e5-d761-11dd-85ca-00109588f044}]

\Shell\AutoRun\command - C:\ino6.com

\Shell\explore\Command - C:\ino6.com

\Shell\open\Command - C:\ino6.com

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{118fd434-c39b-11dd-8585-00109588f044}]

\Shell\AutoRun\command - C:\m0vnonh.bat

\Shell\open\Command - C:\m0vnonh.bat

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b5c1600-e22d-11dc-8223-0011d8abaa45}]

\Shell\AutoRun\command - e:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wbsinstalls.exe

\Shell\infected\command - C:\wbsinstalls.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{93c1bb04-f246-11dd-8611-00109588f044}]

\Shell\AutoRun\command - C:\pook.com

\Shell\open\Command - C:\pook.com

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa108ff5-7c46-11dd-848c-00109588f044}]

\Shell\AutoRun\command - e:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9da06ba-d793-11dd-85cb-00109588f044}]

\Shell\AutoRun\command - e:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d28d13e2-d79d-11dd-85cd-00109588f044}]

\Shell\Auto\command - MicrosoftPowerPoint.exe

\Shell\AutoRun\command - e:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4f8ddfe-7ad2-11dd-8481-00109588f044}]

\Shell\AutoRun\command - C:\jdhc2x2.com

\Shell\explore\Command - C:\jdhc2x2.com

\Shell\open\Command - C:\jdhc2x2.com

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd464f9c-406a-11dd-83a4-00109588f044}]

\Shell\AutoRun\command - C:\m0vnonh.bat

\Shell\open\Command - C:\m0vnonh.bat

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"e:\windows\system32\rundll32.exe" "e:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-03-27 e:\windows\Tasks\1-Click Maintenance.job

- e:\arquivos de programas\TuneUp Utilities 2007\SystemOptimizer.exe []

 

2009-04-02 e:\windows\Tasks\Google Software Updater.job

- e:\arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 10:12]

 

2009-04-02 e:\windows\Tasks\GoogleUpdateTaskMachine.job

- e:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-03-19 18:27]

 

2009-04-02 e:\windows\Tasks\User_Feed_Synchronization-{0C36095E-F041-48A4-8102-508217BE272F}.job

- e:\windows\system32\msfeedssync.exe [2009-03-08 04:31]

.

- - - - ORFÃOS REMOVIDOS - - - -

 

HKU-Default-Run-Nokia.PCSync - e:\arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe

SafeBoot-Wdf01000.sys

MSConfigStartUp-amva - e:\windows\system32\amvo.exe

MSConfigStartUp-cdoosoft - e:\windows\system32\olhrwef.exe

MSConfigStartUp-mstwain32 - e:\windows\mstwain32.exe

MSConfigStartUp-Nokia - e:\arquivos de programas\Nokia\Nokia PC Suite 6\PCSync2.exe

MSConfigStartUp-SiteAdvisor - e:\arquivos de programas\SiteAdvisor\6253\SiteAdv.exe

 

 

.

------- Scan Suplementar -------

.

uStart Page = about:blank

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://br.search.yahoo.com/search?fr=mcafee&p=%s

IE: E&xportar para o Microsoft Excel - e:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Translate with &Babylon - e:\arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm

DPF: {A1D886C6-4039-4451-97A9-515F5BE5D4C2} - hxxps://secwebclinic.ahnlab.com/asp/cab/mkdplus.cab

FF - ProfilePath - e:\documents and settings\Felipe de Souza\Dados de aplicativos\Mozilla\Firefox\Profiles\5o2cppyd.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Live Search

FF - prefs.js: browser.startup.homepage - www.orkut.com

FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - component: e:\documents and settings\Felipe de Souza\Dados de aplicativos\Mozilla\Firefox\Profiles\5o2cppyd.default\extensions\{f592709f-ff4a-4862-b659-4afabda56312}\components\FFExternalAlert.dll

FF - plugin: e:\arquivos de programas\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: e:\arquivos de programas\Google\Update\1.2.141.5\npGoogleOneClick7.dll

FF - plugin: e:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: e:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: e:\arquivos de programas\Microsoft\Office Live\npOLW.dll

FF - plugin: e:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

 

---- FIREFOX POLICIES ----

e:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("media.enforce_same_site_origin", false);

e:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("media.ogg.enabled", true);

e:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("media.wave.enabled", true);

e:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("media.autoplay.enabled", true);

e:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

e:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

e:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

e:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

e:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

e:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

e:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

e:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

e:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

e:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

e:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

e:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

.

 

**************************************************************************

 

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-02 19:33:10

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_USERS\S-1-5-21-1220945662-573735546-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5A52899D-87F3-097F-6051-C61BEBFA4271}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

Tempo para conclusão: 2009-04-02 19:35:54

ComboFix-quarantined-files.txt 2009-04-02 22:35:48

 

Pré-execução: 1,773,019,136 bytes disponíveis

Pós execução: 1,789,616,128 bytes disponíveis

 

Current=5 Default=5 Failed=3 LastKnownGood=1 Sets=1,2,3,5

422 --- E O F --- 2009-04-02 17:31:31

 

 

 

 

Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:06:12, on 2/4/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\system32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\system32\svchost.exe

E:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

E:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

E:\WINDOWS\system32\spoolsv.exe

E:\Arquivos de programas\Windows Live\Family Safety\fsssvc.exe

E:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

E:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe

E:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

E:\Arquivos de programas\Google\Update\GoogleUpdate.exe

E:\WINDOWS\system32\nvsvc32.exe

E:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

E:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\system32\SearchIndexer.exe

E:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

E:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

E:\WINDOWS\Explorer.EXE

E:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

E:\Arquivos de programas\BitTorrent\bittorrent.exe

E:\WINDOWS\system32\ctfmon.exe

E:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

E:\Arquivos de programas\Mozilla Firefox 3.1 Beta 2\firefox.exe

E:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

E:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

E:\Arquivos de programas\Windows Live\Mail\wlmail.exe

E:\Hijack\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.search.yahoo.com/search?fr=mcafee&p=%s

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - E:\Arquivos de programas\Windows Live\Family Safety\fssbho.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - E:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - E:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - e:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - E:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - E:\Arquivos de programas\Babylon\Babylon Toolbar\BabylonIEToolBar.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - e:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - E:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [avast!] E:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [bitTorrent] "E:\Arquivos de programas\BitTorrent\bittorrent.exe"

O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-21-1220945662-573735546-839522115-1003\..\Run: [bitTorrent] "E:\Arquivos de programas\BitTorrent\bittorrent.exe" (User '?')

O4 - HKUS\S-1-5-21-1220945662-573735546-839522115-1003\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe (User '?')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User '?')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - S-1-5-21-1220945662-573735546-839522115-1003 Startup: Ferramenta de Verificação de Mídia do Cyber-shot Viewer.lnk = E:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (User '?')

O4 - Startup: Ferramenta de Verificação de Mídia do Cyber-shot Viewer.lnk = E:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://E:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Translate with &Babylon - res://E:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - E:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1228502599578

O16 - DPF: {A1D886C6-4039-4451-97A9-515F5BE5D4C2} (mkdplusCtrl Class) - https://secwebclinic.ahnlab.com/asp/cab/mkdplus.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - e:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - E:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - E:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Update Service (gupdate1c9a8d98cb40f30) (gupdate1c9a8d98cb40f30) - Google Inc. - E:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - E:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - E:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - E:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: NBService - Nero AG - E:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - E:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ServiceLayer - Nokia. - E:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - E:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 10970 bytes

 

Agradeço desde ja...

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! Felipe7l

 

<@> Baixe: < UsbFix.exe > ( ...par Chiquitine29 et Chimay8 )

<@> Salve-o no Desktop! --> Tire-o do zip!

<@> Desabilite,temporariamente,seus programas de proteção. <-- ( antivírus,antispyware e firewall )

<@> Para maiores detalhes,na instalação,siga as recomendações deste Tutorial. <-- Link

<@> Execute a ferramenta,com um duplo-clique em UsbFix.exe.

<@> Surgirá uma mensagem,pedindo que seja conectada sua(s) mídia(s) removíveis,ao computador. ( pendrive,mp3,mp4,iPods,etc... )

<@> Aceite a solicitação,e dê o Ok. --> À seguir clique,novamente,em Ok.

<@> O computador irá reiniciar. <-- Aguarde!

<@> Terminando,clique em "Continue" e aguarde a finalização da ferramenta.

<@> Ps: Não desconecte,ainda,sua(s) mídia(s) removíveis! <-- Importante!

<@> Surgirá a mensagem: "Nettoyage effectue" --> Aperte Enter.

