Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

ig0rf

[Arquivado] Análise de Log/Virus WIN32/Cutwail

Recommended Posts

Boa noite! hoje peguei um virus de manhã.. o html framer.. e nao tava conseguindo tirar. aí resolvi reiniciar e simplesmente não inicializava mais o windows, pq parece que tinha corrompido o userinit.exe, que é o arquivo que faz o logon do windows.. aí o proprio windows não deixava o arquivo rodar e não tinha como eu logar.. suspeitei que tinha pego outro virus, ai resolvi rodar aquele detector e malware da microsoft..

 

o relatorio final foi +/- esse:

trojan downloader:win32/zlob.gen - removido

virtool:winnt/cutwail.L - parcialmente removido

virus:win32/cutwail.F - parcialmente removido

 

aí fiquei tentando ligar o pc em seguida e dava o mesmo erro.. até que na 3 tentativa consegui.. aí deixei passando um AVG pra verificar e como sempre lia as coisas aqui, resolvi perguntar pra vocês.. afinal, bem mais seguro que ficar fazendo as coisas por mim.. vejam o log do HiJackThis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:36:18, on 25/8/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

H:\WINDOWS\System32\smss.exe

H:\WINDOWS\system32\winlogon.exe

H:\WINDOWS\system32\services.exe

H:\WINDOWS\system32\lsass.exe

H:\WINDOWS\system32\svchost.exe

H:\WINDOWS\System32\svchost.exe

H:\WINDOWS\system32\svchost.exe

H:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

H:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

H:\ARQUIV~1\AVG\AVG8\avgrsx.exe

H:\ARQUIV~1\AVG\AVG8\avgnsx.exe

H:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

H:\WINDOWS\System32\svchost.exe

H:\WINDOWS\System32\svchost.exe

H:\WINDOWS\System32\svchost.exe

H:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

H:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

H:\WINDOWS\system32\nvsvc32.exe

H:\WINDOWS\system32\svchost.exe

H:\ARQUIV~1\AVG\AVG8\avgemc.exe

H:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

H:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

H:\WINDOWS\system32\svchost.exe

H:\WINDOWS\system32\6.tmp

H:\WINDOWS\System32\svchost.exe

H:\WINDOWS\System32\svchost.exe

H:\WINDOWS\System32\avast!UpdateAgent.exe

H:\WINDOWS\TEMP\1.EXE

H:\WINDOWS\Explorer.EXE

H:\WINDOWS\system32\servises.exe

H:\WINDOWS\system32\servises.exe

H:\WINDOWS\system32\ctfmon.exe

H:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

H:\WINDOWS\system32\wuauclt.exe

H:\Documents and Settings\usuario\Desktop\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.ask.com?o=14784&l=dis

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Arquivos de programas\Java\jre1.5.0_12\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - H:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Arquivos de programas\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - H:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - H:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O2 - BHO: TBSB00982 - {DA3D342F-FF20-4E31-9E82-22334155730C} - H:\Arquivos de programas\IEToolbar\Ant.com Toolbar\tbcore3.dll

O2 - BHO: AntBar - {e1a96b41-e013-47be-99f5-38a5a0d45e23} - H:\Arquivos de programas\Ant.com\Ant.com IE toolbar\adxloader.dll

O3 - Toolbar: Ant.com - {a2ccec8c-e692-41d8-a4fd-4db8f2af59e9} - H:\Arquivos de programas\Ant.com\Ant.com IE toolbar\adxloader.dll

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - H:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: Ant.com Toolbar - {6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - H:\Arquivos de programas\IEToolbar\Ant.com Toolbar\tbcore3.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - H:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [19910] H:\WINDOWS\system32\6.tmp.exe

O4 - HKLM\..\Run: [Regedit32] H:\WINDOWS\system32\regedit.exe

O4 - HKLM\..\Run: [servises] H:\WINDOWS\system32\servises.exe

O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "H:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [DAEMON Tools] "H:\Arquivos de programas\DAEMON Tools\daemon.exe"

O4 - HKCU\..\Run: [EPSON Stylus C43 Series] H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S08IC1.EXE /P23 "EPSON Stylus C43 Series" /M "Stylus C43"

O4 - HKCU\..\Run: [Google Update] "H:\Documents and Settings\usuario\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [swg] "H:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [servises] H:\WINDOWS\system32\servises.exe

O4 - HKLM\..\Policies\Explorer\Run: [servises] H:\WINDOWS\system32\servises.exe

O4 - HKCU\..\Policies\Explorer\Run: [servises] H:\WINDOWS\system32\servises.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [systemprofile] H:\WINDOWS\system32\config\systemprofile\systemprofile.exe /i (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [servises] H:\WINDOWS\system32\servises.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [systemprofile] H:\WINDOWS\system32\config\systemprofile\systemprofile.exe /i (User 'Default user')

O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [servises] H:\WINDOWS\system32\servises.exe (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://H:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Arquivos de programas\Java\jre1.5.0_12\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Arquivos de programas\Java\jre1.5.0_12\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - H:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - H:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: h:\windows\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - H:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: avast!UpdateAgent.exe - Unknown owner - H:\WINDOWS\System32\avast!UpdateAgent.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - H:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - H:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - H:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - H:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

O23 - Service: Google Software Updater (gusvc) - Google - H:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - H:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - H:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - H:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - H:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - H:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 9430 bytes

 

 

 

com certeza ainda tem problemas.. o firefox não tá abrindo.. mas não tive tempo pra mexer nele e ver como estão as coisas ainda..

 

gostaria de saber como proceder..

 

abraços e já agradeço!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! ig0rf

 

<@> Baixe: < thumb_mbam256.png > Malwarebytes

<@> Atualize o programa!

<@> Escolha o escaneamento Completo!

<@> Desabilite programas de proteção,ao executar o malwarebytes.

<@> Ps: Para determinadas infecções,a ferramenta pedirá reboot. <-- Confirme!

<@> Procure enviar os ítens detectados para a quarentena,clicando em Remover itens.

<@> Para maiores detalhes: < Link >

<><><><><><><><><><><>

<@> Poste,os relatórios: mbam-log-2009-xx-xx (00-00-00).txt + HijackThis,atualizado.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

bom dia,

 

rodei o malwarebytes e eis o log:

 

===========///=============================

Malwarebytes' Anti-Malware 1.40

Versão do banco de dados: 2551

Windows 5.1.2600 Service Pack 3

 

26/8/2009 09:09:54

mbam-log-2009-08-26 (09-09-54).txt

 

Tipo de Verificação: Completa (H:\|)

Objetos verificados: 284058

Tempo decorrido: 2 hour(s), 52 minute(s), 48 second(s)

 

Processos da Memória infectados: 2

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 10

Valores do Registro infectados: 7

Ítens do Registro infectados: 0

Pastas infectadas: 7

Arquivos infectados: 26

 

Processos da Memória infectados:

H:\WINDOWS\system32\6.tmp (Trojan.Agent) -> Unloaded process successfully.

H:\WINDOWS\system32\servises.exe (Trojan.Agent) -> Failed to unload process.

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

HKEY_CLASSES_ROOT\TypeLib\{dabf362d-d442-4402-9208-ca9ed70dd01e} (Adware.Advantage) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{5ac3a9ef-c0f8-41d4-b4e2-b7cebb794151} (Adware.Advantage) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{862def42-89aa-49fa-ae1f-8a84b1b08a17} (Adware.Advantage) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{f6e4845d-1d13-4bc0-942d-b9191524cc48} (Adware.Advantage) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{602d9049-b4ac-4a25-bf75-a9b54d747cba} (Adware.Advantage) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook.1 (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\advantage (Adware.Vomba) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe (Trojan.Agent) -> Quarantined and deleted successfully.

 

Valores do Registro infectados:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\servises (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\servises (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Services\del (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\servises (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\servises (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\servises (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\servises (Trojan.Agent) -> Quarantined and deleted successfully.

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

H:\Arquivos de programas\Advantage (Adware.Advantage) -> Quarantined and deleted successfully.

H:\Arquivos de programas\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302} (Adware.Advantage) -> Quarantined and deleted successfully.

H:\Arquivos de programas\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome (Adware.Advantage) -> Quarantined and deleted successfully.

H:\Arquivos de programas\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content (Adware.Advantage) -> Quarantined and deleted successfully.

H:\Arquivos de programas\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale (Adware.Advantage) -> Quarantined and deleted successfully.

H:\Arquivos de programas\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US (Adware.Advantage) -> Quarantined and deleted successfully.

H:\Arquivos de programas\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components (Adware.Advantage) -> Quarantined and deleted successfully.

 

Arquivos infectados:

H:\WINDOWS\system32\servises.exe (Trojan.FakeAlert.H) -> Delete on reboot.

H:\Arquivos de programas\Advantage\AdVantage.db (Adware.Advantage) -> Quarantined and deleted successfully.

H:\Arquivos de programas\Advantage\AdVantage.htm (Adware.Advantage) -> Quarantined and deleted successfully.

H:\Arquivos de programas\Advantage\AdVUninst.exe (Adware.Advantage) -> Quarantined and deleted successfully.

H:\Arquivos de programas\Advantage\ffext.mod (Adware.Advantage) -> Quarantined and deleted successfully.

H:\Arquivos de programas\Advantage\TR.dll (Adware.Advantage) -> Quarantined and deleted successfully.

H:\Arquivos de programas\Advantage\user.db (Adware.Advantage) -> Quarantined and deleted successfully.

H:\Arquivos de programas\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome.manifest (Adware.Advantage) -> Quarantined and deleted successfully.

H:\Arquivos de programas\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.js (Adware.Advantage) -> Quarantined and deleted successfully.

H:\Arquivos de programas\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.rdf (Adware.Advantage) -> Quarantined and deleted successfully.

H:\Arquivos de programas\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\vssver2.scc (Adware.Advantage) -> Quarantined and deleted successfully.

H:\Arquivos de programas\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\advantage.png (Adware.Advantage) -> Quarantined and deleted successfully.

H:\Arquivos de programas\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\contents.rdf (Adware.Advantage) -> Quarantined and deleted successfully.

H:\Arquivos de programas\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\overlay.js (Adware.Advantage) -> Quarantined and deleted successfully.

H:\Arquivos de programas\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\overlay.xul (Adware.Advantage) -> Quarantined and deleted successfully.

H:\Arquivos de programas\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\vssver2.scc (Adware.Advantage) -> Quarantined and deleted successfully.

H:\Arquivos de programas\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US\overlay.dtd (Adware.Advantage) -> Quarantined and deleted successfully.

H:\Arquivos de programas\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US\vssver2.scc (Adware.Advantage) -> Quarantined and deleted successfully.

H:\Arquivos de programas\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\IMeMedia_FF.xpt (Adware.Advantage) -> Quarantined and deleted successfully.

H:\Arquivos de programas\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\MeMedia_FF.dll (Adware.Advantage) -> Quarantined and deleted successfully.

H:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully.

H:\WINDOWS\system32\3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

H:\WINDOWS\system32\6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

H:\WINDOWS\system32\7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

H:\install.exe (Trojan.Agent) -> Quarantined and deleted successfully.

H:\Documents and Settings\usuario\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> Quarantined and deleted successfully.

 

==================//==========================================

 

 

aí ele pediu pra reiniciar pra terminar de remover os arquivos infectados...

eis que eu reinicio o PC e ele dá o mesmo problema de antes... simplesmente não inicializa o windows pois o userinit.exe tá bichado.. essa é a mensagem que aparece após eu tentar fazer o logon:

 

Alerta de Prevenção de execução de dados - Microsoft Windows

Para ajudar a proteger seu computador, o Windows fechou este progama.

Nome: Aplicativo de logon userinit

Editor: Microsoft Corporation

[Fechar Mensagem]

 

=======================//=================================

 

novamente sem conseguir ligar o pc em modo normal, liguei em modo de segurança e rodei o hijackthis, eis o log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:31:57, on 26/8/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Safe mode with network support

 

Running processes:

H:\WINDOWS\System32\smss.exe

H:\WINDOWS\system32\winlogon.exe

H:\WINDOWS\system32\services.exe

H:\WINDOWS\system32\lsass.exe

H:\WINDOWS\system32\svchost.exe

H:\WINDOWS\system32\svchost.exe

H:\WINDOWS\Explorer.EXE

H:\WINDOWS\system32\svchost.exe

H:\WINDOWS\system32\4.tmp

H:\WINDOWS\System32\reader_s.exe

H:\WINDOWS\System32\svchost.exe

H:\WINDOWS\System32\svchost.exe

H:\WINDOWS\system32\svchost.exe

H:\WINDOWS\TEMP\1.EXE

H:\WINDOWS\System32\svchost.exe

H:\WINDOWS\System32\svchost.exe

H:\WINDOWS\System32\svchost.exe

H:\WINDOWS\System32\svchost.exe

H:\Documents and Settings\usuario\Desktop\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.ask.com?o=14784&l=dis

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Arquivos de programas\Java\jre1.5.0_12\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - H:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Arquivos de programas\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - H:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - H:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O2 - BHO: TBSB00982 - {DA3D342F-FF20-4E31-9E82-22334155730C} - H:\Arquivos de programas\IEToolbar\Ant.com Toolbar\tbcore3.dll

O2 - BHO: AntBar - {e1a96b41-e013-47be-99f5-38a5a0d45e23} - H:\Arquivos de programas\Ant.com\Ant.com IE toolbar\adxloader.dll

O3 - Toolbar: Ant.com - {a2ccec8c-e692-41d8-a4fd-4db8f2af59e9} - H:\Arquivos de programas\Ant.com\Ant.com IE toolbar\adxloader.dll

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - H:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: Ant.com Toolbar - {6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - H:\Arquivos de programas\IEToolbar\Ant.com Toolbar\tbcore3.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - H:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [6430] H:\WINDOWS\system32\4.tmp.exe

O4 - HKLM\..\Run: [reader_s] H:\WINDOWS\System32\reader_s.exe

O4 - HKLM\..\Run: [Regedit32] H:\WINDOWS\system32\regedit.exe

O4 - HKLM\..\Run: [servises] H:\WINDOWS\system32\servises.exe

O4 - HKLM\..\Run: [jfxdghs] H:\WINDOWS\Fonts\j8j88j.exe

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] H:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "H:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "H:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [DAEMON Tools] "H:\Arquivos de programas\DAEMON Tools\daemon.exe"

O4 - HKCU\..\Run: [EPSON Stylus C43 Series] H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S08IC1.EXE /P23 "EPSON Stylus C43 Series" /M "Stylus C43"

O4 - HKCU\..\Run: [Google Update] "H:\Documents and Settings\usuario\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [swg] "H:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [servises] H:\WINDOWS\system32\servises.exe

O4 - HKLM\..\Policies\Explorer\Run: [servises] H:\WINDOWS\system32\servises.exe

O4 - HKCU\..\Policies\Explorer\Run: [servises] H:\WINDOWS\system32\servises.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [reader_s] H:\Documents and Settings\usuario\reader_s.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [servises] H:\WINDOWS\system32\servises.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [reader_s] H:\Documents and Settings\usuario\reader_s.exe (User 'Default user')

O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [servises] H:\WINDOWS\system32\servises.exe (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://H:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Arquivos de programas\Java\jre1.5.0_12\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Arquivos de programas\Java\jre1.5.0_12\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - H:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - H:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: h:\windows\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - H:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: avast!UpdateAgent.exe - Unknown owner - H:\WINDOWS\System32\avast!UpdateAgent.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - H:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - H:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: FCI - Unknown owner - H:\WINDOWS\system32\svchost.exe:ext.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - H:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - H:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

O23 - Service: Google Software Updater (gusvc) - Google - H:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - H:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - H:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - H:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - H:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - H:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 9015 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! ig0rf

 

<@> Baixe: < SafeBootKeyRepair >

<@> Salve-a,diretamente,no Disco-local (H).

<@> Execute-a!E,ao terminar,gerará um relatório: H:\SafeBoot_Repair.txt <-- Não poste!

<><><><><><><><><><>

<@> Baixe: < AVPTool > ( by Kaspersky Labs )

<@> Salve-o em Arquivos de Programas,e instale-o aí mesmo!

<@> Reinicie o computador,em Modo de Segurança! <-- Importante!

<@> Dê início ao exame,clicando em "Scan".

<@> A verificação é muito demorada. <-- Aguarde!

<@> Caso seja encontrada infecções,clique em "disinfect" se a opção estiver habilitada.

<@> Evite,por enquanto,a opção "Delete".

<@> Terminando,clique na aba Events.

<@> Desmarque a caixa de seleção "Show all events".

<@> Clique em "Save to file".

<@> Nomeie-o e salve-o no desktop! <-- Relatório para postagem!

<><><><><><><><><><>

<@> Baixe: < DrWebCureIt >

<@> Caso tenha dificuldades para o download,utilize outro computador ou proxy.

<@> Vá em: < Proxify >

<@> Digite,na caixa,a URL ao DrWebCureIt.

<@> Clique em Proxify.

<@> Salve a ferramenta no desktop!

<@> Reinicie o computador em Modo de Segurança.

<@> Inicie a instalação/execução,com um duplo-clique em drweb-cureit.

<@> Na janela que abrir,clique em Iniciar --> OK.

<@> Será dado início a "Verificação rápida" --> Feche a janela de propaganda!

<@> Terminando,marque a caixa de "Verificação Completa".

<@> Click em "Options" --> Em Change settings,desmarque a "Heuristic analysis".

 

Neste modo são verificados os seguintes objectos:

 

* Sectores de Arranque de Todos os Discos. <--

 

* Todas as Unidades Removíveis. <--

 

* Todos os Discos Locais. <--

<@> Clique em "Iniciar verificação" --> Aguarde!

<@> Surgindo mensagens para mover ou desinfectar arquivos,clique em Sim.

<@> Terminando,clique em "Ficheiro" --> "Guardar lista de relatórios".

<@> Procure salvá-lo em um local adequado. ( DrWeb.csv ) <-- Converta em Texto!

<@> Poste: DrWeb.csv + HijackThis,atualizado.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

acho que fiz besteira grande :no:

consegui inicializar normalmente rodando o safeboot,

mas agora não inicaliza mais nem no modo de segurança..

como o link do kaspersky não estva funcionando.. resolvi procurar um baixar.. sem perceber, acabei baixando uma versão antiga.. de fevereiro.. rodei ele apenas na memoria ativa, nao mandei ele verificar o HD todo.. e ele identificou algumas coisas em executáveis, mas não conseguiu desinfectar, então mandei pra quarentena(meu erro foi aí, acho).. dentre eles, varios arquivos do windows, como o notepad.exe

então baixei em outro pc o kaspersky atualizado e passei pra ele.. deixei ele rodar na memoria ativa, ele identificou uns 16 virut.ce e conseguiu desinfectar todos, mas resolvi reiniciar pra poder executar o scan completo do kaspersky, e não consegui mais inicializar pois ele não passa da tela do logon.. simplesmente dou 'ok', ele loga e desloga na mesma hora, aparecendo novamente a tela pra logar.. como se ele não estivesse conseguindo inicializar o windows.

e agora? :no:

Compartilhar este post


Link para o post
Compartilhar em outros sites

acho que fiz besteira grande :no:

consegui inicializar normalmente rodando o safeboot,

mas agora não inicaliza mais nem no modo de segurança..

como o link do kaspersky não estva funcionando.. resolvi procurar um baixar.. sem perceber, acabei baixando uma versão antiga.. de fevereiro.. rodei ele apenas na memoria ativa, nao mandei ele verificar o HD todo.. e ele identificou algumas coisas em executáveis, mas não conseguiu desinfectar, então mandei pra quarentena(meu erro foi aí, acho).. dentre eles, varios arquivos do windows, como o notepad.exe

então baixei em outro pc o kaspersky atualizado e passei pra ele.. deixei ele rodar na memoria ativa, ele identificou uns 16 virut.ce e conseguiu desinfectar todos, mas resolvi reiniciar pra poder executar o scan completo do kaspersky, e não consegui mais inicializar pois ele não passa da tela do logon.. simplesmente dou 'ok', ele loga e desloga na mesma hora, aparecendo novamente a tela pra logar.. como se ele não estivesse conseguindo inicializar o windows.

e agora? :no:

<><><><><><><><>

Opa! ig0rf

 

<!> Execute reparos,com o CD do Windows XP.

<><><><><><><><>

<!> Caso possa entrar em Modo de Segurança. Averigue se existe o arquivo logonui.exe,no diretório system32.

<!> Caso não exista,copie de algum cache interno,para essa pasta.

<!> Ainda em Modo Seguro,abra o Editor do registro e modifique a "dword",em LogonType para: "dword:00000001"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"LogonType"=dword:00000001

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa!

Não estava conseguindo ligar nem em modo de segurança... e no boot do cd do Windows a única opção era instalar de novo por cima ou instalar de novo. Resolvi então instalar outro windows na mesma partição e fazer o boot por ele... então o fiz, executei o kaspersky.. aí deu alguns vírus como o HTML Framer e o Virut.ce... ele removeu todas as infecções e agora estou passando o Dr. Web pra completar o serviço... logo após posto os logs pra análise. Queria saber se vai ter como reparar o Windows antigo ainda (não está fazendo o logon... eu dou enter pra logar e ele simplesmente volta pra tela de logon de novo). E sobre o virut... ouvi falar que mesmo após as limpezas.. ele voltava.. será que após o kaspersky e o dr. web... ele ainda vai voltar quando eu reconectar à internet?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa!

Não estava conseguindo ligar nem em modo de segurança... e no boot do cd do Windows a única opção era instalar de novo por cima ou instalar de novo. Resolvi então instalar outro windows na mesma partição e fazer o boot por ele... então o fiz, executei o kaspersky.. aí deu alguns vírus como o HTML Framer e o Virut.ce... ele removeu todas as infecções e agora estou passando o Dr. Web pra completar o serviço... logo após posto os logs pra análise. Queria saber se vai ter como reparar o Windows antigo ainda (não está fazendo o logon... eu dou enter pra logar e ele simplesmente volta pra tela de logon de novo). E sobre o virut... ouvi falar que mesmo após as limpezas.. ele voltava.. será que após o kaspersky e o dr. web... ele ainda vai voltar quando eu reconectar à internet?

<><><><><><><><><>

Bom Dia! ig0rf

 

<!> Recomendo a formatação completa,pois o Virut poderá retornar. Dispense qualquer backup,pois podem estar infectados.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Backup de qualquer natureza?? Tem arquivos muito, muito importantes no PC... não seria 'perigoso' fazer backup apenas dos executáveis? Os arquivos de texto, fotos, iso... eu não poderia salvar?

Eu li também em fórum estrangeiro que destivado a restauração do sistema eu poderia evitar que o virus voltasse..

 

seguem aqui os relatórios, porém todos na instalação nova do windows que tive que fazer..

 

 

=====================//================================

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:11:07, on 27/8/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\XPNEW\System32\smss.exe

C:\XPNEW\system32\winlogon.exe

C:\XPNEW\system32\services.exe

C:\XPNEW\system32\lsass.exe

C:\XPNEW\system32\svchost.exe

C:\XPNEW\System32\svchost.exe

C:\XPNEW\system32\spoolsv.exe

C:\XPNEW\Explorer.EXE

C:\XPNEW\system32\wscntfy.exe

C:\XPNEW\system32\NOTEPAD.EXE

C:\Documents and Settings\igor\Desktop\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

O4 - Startup: is-0I0R2.lnk = C:\Documents and Settings\igor\Desktop\Virus Removal Tool\is-0I0R2\startup.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

 

--

End of file - 1182 bytes

================================//======================================

 

dr.web:

bsplayer226.956_clip.exe\data011;C:\Arquivos1\bsplayer226.956_clip.exe;Adware.SaveNow.origin;;

bsplayer226.956_clip.exe;C:\Arquivos1;O arquivo contém objectos infectados;Movido.;

bsplayer227.958_clip.exe\data011;C:\Arquivos1\bsplayer227.958_clip.exe;Adware.SaveNow.origin;;

bsplayer227.958_clip.exe;C:\Arquivos1;O arquivo contém objectos infectados;Movido.;

m1308[1].exe;C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\IZHSTW8X;Trojan.Packed.2637;Eliminado.;

m1308[1].exe;C:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5\DLZ9X3S6;Trojan.Packed.2637;Eliminado.;

m1308[1].exe;C:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5\LB04FFLV;Trojan.Packed.2637;Eliminado.;

lo[1].txt;C:\Documents and Settings\usuario\Configurações locais\Temporary Internet Files\Content.IE5\ARIJEXIV;Trojan.DownLoad.40611;Eliminado.;

m1308[1].exe;C:\Documents and Settings\usuario\Configurações locais\Temporary Internet Files\Content.IE5\ARIJEXIV;Trojan.Packed.2637;Eliminado.;

SDFix.exe\SDFix\apps\Process.exe;C:\Documents and Settings\usuario\Desktop\SDFix.exe;Tool.Prockill;;

SDFix.exe;C:\Documents and Settings\usuario\Desktop;O arquivo contém objectos infectados;Movido.;

mirc.exe;C:\Fullt141;Program.mIRC.612;Incurável.Movido.;

mirc.exe;C:\mp3\bakup1\FullT;Program.mIRC.612;Incurável.Movido.;

Process.exe;C:\SDFix\apps;Tool.Prockill;Incurável.Movido.;

A0215963.exe;C:\System Volume Information\_restore{A0F7CDAC-5A90-42DB-9B30-695A060CF76B}\RP511;Program.mIRC.612;Incurável.Movido.;

A0223028.exe;C:\System Volume Information\_restore{A0F7CDAC-5A90-42DB-9B30-695A060CF76B}\RP511;Trojan.PWS.Stealer.origin;Incurável.Movido.;

A0238177.exe;C:\System Volume Information\_restore{A0F7CDAC-5A90-42DB-9B30-695A060CF76B}\RP511;Trojan.Packed.140;Eliminado.;

A0238202.exe;C:\System Volume Information\_restore{A0F7CDAC-5A90-42DB-9B30-695A060CF76B}\RP511;Trojan.Packed.140;Eliminado.;

A0238456.exe;C:\System Volume Information\_restore{A0F7CDAC-5A90-42DB-9B30-695A060CF76B}\RP511;Program.mIRC.612;Incurável.Movido.;

A0238459.exe;C:\System Volume Information\_restore{A0F7CDAC-5A90-42DB-9B30-695A060CF76B}\RP511;Trojan.Packed.140;Eliminado.;

A0238560.exe;C:\System Volume Information\_restore{A0F7CDAC-5A90-42DB-9B30-695A060CF76B}\RP511;Trojan.Packed.140;Eliminado.;

A0238683.exe;C:\System Volume Information\_restore{A0F7CDAC-5A90-42DB-9B30-695A060CF76B}\RP511;Trojan.Packed.140;Eliminado.;

A0238696.exe;C:\System Volume Information\_restore{A0F7CDAC-5A90-42DB-9B30-695A060CF76B}\RP511;Trojan.Packed.140;Eliminado.;

A0238842.exe;C:\System Volume Information\_restore{A0F7CDAC-5A90-42DB-9B30-695A060CF76B}\RP511;Trojan.Packed.140;Eliminado.;

A0239226.exe;C:\System Volume Information\_restore{A0F7CDAC-5A90-42DB-9B30-695A060CF76B}\RP511;Trojan.Packed.140;Eliminado.;

A0243359.sys;C:\System Volume Information\_restore{A0F7CDAC-5A90-42DB-9B30-695A060CF76B}\RP511;BackDoor.Bulknet.404;Desinfectado.;

A0243364.exe;C:\System Volume Information\_restore{A0F7CDAC-5A90-42DB-9B30-695A060CF76B}\RP512;Trojan.DownLoad.37236;Eliminado.;

A0250411.exe;C:\System Volume Information\_restore{A0F7CDAC-5A90-42DB-9B30-695A060CF76B}\RP512;Trojan.DownLoad.37236;Eliminado.;

A0250412.exe;C:\System Volume Information\_restore{A0F7CDAC-5A90-42DB-9B30-695A060CF76B}\RP512;Trojan.DownLoad.37236;Eliminado.;

A0250413.exe;C:\System Volume Information\_restore{A0F7CDAC-5A90-42DB-9B30-695A060CF76B}\RP512;Trojan.DownLoad.40611;Eliminado.;

A0250455.exe;C:\System Volume Information\_restore{A0F7CDAC-5A90-42DB-9B30-695A060CF76B}\RP512;Trojan.DownLoad.40611;Eliminado.;

A0250546.exe;C:\System Volume Information\_restore{A0F7CDAC-5A90-42DB-9B30-695A060CF76B}\RP512;Program.mIRC.612;Incurável.Movido.;

A0000124.exe;C:\System Volume Information\_restore{A1091E07-CC3E-4F45-8BF6-F14CF36F8E7A}\RP1;Trojan.PWS.Stealer.origin;Incurável.Movido.;

A0000283.exe;C:\System Volume Information\_restore{A1091E07-CC3E-4F45-8BF6-F14CF36F8E7A}\RP1;Trojan.DownLoad.37236;Eliminado.;

A0000306.exe;C:\System Volume Information\_restore{A1091E07-CC3E-4F45-8BF6-F14CF36F8E7A}\RP1;Trojan.MulDrop.14555;Eliminado.;

A0000349.exe;C:\System Volume Information\_restore{A1091E07-CC3E-4F45-8BF6-F14CF36F8E7A}\RP1;Program.mIRC.612;Incurável.Movido.;

A0000397.exe;C:\System Volume Information\_restore{A1091E07-CC3E-4F45-8BF6-F14CF36F8E7A}\RP1;Tool.Prockill;Incurável.Movido.;

A0000801.exe;C:\System Volume Information\_restore{A1091E07-CC3E-4F45-8BF6-F14CF36F8E7A}\RP1;Trojan.Packed.140;Eliminado.;

A0000859.exe;C:\System Volume Information\_restore{A1091E07-CC3E-4F45-8BF6-F14CF36F8E7A}\RP1;Trojan.Packed.140;Eliminado.;

A0000994.exe;C:\System Volume Information\_restore{A1091E07-CC3E-4F45-8BF6-F14CF36F8E7A}\RP1;Trojan.Packed.140;Eliminado.;

A0001063.exe;C:\System Volume Information\_restore{A1091E07-CC3E-4F45-8BF6-F14CF36F8E7A}\RP1;Trojan.Packed.140;Eliminado.;

A0001137.exe;C:\System Volume Information\_restore{A1091E07-CC3E-4F45-8BF6-F14CF36F8E7A}\RP1;Trojan.Packed.140;Eliminado.;

A0001290.exe;C:\System Volume Information\_restore{A1091E07-CC3E-4F45-8BF6-F14CF36F8E7A}\RP1;Trojan.Packed.140;Eliminado.;

A0001442.exe;C:\System Volume Information\_restore{A1091E07-CC3E-4F45-8BF6-F14CF36F8E7A}\RP1;Trojan.Packed.140;Eliminado.;

A0001589.exe;C:\System Volume Information\_restore{A1091E07-CC3E-4F45-8BF6-F14CF36F8E7A}\RP1;Trojan.DownLoad.37236;Eliminado.;

A0001662.exe;C:\System Volume Information\_restore{A1091E07-CC3E-4F45-8BF6-F14CF36F8E7A}\RP1;Trojan.Packed.140;Eliminado.;

A0001677.exe;C:\System Volume Information\_restore{A1091E07-CC3E-4F45-8BF6-F14CF36F8E7A}\RP1;Trojan.Packed.140;Eliminado.;

A0001705.exe;C:\System Volume Information\_restore{A1091E07-CC3E-4F45-8BF6-F14CF36F8E7A}\RP1;Trojan.DownLoad.37236;Eliminado.;

A0001706.exe;C:\System Volume Information\_restore{A1091E07-CC3E-4F45-8BF6-F14CF36F8E7A}\RP1;Trojan.DownLoad.40611;Eliminado.;

A0001739.exe;C:\System Volume Information\_restore{A1091E07-CC3E-4F45-8BF6-F14CF36F8E7A}\RP1;Trojan.Packed.140;Eliminado.;

A0001784.exe;C:\System Volume Information\_restore{A1091E07-CC3E-4F45-8BF6-F14CF36F8E7A}\RP1;Trojan.Packed.140;Eliminado.;

A0001795.sys;C:\System Volume Information\_restore{A1091E07-CC3E-4F45-8BF6-F14CF36F8E7A}\RP1;Trojan.NtRootKit.2912;Eliminado.;

A0001797.sys;C:\System Volume Information\_restore{A1091E07-CC3E-4F45-8BF6-F14CF36F8E7A}\RP1;BackDoor.Bulknet.404;Desinfectado.;

A0001856.exe;C:\System Volume Information\_restore{A1091E07-CC3E-4F45-8BF6-F14CF36F8E7A}\RP1;Trojan.Packed.140;Eliminado.;

A0001880.sys;C:\System Volume Information\_restore{A1091E07-CC3E-4F45-8BF6-F14CF36F8E7A}\RP1;Trojan.NtRootKit.2912;Eliminado.;

A0001881.sys;C:\System Volume Information\_restore{A1091E07-CC3E-4F45-8BF6-F14CF36F8E7A}\RP1;BackDoor.Bulknet.404;Desinfectado.;

A0001944.exe\data011;C:\System Volume Information\_restore{A1091E07-CC3E-4F45-8BF6-F14CF36F8E7A}\RP1\A0001944.exe;Adware.SaveNow.origin;;

A0001944.exe;C:\System Volume Information\_restore{A1091E07-CC3E-4F45-8BF6-F14CF36F8E7A}\RP1;O arquivo contém objectos infectados;Movido.;

A0001945.exe\data011;C:\System Volume Information\_restore{A1091E07-CC3E-4F45-8BF6-F14CF36F8E7A}\RP1\A0001945.exe;Adware.SaveNow.origin;;

A0001945.exe;C:\System Volume Information\_restore{A1091E07-CC3E-4F45-8BF6-F14CF36F8E7A}\RP1;O arquivo contém objectos infectados;Movido.;

A0001946.exe\SDFix\apps\Process.exe;C:\System Volume Information\_restore{A1091E07-CC3E-4F45-8BF6-F14CF36F8E7A}\RP1\A0001946.exe;Tool.Prockill;;

A0001946.exe;C:\System Volume Information\_restore{A1091E07-CC3E-4F45-8BF6-F14CF36F8E7A}\RP1;O arquivo contém objectos infectados;Movido.;

A0001947.exe;C:\System Volume Information\_restore{A1091E07-CC3E-4F45-8BF6-F14CF36F8E7A}\RP1;Trojan.Packed.2637;Eliminado.;

A0001948.exe;C:\System Volume Information\_restore{A1091E07-CC3E-4F45-8BF6-F14CF36F8E7A}\RP1;Trojan.Packed.2637;Eliminado.;

A0001949.exe;C:\System Volume Information\_restore{A1091E07-CC3E-4F45-8BF6-F14CF36F8E7A}\RP1;Trojan.Packed.2637;Eliminado.;

A0001950.exe;C:\System Volume Information\_restore{A1091E07-CC3E-4F45-8BF6-F14CF36F8E7A}\RP1;Trojan.Packed.2637;Eliminado.;

A0001951.exe;C:\System Volume Information\_restore{A1091E07-CC3E-4F45-8BF6-F14CF36F8E7A}\RP1;Program.mIRC.612;Incurável.Eliminado.;

reader_s.exe;C:\WINDOWS\system32\config\systemprofile;Trojan.DownLoad.37236;Eliminado.;

systemprofile.exe;C:\WINDOWS\system32\config\systemprofile;Trojan.DownLoad.40611;Eliminado.;

lo1[1].txt;C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\AF21ELQ7;Trojan.DownLoad.40611;Eliminado.;

1105259736exe;C:\WINDOWS\Temp;Trojan.Packed.2637;Eliminado.;

1176962175exe;C:\WINDOWS\Temp;Trojan.Packed.2637;Eliminado.;

1186437686exe;C:\WINDOWS\Temp;Trojan.Packed.2637;Eliminado.;

129865023exe;C:\WINDOWS\Temp;Trojan.Packed.2637;Eliminado.;

1456260588exe;C:\WINDOWS\Temp;Trojan.Packed.2637;Eliminado.;

1611665942exe;C:\WINDOWS\Temp;Trojan.Packed.2637;Eliminado.;

1993207099exe;C:\WINDOWS\Temp;Trojan.Packed.2637;Eliminado.;

==================================//=======================================

 

e aqui o relatorio do kaspersky, que é grande demais pra postar aqui:

http://www.sendspace.com/file/nk4837

 

ao que parece.. no momento ele está limpo.. mas ainda não consigo iniciar o pc na instalação antiga do windows.. parece que o logon está danificado de alguma forma.. o arquivo que você disse ainda está lá na pasta system32

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! ig0rf

 

<@> Baixe: < desktopicon.png > ( ...by sUBs )

 

<!> Link-2 --> < ForoSpyware >

 

<!> Link-3 --> < GeeksToGo >

 

<@> Salve-o no desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

 

<@> Ps: A execução,por comando,também é possível:

<@> Vá em Iniciar --> Executar --> Digite ou cole: "%userprofile%\desktop\Combofix.exe" /killall

 

combofixejr8.gif

 

<@> Clique em Ok.

<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!

 

RcAuto1.gif

 

<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

<@> Terminando,clique Sim ou Yes. --> Aguarde!

 

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta ComboFix.exe e faça,novamente,seu download.

<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em "Modo de Segurança". <-- Link!

<!> Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação:

 

Rookit_found.gif

 

<!> Ps: Anote essas detecções,e dê o OK.

<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

<!> Ps: Evite executar,voluntariamente,esta ferramenta!

<!> Ps: Para evitar problemas,siga todas as recomendações propostas.

<!> nuke.gifO ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão profissional.

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

<@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!

<><><><><><><><><><><><>

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Log Combofix

 

ComboFix 09-08-27.02 - igor 27/08/2009 18:43.1.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.2047.1607 [GMT -3:00]

Executando de: c:\documents and settings\igor\Desktop\ComboFix.exe

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\.tmp

c:\arquivos de programas\IEToolbar

c:\arquivos de programas\IEToolbar\Ant.com Toolbar\ant.dll

c:\arquivos de programas\IEToolbar\Ant.com Toolbar\AntPlugin.dll

c:\arquivos de programas\IEToolbar\Ant.com Toolbar\arrow_refresh.png

c:\arquivos de programas\IEToolbar\Ant.com Toolbar\basis.xml

c:\arquivos de programas\IEToolbar\Ant.com Toolbar\bt_fd.gif

c:\arquivos de programas\IEToolbar\Ant.com Toolbar\cancel.png

c:\arquivos de programas\IEToolbar\Ant.com Toolbar\chart_bar.png

c:\arquivos de programas\IEToolbar\Ant.com Toolbar\chart_line.png

c:\arquivos de programas\IEToolbar\Ant.com Toolbar\computer_error.png

c:\arquivos de programas\IEToolbar\Ant.com Toolbar\delete.gif

c:\arquivos de programas\IEToolbar\Ant.com Toolbar\drive_disk.png

c:\arquivos de programas\IEToolbar\Ant.com Toolbar\email.png

c:\arquivos de programas\IEToolbar\Ant.com Toolbar\explore.png

c:\arquivos de programas\IEToolbar\Ant.com Toolbar\help.png

c:\arquivos de programas\IEToolbar\Ant.com Toolbar\icons.bmp

c:\arquivos de programas\IEToolbar\Ant.com Toolbar\info.txt

c:\arquivos de programas\IEToolbar\Ant.com Toolbar\logo.gif

c:\arquivos de programas\IEToolbar\Ant.com Toolbar\logo.png

c:\arquivos de programas\IEToolbar\Ant.com Toolbar\magnifier.png

c:\arquivos de programas\IEToolbar\Ant.com Toolbar\monitor.png

c:\arquivos de programas\IEToolbar\Ant.com Toolbar\player.gif

c:\arquivos de programas\IEToolbar\Ant.com Toolbar\player.swf

c:\arquivos de programas\IEToolbar\Ant.com Toolbar\s_fd.gif

c:\arquivos de programas\IEToolbar\Ant.com Toolbar\tbcore3.dll

c:\arquivos de programas\IEToolbar\Ant.com Toolbar\tbcore3.inf

c:\arquivos de programas\IEToolbar\Ant.com Toolbar\tbhelper.dll

c:\arquivos de programas\IEToolbar\Ant.com Toolbar\topbar_fd.gif

c:\arquivos de programas\IEToolbar\Ant.com Toolbar\topbar_shadow.gif

c:\arquivos de programas\IEToolbar\Ant.com Toolbar\uninstall.exe

c:\arquivos de programas\IEToolbar\Ant.com Toolbar\update.exe

c:\arquivos de programas\IEToolbar\Ant.com Toolbar\version.txt

c:\arquivos de programas\IEToolbar\Ant.com Toolbar\wrench.png

c:\recycler\S-1-5-21-73586283-1326574676-839522115-1003

c:\windows\Installer\117d902.msp

c:\windows\Installer\117d916.msp

c:\windows\Installer\117d92a.msp

c:\windows\Installer\117d940.msp

c:\windows\Installer\117d955.msp

c:\windows\Installer\117d96a.msp

c:\windows\Installer\1199e01.msi

c:\windows\Installer\1279b.msi

c:\windows\Installer\127a0.msi

c:\windows\Installer\13255.msi

c:\windows\Installer\13cd0a.msi

c:\windows\Installer\147b7.msi

c:\windows\Installer\147bc.msi

c:\windows\Installer\1481a.msi

c:\windows\Installer\1766742.msp

c:\windows\Installer\18669.msi

c:\windows\Installer\18689.msi

c:\windows\Installer\1c023d.msi

c:\windows\Installer\1c62e49.msi

c:\windows\Installer\1d1e0b3.msp

c:\windows\Installer\1d1e0bd.msp

c:\windows\Installer\1d1e0c8.msp

c:\windows\Installer\1e10e57.msi

c:\windows\Installer\1e905f9.msi

c:\windows\Installer\1e90603.msi

c:\windows\Installer\1fdb70f.msp

c:\windows\Installer\1fdb713.msp

c:\windows\Installer\20abf96.msi

c:\windows\Installer\251cf.msp

c:\windows\Installer\253a387.msp

c:\windows\Installer\253a3a0.msp

c:\windows\Installer\27403a.msi

c:\windows\Installer\2a233d.msp

c:\windows\Installer\2bf15d1.msi

c:\windows\Installer\2bf15d6.msi

c:\windows\Installer\2bf15dd.msi

c:\windows\Installer\2bf15e3.msi

c:\windows\Installer\2bf15ec.msi

c:\windows\Installer\2bf15f1.msi

c:\windows\Installer\2bf15f9.msi

c:\windows\Installer\2bf15fe.msi

c:\windows\Installer\2bf1605.msi

c:\windows\Installer\2bf160a.msi

c:\windows\Installer\2bf1610.msi

c:\windows\Installer\2bf1616.msi

c:\windows\Installer\2bf161c.msi

c:\windows\Installer\2bf23c3.msi

c:\windows\Installer\2bf27c0.msp

c:\windows\Installer\2bf2859.msp

c:\windows\Installer\2bf2861.msp

c:\windows\Installer\2bf2886.msp

c:\windows\Installer\2bf288c.msp

c:\windows\Installer\2bf2892.msp

c:\windows\Installer\2d069f0.msi

c:\windows\Installer\2d06a3e.msi

c:\windows\Installer\2decf47.msi

c:\windows\Installer\2eb0438.msi

c:\windows\Installer\2eb043d.msi

c:\windows\Installer\2eb0442.msi

c:\windows\Installer\2eb0447.msi

c:\windows\Installer\2eb044c.msi

c:\windows\Installer\2eb0451.msi

c:\windows\Installer\2eb0456.msi

c:\windows\Installer\2eb045b.msi

c:\windows\Installer\2eb0466.msi

c:\windows\Installer\2eb046c.msi

c:\windows\Installer\2eb0472.msi

c:\windows\Installer\2eb0478.msi

c:\windows\Installer\2eb047d.msi

c:\windows\Installer\2eb0488.msi

c:\windows\Installer\2eb048d.msi

c:\windows\Installer\2eb0492.msi

c:\windows\Installer\2eb0497.msi

c:\windows\Installer\2eb049c.msi

c:\windows\Installer\2eb04a1.msi

c:\windows\Installer\2eb04b9.msi

c:\windows\Installer\2eb04be.msi

c:\windows\Installer\2eb04c3.msi

c:\windows\Installer\2eb04c8.msi

c:\windows\Installer\2eb04cd.msi

c:\windows\Installer\2eb04d3.msi

c:\windows\Installer\2f785ef.msi

c:\windows\Installer\2ff8ec4.msi

c:\windows\Installer\2ff8ec9.msi

c:\windows\Installer\349c0.msi

c:\windows\Installer\359dd2d.msp

c:\windows\Installer\36e127.msi

c:\windows\Installer\3702b5f.msp

c:\windows\Installer\3702b72.msp

c:\windows\Installer\39086e.msi

c:\windows\Installer\3ab2766.msp

c:\windows\Installer\3cb4578.msi

c:\windows\Installer\3de22d.msi

c:\windows\Installer\3de232.msi

c:\windows\Installer\3de238.msi

c:\windows\Installer\4007713.msp

c:\windows\Installer\4007739.msp

c:\windows\Installer\400774f.msp

c:\windows\Installer\4007763.msp

c:\windows\Installer\4007777.msp

c:\windows\Installer\400778f.msp

c:\windows\Installer\40077a3.msp

c:\windows\Installer\40077b9.msp

c:\windows\Installer\40077cd.msp

c:\windows\Installer\40077e2.msp

c:\windows\Installer\40077f6.msp

c:\windows\Installer\4007809.msp

c:\windows\Installer\4cd74bd.msi

c:\windows\Installer\4cd751f.msi

c:\windows\Installer\588d29d.msi

c:\windows\Installer\5912e9.msi

c:\windows\Installer\87494.msi

c:\windows\Installer\940ca4.msp

c:\windows\Installer\98cc28.msp

c:\windows\Installer\98cc3c.msp

c:\windows\Installer\9ab539.msp

c:\windows\Installer\9ab53d.msp

c:\windows\Installer\9ab541.msp

c:\windows\Installer\9ab545.msp

c:\windows\Installer\9ab549.msp

c:\windows\Installer\9ab54d.msp

c:\windows\Installer\b340c.msi

c:\windows\Installer\b340d.msp

c:\windows\Installer\b340e.msp

c:\windows\Installer\b340f.msp

c:\windows\Installer\b3410.msp

c:\windows\Installer\b3411.msp

c:\windows\Installer\b3412.msp

c:\windows\Installer\b3413.msp

c:\windows\Installer\b3414.msp

c:\windows\Installer\b3415.msp

c:\windows\Installer\c8d6ef.msi

c:\windows\Installer\c8d6f0.msp

c:\windows\Installer\c8d6f4.msp

c:\windows\Installer\cf268.msi

c:\windows\Installer\cf275.msi

c:\windows\Installer\d8c1a8c.msi

c:\windows\Installer\ded29.msi

c:\windows\Installer\ded2a.msp

c:\windows\Installer\ded2b.msp

c:\windows\Installer\ded2c.msp

c:\windows\Installer\ded2d.msp

c:\windows\Installer\ded2e.msp

c:\windows\Installer\ded2f.msp

c:\windows\Installer\ded30.msp

c:\windows\Installer\ded31.msp

c:\windows\Installer\ded32.msp

c:\windows\Installer\ded33.msp

c:\windows\Installer\df830.msi

c:\windows\Installer\df83a.msi

c:\windows\Installer\e45c05a.msp

c:\windows\Installer\e45c05e.msp

c:\windows\Installer\e45c062.msp

c:\windows\Installer\f05e8.msi

c:\windows\Installer\f3f483.msp

c:\windows\Installer\f3f487.msp

c:\windows\Installer\f3f48b.msp

c:\windows\Installer\fbe5e.msi

c:\windows\Installer\fbe5f.msp

c:\windows\Installer\fbe60.msp

c:\windows\Installer\fbe61.msp

c:\windows\Installer\fbe62.msp

c:\windows\Installer\fbe63.msp

c:\windows\Installer\fbe72.msi

c:\windows\Installer\fbe73.msp

c:\windows\Installer\fbe74.msp

c:\windows\Installer\fbe75.msp

c:\windows\Installer\fbe76.msp

c:\windows\Installer\fbe77.msp

c:\windows\Installer\fbe78.msp

c:\windows\Installer\fbe79.msp

c:\windows\Installer\fbe7f.msi

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-07-27 to 2009-08-27 ))))))))))))))))))))))))))))

.