<@> Poste o relatório,que estará em: C:\UsbFix.txt

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa....

Não achei q seria tão rapido...

vlw mesmo!

tá ai o log

 

 

 

 

-------------- UsbFix V2.395 ---------------

 

* User : Felipe de Souza - ACAS-7189DF506C

* Outils mis a jours le 20/10/2008 par Chiquitine29 et Chimay8

* Recherche effectuée à 19:56:25 le --- 03/04/2009

* Windows Xp - Internet Explorer 8.0.6001.18702

 

 

--------------- [ Processus actifs ] ----------------

 

 

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\system32\csrss.exe

E:\WINDOWS\system32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\system32\svchost.exe

E:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

E:\WINDOWS\system32\logonui.exe

E:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

E:\WINDOWS\system32\spoolsv.exe

E:\Arquivos de programas\Alwil Software\Avast4\setup\avast.setup

E:\Arquivos de programas\Windows Live\Family Safety\fsssvc.exe

E:\Arquivos de programas\Google\Update\GoogleUpdate.exe

E:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

E:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

E:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe

E:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

E:\Arquivos de programas\Google\Update\GoogleUpdate.exe

E:\Arquivos de programas\Google\Update\GoogleUpdate.exe

E:\WINDOWS\system32\nvsvc32.exe

E:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

E:\Arquivos de programas\Google\Update\GoogleUpdate.exe

E:\WINDOWS\system32\WgaTray.exe

E:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\system32\SearchIndexer.exe

E:\DOCUME~1\FELIPE~1\CONFIG~1\Temp\4.tmp\b2e.exe

 

--------------- [ Informations lecteurs ] ----------------

 

C: - Unidade de disco remov¡vel

 

E: - Unidade de disco fixo

 

F: - Unidade de disco fixo

 

G: - Unidade de disco remov¡vel

 

H: - Unidade de disco remov¡vel

 

 

+- Contenu de l'autorun : C:\autorun.inf

 

[AutoRun]

;q217Akjdk9l3sKaroliwwpaa45JsDmKwaDD2JJl2S90jFd3

open=m0vnonh.bat

;Lji1HajonSwKwD

shell\open\Command=m0vnonh.bat

 

+- Contenu de l'autorun : H:\autorun.inf

 

-------------------------------------------------

-------------------------------------------------

-------------------------------------------------

--------------- [ Registre / Startup ] ----------------

 

 

! REG.EXE VERSION 3.0

 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

avast! REG_SZ E:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

NvCplDaemon REG_SZ RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup

 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

 

! REG.EXE VERSION 3.0

 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

BitTorrent REG_SZ "E:\Arquivos de programas\BitTorrent\bittorrent.exe"

ctfmon.exe REG_SZ E:\WINDOWS\system32\ctfmon.exe

 

--------------- [ Registre / Mountpoint2 ] ----------------

 

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a81d1e5-d761-11dd-85ca-00109588f044}\Shell\AutoRun\command

Supprimé ! - HKEY_USERS\S-1-5-21-1220945662-573735546-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a81d1e5-d761-11dd-85ca-00109588f044}\Shell\AutoRun\command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a81d1e5-d761-11dd-85ca-00109588f044}\Shell\explore\Command

Supprimé ! - HKEY_USERS\S-1-5-21-1220945662-573735546-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a81d1e5-d761-11dd-85ca-00109588f044}\Shell\explore\Command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a81d1e5-d761-11dd-85ca-00109588f044}\Shell\open\Command

Supprimé ! - HKEY_USERS\S-1-5-21-1220945662-573735546-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a81d1e5-d761-11dd-85ca-00109588f044}\Shell\open\Command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b5c1600-e22d-11dc-8223-0011d8abaa45}\Shell\AutoRun\command

Supprimé ! - HKEY_USERS\S-1-5-21-1220945662-573735546-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b5c1600-e22d-11dc-8223-0011d8abaa45}\Shell\AutoRun\command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a1d9a8f-1fdd-11de-87ce-0016b68d581a}\Shell\AutoRun\command

Supprimé ! - HKEY_USERS\S-1-5-21-1220945662-573735546-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a1d9a8f-1fdd-11de-87ce-0016b68d581a}\Shell\AutoRun\command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{93c1bb04-f246-11dd-8611-00109588f044}\Shell\AutoRun\command

Supprimé ! - HKEY_USERS\S-1-5-21-1220945662-573735546-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{93c1bb04-f246-11dd-8611-00109588f044}\Shell\AutoRun\command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{93c1bb04-f246-11dd-8611-00109588f044}\Shell\open\Command

Supprimé ! - HKEY_USERS\S-1-5-21-1220945662-573735546-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{93c1bb04-f246-11dd-8611-00109588f044}\Shell\open\Command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa108ff5-7c46-11dd-848c-00109588f044}\Shell\AutoRun\command

Supprimé ! - HKEY_USERS\S-1-5-21-1220945662-573735546-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa108ff5-7c46-11dd-848c-00109588f044}\Shell\AutoRun\command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9da06ba-d793-11dd-85cb-00109588f044}\Shell\AutoRun\command

Supprimé ! - HKEY_USERS\S-1-5-21-1220945662-573735546-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9da06ba-d793-11dd-85cb-00109588f044}\Shell\AutoRun\command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d28d13e2-d79d-11dd-85cd-00109588f044}\Shell\AutoRun\command

Supprimé ! - HKEY_USERS\S-1-5-21-1220945662-573735546-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d28d13e2-d79d-11dd-85cd-00109588f044}\Shell\AutoRun\command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4f8ddfe-7ad2-11dd-8481-00109588f044}\Shell\AutoRun\command

Supprimé ! - HKEY_USERS\S-1-5-21-1220945662-573735546-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4f8ddfe-7ad2-11dd-8481-00109588f044}\Shell\AutoRun\command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4f8ddfe-7ad2-11dd-8481-00109588f044}\Shell\explore\Command

Supprimé ! - HKEY_USERS\S-1-5-21-1220945662-573735546-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4f8ddfe-7ad2-11dd-8481-00109588f044}\Shell\explore\Command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4f8ddfe-7ad2-11dd-8481-00109588f044}\Shell\open\Command

Supprimé ! - HKEY_USERS\S-1-5-21-1220945662-573735546-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4f8ddfe-7ad2-11dd-8481-00109588f044}\Shell\open\Command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd464f9c-406a-11dd-83a4-00109588f044}\Shell\AutoRun\command

Supprimé ! - HKEY_USERS\S-1-5-21-1220945662-573735546-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd464f9c-406a-11dd-83a4-00109588f044}\Shell\AutoRun\command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd464f9c-406a-11dd-83a4-00109588f044}\Shell\open\Command

Supprimé ! - HKEY_USERS\S-1-5-21-1220945662-573735546-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd464f9c-406a-11dd-83a4-00109588f044}\Shell\open\Command

 

--------------- [ Nettoyage des disques ] ----------------

 

Supprimé ! - C:\autorun.inf

Supprimé ! - H:\autorun.inf

 

--------------- ! Fin du rapport ! ----------------

Compartilhar este post


Link para o post
Compartilhar em outros sites

ah depois de reiniciar...

eu loguei o usuário ai ele estava esfetuando limpeza de disco nos discos locais (nao sei quais...) ai eu cancelei sera q deu algum problema?

Vlw...

Abrass

Compartilhar este post


Link para o post
Compartilhar em outros sites
ah depois de reiniciar...

eu loguei o usuário ai ele estava esfetuando limpeza de disco nos discos locais (nao sei quais...) ai eu cancelei sera q deu algum problema?

Vlw...

Abrass

<><><><><><><><><>

Opa! Felipe7l

 

<!> Não! Pois o relatório parece-me completo.

<><><><><><><><><>

<@> Baixe: < RSIT > ( ...by random/random )

<@> Salve-o,diretamente,no Disco Local ( E ).

<@> Dê um duplo clique em RSIT.exe,para executar a ferramenta.

<@> Na janela que abrir,disclamer,clique em "Continue".

<@> Aguarde a conclusão de "Running HijackThis". <-- Pseudo!

<@> Terminando,abrir-se-à o Bloco de Notas com o relatório: log.txt <-- Relatório para postagem!

<@> Poste,também,na sua resposta: info.txt,que estará em E:\rsit\info.txt <--

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites
ah depois de reiniciar...

eu loguei o usuário ai ele estava esfetuando limpeza de disco nos discos locais (nao sei quais...) ai eu cancelei sera q deu algum problema?

Vlw...

Abrass

<><><><><><><><><>

Opa! Felipe7l

 

<!> Não! Pois o relatório parece-me completo.