 

2009-08-27 19:30 . 2009-08-27 19:30 -------- d-----w- c:\xpnew\system32\LogFiles

2009-08-27 14:57 . 2008-07-08 04:45 4984 ----a-w- c:\xpnew\system32\drivers\nvphy.bin

2009-08-27 14:57 . 2008-07-29 16:33 446464 ----a-w- c:\xpnew\system32\nvunrm.exe

2009-08-27 14:57 . 2009-08-27 14:58 -------- d-----w- c:\xpnew\LastGood

2009-08-27 14:57 . 2008-08-27 16:58 453152 ----a-w- c:\xpnew\system32\NVUNINST.EXE

2009-08-27 13:34 . 2009-08-27 13:34 664 ----a-w- c:\xpnew\system32\d3d9caps.dat

2009-08-27 12:42 . 2009-08-27 12:42 552 ----a-w- c:\xpnew\system32\d3d8caps.dat

2009-08-27 12:41 . 2003-07-17 08:10 7040 ----a-r- c:\xpnew\system32\ntsim.sys

2009-08-27 12:36 . 2003-04-15 08:59 5824 ----a-w- c:\xpnew\system32\drivers\ASUSHWIO.SYS

2009-08-26 18:04 . 2009-08-26 18:04 -------- d-----r- c:\documents and settings\igor\Meus documentos

2009-08-26 18:04 . 2009-08-26 18:04 -------- d-----r- c:\documents and settings\igor\Favoritos

2009-08-26 18:04 . 2009-08-26 18:04 -------- d--h--r- c:\documents and settings\igor\Dados de aplicativos

2009-08-26 18:04 . 2009-08-26 17:55 -------- d--h--w- c:\documents and settings\igor\Modelos

2009-08-26 18:04 . 2009-08-26 14:49 -------- d--h--w- c:\documents and settings\igor\Ambiente de impressão

2009-08-26 18:04 . 2009-08-26 14:49 -------- d-----r- c:\documents and settings\igor\Menu Iniciar

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-27 21:48 . 2009-08-26 18:25 1876000 --sha-w- c:\xpnew\system32\drivers\fidbox.dat

2009-08-27 15:07 . 2007-12-13 02:34 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-08-27 12:53 . 2009-08-26 18:25 4436 --sha-w- c:\xpnew\system32\drivers\fidbox.idx

2009-08-27 12:42 . 2009-08-03 03:16 -------- d-----w- c:\arquivos de programas\Tennis Elbow Manager

2009-08-27 12:42 . 2009-08-25 03:57 -------- d-----w- c:\arquivos de programas\Tennis Elbow 2009

2009-08-26 18:15 . 2009-08-26 17:58 86315 ----a-w- c:\xpnew\pchealth\helpctr\OfflineCache\index.dat

2009-08-26 18:04 . 2001-10-28 18:07 48628 ----a-w- c:\xpnew\system32\perfc016.dat

2009-08-26 18:04 . 2001-10-28 18:07 344380 ----a-w- c:\xpnew\system32\perfh016.dat

2009-08-26 17:56 . 2009-08-26 17:56 21844 ----a-w- c:\xpnew\system32\emptyregdb.dat

2009-08-26 14:24 . 2008-09-10 17:19 -------- d-----w- c:\arquivos de programas\Dicionário de Sinônimos -completo-

2009-08-26 14:24 . 2009-01-29 02:09 -------- d-----w- c:\arquivos de programas\BBB

2009-08-26 14:24 . 2008-06-07 00:37 -------- d-----w- c:\arquivos de programas\PC Connectivity Solution

2009-08-26 14:24 . 2008-08-04 03:05 -------- d-----w- c:\arquivos de programas\Bonjour

2009-08-26 14:24 . 2007-12-13 21:08 -------- d-----w- c:\arquivos de programas\DAEMON Tools

2009-08-26 13:31 . 2009-08-26 13:31 288654 ----a-w- C:\SafeBootKeyRepair.exe

2009-08-26 12:19 . 2009-08-26 12:19 42 ----a-w- c:\arquivos de programas\Arquivos comuns\WindowsUpdate.zip

2009-08-26 01:56 . 2009-08-26 01:56 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-08-25 13:24 . 2007-12-13 16:41 -------- d-----w- c:\arquivos de programas\Google

2009-08-18 01:11 . 2009-08-18 01:10 -------- d-----w- c:\arquivos de programas\VDOWNLOADER

2009-08-18 01:11 . 2009-08-18 01:11 -------- d-----w- c:\arquivos de programas\Ask.com

2009-08-07 19:42 . 2008-08-25 02:25 -------- d-----w- c:\arquivos de programas\PcLiga 2000 v1.2 ENGLISH

2009-07-21 15:45 . 2007-12-13 22:15 -------- d-----w- c:\arquivos de programas\Sports Interactive

2009-07-06 14:12 . 2007-12-13 21:41 -------- d-----w- c:\arquivos de programas\Sega

2008-11-14 12:38 . 2009-02-28 16:46 21716845 ----a-w- c:\arquivos de programas\spanish.ltc

2008-11-14 12:37 . 2009-02-28 16:46 19824327 ----a-w- c:\arquivos de programas\swedish.ltc

2008-11-14 12:26 . 2009-02-28 16:46 22100336 ----a-w- c:\arquivos de programas\portuguese.ltc

2008-11-14 12:23 . 2009-02-28 16:46 22562877 ----a-w- c:\arquivos de programas\czech.ltc

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

c:\documents and settings\igor\Menu Iniciar\Programas\Inicializar\

is-0I0R2.lnk - c:\documents and settings\igor\Desktop\Virus Removal Tool\is-0I0R2\startup.exe [2009-8-26 65536]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

 

R1 is-0I0R2drv;is-0I0R2drv;c:\xpnew\system32\drivers\53900540.sys [26/8/2009 15:25 148496]

S3 Asushwio;Asushwio;c:\xpnew\system32\drivers\ASUSHWIO.SYS [27/8/2009 09:36 5824]

 

--- =Outros Serviços/Drivers Na Memória ---

 

*NewlyCreated* - BITS

*NewlyCreated* - FORCEWARE_INTELLIGENT_APPLICATION_MANAGER_(IAM)

*NewlyCreated* - HTTPFILTER

*NewlyCreated* - NSVCIP

*NewlyCreated* - WS2IFSL

*Deregistered* - DwShield00005132

.

.

------- Scan Suplementar -------

.

LSP: %SYSTEMROOT%\system32\nvLsp.dll

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-27 18:48

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(456)

c:\xpnew\system32\wbem\wbemsvc.dll

.

Tempo para conclusão: 2009-08-27 18:48

ComboFix-quarantined-files.txt 2009-08-27 21:48

 

Pré-execução: 20 pasta(s) 45.492.916.224 bytes disponíveis

Pós execução: 20 pasta(s) 45.513.363.456 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\XPNEW

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\XPNEW="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

313

 

Log Hijackthis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:52:33, on 27/8/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\XPNEW\System32\smss.exe

C:\XPNEW\system32\winlogon.exe

C:\XPNEW\system32\services.exe

C:\XPNEW\system32\lsass.exe

C:\XPNEW\system32\svchost.exe

C:\XPNEW\System32\svchost.exe

C:\XPNEW\system32\spoolsv.exe

C:\XPNEW\system32\wscntfy.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

C:\XPNEW\System32\svchost.exe

C:\XPNEW\system32\wuauclt.exe

C:\XPNEW\explorer.exe

C:\Documents and Settings\igor\Desktop\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O4 - Startup: is-0I0R2.lnk = C:\Documents and Settings\igor\Desktop\Virus Removal Tool\is-0I0R2\startup.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\xpnew\system32\nvlsp.dll

O10 - Unknown file in Winsock LSP: c:\xpnew\system32\nvlsp.dll

O10 - Unknown file in Winsock LSP: c:\xpnew\system32\nvlsp.dll

O10 - Unknown file in Winsock LSP: c:\xpnew\system32\nvlsp.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

 

--

End of file - 2179 bytes

 

 

 

======================//======================================

 

e agora?

 

abraço!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! ig0rf

 

<@> Baixe: < a2ppf_banner.jpg > ( ...by EmsiSoft )

<@> Salve-o em Arquivos de programas.

<@> Abra o programa e clique em: Atualizar agora --> Aguarde!

<@> Terminando,clique em: "Scan PC"

<@> Escolha a opção: "A fundo" --> Clique,à seguir,em "Analisar".

<@> Terminando,marque as caixinhas dos ítens encontrados e clique em "Enviar marcados à Quarentena".

<@> Salve e poste o relatório desta verificação. ( a2scan_xxyy09-xxxxxx.txt ) <--

<><><><><><><><>

<@> Baixe: < otlDesktopIcon.png > ( ...by OldTimer Tools )

<@> Salve-o no desktop!

 

OTLI-scan.png

 

<@> Segundo a imagem,mude a opção em "Output" para "Minimal Output".

<@> Duplo-clique em OTL.exe --> Marque a opção "Scan All Users".

<@> Clique em: < runscanbutton.png > --> Aguarde!

<@> Poste:

 

<1> OTL.txt <--

<2> Extra.txt <--

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite.

Consegui acessar o windows antigo. Estava apenas faltando o arquivo userinit.exe, então copiei do novo windows pra pasta do antigo e consegui inicializar ele.

 

executei, então, os programas nele:

 

 

 

a-squared Free - Versão 4.5

Última atualização 27/8/2009 23:59:38

 

Configurações da análise:

 

Scan type: deep

Objetos: Memória, Rastros, Cookies, H:\

Análise de arquivos: Ligado

Heurística: Desligado

Análise de ADS: Ligado

 

Início da análise: 28/8/2009 00:09:52

 

[1336] H:\WINDOWS\Explorer.EXE detectado: Trojan.Win32.Patched!IK

[1424] H:\WINDOWS\System32\avast!UpdateAgent.exe detectado: Trojan-Downloader.Win32.Cbeplay!IK

h:\documents and settings\usuario\dados de aplicativos\bsplayer detectado: Trace.Directory.BSplayer!A2

h:\documents and settings\usuario\dados de aplicativos\bsplayer pro detectado: Trace.Directory.BSplayer!A2

h:\documents and settings\usuario\dados de aplicativos\bsplayer\bslib detectado: Trace.Directory.BSplayer!A2

h:\arquivos de programas\webteh\bsplayer detectado: Trace.Directory.BSplayer!A2

h:\arquivos de programas\webteh\bsplayer\bslib detectado: Trace.Directory.BSplayer!A2

h:\arquivos de programas\webteh\bsplayer\doc detectado: Trace.Directory.BSplayer!A2

h:\arquivos de programas\webteh\bsplayer\insfiles detectado: Trace.Directory.BSplayer!A2

h:\arquivos de programas\webteh\bsplayer\lang detectado: Trace.Directory.BSplayer!A2

h:\arquivos de programas\webteh\bsplayer\media detectado: Trace.Directory.BSplayer!A2

h:\arquivos de programas\webteh\bsplayer\plugins detectado: Trace.Directory.BSplayer!A2

h:\arquivos de programas\webteh\bsplayer\sdk detectado: Trace.Directory.BSplayer!A2

h:\arquivos de programas\webteh\bsplayer\sdk\plugins detectado: Trace.Directory.BSplayer!A2

h:\arquivos de programas\webteh\bsplayer\sdk\plugins\c detectado: Trace.Directory.BSplayer!A2

h:\arquivos de programas\webteh\bsplayer\sdk\plugins\c\sample detectado: Trace.Directory.BSplayer!A2

h:\arquivos de programas\webteh\bsplayer\sdk\plugins\c\sample_subtitles detectado: Trace.Directory.BSplayer!A2

h:\arquivos de programas\webteh\bsplayer\sdk\plugins\delphi detectado: Trace.Directory.BSplayer!A2

h:\arquivos de programas\webteh\bsplayer\sdk\plugins\delphi\sample detectado: Trace.Directory.BSplayer!A2

h:\arquivos de programas\webteh\bsplayer\sdk\plugins\delphi\sample_subtitles detectado: Trace.Directory.BSplayer!A2

h:\arquivos de programas\webteh\bsplayer\skins detectado: Trace.Directory.BSplayer!A2

h:\arquivos de programas\webteh\bsplayer\skins\base detectado: Trace.Directory.BSplayer!A2

h:\documents and settings\usuario\menu iniciar\programas\webteh detectado: Trace.Directory.BSplayer!A2

h:\arquivos de programas\partygaming detectado: Trace.Directory.PartyPoker!A2

h:\arquivos de programas\partygaming\images detectado: Trace.Directory.PartyPoker!A2

h:\arquivos de programas\partygaming\language detectado: Trace.Directory.PartyPoker!A2

h:\arquivos de programas\partygaming\language\en_us detectado: Trace.Directory.PartyPoker!A2

h:\arquivos de programas\partygaming\partycasino detectado: Trace.Directory.PartyPoker!A2

h:\arquivos de programas\partygaming\partycasino\language detectado: Trace.Directory.PartyPoker!A2

h:\arquivos de programas\partygaming\partycasino\language\en_us detectado: Trace.Directory.PartyPoker!A2

h:\arquivos de programas\partygaming\partycasino\language\en_us\images detectado: Trace.Directory.PartyPoker!A2

h:\arquivos de programas\partygaming\partycasino\language\en_us\images\games detectado: Trace.Directory.PartyPoker!A2

h:\arquivos de programas\partygaming\partycasino\language\en_us\images\games\cardgames detectado: Trace.Directory.PartyPoker!A2

h:\arquivos de programas\partygaming\partycasino\language\en_us\images\games\cardgames\blackjack detectado: Trace.Directory.PartyPoker!A2

h:\arquivos de programas\partygaming\partycasino\language\en_us\images\games\cardgames\blackjack\blackjack detectado: Trace.Directory.PartyPoker!A2

h:\arquivos de programas\partygaming\partycasino\language\en_us\images\games\cardgames\multiplayerbj detectado: Trace.Directory.PartyPoker!A2

h:\arquivos de programas\partygaming\partycasino\language\en_us\images\games\cardgames\multiplayerbj\multiplayerblackjack detectado: Trace.Directory.PartyPoker!A2

h:\arquivos de programas\partygaming\partypoker detectado: Trace.Directory.PartyPoker!A2

h:\arquivos de programas\partygaming\partypoker\images detectado: Trace.Directory.PartyPoker!A2

h:\arquivos de programas\partygaming\partypoker\language detectado: Trace.Directory.PartyPoker!A2

h:\arquivos de programas\partygaming\partypoker\language\en_us detectado: Trace.Directory.PartyPoker!A2

h:\arquivos de programas\partygaming\partypoker\language\en_us\articles detectado: Trace.Directory.PartyPoker!A2

h:\arquivos de programas\partygaming\partypoker\temp detectado: Trace.Directory.PartyPoker!A2

h:\documents and settings\usuario\menu iniciar\programas\partypoker detectado: Trace.Directory.PartyPoker!A2

Value: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run --> servises detectado: Trace.Registry.cakpapaz.cn!A2

Value: HKEY_USERS\S-1-5-21-73586283-1326574676-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run --> servises detectado: Trace.Registry.cakpapaz.cn!A2

Value: HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run --> servises detectado: Trace.Registry.cakpapaz.cn!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run --> servises detectado: Trace.Registry.cakpapaz.cn!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\services --> del detectado: Trace.Registry.cakpapaz.cn!A2

h:\windows\temp\update.exe detectado: Trace.File.Presto TuneUp!A2

h:\windows\system32\servises.exe detectado: Trace.File.Malekal morte!A2

h:\windows\system32\_id.dat detectado: Trace.File.silzefos.cn!A2

h:\windows\prefetch\6.tmp-3b726fb8.pf detectado: Trace.File.www.freewebtown.com!A2

h:\windows\prefetch\7.tmp-138c6dfa.pf detectado: Trace.File.www.freewebtown.com!A2

h:\windows\system32\5.tmp detectado: Trace.File.www.freewebtown.com!A2

h:\documents and settings\usuario\dados de aplicativos\bsplayer pro\eq.xml detectado: Trace.File.BSplayer!A2

h:\documents and settings\usuario\dados de aplicativos\bsplayer\bslib\bspmlib.dat detectado: Trace.File.BSplayer!A2

h:\documents and settings\usuario\dados de aplicativos\bsplayer\bsplayer.xml detectado: Trace.File.BSplayer!A2

h:\arquivos de programas\webteh\bsplayer\bplay.exe detectado: Trace.File.BSplayer!A2

h:\arquivos de programas\webteh\bsplayer\bslib\bslib.dll detectado: Trace.File.BSplayer!A2

h:\arquivos de programas\webteh\bsplayer\bslib\gds32.dll detectado: Trace.File.BSplayer!A2

h:\arquivos de programas\webteh\bsplayer\bslib\icudt30.dll detectado: Trace.File.BSplayer!A2

h:\arquivos de programas\webteh\bsplayer\bslib\icuin30.dll detectado: Trace.File.BSplayer!A2

h:\arquivos de programas\webteh\bsplayer\bslib\icuuc30.dll detectado: Trace.File.BSplayer!A2

h:\arquivos de programas\webteh\bsplayer\bspfilters.sam detectado: Trace.File.BSplayer!A2

h:\arquivos de programas\webteh\bsplayer\bsplay.exe detectado: Trace.File.BSplayer!A2

h:\arquivos de programas\webteh\bsplayer\bsplayer.exe detectado: Trace.File.BSplayer!A2

h:\arquivos de programas\webteh\bsplayer\bsplayer.exe.manifest detectado: Trace.File.BSplayer!A2

h:\arquivos de programas\webteh\bsplayer\bsrendv2.dll detectado: Trace.File.BSplayer!A2

h:\arquivos de programas\webteh\bsplayer\changes.txt detectado: Trace.File.BSplayer!A2

h:\arquivos de programas\webteh\bsplayer\doc\cmdline.txt detectado: Trace.File.BSplayer!A2

h:\arquivos de programas\webteh\bsplayer\insfiles\bspmlib.dat detectado: Trace.File.BSplayer!A2

h:\arquivos de programas\webteh\bsplayer\insfiles\eq.xml detectado: Trace.File.BSplayer!A2

h:\arquivos de programas\webteh\bsplayer\media\siddharta_-_play_with_me.mp3 detectado: Trace.File.BSplayer!A2

h:\arquivos de programas\webteh\bsplayer\plugins\oldskin.dll detectado: Trace.File.BSplayer!A2

h:\arquivos de programas\webteh\bsplayer\sdk\bsp.h detectado: Trace.File.BSplayer!A2

h:\arquivos de programas\webteh\bsplayer\sdk\bsp.pas detectado: Trace.File.BSplayer!A2

h:\arquivos de programas\webteh\bsplayer\sdk\plugins\bspplg.h detectado: Trace.File.BSplayer!A2

h:\arquivos de programas\webteh\bsplayer\sdk\plugins\bspplg.pas detectado: Trace.File.BSplayer!A2

h:\arquivos de programas\webteh\bsplayer\sdk\plugins\c\sample\sample_plugin.def detectado: Trace.File.BSplayer!A2

h:\arquivos de programas\webteh\bsplayer\sdk\plugins\c\sample\sample_plugin.dsp detectado: Trace.File.BSplayer!A2

h:\arquivos de programas\webteh\bsplayer\sdk\plugins\c\sample\sample_plugin.dsw detectado: Trace.File.BSplayer!A2

h:\arquivos de programas\webteh\bsplayer\sdk\plugins\c\sample\sampleplugin.c detectado: Trace.File.BSplayer!A2

h:\arquivos de programas\webteh\bsplayer\sdk\plugins\c\sample_subtitles\sample_sub.c detectado: Trace.File.BSplayer!A2

h:\arquivos de programas\webteh\bsplayer\sdk\plugins\c\sample_subtitles\sample_sub.def detectado: Trace.File.BSplayer!A2

h:\arquivos de programas\webteh\bsplayer\sdk\plugins\c\sample_subtitles\sample_subtitles.dsp detectado: Trace.File.BSplayer!A2

h:\arquivos de programas\webteh\bsplayer\sdk\plugins\c\sample_subtitles\sample_subtitles.dsw detectado: Trace.File.BSplayer!A2

h:\arquivos de programas\webteh\bsplayer\sdk\plugins\delphi\sample\sample_plugin.dpr detectado: Trace.File.BSplayer!A2

h:\arquivos de programas\webteh\bsplayer\sdk\plugins\delphi\sample_subtitles\sample_sub.dpr detectado: Trace.File.BSplayer!A2

h:\arquivos de programas\webteh\bsplayer\skins\base\plist.ini detectado: Trace.File.BSplayer!A2

h:\arquivos de programas\webteh\bsplayer\skins\base\prevd.bmp detectado: Trace.File.BSplayer!A2

h:\arquivos de programas\webteh\bsplayer\skins\base\rgn.dat detectado: Trace.File.BSplayer!A2

h:\arquivos de programas\webteh\bsplayer\skins\base\rgnfs.dat detectado: Trace.File.BSplayer!A2

h:\arquivos de programas\webteh\bsplayer\skins\base\skin.ini detectado: Trace.File.BSplayer!A2

h:\arquivos de programas\webteh\bsplayer\skins\base\skinfs.ini detectado: Trace.File.BSplayer!A2

h:\arquivos de programas\webteh\bsplayer\skins\bat lite.bsz detectado: Trace.File.BSplayer!A2

h:\arquivos de programas\webteh\bsplayer\skins\bsplayer.v1.bsz detectado: Trace.File.BSplayer!A2

h:\arquivos de programas\webteh\bsplayer\skins\mediabox v-1.bsz detectado: Trace.File.BSplayer!A2

h:\arquivos de programas\webteh\bsplayer\skins\mediabox v-2.bsz detectado: Trace.File.BSplayer!A2

h:\windows\system32\nslock15vb6.ocx detectado: Trace.File.KeyThief2.0!A2

h:\documents and settings\usuario\dados de aplicativos\microsoft\internet explorer\quick launch\partypoker.lnk detectado: Trace.File.PartyPoker!A2

h:\documents and settings\usuario\desktop\partypoker.lnk detectado: Trace.File.PartyPoker!A2

h:\arquivos de programas\partygaming\ara.ini detectado: Trace.File.PartyPoker!A2

h:\arquivos de programas\partygaming\dm.dll detectado: Trace.File.PartyPoker!A2

h:\arquivos de programas\partygaming\images\habeas_webseal.gif detectado: Trace.File.PartyPoker!A2

h:\arquivos de programas\partygaming\language\en_us\lang_pack_en_us.txt detectado: Trace.File.PartyPoker!A2

h:\arquivos de programas\partygaming\libeay32.dll detectado: Trace.File.PartyPoker!A2

h:\arquivos de programas\partygaming\llh.dll detectado: Trace.File.PartyPoker!A2

h:\arquivos de programas\partygaming\partycasino\gra.ini detectado: Trace.File.PartyPoker!A2

h:\arquivos de programas\partygaming\partycasino\partycasino.dll detectado: Trace.File.PartyPoker!A2

h:\arquivos de programas\partygaming\partycasino\sys.ini detectado: Trace.File.PartyPoker!A2

h:\arquivos de programas\partygaming\partygaming.exe detectado: Trace.File.PartyPoker!A2

h:\arquivos de programas\partygaming\partypoker\gra.ini detectado: Trace.File.PartyPoker!A2

h:\arquivos de programas\partygaming\partypoker\install.log detectado: Trace.File.PartyPoker!A2

h:\arquivos de programas\partygaming\partypoker\install.sss detectado: Trace.File.PartyPoker!A2

h:\arquivos de programas\partygaming\partypoker\language\en_us\lang_pack_en_us.txt detectado: Trace.File.PartyPoker!A2

h:\arquivos de programas\partygaming\partypoker\partypoker.dll detectado: Trace.File.PartyPoker!A2

h:\arquivos de programas\partygaming\partypoker\poker.bin detectado: Trace.File.PartyPoker!A2

h:\arquivos de programas\partygaming\partypoker\ppunistall.bat detectado: Trace.File.PartyPoker!A2

h:\arquivos de programas\partygaming\partypoker\reminder.wav detectado: Trace.File.PartyPoker!A2

h:\arquivos de programas\partygaming\partypoker\ring.wav detectado: Trace.File.PartyPoker!A2

h:\arquivos de programas\partygaming\partypoker\sys.ini detectado: Trace.File.PartyPoker!A2

h:\arquivos de programas\partygaming\partypoker\tabconfig.txt detectado: Trace.File.PartyPoker!A2

h:\arquivos de programas\partygaming\partypoker\tap.wav detectado: Trace.File.PartyPoker!A2

h:\arquivos de programas\partygaming\partypoker\usertab.txt detectado: Trace.File.PartyPoker!A2

h:\arquivos de programas\partygaming\ssleay32.dll detectado: Trace.File.PartyPoker!A2

h:\arquivos de programas\partygaming\zlib1.dll detectado: Trace.File.PartyPoker!A2

h:\documents and settings\usuario\menu iniciar\programas\partypoker\partypoker.lnk detectado: Trace.File.PartyPoker!A2

Value: HKEY_USERS\S-1-5-21-73586283-1326574676-839522115-1003\Software\BST\bsplayerv1 --> AppPath detectado: Trace.Registry.BSplayer!A2

Value: HKEY_USERS\S-1-5-21-73586283-1326574676-839522115-1003\Software\BST\bsplayerv1 --> AppVer detectado: Trace.Registry.BSplayer!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\PlayCDAudioOnArrival --> BSplayerCDDA detectado: Trace.Registry.BSplayer!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSplayerCDDA --> Action detectado: Trace.Registry.BSplayer!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSplayerCDDA --> DefaultIcon detectado: Trace.Registry.BSplayer!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSplayerCDDA --> InvokeProgID detectado: Trace.Registry.BSplayer!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSplayerCDDA --> InvokeVerb detectado: Trace.Registry.BSplayer!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSplayerCDDA --> Provider detectado: Trace.Registry.BSplayer!A2

Value: HKEY_CLASSES_ROOT\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.Bara de instrumente web a ISJ Bacau!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.Bara de instrumente web a ISJ Bacau!A2

Value: HKEY_USERS\S-1-5-21-73586283-1326574676-839522115-1003\Software\PartyGaming\PartyPoker --> 1 detectado: Trace.Registry.PartyPoker!A2

Value: HKEY_USERS\S-1-5-21-73586283-1326574676-839522115-1003\Software\PartyGaming\PartyPoker --> 10 detectado: Trace.Registry.PartyPoker!A2

Value: HKEY_USERS\S-1-5-21-73586283-1326574676-839522115-1003\Software\PartyGaming\PartyPoker --> 2 detectado: Trace.Registry.PartyPoker!A2

Value: HKEY_USERS\S-1-5-21-73586283-1326574676-839522115-1003\Software\PartyGaming\PartyPoker --> 4 detectado: Trace.Registry.PartyPoker!A2

Value: HKEY_USERS\S-1-5-21-73586283-1326574676-839522115-1003\Software\PartyGaming\PartyPoker --> 5 detectado: Trace.Registry.PartyPoker!A2

Value: HKEY_USERS\S-1-5-21-73586283-1326574676-839522115-1003\Software\PartyGaming\PartyPoker --> 6 detectado: Trace.Registry.PartyPoker!A2

Value: HKEY_USERS\S-1-5-21-73586283-1326574676-839522115-1003\Software\PartyGaming\PartyPoker --> 7 detectado: Trace.Registry.PartyPoker!A2

Value: HKEY_USERS\S-1-5-21-73586283-1326574676-839522115-1003\Software\PartyGaming\PartyPoker --> 9 detectado: Trace.Registry.PartyPoker!A2

Value: HKEY_USERS\S-1-5-21-73586283-1326574676-839522115-1003\Software\PartyGaming\PartyPoker --> AdsLastKnownState detectado: Trace.Registry.PartyPoker!A2

Value: HKEY_USERS\S-1-5-21-73586283-1326574676-839522115-1003\Software\PartyGaming\PartyPoker --> AppPath detectado: Trace.Registry.PartyPoker!A2

Value: HKEY_USERS\S-1-5-21-73586283-1326574676-839522115-1003\Software\PartyGaming\PartyPoker --> BlackjackSounds detectado: Trace.Registry.PartyPoker!A2

Value: HKEY_USERS\S-1-5-21-73586283-1326574676-839522115-1003\Software\PartyGaming\PartyPoker --> BlackjackVoice detectado: Trace.Registry.PartyPoker!A2

Value: HKEY_USERS\S-1-5-21-73586283-1326574676-839522115-1003\Software\PartyGaming\PartyPoker --> EnableCallOuts detectado: Trace.Registry.PartyPoker!A2

Value: HKEY_USERS\S-1-5-21-73586283-1326574676-839522115-1003\Software\PartyGaming\PartyPoker --> EnableCardAnimations detectado: Trace.Registry.PartyPoker!A2

Value: HKEY_USERS\S-1-5-21-73586283-1326574676-839522115-1003\Software\PartyGaming\PartyPoker --> EnableCongratulations detectado: Trace.Registry.PartyPoker!A2

Value: HKEY_USERS\S-1-5-21-73586283-1326574676-839522115-1003\Software\PartyGaming\PartyPoker --> EnableSounds detectado: Trace.Registry.PartyPoker!A2

Value: HKEY_USERS\S-1-5-21-73586283-1326574676-839522115-1003\Software\PartyGaming\PartyPoker --> FourColourDeck detectado: Trace.Registry.PartyPoker!A2

Value: HKEY_USERS\S-1-5-21-73586283-1326574676-839522115-1003\Software\PartyGaming\PartyPoker --> HHEnableLog detectado: Trace.Registry.PartyPoker!A2

Value: HKEY_USERS\S-1-5-21-73586283-1326574676-839522115-1003\Software\PartyGaming\PartyPoker --> HHLogDays detectado: Trace.Registry.PartyPoker!A2

Value: HKEY_USERS\S-1-5-21-73586283-1326574676-839522115-1003\Software\PartyGaming\PartyPoker --> HHLogSize detectado: Trace.Registry.PartyPoker!A2

Value: HKEY_USERS\S-1-5-21-73586283-1326574676-839522115-1003\Software\PartyGaming\PartyPoker --> id detectado: Trace.Registry.PartyPoker!A2

Value: HKEY_USERS\S-1-5-21-73586283-1326574676-839522115-1003\Software\PartyGaming\PartyPoker --> InitialPort detectado: Trace.Registry.PartyPoker!A2

Value: HKEY_USERS\S-1-5-21-73586283-1326574676-839522115-1003\Software\PartyGaming\PartyPoker --> InstallState detectado: Trace.Registry.PartyPoker!A2

Value: HKEY_USERS\S-1-5-21-73586283-1326574676-839522115-1003\Software\PartyGaming\PartyPoker --> MuckLosingHand detectado: Trace.Registry.PartyPoker!A2

Value: HKEY_USERS\S-1-5-21-73586283-1326574676-839522115-1003\Software\PartyGaming\PartyPoker --> SL detectado: Trace.Registry.PartyPoker!A2

Value: HKEY_USERS\S-1-5-21-73586283-1326574676-839522115-1003\Software\PartyGaming\PartyPoker --> TableType detectado: Trace.Registry.PartyPoker!A2

Value: HKEY_USERS\S-1-5-21-73586283-1326574676-839522115-1003\Software\PartyGaming\PartyPoker --> useCount detectado: Trace.Registry.PartyPoker!A2

Value: HKEY_USERS\S-1-5-21-73586283-1326574676-839522115-1003\Software\PartyGaming --> AutoLoginToOtherGames detectado: Trace.Registry.PartyPoker!A2

Value: HKEY_USERS\S-1-5-21-73586283-1326574676-839522115-1003\Software\PartyGaming --> CFDialogShown detectado: Trace.Registry.PartyPoker!A2

Value: HKEY_USERS\S-1-5-21-73586283-1326574676-839522115-1003\Software\PartyGaming --> FreshInstall detectado: Trace.Registry.PartyPoker!A2

Value: HKEY_USERS\S-1-5-21-73586283-1326574676-839522115-1003\Software\PartyGaming --> OldCFformat detectado: Trace.Registry.PartyPoker!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PartyPoker --> DisplayIcon detectado: Trace.Registry.PartyPoker!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PartyPoker --> DisplayName detectado: Trace.Registry.PartyPoker!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PartyPoker --> DisplayVersion detectado: Trace.Registry.PartyPoker!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PartyPoker --> InstallDate detectado: Trace.Registry.PartyPoker!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PartyPoker --> InstallLocation detectado: Trace.Registry.PartyPoker!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PartyPoker --> InstallSource detectado: Trace.Registry.PartyPoker!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PartyPoker --> InstallSourceFile detectado: Trace.Registry.PartyPoker!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PartyPoker --> Publisher detectado: Trace.Registry.PartyPoker!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PartyPoker --> SilentSettings detectado: Trace.Registry.PartyPoker!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PartyPoker --> UninstallString detectado: Trace.Registry.PartyPoker!A2

H:\Documents and Settings\usuario\Cookies\usuario@about[1].txt detectado: Trace.TrackingCookie.about!A2

H:\Documents and Settings\usuario\Cookies\usuario@adserver.dialhost.com[2].txt detectado: Trace.TrackingCookie.adserv!A2

H:\Documents and Settings\usuario\Cookies\usuario@adservingml[1].txt detectado: Trace.TrackingCookie.adserv!A2

H:\Documents and Settings\usuario\Cookies\usuario@atdmt[1].txt detectado: Trace.TrackingCookie.atdmt!A2

H:\Documents and Settings\usuario\Cookies\usuario@bs.serving-sys[1].txt detectado: Trace.TrackingCookie.bs.serving-sys!A2

H:\Documents and Settings\usuario\Cookies\usuario@cgi-bin[1].txt detectado: Trace.TrackingCookie.cgi-bin[1].txt!A2

H:\Documents and Settings\usuario\Cookies\usuario@comunidade[2].txt detectado: Trace.TrackingCookie.com!A2

H:\Documents and Settings\usuario\Cookies\usuario@doubleclick[1].txt detectado: Trace.TrackingCookie.doubleclick!A2

H:\Documents and Settings\usuario\Cookies\usuario@google.com[2].txt detectado: Trace.TrackingCookie.google.com!A2

H:\Documents and Settings\usuario\Cookies\usuario@ig.com[1].txt detectado: Trace.TrackingCookie.ig.com!A2

H:\Documents and Settings\usuario\Cookies\usuario@iwon[1].txt detectado: Trace.TrackingCookie.iwon!A2

H:\Documents and Settings\usuario\Cookies\usuario@linkbucks[2].txt detectado: Trace.TrackingCookie.link!A2

H:\Documents and Settings\usuario\Cookies\usuario@media6degrees[1].txt detectado: Trace.TrackingCookie.media!A2

H:\Documents and Settings\usuario\Cookies\usuario@serving-sys[2].txt detectado: Trace.TrackingCookie.serving-sys!A2

H:\Documents and Settings\usuario\Cookies\usuario@sexxxyvideo.uol.com[2].txt detectado: Trace.TrackingCookie.---!A2

H:\Documents and Settings\usuario\Cookies\usuario@specificclick[2].txt detectado: Trace.TrackingCookie.specificclick!A2

H:\Documents and Settings\usuario\Cookies\usuario@statcounter[1].txt detectado: Trace.TrackingCookie.statcounter!A2

H:\Documents and Settings\usuario\Cookies\usuario@ww3.shoshkeles[1].txt detectado: Trace.TrackingCookie.ww3.shoshkeles!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.txt:5 detectado: Trace.TrackingCookie.doubleclick.net!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1233336314812500 detectado: Trace.TrackingCookie.ad.adnetwork.com.br!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1233462116453126 detectado: Trace.TrackingCookie.ad.adnetwork.com.br!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1233462125156250 detectado: Trace.TrackingCookie.ad.adnetwork.com.br!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1233694573875001 detectado: Trace.TrackingCookie.ad.adnetwork.com.br!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1234058312125002 detectado: Trace.TrackingCookie.ad.adnetwork.com.br!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1234553723875000 detectado: Trace.TrackingCookie.ads.realmedia.com.br!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1234654978859375 detectado: Trace.TrackingCookie.ad.adnetwork.com.br!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1235229079109375 detectado: Trace.TrackingCookie.hits.e.cl!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1235324273875001 detectado: Trace.TrackingCookie.ad.adnetwork.com.br!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1235409577121997 detectado: Trace.TrackingCookie.ad.adnetwork.com.br!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1235861865140626 detectado: Trace.TrackingCookie.ad.adnetwork.com.br!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1236047443940794 detectado: Trace.TrackingCookie.media!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1236360275984376 detectado: Trace.TrackingCookie.ad.adnetwork.com.br!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1236360672453125 detectado: Trace.TrackingCookie.ad.adnetwork.com.br!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1236552991578126 detectado: Trace.TrackingCookie.ads.e-planning.net!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1236826128765626 detectado: Trace.TrackingCookie.web2.checkm8.com!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1236826128765627 detectado: Trace.TrackingCookie.web2.checkm8.com!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1236826128765628 detectado: Trace.TrackingCookie.web2.checkm8.com!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1236826128765629 detectado: Trace.TrackingCookie.web2.checkm8.com!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1236826128765631 detectado: Trace.TrackingCookie.web2.checkm8.com!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1236826137093750 detectado: Trace.TrackingCookie.web2.checkm8.com!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1236863106078125 detectado: Trace.TrackingCookie.ad.adnetwork.com.br!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1237675405828126 detectado: Trace.TrackingCookie.myspace.com!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1237888398591953 detectado: Trace.TrackingCookie.ign.com!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1237990160187500 detectado: Trace.TrackingCookie.go.com!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1237990162609376 detectado: Trace.TrackingCookie.go.com!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1238223965953125 detectado: Trace.TrackingCookie.ad.adnetwork.com.br!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1238426582578127 detectado: Trace.TrackingCookie.ad.adnetwork.com.br!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1238895225140626 detectado: Trace.TrackingCookie.ad.adnetwork.com.br!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1239050444640625 detectado: Trace.TrackingCookie.ad.adnetwork.com.br!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1239674792761199 detectado: Trace.TrackingCookie.ad.adnetwork.com.br!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1240333825764250 detectado: Trace.TrackingCookie.optimizedby.rmxads.com!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1240584638890626 detectado: Trace.TrackingCookie.ad.adnetwork.com.br!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1240673548406251 detectado: Trace.TrackingCookie.ad.adnetwork.com.br!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1240695389750000 detectado: Trace.TrackingCookie.ad.adnetwork.com.br!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1240752315031250 detectado: Trace.TrackingCookie.ad.adnetwork.com.br!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1241055250046875 detectado: Trace.TrackingCookie.ad.adnetwork.com.br!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1241395439750000 detectado: Trace.TrackingCookie.myspace.com!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1241395439750003 detectado: Trace.TrackingCookie.myspace.com!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1241576203140625 detectado: Trace.TrackingCookie.ad.adnetwork.com.br!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1241583205250001 detectado: Trace.TrackingCookie.ad.adnetwork.com.br!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1241712384562501 detectado: Trace.TrackingCookie.ad.adnetwork.com.br!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1241719387781250 detectado: Trace.TrackingCookie.media!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1241798226093750 detectado: Trace.TrackingCookie.ad.adnetwork.com.br!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1241830316640628 detectado: Trace.TrackingCookie.ad.adnetwork.com.br!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1241924942281252 detectado: Trace.TrackingCookie.go.com!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1242252155781250 detectado: Trace.TrackingCookie.ad.adnetwork.com.br!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1242252158890625 detectado: Trace.TrackingCookie.ad.adnetwork.com.br!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1242405770890625 detectado: Trace.TrackingCookie.server.iad.livepers!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1242613523562500 detectado: Trace.TrackingCookie.ad.adnetwork.com.br!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1242836791437503 detectado: Trace.TrackingCookie.go.com!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1243103295140625 detectado: Trace.TrackingCookie.ads.us.e-planning.net!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1243824442281250 detectado: Trace.TrackingCookie.ads.sapo.pt!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1244604044296876 detectado: Trace.TrackingCookie.ad.adnetwork.com.br!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1245035366531250 detectado: Trace.TrackingCookie.ad.adnetwork.com.br!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1245358718281251 detectado: Trace.TrackingCookie.ad.adnetwork.com.br!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1245460566015626 detectado: Trace.TrackingCookie.ad.adnetwork.com.br!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1245782119890625 detectado: Trace.TrackingCookie.ad.adnetwork.com.br!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1245861591328126 detectado: Trace.TrackingCookie.ad.adnetwork.com.br!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1245953954703125 detectado: Trace.TrackingCookie.ad.adnetwork.com.br!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1245961708796876 detectado: Trace.TrackingCookie.ad.adnetwork.com.br!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1245966414921875 detectado: Trace.TrackingCookie.aol.com!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1246041547937503 detectado: Trace.TrackingCookie.ad.adnetwork.com.br!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1246074066156251 detectado: Trace.TrackingCookie.thefreedictionary.com!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1246306458125001 detectado: Trace.TrackingCookie.www6.addfreestats.com!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1246634112343750 detectado: Trace.TrackingCookie.ad.adnetwork.com.br!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1246753184625001 detectado: Trace.TrackingCookie.www.com!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1246753189296875 detectado: Trace.TrackingCookie.www.com!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1246765728781250 detectado: Trace.TrackingCookie.wikia-ads.wikia.com!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1247199803340773 detectado: Trace.TrackingCookie.lycos.com!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1247199808543632 detectado: Trace.TrackingCookie.lycos.com!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1247319009484376 detectado: Trace.TrackingCookie.ad.adnetwork.com.br!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1248014582343750 detectado: Trace.TrackingCookie.loc1.hitsprocessor.com!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1248057088218750 detectado: Trace.TrackingCookie.media!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1248098365015625 detectado: Trace.TrackingCookie.ign.com!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1248099344859375 detectado: Trace.TrackingCookie.adserv!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1248106441796877 detectado: Trace.TrackingCookie.ad.adnetwork.com.br!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1248106497734376 detectado: Trace.TrackingCookie.ads.cnn.com!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1248637132078125 detectado: Trace.TrackingCookie.www.googleadservices.com!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1248646380875000 detectado: Trace.TrackingCookie.www.googleadservices.com!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1248916945218750 detectado: Trace.TrackingCookie.ad.adnetwork.com.br!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1248970547687500 detectado: Trace.TrackingCookie.doubleclick.net!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1248972906109375 detectado: Trace.TrackingCookie.ad.yieldmanager.com!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1248973653234377 detectado: Trace.TrackingCookie.zedo.com!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1248973653234379 detectado: Trace.TrackingCookie.zedo.com!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1249268543140626 detectado: Trace.TrackingCookie.www3.addfreestats.com!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1249341492046875 detectado: Trace.TrackingCookie.ad.adnetwork.com.br!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1249345537406252 detectado: Trace.TrackingCookie.ad.yieldmanager.com!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1249408130984375 detectado: Trace.TrackingCookie.ad.adnetwork.com.br!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1249434928234375 detectado: Trace.TrackingCookie.ad.yieldmanager.com!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1249618506031250 detectado: Trace.TrackingCookie.tribalfusion.com!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1249667143265627 detectado: Trace.TrackingCookie.fl01.ct2.comclick!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1249667143265628 detectado: Trace.TrackingCookie.fl01.ct2.comclick!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1249672516734376 detectado: Trace.TrackingCookie.statse.webtrendslive!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1249682439875000 detectado: Trace.TrackingCookie.ad.yieldmanager.com!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1249842390046876 detectado: Trace.TrackingCookie.adbrite.com!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1249842390046877 detectado: Trace.TrackingCookie.adbrite.com!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1250179803765625 detectado: Trace.TrackingCookie.www.googleadservices.com!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1250544879234376 detectado: Trace.TrackingCookie.ad.adnetwork.com.br!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1250555746062500 detectado: Trace.TrackingCookie.casalemedia.com!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1250555746062501 detectado: Trace.TrackingCookie.casalemedia.com!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1250555746062502 detectado: Trace.TrackingCookie.casalemedia.com!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1250555746625003 detectado: Trace.TrackingCookie.casalemedia.com!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1250555746625007 detectado: Trace.TrackingCookie.casalemedia.com!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1250563993015626 detectado: Trace.TrackingCookie.www.iwon.com!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1250606423468751 detectado: Trace.TrackingCookie.ad.adnetwork.com.br!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1250653696531250 detectado: Trace.TrackingCookie.myspace.com!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1250864766468750 detectado: Trace.TrackingCookie.ad.adnetwork.com.br!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1250918805000001 detectado: Trace.TrackingCookie.adbrite.com!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1250918825359378 detectado: Trace.TrackingCookie.ad.yieldmanager.com!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1251161886156251 detectado: Trace.TrackingCookie.ad.yieldmanager.com!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1251204032437500 detectado: Trace.TrackingCookie.m1.webstats.motigo.com!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1251204034093750 detectado: Trace.TrackingCookie.eas.apm.emediate.eu!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1251204034109375 detectado: Trace.TrackingCookie.eas.apm.emediate.eu!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1251204035187500 detectado: Trace.TrackingCookie.eas.apm.emediate.eu!A2