<><><><><><><><><>

<@> Baixe: < RSIT > ( ...by random/random )

<@> Salve-o,diretamente,no Disco Local ( E ).

<@> Dê um duplo clique em RSIT.exe,para executar a ferramenta.

<@> Na janela que abrir,disclamer,clique em "Continue".

<@> Aguarde a conclusão de "Running HijackThis". <-- Pseudo!

<@> Terminando,abrir-se-à o Bloco de Notas com o relatório: log.txt <-- Relatório para postagem!

<@> Poste,também,na sua resposta: info.txt,que estará em E:\rsit\info.txt <--

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Fla ae....

Log:

Logfile of random's system information tool 1.06 (written by random/random)

Run by Felipe de Souza at 2009-04-05 20:00:28

WIN_XP Service Pack 3

System drive E: has 2 GB (3%) free of 60 GB

Total RAM: 512 MB (8% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:00:57, on 5/4/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\system32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\system32\svchost.exe

E:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

E:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

E:\WINDOWS\system32\spoolsv.exe

E:\Arquivos de programas\Windows Live\Family Safety\fsssvc.exe

E:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

E:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe

E:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

E:\Arquivos de programas\Google\Update\GoogleUpdate.exe

E:\WINDOWS\system32\nvsvc32.exe

E:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

E:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\system32\SearchIndexer.exe

E:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

E:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

E:\WINDOWS\Explorer.EXE

E:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

E:\Arquivos de programas\BitTorrent\bittorrent.exe

E:\WINDOWS\system32\ctfmon.exe

E:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

E:\Arquivos de programas\Mozilla Firefox 3.1 Beta 2\firefox.exe

E:\Arquivos de programas\Windows Media Player\wmplayer.exe

E:\WINDOWS\system32\SearchProtocolHost.exe

E:\RSIT.exe

E:\Hijack\Felipe de Souza.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.search.yahoo.com/search?fr=mcafee&p=%s

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - E:\Arquivos de programas\Windows Live\Family Safety\fssbho.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - E:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - E:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - e:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - E:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - E:\Arquivos de programas\Babylon\Babylon Toolbar\BabylonIEToolBar.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - e:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - E:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [avast!] E:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [bitTorrent] "E:\Arquivos de programas\BitTorrent\bittorrent.exe"

O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-21-1220945662-573735546-839522115-1003\..\Run: [bitTorrent] "E:\Arquivos de programas\BitTorrent\bittorrent.exe" (User '?')

O4 - HKUS\S-1-5-21-1220945662-573735546-839522115-1003\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe (User '?')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User '?')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - S-1-5-21-1220945662-573735546-839522115-1003 Startup: Ferramenta de Verificação de Mídia do Cyber-shot Viewer.lnk = E:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (User '?')

O4 - Startup: Ferramenta de Verificação de Mídia do Cyber-shot Viewer.lnk = E:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://E:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Translate with &Babylon - res://E:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - E:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1228502599578

O16 - DPF: {A1D886C6-4039-4451-97A9-515F5BE5D4C2} (mkdplusCtrl Class) - https://secwebclinic.ahnlab.com/asp/cab/mkdplus.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - e:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - E:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - E:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Update Service (gupdate1c9a8d98cb40f30) (gupdate1c9a8d98cb40f30) - Google Inc. - E:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - E:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - E:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - E:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: NBService - Nero AG - E:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - E:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ServiceLayer - Nokia. - E:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - E:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 10917 bytes

 

======Scheduled tasks folder======

 

E:\WINDOWS\tasks\1-Click Maintenance.job

E:\WINDOWS\tasks\Google Software Updater.job

E:\WINDOWS\tasks\GoogleUpdateTaskMachine.job

E:\WINDOWS\tasks\User_Feed_Synchronization-{0C36095E-F041-48A4-8102-508217BE272F}.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Facilitador de Leitor de Link Adobe PDF - E:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]

Windows Live Family Safety Browser Helper Class - E:\Arquivos de programas\Windows Live\Family Safety\fssbho.dll [2009-02-06 61808]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

Click-to-Call BHO - E:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll [2009-02-06 73072]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]

Search Helper - E:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2008-12-04 92504]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - E:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - E:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Auxiliar de Conexão do Windows Live - E:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - E:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-25 668656]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]

McAfee SiteAdvisor BHO - e:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]

Windows Live Toolbar Helper - E:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{965B54B0-71E0-4611-8DE7-F73FA0B20E26} - Babylon - E:\Arquivos de programas\Babylon\Babylon Toolbar\BabylonIEToolBar.dll [2008-02-06 267488]

{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - e:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]

{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - E:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"avast!"=E:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]

"NvCplDaemon"=E:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"BitTorrent"=E:\Arquivos de programas\BitTorrent\bittorrent.exe [2008-12-16 637232]

"ctfmon.exe"=E:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

E:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]

E:\Arquivos de programas\Babylon\Babylon-Pro\Babylon.exe [2008-02-20 3165920]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]

E:\Arquivos de programas\BitTorrent\bittorrent.exe [2008-12-16 637232]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

E:\Arquivos de programas\DNA\btdna.exe [2008-12-19 342848]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]

E:\Arquivos de programas\Windows Live\Family Safety\fsui.exe [2009-02-06 454000]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

E:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]

E:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

E:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe [2004-02-12 49152]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

E:\Arquivos de programas\Messenger\msmsgs.exe [2008-04-13 1695232]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

E:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

E:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe [2007-03-09 153136]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

E:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

E:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

nwiz.exe /install []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]

E:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe [2008-12-03 1205760]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Windows Search.lnk]

E:\ARQUIV~1\WI459E~1\WINDOW~1.EXE [2008-05-26 123904]

 

E:\Documents and Settings\Felipe de Souza\Menu Iniciar\Programas\Inicializar

Ferramenta de Verificação de Mídia do Cyber-shot Viewer.lnk - E:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

E:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=E:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=E:\Arquivos de programas\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"NoDrives"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"E:\Arquivos de programas\DNA\btdna.exe"="E:\Arquivos de programas\DNA\btdna.exe:*:Enabled:DNA"

"E:\Arquivos de programas\Shareaza\Shareaza.exe"="E:\Arquivos de programas\Shareaza\Shareaza.exe:*:Enabled:Shareaza"

"E:\Arquivos de programas\BitTorrent\bittorrent.exe"="E:\Arquivos de programas\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

"E:\Arquivos de programas\Valve\hl.exe"="E:\Arquivos de programas\Valve\hl.exe:*:Enabled:Half-Life Launcher"

"E:\Arquivos de programas\Valve\hlds.exe"="E:\Arquivos de programas\Valve\hlds.exe:*:Enabled:HLDS Launcher"

"E:\Arquivos de programas\Valve\HLServer\hlds.exe"="E:\Arquivos de programas\Valve\HLServer\hlds.exe:*:Enabled:HLDS Launcher"

"E:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="E:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"E:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe"="E:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"E:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="E:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"E:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe"="E:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

 

======List of files/folders created in the last 1 months======

 

2009-04-05 20:00:28 ----D---- E:\rsit

2009-04-05 19:59:11 ----A---- E:\RSIT.exe

2009-04-03 19:56:25 ----A---- E:\UsbFix.txt

2009-04-03 19:38:50 ----D---- E:\Arquivos de programas\UsbFix

2009-04-02 21:25:36 ----SHD---- E:\RECYCLER

2009-04-02 20:47:57 ----D---- E:\Hijack

2009-04-02 19:43:45 ----D---- E:\ComboFix

2009-04-02 19:35:56 ----A---- E:\ComboFix.txt

2009-04-02 19:21:36 ----A---- E:\Boot.bak

2009-04-02 19:21:17 ----D---- E:\cmdcons

2009-04-02 19:14:15 ----D---- E:\WINDOWS\ERDNT

2009-04-02 19:12:16 ----D---- E:\Documents and Settings\Felipe de Souza\Dados de aplicativos\Windows Desktop Search

2009-04-02 16:25:25 ----D---- E:\Documents and Settings\Felipe de Souza\Dados de aplicativos\Windows Search