H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\9ahvs326.default\cookies.sqlite:1251205761984378 detectado: Trace.TrackingCookie.ad.yieldmanager.com!A2

 

=====================================

 

OTL logfile created on: 28/8/2009 00:28:43 - Run 1

OTL by OldTimer - Version 3.0.10.7 Folder = H:\Documents and Settings\usuario\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

 

2,00 Gb Total Physical Memory | 1,40 Gb Available Physical Memory | 69,80% Memory free

3,85 Gb Paging File | 3,41 Gb Available in Paging File | 88,51% Paging File free

Paging file location(s): H:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Arquivos de programas

C: Drive not present or media not loaded

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

Drive G: | 701,05 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Drive H: | 232,88 Gb Total Space | 41,77 Gb Free Space | 17,94% Space Free | Partition Type: NTFS

I: Drive not present or media not loaded

 

Computer Name: IGOR

Current User Name: usuario

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 

========== Processes (SafeList) ==========

 

PRC - H:\WINDOWS\System32\servises.exe ()

PRC - H:\WINDOWS\System32\servises.exe ()

PRC - H:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

PRC - H:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)

PRC - H:\Arquivos de programas\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - H:\Arquivos de programas\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - H:\Arquivos de programas\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)

PRC - H:\Arquivos de programas\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)

PRC - H:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - H:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)

PRC - H:\Arquivos de programas\Adobe\Reader 8.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)

PRC - H:\Arquivos de programas\a-squared Free\a2service.exe (Emsi Software GmbH)

PRC - H:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - H:\Arquivos de programas\Windows NT\Acessórios\WORDPAD.EXE (Microsoft Corporation)

PRC - H:\WINDOWS\System32\wbem\wmiprvse.exe (Microsoft Corporation)

PRC - H:\Documents and Settings\usuario\Desktop\OTL.exe (OldTimer Tools)

 

========== Win32 Services (SafeList) ==========

 

SRV - (aspnet_state [On_Demand | Stopped]) -- H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)

SRV - (avast!UpdateAgent.exe [Auto | Stopped]) -- H:\WINDOWS\System32\avast!UpdateAgent.exe ()

SRV - (avg8emc [Auto | Running]) -- H:\Arquivos de programas\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)

SRV - (avg8wd [Auto | Running]) -- H:\Arquivos de programas\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (COMSysApp [On_Demand | Stopped]) -- File not found

SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- H:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)

SRV - (gusvc [On_Demand | Stopped]) -- H:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)

SRV - (helpsvc [Auto | Running]) -- H:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

SRV - (idsvc [unknown | Stopped]) -- H:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)

SRV - (MSIServer [On_Demand | Stopped]) -- File not found

SRV - (Nero BackItUp Scheduler 3 [Auto | Running]) -- H:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)

SRV - (NetTcpPortSharing [Disabled | Stopped]) -- H:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)

SRV - (NMIndexingService [On_Demand | Stopped]) -- H:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe (Nero AG)

SRV - (NWCWorkstation [Auto | Running]) -- H:\WINDOWS\System32\nwwks.dll (Microsoft Corporation)

SRV - (odserv [On_Demand | Stopped]) -- H:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)

SRV - (ose [On_Demand | Stopped]) -- H:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (usnjsvc [On_Demand | Running]) -- H:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)

SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- H:\Arquivos de programas\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

SRV - (a2free [Auto | Running]) -- H:\Arquivos de programas\a-squared Free\a2service.exe (Emsi Software GmbH)

 

========== Driver Services (SafeList) ==========

 

DRV - (AmdK8 [system | Running]) -- H:\WINDOWS\System32\DRIVERS\AmdK8.sys (Advanced Micro Devices)

DRV - (AvgLdx86 [system | Running]) -- H:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgMfx86 [system | Running]) -- H:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgTdiX [system | Running]) -- H:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)

DRV - (CX23880 [Auto | Running]) -- H:\WINDOWS\System32\drivers\cx88vid.sys (Conexant Systems, Inc.)

DRV - (ENTECH [On_Demand | Stopped]) -- H:\WINDOWS\System32\DRIVERS\ENTECH.sys (EnTech Taiwan)

DRV - (hamachi [On_Demand | Running]) -- H:\WINDOWS\System32\DRIVERS\hamachi.sys (LogMeIn, Inc.)

DRV - (HDAudBus [On_Demand | Running]) -- H:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)

DRV - (IntcAzAudAddService [On_Demand | Running]) -- H:\WINDOWS\System32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (is-LSI4Hdrv [system | Running]) -- H:\WINDOWS\System32\DRIVERS\65739633.sys (Kaspersky Lab)

DRV - (MTsensor [On_Demand | Running]) -- H:\WINDOWS\System32\DRIVERS\ASACPI.sys ()

DRV - (nmwcd [On_Demand | Stopped]) -- H:\WINDOWS\System32\drivers\nmwcd.sys (Nokia)

DRV - (nmwcdc [On_Demand | Stopped]) -- H:\WINDOWS\System32\drivers\nmwcdc.sys (Nokia)

DRV - (nmwcdcj [On_Demand | Stopped]) -- H:\WINDOWS\System32\drivers\nmwcdcj.sys (Nokia)

DRV - (nmwcdcm [On_Demand | Stopped]) -- H:\WINDOWS\System32\drivers\nmwcdcm.sys (Nokia)

DRV - (nv [On_Demand | Running]) -- H:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)

DRV - (NVENETFD [On_Demand | Running]) -- H:\WINDOWS\System32\DRIVERS\NVENETFD.sys (NVIDIA Corporation)

DRV - (nvnetbus [On_Demand | Running]) -- H:\WINDOWS\System32\DRIVERS\nvnetbus.sys (NVIDIA Corporation)

DRV - (NwlnkIpx [Auto | Running]) -- H:\WINDOWS\System32\DRIVERS\nwlnkipx.sys (Microsoft Corporation)

DRV - (NwlnkNb [Auto | Running]) -- H:\WINDOWS\System32\DRIVERS\nwlnknb.sys (Microsoft Corporation)

DRV - (NwlnkSpx [Auto | Running]) -- H:\WINDOWS\System32\DRIVERS\nwlnkspx.sys (Microsoft Corporation)

DRV - (NWRDR [On_Demand | Running]) -- H:\WINDOWS\System32\DRIVERS\nwrdr.sys (Microsoft Corporation)

DRV - (pcouffin [On_Demand | Running]) -- H:\WINDOWS\System32\Drivers\pcouffin.sys (VSO Software)

DRV - (PPJoyBus [On_Demand | Running]) -- H:\WINDOWS\System32\drivers\PPJoyBus.sys (Deon van der Westhuysen)

DRV - (PPortJoystick [On_Demand | Running]) -- H:\WINDOWS\System32\drivers\PPortJoy.sys (Deon van der Westhuysen)

DRV - (PSXGamepadEnabler [On_Demand | Running]) -- H:\WINDOWS\System32\drivers\psxpad.sys (Y.Kimura)

DRV - (PsxPortEnumerator [On_Demand | Running]) -- H:\WINDOWS\System32\Drivers\psxenum.sys (Y.Kimura)

DRV - (Ptilink [On_Demand | Running]) -- H:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)

DRV - (PxHelp20 [boot | Running]) -- H:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)

DRV - (Secdrv [Auto | Running]) -- H:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

DRV - (SoC PC-Camera Service [On_Demand | Stopped]) -- H:\WINDOWS\System32\DRIVERS\pfc027.sys ()

DRV - (SONYPVU1 [On_Demand | Stopped]) -- H:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS (Sony Corporation)

DRV - (sptd [boot | Running]) -- H:\WINDOWS\System32\Drivers\sptd.sys ()

DRV - (vmfilter303 [On_Demand | Running]) -- H:\WINDOWS\System32\drivers\vmfilter303.sys (Vimicro Corporation)

DRV - (ZSMC303 [On_Demand | Running]) -- H:\WINDOWS\System32\Drivers\usbVM303.sys (Vimicro Corporation)

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = H:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://br.ask.com?o=14784&l=dis

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/saautosearch.aspx

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Ask.com"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.google.com.br/ig"

FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.4.3.105

FF - prefs.js..extensions.enabledItems: {A89AED22-9133-424c-88E7-C8235C5FF302}:0.9.1

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5

FF - prefs.js..extensions.enabledItems: {87F8774F-B485-47E2-A755-A40A8A5E886C}:1.0.5.4

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}:5.0.12

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13

FF - prefs.js..keyword.URL: "http://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=VD&o=14782&locale=pt_BR&q="

 

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: H:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/01/31 23:08:23 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: H:\Arquivos de programas\AVG\AVG8\Firefox [2009/06/21 20:32:15 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Flock\Extensions\\Plugins: H:\Arquivos de programas\Flock\flock\plugins

FF - HKLM\software\mozilla\Flock\Extensions\\Components: H:\Arquivos de programas\Flock\flock\components

FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.11\extensions\\Components: H:\Arquivos de programas\Mozilla Firefox\components [2009/08/27 21:59:53 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.11\extensions\\Plugins: H:\Arquivos de programas\Mozilla Firefox\plugins [2009/08/27 21:59:52 | 00,000,000 | ---D | M]

 

[2008/09/01 19:27:26 | 00,000,000 | ---D | M] -- H:\Documents and Settings\usuario\Dados de aplicativos\mozilla\Extensions

[2008/09/01 19:27:26 | 00,000,000 | ---D | M] -- H:\Documents and Settings\usuario\Dados de aplicativos\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009/08/24 14:45:16 | 00,000,000 | ---D | M] -- H:\Documents and Settings\usuario\Dados de aplicativos\mozilla\Firefox\Profiles\9ahvs326.default\extensions

[2008/12/19 21:47:40 | 00,000,000 | ---D | M] -- H:\Documents and Settings\usuario\Dados de aplicativos\mozilla\Firefox\Profiles\9ahvs326.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}

[2009/08/17 23:52:11 | 00,000,000 | ---D | M] -- H:\Documents and Settings\usuario\Dados de aplicativos\mozilla\Firefox\Profiles\9ahvs326.default\extensions\toolbar@ask.com

[2009/08/17 23:52:17 | 00,002,233 | ---- | M] () -- H:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\FireFox\Profiles\9ahvs326.default\searchplugins\askcom.xml

[2009/08/27 22:00:02 | 00,000,000 | ---D | M] -- H:\Arquivos de programas\mozilla firefox\extensions

[2009/08/27 21:59:52 | 00,000,000 | ---D | M] -- H:\Arquivos de programas\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2008/01/15 14:11:02 | 00,000,000 | ---D | M] -- H:\Arquivos de programas\mozilla firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}

[2008/04/27 20:11:10 | 00,000,000 | ---D | M] -- H:\Arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

[2009/08/27 21:59:54 | 00,000,000 | ---D | M] -- H:\Arquivos de programas\mozilla firefox\extensions\talkback@mozilla.org

[2009/08/04 17:22:05 | 00,023,032 | ---- | M] (Mozilla Foundation) -- H:\Arquivos de programas\mozilla firefox\components\browserdirprovider.dll

[2009/08/04 17:22:05 | 00,134,648 | ---- | M] (Mozilla Foundation) -- H:\Arquivos de programas\mozilla firefox\components\brwsrcmp.dll

[2007/11/28 17:21:55 | 00,067,696 | ---- | M] (Mozilla Foundation) -- H:\Arquivos de programas\mozilla firefox\components\jar50.dll

[2007/11/28 17:21:55 | 00,054,376 | ---- | M] (Mozilla Foundation) -- H:\Arquivos de programas\mozilla firefox\components\jsd3250.dll

[2007/11/28 17:21:55 | 00,034,952 | ---- | M] (Mozilla Foundation) -- H:\Arquivos de programas\mozilla firefox\components\myspell.dll

[2007/11/28 17:21:55 | 00,046,720 | ---- | M] (Mozilla Foundation) -- H:\Arquivos de programas\mozilla firefox\components\spellchk.dll

[2007/11/28 17:21:55 | 00,172,144 | ---- | M] (Mozilla Foundation) -- H:\Arquivos de programas\mozilla firefox\components\xpinstal.dll

[2007/08/07 13:35:32 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- H:\Arquivos de programas\mozilla firefox\plugins\np32dsw.dll

[2007/11/28 17:21:55 | 00,022,664 | ---- | M] (mozilla.org) -- H:\Arquivos de programas\mozilla firefox\plugins\npnul32.dll

[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- H:\Arquivos de programas\mozilla firefox\plugins\NPOFF12.DLL

[2007/05/10 22:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- H:\Arquivos de programas\mozilla firefox\plugins\nppdf32.dll

[2006/09/15 20:13:03 | 00,001,038 | ---- | M] () -- H:\Arquivos de programas\mozilla firefox\searchplugins\buscape.xml

[2007/01/17 19:05:32 | 00,002,368 | ---- | M] () -- H:\Arquivos de programas\mozilla firefox\searchplugins\google.xml

[2006/08/30 19:19:21 | 00,001,145 | ---- | M] () -- H:\Arquivos de programas\mozilla firefox\searchplugins\mercadolivre.xml

[2006/08/30 19:19:21 | 00,000,831 | ---- | M] () -- H:\Arquivos de programas\mozilla firefox\searchplugins\wikipedia-br.xml

[2006/09/11 11:39:34 | 00,000,660 | ---- | M] () -- H:\Arquivos de programas\mozilla firefox\searchplugins\yahoo-br.xml

 

Hosts file not found

O2 - BHO: (Facilitador de Leitor de Link Adobe PDF) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Arquivos de programas\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Arquivos de programas\Java\jre1.5.0_12\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - H:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Arquivos de programas\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)

O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - H:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - H:\Arquivos de programas\Ask.com\GenericAskToolbar.dll (Ask.com)

O2 - BHO: (TBSB00982 Class) - {DA3D342F-FF20-4E31-9E82-22334155730C} - H:\Arquivos de programas\IEToolbar\Ant.com Toolbar\tbcore3.dll File not found

O2 - BHO: (AntBar) - {e1a96b41-e013-47be-99f5-38a5a0d45e23} - H:\Arquivos de programas\Ant.com\Ant.com IE toolbar\adxloader.dll (Add-in Express Ltd)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - H:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Ant.com Toolbar) - {6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - H:\Arquivos de programas\IEToolbar\Ant.com Toolbar\tbcore3.dll File not found

O3 - HKLM\..\Toolbar: (Ant.com) - {a2ccec8c-e692-41d8-a4fd-4db8f2af59e9} - H:\Arquivos de programas\Ant.com\Ant.com IE toolbar\adxloader.dll (Add-in Express Ltd)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - H:\Arquivos de programas\Ask.com\GenericAskToolbar.dll (Ask.com)

O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - H:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - H:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Ant.com Toolbar) - {6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - H:\Arquivos de programas\IEToolbar\Ant.com Toolbar\tbcore3.dll File not found

O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - H:\Arquivos de programas\Ask.com\GenericAskToolbar.dll (Ask.com)

O4 - HKLM..\Run: [280] H:\WINDOWS\System32\7.tmp.exe File not found

O4 - HKLM..\Run: [bigDog303] H:\WINDOWS\VM303_STI.EXE File not found

O4 - HKLM..\Run: [Regedit32] H:\WINDOWS\System32\regedit.exe File not found

O4 - HKLM..\Run: [servises] H:\WINDOWS\System32\servises.exe ()

O4 - HKLM..\Run: [userFaultCheck] File not found

O4 - HKCU..\Run: [Google Update] H:\Documents and Settings\usuario\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe (Google Inc.)

O4 - HKCU..\Run: [MsnMsgr] H:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)

O4 - HKCU..\Run: [servises] H:\WINDOWS\System32\servises.exe ()

O4 - HKCU..\Run: [swg] H:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - Startup: H:\Documents and Settings\usuario\Menu Iniciar\Programas\Inicializar\is-L252I.lnk = H:\Documents and Settings\usuario\Desktop\Virus Removal Tool1\is-L252I\startup.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O8 - Extra context menu item: E&xportar para o Microsoft Excel - H:\Arquivos de programas\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\Arquivos de programas\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Arquivos de programas\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Arquivos de programas\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - H:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - H:\Arquivos de programas\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab (Java Plug-in 1.5.0_12)

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab (Java Plug-in 1.5.0_12)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab (Java Plug-in 1.5.0_12)

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - H:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - H:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - H:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - H:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - H:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Arquivos de programas\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - H:\Arquivos de programas\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - H:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - H:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - H:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - H:\Arquivos de programas\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)

O18 - Protocol\Filter: - text/xml - H:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - H:\WINDOWS\Explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - H:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O24 - Desktop Components:0 (Minha página inicial atual) - About:Home

O30 - LSA: Authentication Packages - (nwprovau) - H:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2001/10/28 15:06:06 | 00,000,112 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]

O32 - AutoRun File - [2009/08/26 14:59:03 | 00,000,000 | ---- | M] () - H:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{11291156-826a-11dd-b237-001bfcf6322e}\Shell - "" = AutoRun

O33 - MountPoints2\{1129115a-826a-11dd-b237-001bfcf6322e}\Shell\AutoRun\command - "" = E:\AutoTransfer.exe -- File not found

O33 - MountPoints2\{20a1d992-430f-11dd-b1a3-001bfcf6322e}\Shell\Auto\command - "" = C:\fun.xls.exe -- File not found

O33 - MountPoints2\{b56634cb-4fb0-11de-8331-001bfcf6322e}\Shell\Open(&0)\command - "" = L:\windrive.exe -- File not found

O33 - MountPoints2\{b7956206-b081-11dc-b07d-001bfcf6322e}\Shell\Open(&0)\command - "" = L:\windrive.exe -- File not found

O33 - MountPoints2\{d7e00fe6-8ac6-11de-83bc-001bfcf6322e}\Shell\AutoRun\command - "" = L:\setupSNK.exe -- File not found

O33 - MountPoints2\{d8547a7d-6173-11dd-b1df-001bfcf6322e}\Shell\AutoRun\command - "" = H:\WINDOWS\System32\WIAACMGR.EXE -- [2009/08/26 17:59:45 | 00,435,200 | ---- | M] (Microsoft Corporation)

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - H:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

 

========== Files/Folders - Created Within 30 Days ==========

 

[6 H:\WINDOWS\*.tmp files]

[2009/08/27 23:56:42 | 00,000,720 | ---- | C] () -- H:\Documents and Settings\All Users\Desktop\a-squared Free.lnk

[2009/08/27 23:56:34 | 00,000,000 | ---D | C] -- H:\Documents and Settings\usuario\Meus documentos\a-squared Free

[2009/08/27 23:56:34 | 00,000,000 | ---D | C] -- H:\Arquivos de programas\a-squared Free

[2009/08/27 23:56:00 | 00,514,048 | ---- | C] (OldTimer Tools) -- H:\Documents and Settings\usuario\Desktop\OTL.exe

[2009/08/27 22:54:44 | 57,933,832 | ---- | C] (Emsi Software GmbH ) -- H:\a2FreeSetup.exe

[2009/08/27 22:41:10 | 13,542,214 | ---- | C] () -- H:\Crack.zip

[2009/08/27 21:54:05 | 00,070,144 | ---- | C] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\notepad.exe

[2009/08/27 21:54:05 | 00,070,144 | ---- | C] (Microsoft Corporation) -- H:\WINDOWS\NOTEPAD.EXE

[2009/08/27 21:41:22 | 00,509,952 | ---- | C] (Microsoft Corporation) -- H:\WINDOWS\System32\winlogon.exe

[2009/08/27 21:41:22 | 00,001,221 | ---- | C] () -- H:\WINDOWS\System32\usrlogon.cmd

[2009/08/27 21:41:11 | 00,024,576 | ---- | C] (Microsoft Corporation) -- H:\WINDOWS\System32\userinit.exe

[2009/08/27 18:41:42 | 00,000,317 | ---- | C] () -- H:\Boot.bak

[2009/08/27 18:41:29 | 00,261,856 | ---- | C] () -- H:\cmldr

[2009/08/27 18:41:27 | 00,000,000 | RHSD | C] -- H:\cmdcons

[2009/08/27 18:37:34 | 00,000,000 | --SD | C] -- H:\ComboFix

[2009/08/26 14:59:03 | 00,000,000 | RHS- | C] () -- H:\MSDOS.SYS

[2009/08/26 14:59:03 | 00,000,000 | RHS- | C] () -- H:\IO.SYS

[2009/08/26 14:59:03 | 00,000,000 | ---- | C] () -- H:\CONFIG.SYS

[2009/08/26 14:59:03 | 00,000,000 | ---- | C] () -- H:\AUTOEXEC.BAT

[2009/08/26 11:49:08 | 00,001,877 | ---- | C] () -- H:\Documents and Settings\usuario\Menu Iniciar\Programas\Inicializar\is-L252I.lnk

[2009/08/26 11:48:55 | 00,148,496 | ---- | C] (Kaspersky Lab) -- H:\WINDOWS\System32\drivers\64628434.sys

[2009/08/26 11:48:55 | 00,000,000 | ---D | C] -- H:\Documents and Settings\usuario\Desktop\Virus Removal Tool1

[2009/08/26 11:48:44 | 42,405,384 | ---- | C] ( ) -- H:\Documents and Settings\usuario\Desktop\setup_7.0.0.290_26.08.2009_16-31.exe

[2009/08/26 11:41:59 | 00,000,000 | ---D | C] -- H:\XPNEW

[2009/08/26 11:13:11 | 04,053,024 | -HS- | C] () -- H:\WINDOWS\System32\drivers\fidbox.dat

[2009/08/26 11:13:11 | 00,004,460 | -HS- | C] () -- H:\WINDOWS\System32\drivers\fidbox.idx

[2009/08/26 11:13:04 | 00,148,496 | ---- | C] (Kaspersky Lab) -- H:\WINDOWS\System32\drivers\65739633.sys

[2009/08/26 11:13:04 | 00,000,000 | ---D | C] -- H:\Documents and Settings\usuario\Desktop\Virus Removal Tool

[2009/08/26 11:12:34 | 15,794,216 | ---- | C] (Doctor Web, Ltd.) -- H:\Documents and Settings\usuario\Desktop\drweb-cureit.exe

[2009/08/26 11:11:11 | 00,053,248 | ---- | C] () -- H:\WINDOWS\System32\servises.exe

[2009/08/26 10:31:52 | 00,288,654 | ---- | C] () -- H:\SafeBootKeyRepair.exe

[2009/08/26 09:19:25 | 00,000,042 | ---- | C] () -- H:\Arquivos de programas\Arquivos comuns\WindowsUpdate.zip

[2009/08/26 09:18:53 | 00,094,016 | ---- | C] () -- H:\WINDOWS\System32\dllcache\agp440.sys

[2009/08/25 22:56:15 | 00,000,000 | ---D | C] -- H:\Documents and Settings\usuario\Dados de aplicativos\Malwarebytes

[2009/08/25 22:56:14 | 00,000,768 | ---- | C] () -- H:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/08/25 22:56:11 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- H:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/08/25 22:56:10 | 00,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes

[2009/08/25 22:56:09 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- H:\WINDOWS\System32\drivers\mbam.sys

[2009/08/25 22:56:09 | 00,000,000 | ---D | C] -- H:\Arquivos de programas\Malwarebytes' Anti-Malware

[2009/08/25 22:54:38 | 03,942,048 | ---- | C] (Malwarebytes Corporation ) -- H:\Documents and Settings\usuario\Desktop\mbam-setup.exe

[2009/08/25 18:21:41 | 00,036,864 | ---- | C] () -- H:\WINDOWS\System32\avast!UpdateAgent.exe

[2009/08/25 18:21:38 | 00,574,976 | ---- | C] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\ntfs.sys

[2009/08/25 13:38:18 | 24,281,536 | ---- | C] (Microsoft Corporation) -- H:\WINDOWS\System32\MRT.exe

[2009/08/25 13:34:42 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- H:\Documents and Settings\usuario\Desktop\HiJackThis.exe

[2009/08/25 11:45:00 | 00,000,000 | ---D | C] -- H:\vacina

[2009/08/25 11:31:35 | 00,000,000 | ---D | C] -- H:\WINDOWS\ERUNT

[2009/08/25 11:30:36 | 00,000,000 | ---D | C] -- H:\SDFix

[2009/08/25 11:30:19 | 02,757,632 | ---- | C] () -- H:\Documents and Settings\usuario\Desktop\rmvirut.exe

[2009/08/25 11:07:28 | 00,000,000 | ---D | C] -- H:\Qoobox

[2009/08/25 10:34:59 | 00,000,000 | -HSD | C] -- H:\WINDOWS\CSC

[2009/08/25 10:06:35 | 00,182,656 | ---- | C] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\ndis.sys

[2009/08/25 09:58:45 | 00,000,007 | ---- | C] () -- H:\WINDOWS\System32\_id.dat

[2009/08/25 00:57:50 | 00,000,848 | ---- | C] () -- H:\Documents and Settings\usuario\Desktop\Tennis Elbow 2009.lnk

[2009/08/25 00:57:49 | 00,000,000 | ---D | C] -- H:\Arquivos de programas\Tennis Elbow 2009

[2009/08/25 00:41:02 | 20,793,023 | ---- | C] () -- H:\Documents and Settings\usuario\Meus documentos\TennisElbow2009.exe

[2009/08/21 13:21:17 | 00,000,000 | ---D | C] -- H:\Documents and Settings\usuario\Configurações locais\Dados de aplicativos\AskToolbar

[2009/08/20 08:23:01 | 00,079,523 | ---- | C] () -- H:\Documents and Settings\usuario\Meus documentos\impedido.jpg

[2009/08/17 22:14:12 | 00,000,000 | ---D | C] -- H:\Documents and Settings\usuario\Configurações locais\Dados de aplicativos\vdownloader

[2009/08/17 22:11:06 | 00,000,254 | ---- | C] () -- H:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[2009/08/17 22:11:04 | 00,000,000 | ---D | C] -- H:\Arquivos de programas\Ask.com

[2009/08/17 22:10:57 | 00,000,000 | ---D | C] -- H:\Documents and Settings\usuario\Dados de aplicativos\Desktopicon

[2009/08/17 22:10:55 | 00,000,000 | ---D | C] -- H:\Arquivos de programas\VDOWNLOADER

[2009/08/17 22:10:13 | 05,328,711 | ---- | C] (Enrique Puertas ) -- H:\Documents and Settings\usuario\Meus documentos\vdownloader_setup.exe

[2009/08/17 22:05:10 | 05,305,682 | ---- | C] () -- H:\Documents and Settings\usuario\Meus documentos\vdownloader.zip

[2009/08/13 12:18:53 | 00,000,162 | -H-- | C] () -- H:\Documents and Settings\usuario\Meus documentos\~$og-FilDir-09.2n.doc

[2009/08/12 11:07:01 | 00,128,512 | ---- | C] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\dhtmled.ocx

[2009/08/12 11:06:12 | 01,315,328 | ---- | C] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\msoe.dll

[2009/08/11 14:10:54 | 19,155,710 | ---- | C] () -- H:\Documents and Settings\usuario\Meus documentos\reporterbebado09parteespecial.mp3

[2009/08/10 12:02:55 | 00,026,112 | ---- | C] () -- H:\Documents and Settings\usuario\Meus documentos\Prog-FilDir-09.2n.doc

[2009/08/07 16:42:38 | 00,032,474 | ---- | C] () -- H:\Documents and Settings\usuario\Meus documentos\ligadojulio.mpw

[2009/08/05 06:00:39 | 00,205,312 | ---- | C] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\mswebdvd.dll

[2009/08/03 00:16:34 | 00,921,600 | ---- | C] () -- H:\WINDOWS\System32\vorbisenc.dll

[2009/08/03 00:16:34 | 00,237,568 | ---- | C] () -- H:\WINDOWS\System32\OggDS.dll

[2009/08/03 00:16:34 | 00,188,416 | ---- | C] () -- H:\WINDOWS\System32\vorbis.dll

[2009/08/03 00:16:34 | 00,045,056 | ---- | C] () -- H:\WINDOWS\System32\ogg.dll

[2009/08/03 00:16:30 | 00,000,859 | ---- | C] () -- H:\Documents and Settings\usuario\Desktop\Tennis Elbow Manager.lnk

[2009/08/03 00:16:30 | 00,000,000 | ---D | C] -- H:\Arquivos de programas\Tennis Elbow Manager

[2009/07/20 15:46:45 | 00,023,552 | ---- | C] () -- H:\Documents and Settings\usuario\Meus documentos\TC - Breno.doc

[2009/07/17 21:24:47 | 00,000,000 | ---D | C] -- H:\Documents and Settings\usuario\Meus documentos\fotos de ingrid na disney

[2009/07/17 21:05:01 | 00,000,000 | ---D | C] -- H:\Documents and Settings\usuario\Configurações locais\Dados de aplicativos\Temp

[2009/07/08 13:58:18 | 00,036,347 | ---- | C] () -- H:\Documents and Settings\usuario\Meus documentos\prigarcia.jpg

[2009/07/06 12:43:17 | 00,001,013 | ---- | C] () -- H:\Documents and Settings\usuario\Desktop\Launch Virtua Tennis 2009.exe (2).lnk

[2009/07/06 11:32:18 | 00,000,000 | ---D | C] -- H:\Documents and Settings\usuario\Meus documentos\VirtuaTennis2009

[2009/07/06 11:31:52 | 00,000,000 | ---D | C] -- H:\Documents and Settings\usuario\Configurações locais\Dados de aplicativos\VirtuaTennis2009

[2009/07/06 11:21:17 | 04,178,264 | ---- | C] (Microsoft Corporation) -- H:\WINDOWS\System32\D3DX9_41.dll

[2009/07/06 11:21:17 | 01,846,632 | ---- | C] (Microsoft Corporation) -- H:\WINDOWS\System32\D3DCompiler_41.dll

[2009/07/06 11:21:17 | 00,453,456 | ---- | C] (Microsoft Corporation) -- H:\WINDOWS\System32\d3dx10_41.dll

[2009/07/06 11:21:16 | 00,517,448 | ---- | C] (Microsoft Corporation) -- H:\WINDOWS\System32\XAudio2_4.dll

[2009/07/06 11:21:16 | 00,235,352 | ---- | C] (Microsoft Corporation) -- H:\WINDOWS\System32\xactengine3_4.dll

[2009/07/06 11:21:16 | 00,069,448 | ---- | C] (Microsoft Corporation) -- H:\WINDOWS\System32\XAPOFX1_3.dll

[2009/07/06 11:21:15 | 02,036,576 | ---- | C] (Microsoft Corporation) -- H:\WINDOWS\System32\D3DCompiler_40.dll

[2009/07/06 11:21:15 | 00,452,440 | ---- | C] (Microsoft Corporation) -- H:\WINDOWS\System32\d3dx10_40.dll

[2009/07/06 11:21:15 | 00,022,360 | ---- | C] (Microsoft Corporation) -- H:\WINDOWS\System32\X3DAudio1_6.dll

[2009/07/06 11:21:14 | 04,379,984 | ---- | C] (Microsoft Corporation) -- H:\WINDOWS\System32\D3DX9_40.dll

[2009/07/06 11:21:13 | 00,514,384 | ---- | C] (Microsoft Corporation) -- H:\WINDOWS\System32\XAudio2_3.dll

[2009/07/06 11:21:13 | 00,235,856 | ---- | C] (Microsoft Corporation) -- H:\WINDOWS\System32\xactengine3_3.dll

[2009/07/06 11:21:13 | 00,070,992 | ---- | C] (Microsoft Corporation) -- H:\WINDOWS\System32\XAPOFX1_2.dll

[2009/07/06 11:21:13 | 00,023,376 | ---- | C] (Microsoft Corporation) -- H:\WINDOWS\System32\X3DAudio1_5.dll

[2009/07/05 17:13:47 | 00,039,965 | ---- | C] () -- H:\Documents and Settings\usuario\Meus documentos\ISO1.nri

[2009/04/22 00:19:06 | 00,172,173 | ---- | C] () -- H:\WINDOWS\System32\xlive.dll.cat

[2008/12/20 22:19:39 | 00,094,016 | ---- | C] () -- H:\WINDOWS\System32\drivers\agp440.sys

[2008/10/17 10:08:41 | 00,073,728 | R--- | C] ( ) -- H:\WINDOWS\System32\psxpadff.dll

[2008/10/07 09:13:30 | 00,197,912 | ---- | C] () -- H:\WINDOWS\System32\physxcudart_20.dll

[2008/10/07 09:13:22 | 00,058,648 | ---- | C] () -- H:\WINDOWS\System32\AgCPanelTraditionalChinese.dll

[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- H:\WINDOWS\System32\AgCPanelSwedish.dll

[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- H:\WINDOWS\System32\AgCPanelSpanish.dll

[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- H:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll

[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- H:\WINDOWS\System32\AgCPanelPortugese.dll

[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- H:\WINDOWS\System32\AgCPanelKorean.dll

[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- H:\WINDOWS\System32\AgCPanelJapanese.dll

[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- H:\WINDOWS\System32\AgCPanelGerman.dll

[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- H:\WINDOWS\System32\AgCPanelFrench.dll

[2008/03/14 10:08:19 | 00,000,038 | ---- | C] () -- H:\WINDOWS\avisplitter.INI

[2008/02/19 21:54:49 | 00,000,070 | ---- | C] () -- H:\WINDOWS\EPSON C43 Installer.ini

[2008/01/14 22:04:56 | 00,028,672 | ---- | C] () -- H:\WINDOWS\System32\AVEQT.dll

[2008/01/14 21:34:04 | 00,164,352 | ---- | C] () -- H:\WINDOWS\System32\unrar.dll

[2008/01/14 21:34:02 | 03,596,288 | ---- | C] () -- H:\WINDOWS\System32\qt-dx331.dll

[2008/01/14 21:34:02 | 01,559,040 | ---- | C] () -- H:\WINDOWS\System32\xvidcore.dll

[2008/01/14 21:34:02 | 00,282,624 | ---- | C] () -- H:\WINDOWS\System32\xvidvfw.dll

[2008/01/14 21:34:01 | 00,007,680 | ---- | C] () -- H:\WINDOWS\System32\ff_vfw.dll

[2008/01/14 21:34:01 | 00,000,547 | ---- | C] () -- H:\WINDOWS\System32\ff_vfw.dll.manifest

[2007/12/13 16:40:23 | 00,000,069 | ---- | C] () -- H:\WINDOWS\NeroDigital.ini

[2007/12/13 16:14:35 | 00,685,816 | ---- | C] () -- H:\WINDOWS\System32\drivers\sptd.sys

[2007/12/13 13:14:04 | 00,003,972 | ---- | C] () -- H:\WINDOWS\System32\drivers\PciBus.sys

[2007/12/13 13:05:28 | 00,000,421 | ---- | C] () -- H:\WINDOWS\ODBC.INI

[2007/12/13 12:50:55 | 00,176,128 | ---- | C] () -- H:\WINDOWS\System32\GTTunerCard.dll

[2007/12/13 12:50:54 | 00,069,707 | ---- | C] () -- H:\WINDOWS\System32\DISP_OPT1.dll

[2007/12/13 12:50:28 | 00,000,000 | ---- | C] () -- H:\WINDOWS\nsrex.INI

[2007/12/12 23:33:04 | 00,014,678 | ---- | C] () -- H:\WINDOWS\Ascd_log.ini

[2007/12/12 23:31:44 | 00,005,810 | R--- | C] () -- H:\WINDOWS\System32\drivers\ASACPI.sys

[2007/12/12 23:31:43 | 00,014,441 | ---- | C] () -- H:\WINDOWS\Ascd_tmp.ini

[2007/12/12 23:31:32 | 00,010,288 | ---- | C] () -- H:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2007/04/19 19:05:00 | 01,724,416 | ---- | C] () -- H:\WINDOWS\System32\nvwdmcpl.dll

[2007/04/19 19:05:00 | 01,507,328 | ---- | C] () -- H:\WINDOWS\System32\nview.dll

[2007/04/19 19:05:00 | 01,101,824 | ---- | C] () -- H:\WINDOWS\System32\nvwimg.dll

[2007/04/19 19:05:00 | 00,466,944 | ---- | C] () -- H:\WINDOWS\System32\nvshell.dll

[2007/04/19 19:05:00 | 00,286,720 | ---- | C] () -- H:\WINDOWS\System32\nvnt4cpl.dll

[2007/03/29 23:00:40 | 00,203,264 | R--- | C] () -- H:\WINDOWS\System32\CddbCdda.dll

[2006/05/02 19:38:24 | 00,000,748 | ---- | C] () -- H:\WINDOWS\SetBrowser.ini

[2004/03/24 08:22:26 | 00,138,396 | ---- | C] () -- H:\WINDOWS\System32\drivers\PFC027.SYS

[2004/01/08 09:30:22 | 00,011,170 | ---- | C] () -- H:\WINDOWS\System32\PA207USD.DLL

[2003/10/22 23:25:12 | 00,073,728 | ---- | C] () -- H:\WINDOWS\System32\GrixCMA.dll

[1782/01/19 00:14:07 | 00,001,116 | ---- | C] () -- H:\WINDOWS\win.ini

[1782/01/19 00:14:07 | 00,000,246 | ---- | C] () -- H:\WINDOWS\system.ini

 

========== Files - Modified Within 30 Days ==========

 

[4 H:\WINDOWS\System32\*.tmp files]

[6 H:\WINDOWS\*.tmp files]

[2009/08/28 00:31:59 | 00,000,007 | ---- | M] () -- H:\WINDOWS\System32\_id.dat

[2009/08/28 00:31:56 | 04,102,176 | -HS- | M] () -- H:\WINDOWS\System32\drivers\fidbox.dat

[2009/08/28 00:05:00 | 00,001,152 | ---- | M] () -- H:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-73586283-1326574676-839522115-1003UA.job

[2009/08/28 00:01:00 | 00,000,254 | ---- | M] () -- H:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[2009/08/27 23:56:42 | 00,000,720 | ---- | M] () -- H:\Documents and Settings\All Users\Desktop\a-squared Free.lnk

[2009/08/27 23:56:24 | 57,933,832 | ---- | M] (Emsi Software GmbH ) -- H:\a2FreeSetup.exe

[2009/08/27 23:56:00 | 00,514,048 | ---- | M] (OldTimer Tools) -- H:\Documents and Settings\usuario\Desktop\OTL.exe

[2009/08/27 22:41:13 | 13,542,214 | ---- | M] () -- H:\Crack.zip

[2009/08/27 22:07:00 | 00,002,422 | ---- | M] () -- H:\Documents and Settings\usuario\Desktop\Google Chrome.lnk

[2009/08/27 22:05:42 | 00,000,632 | ---- | M] () -- H:\Documents and Settings\usuario\Meus documentos\Minhas Pastas de Compartilhamento.lnk

[2009/08/27 21:59:54 | 00,001,706 | ---- | M] () -- H:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2009/08/27 21:48:36 | 40,211,258 | ---- | M] () -- H:\WINDOWS\System32\drivers\Avg\incavi.avm

[2009/08/27 21:48:36 | 00,073,369 | ---- | M] () -- H:\WINDOWS\System32\drivers\Avg\microavi.avg

[2009/08/27 21:48:23 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\WINDOWS\System32\drivers\avgldx86.sys

[2009/08/27 21:48:23 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\WINDOWS\System32\drivers\avgmfx86.sys

[2009/08/27 21:48:23 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\WINDOWS\System32\avgrsstx.dll

[2009/08/27 21:43:36 | 00,000,260 | ---- | M] () -- H:\WINDOWS\tasks\WGASetup.job

[2009/08/27 21:43:23 | 00,000,006 | -H-- | M] () -- H:\WINDOWS\tasks\SA.DAT

[2009/08/27 21:43:06 | 00,002,048 | --S- | M] () -- H:\WINDOWS\bootstat.dat

[2009/08/27 18:41:42 | 00,000,387 | RHS- | M] () -- H:\boot.ini

[2009/08/27 08:56:51 | 00,004,460 | -HS- | M] () -- H:\WINDOWS\System32\drivers\fidbox.idx

[2009/08/26 18:00:19 | 00,574,976 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\drivers\ntfs.sys

[2009/08/26 18:00:19 | 00,182,656 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\drivers\ndis.sys

[2009/08/26 18:00:19 | 00,037,888 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\zclientm.exe

[2009/08/26 18:00:18 | 00,227,840 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\wmiprvse.exe

[2009/08/26 18:00:18 | 00,216,064 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\wordpad.exe

[2009/08/26 18:00:18 | 00,159,744 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\wscript.exe

[2009/08/26 18:00:18 | 00,066,048 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\wmplayer.exe

[2009/08/26 18:00:18 | 00,033,280 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\wupdmgr.exe

[2009/08/26 18:00:18 | 00,006,656 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\write.exe

[2009/08/26 18:00:17 | 00,120,320 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\winmine.exe

[2009/08/26 18:00:17 | 00,051,200 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\w32tm.exe

[2009/08/26 18:00:17 | 00,016,384 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\wb32.exe

[2009/08/26 18:00:17 | 00,014,848 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\winmgmt.exe

[2009/08/26 18:00:17 | 00,012,288 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\winmsd.exe

[2009/08/26 18:00:17 | 00,008,192 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\winhstb.exe

[2009/08/26 18:00:16 | 00,102,912 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\verifier.exe

[2009/08/26 18:00:16 | 00,034,816 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\vssadmin.exe

[2009/08/26 18:00:16 | 00,017,408 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\unsecapp.exe

[2009/08/26 18:00:15 | 00,185,856 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\unregmp2.exe

[2009/08/26 18:00:15 | 00,037,376 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\typeperf.exe

[2009/08/26 18:00:15 | 00,025,600 | ---- | M] (Twain Working Group) -- H:\WINDOWS\System32\dllcache\twunk_32.exe

[2009/08/26 18:00:15 | 00,017,408 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\tsshutdn.exe

[2009/08/26 18:00:15 | 00,016,384 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\tskill.exe

[2009/08/26 18:00:15 | 00,014,336 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\tsprof.exe

[2009/08/26 18:00:15 | 00,004,096 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\unlodctr.exe

[2009/08/26 18:00:14 | 00,456,192 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\tintsetp.exe

[2009/08/26 18:00:14 | 00,081,920 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\tlntsess.exe

[2009/08/26 18:00:14 | 00,044,544 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\tscupgrd.exe

[2009/08/26 18:00:14 | 00,032,256 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\tracert6.exe

[2009/08/26 18:00:14 | 00,015,872 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\tsdiscon.exe

[2009/08/26 18:00:14 | 00,015,360 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\tscon.exe

[2009/08/26 18:00:13 | 00,077,824 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\telnet.exe

[2009/08/26 18:00:13 | 00,044,544 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\tintlphr.exe

[2009/08/26 18:00:13 | 00,019,456 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\tcpsvcs.exe

[2009/08/26 18:00:13 | 00,017,920 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\tftp.exe

[2009/08/26 18:00:13 | 00,015,360 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\taskman.exe

[2009/08/26 18:00:13 | 00,012,800 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\tcmsetup.exe

[2009/08/26 18:00:13 | 00,004,096 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\systray.exe

[2009/08/26 18:00:12 | 00,057,344 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\sol.exe

[2009/08/26 18:00:12 | 00,051,200 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\syncapp.exe

[2009/08/26 18:00:12 | 00,048,128 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\srdiag.exe

[2009/08/26 18:00:12 | 00,037,888 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\syskey.exe

[2009/08/26 18:00:12 | 00,009,216 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\subst.exe

[2009/08/26 18:00:11 | 01,595,392 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\setup_wm.exe

[2009/08/26 18:00:11 | 00,139,776 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\sndvol32.exe

[2009/08/26 18:00:11 | 00,043,520 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\shvlzm.exe

[2009/08/26 18:00:11 | 00,015,872 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\shadow.exe

[2009/08/26 18:00:11 | 00,009,728 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\sfc.exe

[2009/08/26 18:00:10 | 00,111,616 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\services.exe

[2009/08/26 18:00:10 | 00,042,496 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\rvsezm.exe

[2009/08/26 18:00:10 | 00,036,864 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\sapisvr.exe

[2009/08/26 18:00:10 | 00,035,328 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\sc.exe

[2009/08/26 18:00:10 | 00,016,896 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\runas.exe

[2009/08/26 18:00:10 | 00,016,384 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\rwinsta.exe

[2009/08/26 18:00:09 | 00,132,608 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\rsvp.exe

[2009/08/26 18:00:09 | 00,062,976 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\rsopprov.exe

[2009/08/26 18:00:09 | 00,051,200 | ---- | M] (Microsoft Corp) -- H:\WINDOWS\System32\dllcache\rsm.exe

[2009/08/26 18:00:09 | 00,050,176 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\rsmui.exe

[2009/08/26 18:00:09 | 00,025,088 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\rsmsink.exe

[2009/08/26 18:00:08 | 00,034,304 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\relog.exe

[2009/08/26 18:00:08 | 00,026,112 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\routemon.exe

[2009/08/26 18:00:08 | 00,021,504 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\route.exe

[2009/08/26 18:00:08 | 00,015,360 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\register.exe

[2009/08/26 18:00:08 | 00,013,824 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\replace.exe