2009-04-02 16:23:49 ----D---- E:\Arquivos de programas\Windows Desktop Search

2009-04-02 16:23:30 ----HDC---- E:\WINDOWS\$NtUninstallKB940157$

2009-04-02 16:23:05 ----HDC---- E:\WINDOWS\$NtUninstallKB915800-v4$

2009-04-02 14:29:52 ----HDC---- E:\WINDOWS\$NtUninstallKB961118$

2009-04-01 14:10:59 ----N---- E:\WINDOWS\system32\spmsg2.dll

2009-04-01 14:10:58 ----HDC---- E:\WINDOWS\$NtUninstallXPSEPSCLP$

2009-04-01 13:59:18 ----D---- E:\WINDOWS\system32\XPSViewer

2009-04-01 13:58:54 ----D---- E:\WINDOWS\system32\en-US

2009-04-01 13:58:41 ----D---- E:\Arquivos de programas\Reference Assemblies

2009-04-01 13:58:02 ----N---- E:\WINDOWS\system32\xpssvcs.dll

2009-04-01 13:58:02 ----N---- E:\WINDOWS\system32\xpsshhdr.dll

2009-04-01 13:58:02 ----N---- E:\WINDOWS\system32\prntvpt.dll

2009-04-01 13:58:01 ----D---- E:\82395a271562dfd27ce6b4

2009-04-01 13:48:39 ----D---- E:\1dbbb87d4aea535a613cdea85f1d

2009-03-31 15:31:35 ----D---- E:\WINDOWS\ie8updates

2009-03-31 15:26:51 ----HDC---- E:\WINDOWS\ie8

2009-03-25 22:15:09 ----D---- E:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files

2009-03-19 18:27:10 ----D---- E:\Documents and Settings\All Users\Dados de aplicativos\Google Updater

2009-03-19 16:23:52 ----D---- E:\Documents and Settings\Felipe de Souza\Dados de aplicativos\Windows Live Writer

2009-03-19 15:17:28 ----D---- E:\Arquivos de programas\Microsoft Silverlight

2009-03-16 21:23:36 ----A---- E:\WINDOWS\system32\MSJCE.dll

2009-03-13 12:59:09 ----HDC---- E:\WINDOWS\$NtUninstallKB960225$

2009-03-13 12:59:02 ----HDC---- E:\WINDOWS\$NtUninstallKB938464-v2$

2009-03-13 12:58:47 ----HDC---- E:\WINDOWS\$NtUninstallKB958690$

2009-03-13 12:58:17 ----HDC---- E:\WINDOWS\$NtUninstallKB959772_WM11$

2009-03-08 14:35:16 ----N---- E:\WINDOWS\system32\msrating.dll.mui

2009-03-08 14:35:00 ----N---- E:\WINDOWS\system32\mshta.exe.mui

2009-03-08 14:32:34 ----N---- E:\WINDOWS\system32\ie4uinit.exe.mui

2009-03-08 14:32:16 ----N---- E:\WINDOWS\system32\iedkcs32.dll.mui

 

======List of files/folders modified in the last 1 months======

 

2009-04-05 20:00:59 ----D---- E:\Documents and Settings\Felipe de Souza\Dados de aplicativos\BitTorrent

2009-04-05 20:00:20 ----D---- E:\WINDOWS\Prefetch

2009-04-05 19:50:31 ----D---- E:\WINDOWS\Temp

2009-04-05 19:50:12 ----D---- E:\Arquivos de programas\Mozilla Firefox 3.1 Beta 2

2009-04-05 19:48:42 ----SD---- E:\WINDOWS\Tasks

2009-04-05 12:33:27 ----A---- E:\WINDOWS\SchedLgU.Txt

2009-04-04 06:09:23 ----A---- E:\WINDOWS\NeroDigital.ini

2009-04-04 00:24:05 ----D---- E:\WINDOWS\system32\CatRoot2

2009-04-04 00:22:31 ----D---- E:\Documents and Settings\Felipe de Souza\Dados de aplicativos\Vso

2009-04-03 21:10:51 ----D---- E:\WINDOWS

2009-04-03 19:38:50 ----RD---- E:\Arquivos de programas

2009-04-03 18:52:53 ----D---- E:\WINDOWS\network diagnostic

2009-04-02 21:04:58 ----HD---- E:\WINDOWS\inf

2009-04-02 19:43:52 ----D---- E:\WINDOWS\system32

2009-04-02 19:39:34 ----D---- E:\Documents and Settings\Felipe de Souza\Dados de aplicativos\DNA

2009-04-02 19:33:13 ----A---- E:\WINDOWS\system.ini

2009-04-02 19:31:51 ----D---- E:\WINDOWS\system32\drivers

2009-04-02 19:31:51 ----D---- E:\WINDOWS\AppPatch

2009-04-02 19:31:50 ----D---- E:\Arquivos de programas\Arquivos comuns

2009-04-02 19:24:24 ----D---- E:\WINDOWS\pss

2009-04-02 19:24:24 ----A---- E:\WINDOWS\win.ini

2009-04-02 19:21:36 ----RASH---- E:\boot.ini

2009-04-02 19:09:42 ----D---- E:\Arquivos de programas\DNA

2009-04-02 16:48:48 ----D---- E:\WINDOWS\Debug

2009-04-02 16:24:20 ----SD---- E:\Documents and Settings\All Users\Dados de aplicativos\Microsoft

2009-04-02 16:24:12 ----A---- E:\WINDOWS\system32\PerfStringBackup.INI

2009-04-02 16:23:49 ----D---- E:\WINDOWS\system32\wbem

2009-04-02 16:23:10 ----RSHDC---- E:\WINDOWS\system32\dllcache

2009-04-02 14:54:18 ----D---- E:\WINDOWS\Microsoft.NET

2009-04-02 14:54:15 ----RSD---- E:\WINDOWS\assembly

2009-04-02 14:45:55 ----SHD---- E:\WINDOWS\Installer

2009-04-02 14:45:54 ----HD---- E:\Config.Msi

2009-04-02 14:31:42 ----D---- E:\WINDOWS\system32\CatRoot

2009-04-01 15:27:33 ----D---- E:\Documents and Settings\All Users\Dados de aplicativos\Babylon

2009-04-01 14:10:41 ----D---- E:\WINDOWS\system32\pt-br

2009-04-01 14:07:17 ----D---- E:\WINDOWS\WinSxS

2009-04-01 13:59:04 ----D---- E:\Arquivos de programas\MSBuild

2009-04-01 13:58:48 ----RSD---- E:\WINDOWS\Fonts

2009-04-01 13:58:24 ----D---- E:\WINDOWS\system32\spool

2009-03-31 20:55:13 ----D---- E:\Documents and Settings\Felipe de Souza\Dados de aplicativos\Babylon

2009-03-31 15:50:07 ----D---- E:\WINDOWS\Media

2009-03-31 15:50:07 ----D---- E:\WINDOWS\Help

2009-03-31 15:50:07 ----D---- E:\Arquivos de programas\Internet Explorer

2009-03-31 15:31:30 ----D---- E:\WINDOWS\$hf_mig$

2009-03-31 14:54:42 ----D---- E:\Arquivos de programas\Hamachi

2009-03-31 14:54:29 ----D---- E:\Arquivos de programas\GordianKnot

2009-03-31 14:53:46 ----D---- E:\Arquivos de programas\Cheatbook Database 2008

2009-03-31 14:53:38 ----D---- E:\Arquivos de programas\BitTorrent_DNA

2009-03-31 14:53:37 ----D---- E:\Arquivos de programas\BitTorrent

2009-03-31 14:49:27 ----D---- E:\Arquivos de programas\Acoustica Audio Converter Pro

2009-03-31 14:46:30 ----D---- E:\WINDOWS\system32\config

2009-03-31 14:43:19 ----D---- E:\WINDOWS\San Andreas Mod Installer

2009-03-31 14:40:33 ----D---- E:\WINDOWS\CS Online Pro Addons

2009-03-31 14:40:33 ----D---- E:\WINDOWS\CS Online Mega Addons (sem Bot)

2009-03-31 14:29:07 ----D---- E:\WINDOWS\SoftwareDistribution

2009-03-26 22:39:47 ----AD---- E:\Arqs DownLoads LimeWire

2009-03-26 17:22:54 ----D---- E:\Arquivos de programas\VDOWNLOADER

2009-03-25 22:18:31 ----D---- E:\Arquivos de programas\AIMP2

2009-03-19 18:27:44 ----D---- E:\Arquivos de programas\Google

2009-03-19 16:18:54 ----SD---- E:\Documents and Settings\Felipe de Souza\Dados de aplicativos\Microsoft

2009-03-19 15:44:35 ----D---- E:\Arquivos de programas\Windows Live

2009-03-19 15:42:25 ----D---- E:\WINDOWS\system32\DirectX

2009-03-19 13:19:39 ----D---- E:\Arquivos de programas\McAfee

2009-03-16 22:15:00 ----D---- E:\Arquivos de programas\Programas RFB

2009-03-13 12:58:01 ----D---- E:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2009-03-08 14:35:34 ----A---- E:\WINDOWS\system32\ieframe.dll.mui