[2009/08/26 18:00:08 | 00,009,728 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\reset.exe

[2009/08/26 18:00:08 | 00,004,608 | ---- | M] (Microsoft) -- H:\WINDOWS\System32\dllcache\regwiz.exe

[2009/08/26 18:00:07 | 00,034,816 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\regini.exe

[2009/08/26 18:00:07 | 00,023,040 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\qwinsta.exe

[2009/08/26 18:00:07 | 00,017,920 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\quser.exe

[2009/08/26 18:00:07 | 00,012,288 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\rasdial.exe

[2009/08/26 18:00:07 | 00,012,288 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\rasautou.exe

[2009/08/26 18:00:07 | 00,007,168 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\recover.exe

[2009/08/26 18:00:07 | 00,004,096 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\regedt32.exe

[2009/08/26 18:00:06 | 00,598,016 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe

[2009/08/26 18:00:06 | 00,070,144 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\pintlphr.exe

[2009/08/26 18:00:06 | 00,017,408 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\qappsrv.exe

[2009/08/26 18:00:06 | 00,010,240 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\query.exe

[2009/08/26 18:00:06 | 00,009,216 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\print.exe

[2009/08/26 18:00:05 | 00,129,024 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\nwscript.exe

[2009/08/26 18:00:05 | 00,041,472 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\osuninst.exe

[2009/08/26 18:00:05 | 00,033,792 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\ping6.exe

[2009/08/26 18:00:05 | 00,022,528 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\pathping.exe

[2009/08/26 18:00:05 | 00,015,872 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\pentnt.exe

[2009/08/26 18:00:04 | 00,574,976 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\ntfs.sys

[2009/08/26 18:00:04 | 00,182,656 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\ndis.sys

[2009/08/26 18:00:04 | 00,035,840 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\notiflag.exe

[2009/08/26 18:00:04 | 00,032,256 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\ntsd.exe

[2009/08/26 18:00:04 | 00,022,016 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\nbtstat.exe

[2009/08/26 18:00:03 | 00,410,112 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\mstsc.exe

[2009/08/26 18:00:03 | 00,128,512 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\mshearts.exe

[2009/08/26 18:00:03 | 00,040,960 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\msinfo32.exe

[2009/08/26 18:00:03 | 00,022,528 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\msg.exe

[2009/08/26 18:00:03 | 00,022,016 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\mpnotify.exe

[2009/08/26 18:00:03 | 00,013,824 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\mrinfo.exe

[2009/08/26 18:00:03 | 00,007,168 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\msswchx.exe

[2009/08/26 18:00:02 | 00,786,432 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\migrate.exe

[2009/08/26 18:00:02 | 00,241,664 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\migwiz_a.exe

[2009/08/26 18:00:02 | 00,124,928 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\mplay32.exe

[2009/08/26 18:00:02 | 00,008,704 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\mountvol.exe

[2009/08/26 18:00:02 | 00,005,632 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\mplayer2.exe

[2009/08/26 18:00:01 | 00,100,864 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\logagent.exe

[2009/08/26 18:00:01 | 00,035,328 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\migisol.exe

[2009/08/26 18:00:01 | 00,026,624 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\lnkstub.exe

[2009/08/26 18:00:01 | 00,016,384 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\logoff.exe

[2009/08/26 18:00:01 | 00,009,216 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\lpr.exe

[2009/08/26 18:00:01 | 00,006,656 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\lpq.exe

[2009/08/26 18:00:01 | 00,005,120 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\lodctr.exe

[2009/08/26 18:00:00 | 00,030,720 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\lights.exe

[2009/08/26 18:00:00 | 00,020,480 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\isignup.exe

[2009/08/26 18:00:00 | 00,010,240 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\label.exe

[2009/08/26 17:59:59 | 00,266,240 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\imjputy.exe

[2009/08/26 17:59:59 | 00,067,072 | ---- | M] () -- H:\WINDOWS\System32\dllcache\imscinst.exe

[2009/08/26 17:59:59 | 00,059,904 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\imkrinst.exe

[2009/08/26 17:59:59 | 00,046,080 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\ipsec6.exe

[2009/08/26 17:59:59 | 00,008,192 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\inetmgr.exe

[2009/08/26 17:59:58 | 00,237,568 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\imjprw.exe

[2009/08/26 17:59:58 | 00,212,992 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\imjpmig.exe

[2009/08/26 17:59:58 | 00,208,896 | ---- | M] () -- H:\WINDOWS\System32\dllcache\imjpinst.exe

[2009/08/26 17:59:58 | 00,159,744 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\imjpdsvr.exe

[2009/08/26 17:59:58 | 00,045,056 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\imjpuex.exe

[2009/08/26 17:59:57 | 00,311,296 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\imepadsv.exe

[2009/08/26 17:59:57 | 00,307,200 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\imjpdct.exe

[2009/08/26 17:59:57 | 00,061,440 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\imjpdadm.exe

[2009/08/26 17:59:57 | 00,045,056 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\imekrmig.exe

[2009/08/26 17:59:56 | 00,099,840 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\helphost.exe

[2009/08/26 17:59:56 | 00,077,824 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\icwtutor.exe

[2009/08/26 17:59:56 | 00,043,008 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\hrtzzm.exe

[2009/08/26 17:59:56 | 00,015,360 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\iisreset.exe

[2009/08/26 17:59:56 | 00,008,704 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\hostname.exe

[2009/08/26 17:59:56 | 00,007,168 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\iissync.exe

[2009/08/26 17:59:55 | 00,060,416 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\fsutil.exe

[2009/08/26 17:59:55 | 00,058,368 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\gpupdate.exe

[2009/08/26 17:59:55 | 00,055,808 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\freecell.exe

[2009/08/26 17:59:55 | 00,015,872 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\flattemp.exe

[2009/08/26 17:59:55 | 00,011,776 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\fxssend.exe

[2009/08/26 17:59:54 | 00,023,552 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\EXCH_regtrace.exe

[2009/08/26 17:59:54 | 00,017,408 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\expand.exe

[2009/08/26 17:59:54 | 00,015,360 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\fc.exe

[2009/08/26 17:59:54 | 00,009,728 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\finger.exe

[2009/08/26 17:59:54 | 00,009,728 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\eventvwr.exe

[2009/08/26 17:59:54 | 00,009,216 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\find.exe

[2009/08/26 17:59:54 | 00,003,072 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\fixmapi.exe

[2009/08/26 17:59:53 | 00,139,264 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\cscript.exe

[2009/08/26 17:59:53 | 00,048,128 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\drwtsn32.exe

[2009/08/26 17:59:53 | 00,039,424 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\esentutl.exe

[2009/08/26 17:59:53 | 00,019,456 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\diskperf.exe

[2009/08/26 17:59:53 | 00,011,776 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\doskey.exe

[2009/08/26 17:59:53 | 00,005,120 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\dllhst3g.exe

[2009/08/26 17:59:52 | 00,057,344 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\cplexe.exe

[2009/08/26 17:59:52 | 00,057,344 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\convlog.exe

[2009/08/26 17:59:52 | 00,019,456 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\cprofile.exe

[2009/08/26 17:59:52 | 00,018,432 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\compact.exe

[2009/08/26 17:59:52 | 00,014,848 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\convert.exe

[2009/08/26 17:59:52 | 00,008,704 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\control.exe

[2009/08/26 17:59:51 | 00,480,256 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\cintsetp.exe

[2009/08/26 17:59:51 | 00,042,496 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\chkrzm.exe

[2009/08/26 17:59:51 | 00,015,872 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\comp.exe

[2009/08/26 17:59:51 | 00,011,264 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\chkntfs.exe

[2009/08/26 17:59:51 | 00,008,704 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\ckcnv.exe

[2009/08/26 17:59:51 | 00,008,704 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\cidaemon.exe

[2009/08/26 17:59:50 | 00,115,712 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\calc.exe

[2009/08/26 17:59:50 | 00,080,896 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\charmap.exe

[2009/08/26 17:59:50 | 00,016,384 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\chgport.exe

[2009/08/26 17:59:50 | 00,014,848 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\chgusr.exe

[2009/08/26 17:59:50 | 00,014,336 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\chglogon.exe

[2009/08/26 17:59:50 | 00,012,288 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\chkdsk.exe

[2009/08/26 17:59:50 | 00,012,288 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\cb32.exe

[2009/08/26 17:59:50 | 00,010,752 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\change.exe

[2009/08/26 17:59:49 | 00,043,008 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\bckgzm.exe

[2009/08/26 17:59:49 | 00,035,328 | ---- | M] (Microsoft Corp.) -- H:\WINDOWS\System32\dllcache\asr_ldm.exe

[2009/08/26 17:59:49 | 00,019,968 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\arp.exe

[2009/08/26 17:59:49 | 00,005,632 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\bootok.exe

[2009/08/26 17:59:49 | 00,005,120 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\bootvrfy.exe

[2009/08/26 17:59:47 | 00,168,448 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\wuauclt1.exe

[2009/08/26 17:59:47 | 00,142,848 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\WudfHost.exe

[2009/08/26 17:59:47 | 00,032,768 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\wupdmgr.exe

[2009/08/26 17:59:47 | 00,030,720 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\xcopy.exe

[2009/08/26 17:59:47 | 00,013,824 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\wscntfy.exe

[2009/08/26 17:59:47 | 00,006,144 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\write.exe

[2009/08/26 17:59:46 | 00,293,888 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\WISPTIS.EXE

[2009/08/26 17:59:46 | 00,032,768 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\wpabaln.exe

[2009/08/26 17:59:46 | 00,018,432 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\wpdshextautoplay.exe

[2009/08/26 17:59:46 | 00,012,800 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\winmsd.exe

[2009/08/26 17:59:46 | 00,006,656 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\winver.exe

[2009/08/26 17:59:45 | 00,435,200 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\wiaacmgr.exe

[2009/08/26 17:59:45 | 00,119,808 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\winmine.exe

[2009/08/26 17:59:45 | 00,102,912 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\verifier.exe

[2009/08/26 17:59:45 | 00,066,560 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\wextract.exe

[2009/08/26 17:59:45 | 00,051,712 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\w32tm.exe

[2009/08/26 17:59:45 | 00,035,328 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\vssadmin.exe

[2009/08/26 17:59:45 | 00,009,216 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\wdfmgr.exe

[2009/08/26 17:59:44 | 00,069,632 | ---- | M] ( U.S. Robotics Corporation) -- H:\WINDOWS\System32\usrshuta.exe

[2009/08/26 17:59:44 | 00,050,688 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\utilman.exe

[2009/08/26 17:59:44 | 00,029,696 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\verclsid.exe

[2009/08/26 17:59:44 | 00,008,704 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\uwdf.exe

[2009/08/26 17:59:43 | 00,081,920 | ---- | M] (U.S. Robotics Corporation) -- H:\WINDOWS\System32\usrmlnka.exe

[2009/08/26 17:59:43 | 00,065,536 | ---- | M] (U.S. Robotics Corporation) -- H:\WINDOWS\System32\usrprbda.exe

[2009/08/26 17:59:43 | 00,060,928 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\tzchange.exe

[2009/08/26 17:59:43 | 00,037,376 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\typeperf.exe

[2009/08/26 17:59:43 | 00,017,408 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\upnpcont.exe

[2009/08/26 17:59:43 | 00,005,120 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\unlodctr.exe

[2009/08/26 17:59:42 | 00,070,144 | ---- | M] (Twain Working Group) -- H:\WINDOWS\System32\TWUNK_32.EXE

[2009/08/26 17:59:42 | 00,017,920 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\tsshutdn.exe

[2009/08/26 17:59:42 | 00,016,384 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\tskill.exe

[2009/08/26 17:59:42 | 00,015,872 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\tsdiscon.exe

[2009/08/26 17:59:41 | 00,260,096 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\tracerpt.exe

[2009/08/26 17:59:41 | 00,045,056 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\tscupgrd.exe

[2009/08/26 17:59:41 | 00,032,768 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\tracert6.exe

[2009/08/26 17:59:41 | 00,015,872 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\tscon.exe

[2009/08/26 17:59:41 | 00,012,800 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\tracert.exe

[2009/08/26 17:59:40 | 00,347,136 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\tourstart.exe

[2009/08/26 17:59:40 | 00,081,408 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\tlntsess.exe

[2009/08/26 17:59:40 | 00,078,336 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\telnet.exe

[2009/08/26 17:59:40 | 00,063,488 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\tlntadmn.exe

[2009/08/26 17:59:40 | 00,019,968 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\tcpsvcs.exe

[2009/08/26 17:59:40 | 00,017,920 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\tftp.exe

[2009/08/26 17:59:39 | 00,142,336 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\taskmgr.exe

[2009/08/26 17:59:39 | 00,078,848 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\tasklist.exe

[2009/08/26 17:59:39 | 00,078,336 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\taskkill.exe

[2009/08/26 17:59:39 | 00,015,872 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\taskman.exe

[2009/08/26 17:59:39 | 00,013,312 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\tcmsetup.exe

[2009/08/26 17:59:38 | 00,107,008 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\sysocmgr.exe

[2009/08/26 17:59:38 | 00,074,240 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\systeminfo.exe

[2009/08/26 17:59:38 | 00,051,712 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\syncapp.exe

[2009/08/26 17:59:38 | 00,037,376 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\syskey.exe

[2009/08/26 17:59:38 | 00,015,872 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\stimon.exe

[2009/08/26 17:59:38 | 00,009,216 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\subst.exe

[2009/08/26 17:59:38 | 00,004,096 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\systray.exe

[2009/08/26 17:59:37 | 00,688,128 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\sstext3d.scr

[2009/08/26 17:59:37 | 00,610,304 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\sspipes.scr

[2009/08/26 17:59:37 | 00,018,944 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\ssmyst.scr

[2009/08/26 17:59:37 | 00,014,336 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\ssstars.scr

[2009/08/26 17:59:36 | 00,708,608 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\ss3dfo.scr

[2009/08/26 17:59:36 | 00,393,216 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\ssflwbox.scr

[2009/08/26 17:59:36 | 00,047,616 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\ssmypics.scr

[2009/08/26 17:59:36 | 00,021,504 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\ssmarque.scr

[2009/08/26 17:59:36 | 00,021,504 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\spupdwxp.exe

[2009/08/26 17:59:36 | 00,020,480 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\ssbezier.scr

[2009/08/26 17:59:35 | 00,539,136 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\spider.exe

[2009/08/26 17:59:35 | 00,026,112 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\sort.exe

[2009/08/26 17:59:35 | 00,013,312 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\spiisupd.exe

[2009/08/26 17:59:35 | 00,011,264 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\spnpinst.exe

[2009/08/26 17:59:35 | 00,008,704 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\spdwnwxp.exe

[2009/08/26 17:59:34 | 00,139,776 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\sndvol32.exe

[2009/08/26 17:59:34 | 00,133,120 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\sndrec32.exe

[2009/08/26 17:59:34 | 00,077,824 | ---- | M] (Smart Link) -- H:\WINDOWS\System32\slserv.exe

[2009/08/26 17:59:34 | 00,057,856 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\sol.exe

[2009/08/26 17:59:34 | 00,008,192 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\smbinst.exe

[2009/08/26 17:59:33 | 00,078,848 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\shrpubw.exe

[2009/08/26 17:59:33 | 00,071,168 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\sigverif.exe

[2009/08/26 17:59:33 | 00,036,864 | ---- | M] (Smart Link) -- H:\WINDOWS\System32\slrundll.exe

[2009/08/26 17:59:33 | 00,026,624 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\skeys.exe

[2009/08/26 17:59:33 | 00,020,992 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\shutdown.exe

[2009/08/26 17:59:33 | 00,015,872 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\shadow.exe

[2009/08/26 17:59:32 | 00,045,056 | ---- | M] () -- H:\WINDOWS\System32\setupfilter.exe

[2009/08/26 17:59:32 | 00,036,864 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\setupn.exe

[2009/08/26 17:59:32 | 00,032,768 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\sethc.exe

[2009/08/26 17:59:32 | 00,023,552 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\setup.exe

[2009/08/26 17:59:32 | 00,009,728 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\sfc.exe

[2009/08/26 17:59:31 | 00,126,976 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\schtasks.exe

[2009/08/26 17:59:31 | 00,078,336 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\sdbinst.exe

[2009/08/26 17:59:31 | 00,035,328 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\sc.exe

[2009/08/26 17:59:31 | 00,019,456 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\secedit.exe

[2009/08/26 17:59:31 | 00,014,336 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\savedump.exe

[2009/08/26 17:59:31 | 00,009,216 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\scrnsave.scr

[2009/08/26 17:59:30 | 00,078,336 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\rtcshare.exe

[2009/08/26 17:59:30 | 00,063,488 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\rsopprov.exe

[2009/08/26 17:59:30 | 00,017,408 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\runas.exe

[2009/08/26 17:59:30 | 00,016,384 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\rwinsta.exe

[2009/08/26 17:59:30 | 00,014,848 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\runonce.exe

[2009/08/26 17:59:29 | 00,107,520 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\rsnotify.exe

[2009/08/26 17:59:29 | 00,051,200 | ---- | M] (Microsoft Corp) -- H:\WINDOWS\System32\rsm.exe

[2009/08/26 17:59:29 | 00,049,664 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\rsmui.exe

[2009/08/26 17:59:29 | 00,025,600 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\routemon.exe

[2009/08/26 17:59:29 | 00,025,088 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\rsmsink.exe

[2009/08/26 17:59:29 | 00,020,992 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\route.exe

[2009/08/26 17:59:29 | 00,016,384 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\rsh.exe

[2009/08/26 17:59:28 | 00,014,848 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\rexec.exe

[2009/08/26 17:59:28 | 00,013,312 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\replace.exe

[2009/08/26 17:59:28 | 00,009,728 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\reset.exe

[2009/08/26 17:59:27 | 00,051,200 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\reg.exe

[2009/08/26 17:59:27 | 00,034,304 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\relog.exe

[2009/08/26 17:59:27 | 00,033,792 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\regini.exe

[2009/08/26 17:59:27 | 00,007,168 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\recover.exe

[2009/08/26 17:59:27 | 00,005,120 | ---- | M] (Microsoft) -- H:\WINDOWS\System32\regwiz.exe

[2009/08/26 17:59:27 | 00,003,584 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\regedt32.exe

[2009/08/26 17:59:26 | 00,067,072 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\rdshost.exe

[2009/08/26 17:59:26 | 00,062,976 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\rdpclip.exe

[2009/08/26 17:59:26 | 00,035,840 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\rcimlby.exe

[2009/08/26 17:59:26 | 00,023,552 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\rcp.exe

[2009/08/26 17:59:26 | 00,014,336 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\rdsaddin.exe

[2009/08/26 17:59:26 | 00,012,288 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\rasdial.exe

[2009/08/26 17:59:26 | 00,011,776 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\rasautou.exe

[2009/08/26 17:59:25 | 00,050,688 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\proquota.exe

[2009/08/26 17:59:25 | 00,049,152 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\powercfg.exe

[2009/08/26 17:59:25 | 00,033,792 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\ping6.exe

[2009/08/26 17:59:25 | 00,022,528 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\qwinsta.exe

[2009/08/26 17:59:25 | 00,020,992 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\qprocess.exe

[2009/08/26 17:59:25 | 00,017,408 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\qappsrv.exe

[2009/08/26 17:59:25 | 00,010,240 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\proxycfg.exe

[2009/08/26 17:59:25 | 00,009,216 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\print.exe

[2009/08/26 17:59:24 | 00,058,880 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\packager.exe

[2009/08/26 17:59:24 | 00,022,528 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\pathping.exe

[2009/08/26 17:59:24 | 00,020,480 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\ping.exe

[2009/08/26 17:59:24 | 00,015,360 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\pentnt.exe

[2009/08/26 17:59:23 | 00,216,576 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\osk.exe

[2009/08/26 17:59:23 | 00,070,144 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\openfiles.exe

[2009/08/26 17:59:23 | 00,069,632 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\odbcconf.exe

[2009/08/26 17:59:23 | 00,041,472 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\osuninst.exe

[2009/08/26 17:59:23 | 00,032,768 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\odbcad32.exe

[2009/08/26 17:59:22 | 00,422,400 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\ntvdm.exe

[2009/08/26 17:59:22 | 00,360,448 | R--- | M] (NVIDIA Corporation) -- H:\WINDOWS\System32\nvusmb.exe

[2009/08/26 17:59:22 | 00,360,448 | ---- | M] (NVIDIA Corporation) -- H:\WINDOWS\System32\nvunrm.exe

[2009/08/26 17:59:22 | 00,143,360 | ---- | M] (NVIDIA Corporation) -- H:\WINDOWS\System32\nvcolor.exe

[2009/08/26 17:59:22 | 00,130,048 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\nwscript.exe

[2009/08/26 17:59:21 | 00,336,384 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\netsetup.exe

[2009/08/26 17:59:21 | 00,125,440 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\net1.exe

[2009/08/26 17:59:21 | 00,087,040 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\netsh.exe

[2009/08/26 17:59:21 | 00,079,360 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\nslookup.exe

[2009/08/26 17:59:21 | 00,037,888 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\netstat.exe

[2009/08/26 17:59:20 | 00,678,400 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\mstsc.exe

[2009/08/26 17:59:20 | 00,176,640 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\napstat.exe

[2009/08/26 17:59:20 | 00,054,784 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\narrator.exe

[2009/08/26 17:59:20 | 00,042,496 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\net.exe

[2009/08/26 17:59:20 | 00,022,016 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\nbtstat.exe

[2009/08/26 17:59:20 | 00,004,608 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\nddeapir.exe

[2009/08/26 17:59:19 | 00,128,000 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\mshearts.exe

[2009/08/26 17:59:19 | 00,117,760 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\mqtgsvc.exe

[2009/08/26 17:59:19 | 00,022,528 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\msg.exe

[2009/08/26 17:59:19 | 00,014,336 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\mrinfo.exe

[2009/08/26 17:59:19 | 00,012,800 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\mstinit.exe

[2009/08/26 17:59:19 | 00,007,680 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\msswchx.exe

[2009/08/26 17:59:18 | 00,124,928 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\mplay32.exe

[2009/08/26 17:59:18 | 00,022,016 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\mpnotify.exe

[2009/08/26 17:59:18 | 00,020,480 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\mqbkup.exe

[2009/08/26 17:59:18 | 00,009,216 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\mountvol.exe

[2009/08/26 17:59:18 | 00,004,608 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\mqsvc.exe

[2009/08/26 17:59:17 | 00,144,384 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\mobsync.exe

[2009/08/26 17:59:17 | 00,072,704 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\magnify.exe

[2009/08/26 17:59:17 | 00,057,344 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\makecab.exe

[2009/08/26 17:59:17 | 00,052,736 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\migpwd.exe

[2009/08/26 17:59:17 | 00,035,328 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\mmcperf.exe

[2009/08/26 17:59:17 | 00,009,216 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\lpr.exe

[2009/08/26 17:59:16 | 00,515,072 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\logonui.exe

[2009/08/26 17:59:16 | 00,101,376 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\logagent.exe

[2009/08/26 17:59:16 | 00,060,928 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\logman.exe

[2009/08/26 17:59:16 | 00,027,136 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\lnkstub.exe