2009-03-08 14:32:32 ----A---- E:\WINDOWS\system32\advpack.dll.mui

2009-03-08 14:09:26 ----A---- E:\WINDOWS\system32\iedkcs32.dll

2009-03-08 04:41:16 ----A---- E:\WINDOWS\system32\mshtml.dll

2009-03-08 04:39:48 ----A---- E:\WINDOWS\system32\ieframe.dll

2009-03-08 04:34:58 ----A---- E:\WINDOWS\system32\wininet.dll

2009-03-08 04:34:56 ----A---- E:\WINDOWS\system32\urlmon.dll

2009-03-08 04:34:48 ----A---- E:\WINDOWS\system32\WinFXDocObj.exe

2009-03-08 04:34:48 ----A---- E:\WINDOWS\system32\webcheck.dll

2009-03-08 04:34:30 ----A---- E:\WINDOWS\system32\licmgr10.dll

2009-03-08 04:34:28 ----A---- E:\WINDOWS\system32\url.dll

2009-03-08 04:34:18 ----A---- E:\WINDOWS\system32\occache.dll

2009-03-08 04:34:18 ----A---- E:\WINDOWS\system32\msrating.dll

2009-03-08 04:33:40 ----A---- E:\WINDOWS\system32\corpol.dll

2009-03-08 04:33:26 ----A---- E:\WINDOWS\system32\jsproxy.dll

2009-03-08 04:33:16 ----A---- E:\WINDOWS\system32\jscript.dll

2009-03-08 04:33:08 ----A---- E:\WINDOWS\system32\ieaksie.dll

2009-03-08 04:33:06 ----A---- E:\WINDOWS\system32\vbscript.dll

2009-03-08 04:33:02 ----A---- E:\WINDOWS\system32\ieakeng.dll

2009-03-08 04:32:56 ----A---- E:\WINDOWS\system32\admparse.dll

2009-03-08 04:32:54 ----A---- E:\WINDOWS\system32\ie4uinit.exe

2009-03-08 04:32:52 ----A---- E:\WINDOWS\system32\ieudinit.exe

2009-03-08 04:32:52 ----A---- E:\WINDOWS\system32\ieakui.dll

2009-03-08 04:32:50 ----A---- E:\WINDOWS\system32\iesetup.dll

2009-03-08 04:32:50 ----A---- E:\WINDOWS\system32\iernonce.dll

2009-03-08 04:32:48 ----A---- E:\WINDOWS\system32\advpack.dll

2009-03-08 04:32:46 ----A---- E:\WINDOWS\system32\inseng.dll

2009-03-08 04:32:26 ----A---- E:\WINDOWS\system32\msfeeds.dll

2009-03-08 04:32:22 ----A---- E:\WINDOWS\system32\iertutil.dll

2009-03-08 04:32:04 ----A---- E:\WINDOWS\system32\mstime.dll

2009-03-08 04:31:56 ----A---- E:\WINDOWS\system32\iepeers.dll

2009-03-08 04:31:54 ----A---- E:\WINDOWS\system32\msfeedssync.exe

2009-03-08 04:31:52 ----A---- E:\WINDOWS\system32\msfeedsbs.dll

2009-03-08 04:31:52 ----A---- E:\WINDOWS\system32\icardie.dll

2009-03-08 04:31:44 ----A---- E:\WINDOWS\system32\dxtmsft.dll

2009-03-08 04:31:38 ----A---- E:\WINDOWS\system32\imgutil.dll

2009-03-08 04:31:38 ----A---- E:\WINDOWS\system32\dxtrans.dll

2009-03-08 04:31:36 ----A---- E:\WINDOWS\system32\pngfilt.dll

2009-03-08 04:31:26 ----A---- E:\WINDOWS\system32\mshtmled.dll

2009-03-08 04:31:18 ----A---- E:\WINDOWS\system32\mshtmler.dll

2009-03-08 04:31:02 ----A---- E:\WINDOWS\system32\mshta.exe

2009-03-08 04:22:46 ----A---- E:\WINDOWS\system32\ieui.dll

2009-03-08 04:22:38 ----A---- E:\WINDOWS\system32\msls31.dll

2009-03-08 04:11:12 ----A---- E:\WINDOWS\system32\ieapfltr.dll

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 Aavmker4;avast! Asynchronous Virus Monitor; E:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]

R1 aswSP;avast! Self Protection; E:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]

R1 aswTdi;avast! Network Shield Support; E:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]

R1 ElbyCDIO;ElbyCDIO Driver; E:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-02-28 15440]

R1 InCDPass;InCDPass; E:\WINDOWS\system32\drivers\InCDPass.sys [2007-03-12 37040]

R1 incdrm;InCD Reader; E:\WINDOWS\system32\drivers\InCDRm.sys [2007-03-12 38576]

R1 intelppm;Driver de Processador Intel; E:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40448]

R1 SCDEmu;SCDEmu; E:\WINDOWS\system32\drivers\SCDEmu.sys [2007-08-06 33052]

R2 aswFsBlk;aswFsBlk; E:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]

R2 aswMon2;avast! Standard Shield Support; E:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]

R2 fssfltr;FssFltr; E:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2008-12-08 55136]

R3 aeaudio;aeaudio; E:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]

R3 AnyDVD;AnyDVD; E:\WINDOWS\System32\Drivers\AnyDVD.sys [2007-05-20 96328]

R3 aswRdr;aswRdr; E:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]

R3 nv;nv; E:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]

R3 pcouffin;VSO Software pcouffin; E:\WINDOWS\System32\Drivers\pcouffin.sys [2008-03-08 47360]

R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; E:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-08-03 32768]

R3 smwdm;smwdm; E:\WINDOWS\system32\drivers\smwdm.sys [2003-08-29 578304]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; E:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;USB2 Enabled Hub; E:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; E:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]

R4 InCDfs;InCD File System; E:\WINDOWS\system32\drivers\InCDFs.sys [2007-03-12 118064]

S3 catchme;catchme; \??\E:\DOCUME~1\FELIPE~1\CONFIG~1\Temp\catchme.sys []

S3 cpuz129;cpuz129; \??\F:\felipe\Programas\pc wizz\pcwiz32.sys []

S3 EagleNT;EagleNT; \??\E:\WINDOWS\system32\drivers\EagleNT.sys []

S3 ENTECH;ENTECH; \??\E:\WINDOWS\system32\DRIVERS\ENTECH.SYS []

S3 hamachi;Hamachi Network Interface; E:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-11-22 25280]

S3 hidusb;Driver de classe HID da Microsoft; E:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

S3 HPZid412;IEEE-1284.4 Driver HPZid412; E:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-06-21 51088]

S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; E:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-06-21 16496]

S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; E:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-06-21 21744]

S3 Mkd2kfNt;Mkd2kfNt; E:\WINDOWS\system32\drivers\Mkd2kfNt.sys [2008-07-08 130560]

S3 Mkd2Nadr;Mkd2Nadr; E:\WINDOWS\system32\drivers\Mkd2Nadr.sys [2008-07-08 79104]

S3 mouhid;Mouse HID Driver; E:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-09-05 12288]

S3 nmwcd;Nokia USB Phone Parent; E:\WINDOWS\system32\drivers\ccdcmb.sys [2008-09-15 17664]

S3 nmwcdc;Nokia USB Generic; E:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-09-15 22016]

S3 npkcrypt;npkcrypt; \??\F:\felipe\Rag BRO\RRO\npkcrypt.sys []

S3 P2k;Motorola USB Device; E:\WINDOWS\system32\DRIVERS\P2k.sys [2004-05-27 16032]

S3 pccsmcfd;PCCS Mode Change Filter Driver; E:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]

S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); E:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]

S3 upperdev;upperdev; E:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-09-15 8064]

S3 usbccgp;Microsoft USB Generic Parent Driver; E:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 usbprint;Microsoft USB PRINTER Class; E:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 usbscan;USB Scanner Driver; E:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 usbser;USB Modem Driver; E:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]

S3 UsbserFilt;UsbserFilt; E:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-09-15 8064]

S3 USBSTOR;USB Mass Storage Driver; E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 Wdf01000;Wdf01000; E:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]

S3 WpdUsb;WpdUsb; E:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; E:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]

S3 XDva168;XDva168; \??\E:\WINDOWS\system32\XDva168.sys []

S4 IntelIde;IntelIde; E:\WINDOWS\system32\drivers\IntelIde.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 aswUpdSv;avast! iAVS4 Control Service; E:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]

R2 avast! Antivirus;avast! Antivirus; E:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]

R2 fsssvc;Windows Live Proteção para a Família; E:\Arquivos de programas\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]

R2 InCDsrv;InCD Helper; E:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe [2007-03-12 931376]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; E:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]

R2 MDM;Machine Debug Manager; E:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]

R2 NVSvc;NVIDIA Display Driver Service; E:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]

R2 SeaPort;SeaPort; E:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]

R2 SoundMAX Agent Service (default);SoundMAX Agent Service; E:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]

R2 WSearch;Windows Search; E:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; E:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

R3 avast! Mail Scanner;avast! Mail Scanner; E:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]

R3 avast! Web Scanner;avast! Web Scanner; E:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]

S2 gupdate1c9a8d98cb40f30;Google Update Service (gupdate1c9a8d98cb40f30); E:\Arquivos de programas\Google\Update\GoogleUpdate.exe [2009-03-19 133104]

S2 gusvc;Google Software Updater; E:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 183280]

S3 aspnet_state;ASP.NET State Service; E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; e:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 IDriverT;InstallDriver Table Manager; E:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]

S3 idsvc;Windows CardSpace; e:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; E:\Arquivos de programas\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]

S3 NBService;NBService; E:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-15 774144]

S3 NMIndexingService;NMIndexingService; E:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe [2007-03-12 271920]

S3 odserv;Microsoft Office Diagnostics Service; E:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]

S3 ose;Office Source Engine; E:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 Pml Driver HPZ12;Pml Driver HPZ12; E:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]

S3 ServiceLayer;ServiceLayer; E:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]

S3 usprserv;User Privilege Service; E:\WINDOWS\System32\svchost.exe [2008-04-13 14336]

S3 WMPNetworkSvc;Serviço de Compartilhamento de Rede do Windows Media Player; E:\Arquivos de programas\Windows Media Player\WMPNetwk.exe [2006-11-02 914944]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; e:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

 

-----------------EOF-----------------

 

 

 

Info:

info.txt logfile of random's system information tool 1.06 2009-04-05 20:01:02

 

======Uninstall list======

 

-->E:\Arquivos de programas\DivX\DivXConverterUninstall.exe /CONVERTER

-->E:\Arquivos de programas\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL

-->E:\WINDOWS\NuNInst.exe /UNINSTALL

-->E:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL

-->E:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL

-->E:\WINDOWS\UNNeroShowTime.exe /UNINSTALL

-->E:\WINDOWS\UNNeroVision.exe /UNINSTALL

-->E:\WINDOWS\UNRecode.exe /UNINSTALL

-->RunDll32 E:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "E:\Arquivos de programas\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x416 -removeonly

-->RunDll32 E:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "E:\Arquivos de programas\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x416 -removeonly

-->RunDll32 E:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "E:\Arquivos de programas\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x416 -removeonly

-->RunDll32 E:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "E:\Arquivos de programas\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x416 -removeonly

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 E:\WINDOWS\INF\PCHealth.inf

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0416-0000-0000000FF1CE} /uninstall {669EB263-0AFE-4FCB-A068-DB082CA6273C}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0416-0000-0000000FF1CE} /uninstall {98003BDC-1B68-4970-B28E-ACC8000D2F3E}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}

Acoustica Audio Converter Pro-->E:\ARQUIV~1\ACOUST~1\UNWISE.EXE E:\ARQUIV~1\ACOUST~1\INSTALL.LOG

Adobe AIR-->E:\Arquivos de programas\Arquivos comuns\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall

Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}

Adobe Flash Player 10 Plugin-->E:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Flash Player ActiveX-->E:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Media Player-->msiexec /qb /x {1EBB57D4-63FF-87CC-A0F0-D73982CF6008}

Adobe Media Player-->MsiExec.exe /I{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}

Adobe Reader 8.1.4 - Português-->MsiExec.exe /I{AC76BA86-7AD7-1046-7B44-A81300000003}

Age of Empires III - The WarChiefs-->E:\ARQUIV~1\ARQUIV~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{1C08A24C-B168-407E-A826-68FAF5F20710}

AhnLab MyKeyDefense 2.0-->"E:\Arquivos de programas\AhnLab\ASP\Smart Update i\update\patch\e0\MyKD20setup.exe" -Uninstall

AhnLab Smart Update i-->"E:\Arquivos de programas\AhnLab\ASP\Smart Update i\update\patch\03\SUpdateiSetup.exe" -Uninstall

AnyDVD-->"E:\Arquivos de programas\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="E:\Arquivos de programas\SlySoft\AnyDVD"

Assistente de Conexão do Windows Live-->MsiExec.exe /I{381C70F0-FC2C-4BEF-B16C-B88FA67A6B7B}

Atualização Crítica para o Windows Media Player 11 (KB959772)-->"E:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"

Atualização de Segurança para o Windows Media Player (KB952069)-->"E:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"

Atualização de Segurança para o Windows Media Player 11 (KB936782)-->"E:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"

Atualização de Segurança para o Windows Media Player 11 (KB954154)-->"E:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB938127-v2)-->"E:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB956390)-->"E:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB958215)-->"E:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB960714)-->"E:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB961260)-->"E:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB938464)-->"E:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB938464-v2)-->"E:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB941569)-->"E:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB946648)-->"E:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB950762)-->"E:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB950974)-->"E:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB951066)-->"E:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB951376-v2)-->"E:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB951698)-->"E:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB951748)-->"E:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB952954)-->"E:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB954211)-->"E:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB954459)-->"E:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB954600)-->"E:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB955069)-->"E:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB956391)-->"E:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB956802)-->"E:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB956803)-->"E:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB956841)-->"E:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB957095)-->"E:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB957097)-->"E:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB958644)-->"E:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB958687)-->"E:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB958690)-->"E:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB960225)-->"E:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB960715)-->"E:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"

Atualização para Windows Internet Explorer 8 (KB968220)-->"E:\WINDOWS\ie8updates\KB968220-IE8\spuninst\spuninst.exe"

Atualização para Windows XP (KB951072-v2)-->"E:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"

Atualização para Windows XP (KB951978)-->"E:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"

Atualização para Windows XP (KB955839)-->"E:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"

Atualização para Windows XP (KB967715)-->"E:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"

avast! Antivirus-->E:\Arquivos de programas\Alwil Software\Avast4\aswRunDll.exe "E:\Arquivos de programas\Alwil Software\Avast4\Setup\setiface.dll",RunSetup

Babylon Toolbar-->MsiExec.exe /I{67A339E5-D8AA-4E88-9278-A571B397F798}

Babylon-->E:\Arquivos de programas\Babylon\Babylon-Pro\Utils\uninstbb.exe

CCleaner (remove only)-->"E:\Arquivos de programas\CCleaner\uninst.exe"

Cheatbook Database 2008-->"E:\Arquivos de programas\Cheatbook Database 2008\Uninstal.exe"

Cheetah Audio Converter-->RunDll32 E:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Arquivos de programas\InstallShield Installation Information\{B1914510-38B5-4835-83D8-A188073E542F}\Setup.exe"

Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}

ConvertXtoDVD 2.2.3.258h-->"E:\Arquivos de programas\VSO\ConvertXtoDVD\unins000.exe"

ConvertXtoDVD 3.3.1.99-->"E:\Arquivos de programas\VSO\ConvertX\3\unins000.exe"

Counter-Strike 1.6-->RunDll32 E:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "E:\Arquivos de programas\InstallShield Installation Information\{13B792AA-C078-43A4-8A3A-8B12D629940D}\Setup.exe" -l0x19

CS Online Mega Addons (sem Bot)-->"E:\WINDOWS\CS Online Mega Addons (sem Bot)\uninstall.exe" "/U:E:\Arquivos de programas\Valve\HLServer\cstrike\Uninstall\uninstall.xml"

DivX Converter-->E:\Arquivos de programas\DivX\DivXConverterUninstall.exe /CONVERTER

DivX Player-->E:\Arquivos de programas\DivX\DivXPlayerUninstall.exe /PLAYER

DivX Web Player-->E:\Arquivos de programas\DivX\DivXWebPlayerUninstall.exe /PLUGIN

Ferramenta de Carregamento do Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

Google Earth-->MsiExec.exe /X{548EAC70-EE00-11DD-908C-005056806466}

Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

Google Updater-->"E:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe" -uninstall

Half-Life Dedicated Server Update Tool-->E:\ARQUIV~1\Valve\HLServer\UNWISE.EXE E:\ARQUIV~1\Valve\HLServer\INSTALL.LOG

Hamachi 1.0.3.0-->E:\Arquivos de programas\Hamachi\uninstall.exe

HijackThis 2.0.2-->"E:\Hijack\HijackThis.exe" /uninstall

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->E:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->E:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""

Hotfix for Windows Media Format 11 SDK (KB929399)-->"E:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB915800-v4)-->"E:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"

Hotfix para o Windows Media Player 11 (KB939683)-->"E:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"

Hotfix para Windows XP (KB952287)-->"E:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

Hotfix para Windows XP (KB961118)-->"E:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"

HP Image Zone 4.2-->E:\Arquivos de programas\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat

HP PSC & OfficeJet 4.2-->"E:\Arquivos de programas\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat

HP Software Update-->MsiExec.exe /X{457791C5-D702-4143-A7B2-2744BE9573F2}

IRPF2008 - Declaração de Ajuste Anual-->E:\ARQUIV~1\PROGRA~1\IRPF2008\UNWISE.EXE E:\ARQUIV~1\PROGRA~1\IRPF2008\INSTALL.LOG

IRPF2009 - Declaração de Ajuste Anual e Final de Espólio-->F:\felipe\Jogos\IRPF2009\UNWISE.EXE F:\felipe\Jogos\IRPF2009\INSTALL.LOG

Java 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}

Java 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}

Java 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}

Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}

K-Lite Mega Codec Pack 4.0.0-->"E:\Arquivos de programas\K-Lite Codec Pack\unins000.exe"

LimeWire 5.0.3-->"E:\Arquivos de programas\LimeWire\uninstall.exe"

McAfee SiteAdvisor-->E:\Arquivos de programas\McAfee\SiteAdvisor\Uninstall.exe

Messenger Plus! Live-->"E:\Arquivos de programas\Messenger Plus! Live\Uninstall.exe"

Microsoft .NET Framework 1.1 Brazilian Portuguese Language Pack-->MsiExec.exe /X{0CBADDF4-2CF6-4CDB-B4F5-29B8FCA7FE07}

Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PTB-->MsiExec.exe /I{3F31F3B5-C1FF-3708-8611-869DE39C0CB6}

Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}

Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PTB-->MsiExec.exe /I{B1FA73D8-AB79-3A2E-81AC-DBBAC155B2FE}

Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}

Microsoft .NET Framework 3.5 Language Pack SP1 - ptb-->MsiExec.exe /I{1438B41C-658C-35B7-9253-780F2E0A0B8E}

Microsoft .NET Framework 3.5 SP1-->E:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"E:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"E:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"

Microsoft Office Access MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0015-0416-0000-0000000FF1CE}

Microsoft Office Enterprise 2007-->"E:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL

Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0016-0416-0000-0000000FF1CE}

Microsoft Office Groove MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-00BA-0416-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0044-0416-0000-0000000FF1CE}

Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-00A1-0416-0000-0000000FF1CE}

Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0120-0416-0000-0000000FF1CE}

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001A-0416-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0018-0416-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001F-0416-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-002C-0416-0000-0000000FF1CE}

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0019-0416-0000-0000000FF1CE}

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-006E-0416-0000-0000000FF1CE}

Microsoft Office Word MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001B-0416-0000-0000000FF1CE}

Microsoft Search Enhancement Pack-->MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}

Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}

Microsoft User-Mode Driver Framework Feature Pack 1.5-->"E:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Mozilla Firefox (3.0.4)-->E:\Arquivos de programas\Mozilla Firefox\uninstall\helper.exe

Mozilla Firefox (3.1b3)-->E:\Arquivos de programas\Mozilla Firefox 3.1 Beta 2\uninstall\helper.exe

MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

Nero 7 Ultra Edition-->MsiExec.exe /I{06024F70-15BC-4447-B53A-F1A7BBA21046}

neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}

Nokia Connectivity Cable Driver-->MsiExec.exe /X{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}

Nokia PC Suite-->E:\Documents and Settings\All Users\Dados de aplicativos\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Nokia_PC_Suite_7_1_18_0_por_br.exe

Nokia PC Suite-->MsiExec.exe /I{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}

NVIDIA Drivers-->E:\WINDOWS\system32\nvudisp.exe UninstallGUI

Pacote de Driver do Windows - Nokia Modem (02/15/2007 3.1)-->E:\ARQUIV~1\DIFX\270581355A767BF1\dpinst.exe /u E:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf

Pacote de Driver do Windows - Nokia Modem (02/15/2007 3.1)-->E:\ARQUIV~1\DIFX\270581355A767BF1\dpinst.exe /u E:\WINDOWS\system32\DRVSTORE\pccs_bluet_F12A08B6F776984A95553486F64C541356F86E38\pccs_bluetooth.inf

Pacote de Driver do Windows - Nokia Modem (03/05/2008 3.7)-->E:\ARQUIV~1\DIFX\270581355A767BF1\dpinst.exe /u E:\WINDOWS\system32\DRVSTORE\nokia_blue_635B28EFCFA9395123BB1C251595CB16129E2560\nokia_bluetooth.inf

Pacote de Driver do Windows - Nokia Modem (03/13/2008 6.86.0.1)-->E:\ARQUIV~1\DIFX\270581355A767BF1\dpinst.exe /u E:\WINDOWS\system32\DRVSTORE\nokbtmdm_28F2EAC406838DA65AFF6C6886FE9FE96AEF5186\nokbtmdm.inf

Pacote de Driver do Windows - Nokia Modem (05/22/2008 3.8)-->E:\ARQUIV~1\DIFX\270581355A767BF1\dpinst.exe /u E:\WINDOWS\system32\DRVSTORE\nokia_blue_6F90B0F4A73A2F780A1010B5D6CB5DDFB098181E\nokia_bluetooth.inf

Pacote de Driver do Windows - Nokia Modem (05/22/2008 7.00.0.1)-->E:\ARQUIV~1\DIFX\270581355A767BF1\dpinst.exe /u E:\WINDOWS\system32\DRVSTORE\nokbtmdm_E68D50F7E25BFE399D47C864C3B52557346242A9\nokbtmdm.inf

Pacote de Driver do Windows - Nokia Modem (05/24/2007 6.84.0.1)-->E:\ARQUIV~1\DIFX\270581355A767BF1\dpinst.exe /u E:\WINDOWS\system32\DRVSTORE\nokbtmdm_5E1541AFF1E1EA3554CE566743CCAD323ED1C108\nokbtmdm.inf

Pacote de Driver do Windows - Nokia Modem (10/27/2008 3.9)-->E:\ARQUIV~1\DIFX\270581355A767BF1\dpinst.exe /u E:\WINDOWS\system32\DRVSTORE\nokia_blue_79486EC6AA0D1732FB17E5167077C07ECAE1B870\nokia_bluetooth.inf

Pacote de Driver do Windows - Nokia Modem (10/27/2008 7.01.0.1)-->E:\ARQUIV~1\DIFX\270581355A767BF1\dpinst.exe /u E:\WINDOWS\system32\DRVSTORE\nokbtmdm_247189AEBF39EB69A7C75429610DFED2F2EDC1B6\nokbtmdm.inf

Pacote de Driver do Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->E:\ARQUIV~1\DIFX\270581355A767BF1\dpinst.exe /u E:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf

Pacote de Idiomas do Microsoft .NET Framework 3.5 SP1 - PTB-->e:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - ptb\setup.exe

Patch SiteCS-->"E:\Arquivos de programas\Valve\unins000.exe"

PC Connectivity Solution-->MsiExec.exe /I{D848D140-41C3-4A53-86D8-E866A100B4CD}

PowerISO-->"E:\Arquivos de programas\PowerISO\uninstall.exe"

Ragnarok Online-->RunDll32 E:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "E:\Arquivos de programas\InstallShield Installation Information\{842CBB5A-8D50-4C28-8109-12C5C5C3F4A4}\setup.exe" -l0x416 -removeonly

Receitanet 2008-->E:\WINDOWS\DesinstRecnet.exe

Receitanet Java 2009.01-->E:\ARQUIV~1\PROGRA~1\RECEIT~1\DesinstJ.exe

Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}

Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}

Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}

Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}

Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}

Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}

Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}

Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}

Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}

Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}

Shareaza 2.4.0.0-->"E:\Arquivos de programas\Shareaza\Uninstall\unins000.exe"

SiS 900 PCI Fast Ethernet Adapter Driver-->E:\Progra~1\SiSLan\Uninst.exe

Sony Noise Reduction Plug-In 2.0e-->MsiExec.exe /X{D533C9D4-ED96-4191-B9C3-279C0DD6BABA}

Sony Picture Utility-->RunDll32 E:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "E:\Arquivos de programas\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x416 /removeonly uninstall -removeonly

Sony USB Driver-->RunDll32 E:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Arquivos de programas\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL

SoundMAX-->RunDll32 E:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Arquivos de programas\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"

sXe Injected-->"E:\Arquivos de programas\sXe Injected\uninstall.exe"

sXe Injected-->E:\Arquivos de programas\sXe Injected\uninstall.exe

Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}

Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}

Update for Outlook 2007 Junk Email Filter (kb962871)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {297857BF-4011-449B-BD74-DB64D182821C}

UsbFix-->E:\Arquivos de programas\UsbFix\Uninstal.exe

VDownloader 0.81-->"E:\Arquivos de programas\VDOWNLOADER\unins000.exe"

VSO CopyToDVD 4-->"E:\Arquivos de programas\VSO\unins000.exe"

Windows Imaging Component-->"E:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"

Windows Internet Explorer 8-->"E:\WINDOWS\ie8\spuninst\spuninst.exe"

Windows Live Call-->MsiExec.exe /I{32BC546A-8AA3-4239-AE92-9CF3291C35A6}

Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}

Windows Live Essentials-->E:\Arquivos de programas\Windows Live\Installer\wlarp.exe

Windows Live Essentials-->MsiExec.exe /I{3B96F4EA-CD82-4C57-B86A-646A017CAF18}

Windows Live Galeria de Fotos-->MsiExec.exe /X{50D918C3-1FAD-4BE0-89D1-7B7AAA2AF710}

Windows Live Mail-->MsiExec.exe /I{852E74A9-74F1-4F71-BE3E-991A48EF232D}

Windows Live Messenger-->MsiExec.exe /X{C8DD4EAD-674B-461B-94D5-4C80CCFB8401}

Windows Live Proteção para a Família-->MsiExec.exe /X{BA9A33CA-8ADF-4263-B2F4-B611245A37FF}

Windows Live Sync-->MsiExec.exe /X{D7A88CAC-67C3-4435-898E-2B7245F3E4BB}

Windows Live Toolbar-->MsiExec.exe /X{624DEAA0-B27D-444B-8BFE-70622B318A4A}

Windows Live Writer-->MsiExec.exe /X{32EF3D9D-B626-497C-8E93-EC4B24E20EDA}

Windows Media Format 11 runtime-->"E:\Arquivos de programas\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Player 11-->"E:\Arquivos de programas\Windows Media Player\Setup_wm.exe" /Uninstall

Windows Search 4.0-->"E:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"

Windows XP Service Pack 3-->"E:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

WinRAR archiver-->E:\Arquivos de programas\WinRAR\uninstall.exe

WinZip-->"E:\Arquivos de programas\WinZip\WINZIP32.EXE" /uninstall

XML Paper Specification Shared Components Language Pack 1.0-->"E:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

 

Securitycenter WMI appears to be broken

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;E:\Arquivos de programas\PC Connectivity Solution

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel

"PROCESSOR_REVISION"=0304

"NUMBER_OF_PROCESSORS"=2

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

 

-----------------EOF-----------------

 

Abrass

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! Felipe7l

 

<@> Faça um scan online em: < Kaspersky >

<@> Utilize para isso,o navegador Internet Explorer.

 

<!> Acesse o site,e clique em: < kasperdx9.jpg >

 

<@> Na próxima página,clique em: I Accept

<@> Isto,para que se instale o controle ActiveX e,em seguida,atualize o banco de dados.

<@> Na próxima página,clique em: My Computer e faça o scan.

<@> Tenha paciência!

<@> Aguarde a atualização da base de dados,e também do exame,que é demorado.

<@> Terminando,salve e poste o relatório.

<@> Clique em Save Report As... para salvar o log. ( Kaspersky_Online_Scanner_7_Report.txt )

<@> Salve o resultado como .txt,segundo a imagem abaixo:

 

Kas-Savetxt.gif

 

<@> Poste,também,HijackThis atualizado.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites
Demoooooraaa! :closedeyes:

<><><><><><><><><><>

Opa! Felipe7l

 

<!> A demora é compensada pela eficiência.Mas...caso não possa aguardar a conclusão,faça em Eset.

<><><><><><><><><><>

<@> Faça um escaneamento,online,em Eset.

<@> Utilize o navegador Internet Explorer.

<@> Marque a caixa: "SIM,aceito as condições de uso" --> Iniciar.

<@> Marque a caixa: "YES, I accept the Terms of Use" --> Start.

<@> Aceite a instalação do ActiveX e,ao terminar,salve e poste o relatório. ( E:\Arquivos de programas\EsetOnlineScanner\log )

<@> Poste,também,HijackThis atualizado.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Vlw ae pela ajuda....

Mas eu fiz m***** nos dois sites q você me passou...

amanha vo colocar o do kaspersky pra rodar..

ai posto o log...

abrass!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa DigRam.

Valeu pelo suporte q você ta me dando...

eh... a análise do kaspersky nao tive tempo de faze-la nem a do outro site...

eu baixei e instalei aki no meu pc o Kaspersky Anti-Vírus

to rodando ele aki belezinha...

aprendendo a mexer ainda...

fiz o scan no "meu computador" (igual nakele online fraga?)

nao sei ainda como pegar o relatorio para postar aki...

eu passei ele ai encontrou 2 virus quando estava em 80% da scan...

ai do nada o pc reiniciou e quando loguei de novo acousou o virus e exclui os 2...

estou fazendo ainda a scan do sistema mais ja peguei o novo log do hijackthis pra você analisar....

e pq q na pasta do "hijackthis" tem dois executaveis la um inclusive com meu nome? "Felipe de Souza.exe"??

 

 

LoG:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:46:41, on 8/4/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\system32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\system32\spoolsv.exe

E:\Arquivos de programas\Google\Update\GoogleUpdate.exe

E:\WINDOWS\Explorer.EXE

E:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

E:\Arquivos de programas\Windows Live\Family Safety\fsssvc.exe

E:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

E:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe

E:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

E:\WINDOWS\system32\nvsvc32.exe

E:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

E:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

E:\WINDOWS\system32\svchost.exe

E:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

E:\WINDOWS\system32\SearchIndexer.exe

E:\Arquivos de programas\BitTorrent\bittorrent.exe

E:\WINDOWS\system32\ctfmon.exe

E:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

E:\WINDOWS\system32\SearchProtocolHost.exe

E:\Arquivos de programas\Mozilla Firefox 3.1 Beta 2\firefox.exe

E:\Hijack\Felipe de Souza.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.search.yahoo.com/search?fr=mcafee&p=%s

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - E:\Arquivos de programas\Windows Live\Family Safety\fssbho.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - E:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - E:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - e:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - E:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - E:\Arquivos de programas\Babylon\Babylon Toolbar\BabylonIEToolBar.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - e:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - E:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [AVP] "E:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"

O4 - HKCU\..\Run: [bitTorrent] "E:\Arquivos de programas\BitTorrent\bittorrent.exe"

O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-21-1220945662-573735546-839522115-1003\..\Run: [bitTorrent] "E:\Arquivos de programas\BitTorrent\bittorrent.exe" (User '?')

O4 - HKUS\S-1-5-21-1220945662-573735546-839522115-1003\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe (User '?')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User '?')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - S-1-5-21-1220945662-573735546-839522115-1003 Startup: Ferramenta de Verificação de Mídia do Cyber-shot Viewer.lnk = E:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (User '?')

O4 - Startup: Ferramenta de Verificação de Mídia do Cyber-shot Viewer.lnk = E:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://E:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Translate with &Babylon - res://E:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - E:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - E:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1228502599578

O16 - DPF: {A1D886C6-4039-4451-97A9-515F5BE5D4C2} (mkdplusCtrl Class) - https://secwebclinic.ahnlab.com/asp/cab/mkdplus.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - e:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll

O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - E:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

O23 - Service: Google Update Service (gupdate1c9a8d98cb40f30) (gupdate1c9a8d98cb40f30) - Google Inc. - E:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - E:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - E:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - E:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: NBService - Nero AG - E:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - E:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ServiceLayer - Nokia. - E:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - E:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 10697 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! Felipe7l

 

estou fazendo ainda a scan do sistema mais ja peguei o novo log do hijackthis pra você analisar....

<!> Como não há possibilidade de realizar o online,envie esse mesmo!

 

e pq q na pasta do "hijackthis" tem dois executaveis la um inclusive com meu nome? "Felipe de Souza.exe"??

<!> Com certeza,é um bug na ferramenta...aonde: E:\Hijack\Felipe de Souza.exe ou E:\Hijack\HijackThis.exe,são os mesmos executáveis. Caso queira,delete um deles.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites
Bom dia fi...

mais como eu pego o relatorio la do kav?

abrats!

<><><><><><><><><><>

Opa! Felipe7l

 

<!> Ainda não estou à par,do Tutorial do KIS 2009,e voçê terá que recorrer às orientações do fabricante.

 

<!> Acesse: < http://downloads.kaspersky-labs.com/docs/p.../kis2009_pt.pdf >

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.