[2009/08/26 17:59:16 | 00,016,384 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\logoff.exe

[2009/08/26 17:59:16 | 00,006,144 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\lpq.exe

[2009/08/26 17:59:16 | 00,005,120 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\lodctr.exe

[2009/08/26 17:59:15 | 00,736,768 | ---- | M] () -- H:\WINDOWS\System32\jumperr.exe

[2009/08/26 17:59:15 | 00,030,208 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\lights.exe

[2009/08/26 17:59:15 | 00,009,728 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\label.exe

[2009/08/26 17:59:14 | 00,131,072 | ---- | M] (Sun Microsystems, Inc.) -- H:\WINDOWS\System32\javaws.exe

[2009/08/26 17:59:14 | 00,057,344 | ---- | M] (Sun Microsystems, Inc.) -- H:\WINDOWS\System32\javaw.exe

[2009/08/26 17:59:14 | 00,054,272 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\ipv6.exe

[2009/08/26 17:59:14 | 00,024,064 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\ipxroute.exe

[2009/08/26 17:59:13 | 00,115,200 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\iexpress.exe

[2009/08/26 17:59:13 | 00,062,464 | ---- | M] (Windows ® Server 2003 DDK provider) -- H:\WINDOWS\System32\HdAShCut.exe

[2009/08/26 17:59:13 | 00,056,832 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\ipconfig.exe

[2009/08/26 17:59:13 | 00,046,080 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\ipsec6.exe

[2009/08/26 17:59:13 | 00,016,384 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\help.exe

[2009/08/26 17:59:13 | 00,009,216 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\hostname.exe

[2009/08/26 17:59:12 | 00,049,152 | ---- | M] (Grisoft - Sistemas Digitais de Segurança Ltda) -- H:\WINDOWS\System32\GrixTAPI.exe

[2009/08/26 17:59:12 | 00,040,960 | ---- | M] (Grisoft - Sistemas Digitais de Segurança Ltda) -- H:\WINDOWS\System32\GrixRPG.exe

[2009/08/26 17:59:12 | 00,039,424 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\grpconv.exe

[2009/08/26 17:59:11 | 00,139,264 | ---- | M] (Grisoft - Sistemas Digitais de Segurança Ltda) -- H:\WINDOWS\System32\GrixControlPTZ.exe

[2009/08/26 17:59:11 | 00,077,824 | ---- | M] (Grisoft - Sistemas Digitais de Segurança Ltda) -- H:\WINDOWS\System32\GrixFire.exe

[2009/08/26 17:59:11 | 00,065,536 | ---- | M] (Grisoft - Sistemas Digitais de Segurança Ltda) -- H:\WINDOWS\System32\GrixEventos.exe

[2009/08/26 17:59:11 | 00,058,368 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\gpupdate.exe

[2009/08/26 17:59:11 | 00,032,768 | ---- | M] (Grisoft - Sistemas Digitais de Segurança Ltda) -- H:\WINDOWS\System32\GrixMAPI.exe

[2009/08/26 17:59:10 | 00,193,024 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\fsquirt.exe

[2009/08/26 17:59:10 | 00,123,392 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\gpresult.exe

[2009/08/26 17:59:10 | 00,061,440 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\getmac.exe

[2009/08/26 17:59:10 | 00,060,928 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\fsutil.exe

[2009/08/26 17:59:10 | 00,045,568 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\ftp.exe

[2009/08/26 17:59:09 | 00,056,832 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\freecell.exe

[2009/08/26 17:59:09 | 00,028,672 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\findstr.exe

[2009/08/26 17:59:09 | 00,023,040 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\fltmc.exe

[2009/08/26 17:59:09 | 00,010,240 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\finger.exe

[2009/08/26 17:59:09 | 00,008,704 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\forcedos.exe

[2009/08/26 17:59:09 | 00,003,584 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\fixmapi.exe

[2009/08/26 17:59:08 | 00,024,064 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\extrac32.exe

[2009/08/26 17:59:08 | 00,021,504 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\faxpatch.exe

[2009/08/26 17:59:08 | 00,016,896 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\expand.exe

[2009/08/26 17:59:08 | 00,015,360 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\fc.exe

[2009/08/26 17:59:08 | 00,009,728 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\eventvwr.exe

[2009/08/26 17:59:08 | 00,009,216 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\find.exe

[2009/08/26 17:59:07 | 00,194,560 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\eudcedit.exe

[2009/08/26 17:59:07 | 00,084,992 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\eventtriggers.exe

[2009/08/26 17:59:07 | 00,053,248 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\eventcreate.exe

[2009/08/26 17:59:07 | 00,039,424 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\esentutl.exe

[2009/08/26 17:59:06 | 01,298,432 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dxdiag.exe

[2009/08/26 17:59:06 | 00,184,320 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dwwin.exe

[2009/08/26 17:59:06 | 00,069,632 | ---- | M] (EPSON America Inc.) -- H:\WINDOWS\System32\EAL.EXE

[2009/08/26 17:59:06 | 00,058,368 | ---- | M] () -- H:\WINDOWS\System32\dvdplay.exe

[2009/08/26 17:59:06 | 00,017,920 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dvdupgrd.exe

[2009/08/26 17:59:06 | 00,011,264 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dumprep.exe

[2009/08/26 17:59:05 | 00,249,856 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\drmupgds.exe

[2009/08/26 17:59:05 | 00,083,968 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dpvsetup.exe

[2009/08/26 17:59:05 | 00,064,512 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\driverquery.exe

[2009/08/26 17:59:05 | 00,029,696 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dplaysvr.exe

[2009/08/26 17:59:05 | 00,017,920 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dpnsvr.exe

[2009/08/26 17:59:05 | 00,010,752 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\doskey.exe

[2009/08/26 17:59:04 | 00,165,376 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\diskpart.exe

[2009/08/26 17:59:04 | 00,087,040 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\diantz.exe

[2009/08/26 17:59:04 | 00,065,536 | ---- | M] (Apple Computer, Inc.) -- H:\WINDOWS\System32\dns-sd.exe

[2009/08/26 17:59:04 | 00,019,456 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\diskperf.exe

[2009/08/26 17:59:04 | 00,016,384 | ---- | M] (Microsoft Corp.) -- H:\WINDOWS\System32\dmremote.exe

[2009/08/26 17:59:04 | 00,004,608 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllhst3g.exe

[2009/08/26 17:59:03 | 00,105,472 | ---- | M] (Microsoft Corp. and Executive Software International, Inc.) -- H:\WINDOWS\System32\dfrgntfs.exe

[2009/08/26 17:59:03 | 00,082,944 | ---- | M] (Microsoft Corp. and Executive Software International, Inc.) -- H:\WINDOWS\System32\dfrgfat.exe

[2009/08/26 17:59:03 | 00,032,256 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\ddeshare.exe

[2009/08/26 17:59:03 | 00,025,600 | ---- | M] (Microsoft Corp. and Executive Software International, Inc.) -- H:\WINDOWS\System32\defrag.exe

[2009/08/26 17:59:03 | 00,006,144 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dcomcnfg.exe

[2009/08/26 17:59:02 | 00,135,168 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\cscript.exe

[2009/08/26 17:59:02 | 00,027,648 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\conime.exe

[2009/08/26 17:59:02 | 00,017,920 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\compact.exe

[2009/08/26 17:59:02 | 00,014,848 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\convert.exe

[2009/08/26 17:59:02 | 00,010,240 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\comsdupd.exe

[2009/08/26 17:59:02 | 00,008,192 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\control.exe

[2009/08/26 17:59:01 | 00,401,408 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\cmd.exe

[2009/08/26 17:59:01 | 00,065,024 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\cmstp.exe

[2009/08/26 17:59:01 | 00,040,448 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\cmmon32.exe

[2009/08/26 17:59:01 | 00,025,600 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\cmdl32.exe

[2009/08/26 17:59:01 | 00,015,872 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\comp.exe

[2009/08/26 17:59:00 | 00,065,024 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\cleanmgr.exe

[2009/08/26 17:59:00 | 00,058,880 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\cipher.exe

[2009/08/26 17:59:00 | 00,024,576 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\cliconfg.exe

[2009/08/26 17:59:00 | 00,011,776 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\chkntfs.exe

[2009/08/26 17:59:00 | 00,008,192 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\cidaemon.exe

[2009/08/26 17:59:00 | 00,007,680 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\ckcnv.exe

[2009/08/26 17:58:59 | 00,446,464 | ---- | M] (NVIDIA Corporation) -- H:\WINDOWS\System32\CapabilityTable.exe

[2009/08/26 17:58:59 | 00,116,224 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\calc.exe

[2009/08/26 17:58:59 | 00,080,896 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\charmap.exe

[2009/08/26 17:58:59 | 00,049,152 | R--- | M] () -- H:\WINDOWS\System32\ChCfg.exe

[2009/08/26 17:58:59 | 00,011,776 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\chkdsk.exe

[2009/08/26 17:58:58 | 00,154,112 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\bootcfg.exe

[2009/08/26 17:58:58 | 00,071,680 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\blastcln.exe

[2009/08/26 17:58:58 | 00,020,480 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\cacls.exe

[2009/08/26 17:58:58 | 00,014,336 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\auditusr.exe

[2009/08/26 17:58:58 | 00,005,632 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\bootvrfy.exe

[2009/08/26 17:58:58 | 00,005,120 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\bootok.exe

[2009/08/26 17:58:57 | 00,098,816 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\ahui.exe

[2009/08/26 17:58:57 | 00,035,840 | ---- | M] (Microsoft Corp.) -- H:\WINDOWS\System32\asr_ldm.exe

[2009/08/26 17:58:57 | 00,033,280 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\asr_pfu.exe

[2009/08/26 17:58:57 | 00,031,232 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\asr_fmt.exe

[2009/08/26 17:58:57 | 00,025,600 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\at.exe

[2009/08/26 17:58:57 | 00,020,480 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\arp.exe

[2009/08/26 17:58:57 | 00,012,288 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\attrib.exe

[2009/08/26 17:58:57 | 00,011,776 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\atmadm.exe

[2009/08/26 17:58:56 | 00,005,120 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\actmovie.exe

[2009/08/26 17:55:25 | 00,102,400 | ---- | M] (www.zsmc.com.cn) -- H:\WINDOWS\VM303Cap.exe

[2009/08/26 17:55:25 | 00,086,016 | ---- | M] (MindVision Software) -- H:\WINDOWS\unvise32.exe

[2009/08/26 17:55:25 | 00,053,248 | ---- | M] (ZSMCSNAP) -- H:\WINDOWS\vmsnap3.exe

[2009/08/26 17:55:25 | 00,026,112 | ---- | M] (Twain Working Group) -- H:\WINDOWS\twunk_32.exe

[2009/08/26 17:55:24 | 00,090,112 | R--- | M] (Realtek Semiconductor Corp.) -- H:\WINDOWS\SoundMan.exe

[2009/08/26 17:55:24 | 00,073,216 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\ST6UNST.EXE

[2009/08/26 17:55:24 | 00,015,360 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\TASKMAN.EXE

[2009/08/26 17:55:23 | 02,883,584 | R--- | M] (Realtek Semiconductor Corp.) -- H:\WINDOWS\SkyTel.exe

[2009/08/26 17:55:23 | 01,196,032 | R--- | M] (Realtek Semiconductor Corp.) -- H:\WINDOWS\RtlUpd.exe

[2009/08/26 17:55:23 | 00,262,144 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\Setup1.exe

[2009/08/26 17:55:23 | 00,036,864 | ---- | M] (Smart Link) -- H:\WINDOWS\slrundll.exe

[2009/08/26 17:55:22 | 09,711,616 | R--- | M] (Realtek Semiconductor Corp.) -- H:\WINDOWS\RTLCPL.exe

[2009/08/26 17:55:18 | 16,062,976 | R--- | M] (Realtek Semiconductor Corp.) -- H:\WINDOWS\RTHDCPL.exe

[2009/08/26 17:55:18 | 02,158,592 | R--- | M] (Realtek Semiconductor Corp.) -- H:\WINDOWS\MicCal.exe

[2009/08/26 17:55:17 | 01,035,776 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\explorer.exe

[2009/08/26 17:55:17 | 00,094,208 | ---- | M] () -- H:\WINDOWS\Cuninst.exe

[2009/08/26 17:55:17 | 00,053,248 | ---- | M] (Vimicro) -- H:\WINDOWS\Domino.exe

[2009/08/26 17:55:17 | 00,024,064 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\asx3test.exe

[2009/08/26 17:55:17 | 00,017,408 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\asfchop.exe

[2009/08/26 17:55:16 | 02,811,904 | R--- | M] (RealTek Semicoductor Corp.) -- H:\WINDOWS\alcwzrd.exe

[2009/08/26 17:55:16 | 00,180,224 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\amcap.exe

[2009/08/26 17:55:16 | 00,069,632 | R--- | M] (Realtek Semiconductor Corp.) -- H:\WINDOWS\Alcmtr.exe

[2009/08/26 14:59:03 | 00,000,000 | RHS- | M] () -- H:\MSDOS.SYS

[2009/08/26 14:59:03 | 00,000,000 | RHS- | M] () -- H:\IO.SYS

[2009/08/26 14:59:03 | 00,000,000 | ---- | M] () -- H:\CONFIG.SYS

[2009/08/26 14:59:03 | 00,000,000 | ---- | M] () -- H:\AUTOEXEC.BAT

[2009/08/26 14:54:17 | 00,000,317 | ---- | M] () -- H:\Boot.bak

[2009/08/26 11:52:18 | 00,053,248 | ---- | M] () -- H:\WINDOWS\System32\servises.exe

[2009/08/26 11:52:12 | 01,416,192 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\mmc.exe

[2009/08/26 11:52:12 | 01,219,584 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\ntbackup.exe

[2009/08/26 11:52:07 | 00,014,336 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\svchost.exe

[2009/08/26 11:49:08 | 00,001,877 | ---- | M] () -- H:\Documents and Settings\usuario\Menu Iniciar\Programas\Inicializar\is-L252I.lnk

[2009/08/26 11:47:12 | 42,405,384 | ---- | M] ( ) -- H:\Documents and Settings\usuario\Desktop\setup_7.0.0.290_26.08.2009_16-31.exe

[2009/08/26 11:10:55 | 00,094,016 | ---- | M] () -- H:\WINDOWS\System32\drivers\agp440.sys

[2009/08/26 11:10:55 | 00,094,016 | ---- | M] () -- H:\WINDOWS\System32\dllcache\agp440.sys

[2009/08/26 11:10:06 | 00,195,923 | ---- | M] () -- H:\WINDOWS\System32\nvapps.xml

[2009/08/26 10:54:20 | 15,794,216 | ---- | M] (Doctor Web, Ltd.) -- H:\Documents and Settings\usuario\Desktop\drweb-cureit.exe

[2009/08/26 10:31:55 | 00,288,654 | ---- | M] () -- H:\SafeBootKeyRepair.exe

[2009/08/26 09:19:25 | 00,000,042 | ---- | M] () -- H:\Arquivos de programas\Arquivos comuns\WindowsUpdate.zip

[2009/08/25 22:56:14 | 00,000,768 | ---- | M] () -- H:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/08/25 22:52:50 | 03,942,048 | ---- | M] (Malwarebytes Corporation ) -- H:\Documents and Settings\usuario\Desktop\mbam-setup.exe

[2009/08/25 18:21:41 | 00,036,864 | ---- | M] () -- H:\WINDOWS\System32\avast!UpdateAgent.exe

[2009/08/25 15:32:35 | 00,068,096 | ---- | M] () -- H:\Documents and Settings\usuario\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/08/25 13:31:34 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- H:\Documents and Settings\usuario\Desktop\HiJackThis.exe

[2009/08/25 11:49:41 | 00,001,116 | ---- | M] () -- H:\WINDOWS\win.ini

[2009/08/25 11:49:41 | 00,000,246 | ---- | M] () -- H:\WINDOWS\system.ini

[2009/08/25 11:27:14 | 02,757,632 | ---- | M] () -- H:\Documents and Settings\usuario\Desktop\rmvirut.exe

[2009/08/25 11:08:36 | 00,001,324 | ---- | M] () -- H:\WINDOWS\System32\d3d9caps.dat

[2009/08/25 10:52:45 | 03,152,656 | -H-- | M] () -- H:\Documents and Settings\usuario\Configurações locais\Dados de aplicativos\IconCache.db

[2009/08/25 00:57:50 | 00,000,848 | ---- | M] () -- H:\Documents and Settings\usuario\Desktop\Tennis Elbow 2009.lnk

[2009/08/25 00:57:40 | 20,793,023 | ---- | M] () -- H:\Documents and Settings\usuario\Meus documentos\TennisElbow2009.exe

[2009/08/23 18:05:00 | 00,001,100 | ---- | M] () -- H:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-73586283-1326574676-839522115-1003Core.job

[2009/08/22 02:29:47 | 00,000,069 | ---- | M] () -- H:\WINDOWS\NeroDigital.ini

[2009/08/20 08:23:02 | 00,079,523 | ---- | M] () -- H:\Documents and Settings\usuario\Meus documentos\impedido.jpg

[2009/08/17 22:06:22 | 05,305,682 | ---- | M] () -- H:\Documents and Settings\usuario\Meus documentos\vdownloader.zip

[2009/08/16 11:46:49 | 00,002,206 | ---- | M] () -- H:\WINDOWS\System32\wpa.dbl

[2009/08/13 12:18:53 | 00,000,162 | -H-- | M] () -- H:\Documents and Settings\usuario\Meus documentos\~$og-FilDir-09.2n.doc

[2009/08/13 12:18:20 | 00,026,112 | ---- | M] () -- H:\Documents and Settings\usuario\Meus documentos\Prog-FilDir-09.2n.doc

[2009/08/12 18:39:42 | 00,001,374 | ---- | M] () -- H:\WINDOWS\imsins.BAK

[2009/08/11 14:18:02 | 19,155,710 | ---- | M] () -- H:\Documents and Settings\usuario\Meus documentos\reporterbebado09parteespecial.mp3

[2009/08/10 18:02:09 | 00,324,870 | ---- | M] () -- H:\listamp3.m3u

[2009/08/07 17:29:26 | 00,032,474 | ---- | M] () -- H:\Documents and Settings\usuario\Meus documentos\ligadojulio.mpw

[2009/08/05 06:00:39 | 00,205,312 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\mswebdvd.dll

[2009/08/05 06:00:39 | 00,205,312 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\mswebdvd.dll

[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- H:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- H:\WINDOWS\System32\drivers\mbam.sys

[2009/08/03 00:16:30 | 00,000,859 | ---- | M] () -- H:\Documents and Settings\usuario\Desktop\Tennis Elbow Manager.lnk

[2009/07/29 17:49:16 | 24,281,536 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\MRT.exe

[2009/07/27 19:26:35 | 00,128,512 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\dhtmled.ocx

[2009/07/27 00:34:31 | 00,000,000 | -H-- | M] () -- H:\WINDOWS\System32\drivers\umdf\Msft_User_WpdMtpDr_01_00_00.Wdf

[2009/07/20 15:46:46 | 00,023,552 | ---- | M] () -- H:\Documents and Settings\usuario\Meus documentos\TC - Breno.doc

[2009/07/18 13:04:26 | 03,090,432 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\mshtml.dll

[2009/07/18 13:04:26 | 03,090,432 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\mshtml.dll

[2009/07/18 13:04:26 | 01,509,888 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\shdocvw.dll

[2009/07/18 13:04:26 | 01,509,888 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\shdocvw.dll

[2009/07/17 16:03:29 | 00,058,880 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\atl.dll

[2009/07/17 16:03:29 | 00,058,880 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\atl.dll

[2009/07/10 10:27:51 | 01,315,328 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\msoe.dll

[2009/07/08 13:58:21 | 00,036,347 | ---- | M] () -- H:\Documents and Settings\usuario\Meus documentos\prigarcia.jpg

[2009/07/06 12:43:17 | 00,001,013 | ---- | M] () -- H:\Documents and Settings\usuario\Desktop\Launch Virtua Tennis 2009.exe (2).lnk

[2009/07/05 17:13:47 | 00,039,965 | ---- | M] () -- H:\Documents and Settings\usuario\Meus documentos\ISO1.nri

[2009/07/01 16:46:45 | 00,000,038 | ---- | M] () -- H:\WINDOWS\avisplitter.INI

[2009/06/29 18:44:35 | 00,463,779 | ---- | M] () -- H:\WINDOWS\System32\drivers\Avg\miniavi.avg

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 32768 bytes -> H:\WINDOWS\System32\svchost.exe:ext.exe

< End of report >

 

 

mas antes de sair eu havia deixado passando o kaspersky e ele simplesmente não encontrou nada =/

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! ig0rf

 

mas antes de sair eu havia deixado passando o kaspersky e ele simplesmente não encontrou nada =/

<!> Isso,ainda,não nos dá garantias que a infecção foi removida.

<><><><><><><><><><>

<@> Baixe: < ToolBar S&D >

<@> Salve-o no Disco Local-H,em uma pasta própria.

<@> Reinicie o computador,em Modo de Segurança. <-- Importante!

<@> Execute o programa,e à seguir,aperte o "p" --> Enter --> Ok.

<@> Digite o dois! ( 2 ) --> Aperte Enter --> Aguarde!

<@> Terminando,poste o relatório. ( H:\ToolBar SD\TB_1.txt ) <--

<><><><><><><><><><>

<@> Execute o OTL.exe.

<@> Desabilite seu antivírus.

<@> Copie estas informações que estão no Quote,para o campo clipboard da ferramenta. ( Custom Scans/Fixes )

 

:Processes

explorer.exe

:OTL

PRC - H:\WINDOWS\System32\servises.exe ()

PRC - H:\WINDOWS\explorer.exe (Microsoft Corporation)

SRV - (avast!UpdateAgent.exe [Auto | Stopped]) -- H:\WINDOWS\System32\avast!UpdateAgent.exe ()

SRV - (COMSysApp [On_Demand | Stopped]) -- File not found

SRV - (MSIServer [On_Demand | Stopped]) -- File not found

DRV - (sptd [boot | Running]) -- H:\WINDOWS\System32\Drivers\sptd.sys ()

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = H:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://br.ask.com?o=14784&l=dis

FF - prefs.js..keyword.URL: "http://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=VD&o=14782&locale=pt_BR&q="

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Ask.com"

FF - prefs.js..browser.search.order.1: "Ask.com"

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - H:\Arquivos de programas\Ask.com\GenericAskToolbar.dll (Ask.com)

O2 - BHO: (TBSB00982 Class) - {DA3D342F-FF20-4E31-9E82-22334155730C} - H:\Arquivos de programas\IEToolbar\Ant.com Toolbar\tbcore3.dll File not found

O2 - BHO: (AntBar) - {e1a96b41-e013-47be-99f5-38a5a0d45e23} - H:\Arquivos de programas\Ant.com\Ant.com IE toolbar\adxloader.dll (Add-in Express Ltd)

O3 - HKLM\..\Toolbar: (Ant.com Toolbar) - {6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - H:\Arquivos de programas\IEToolbar\Ant.com Toolbar\tbcore3.dll File not found

O3 - HKLM\..\Toolbar: (Ant.com) - {a2ccec8c-e692-41d8-a4fd-4db8f2af59e9} - H:\Arquivos de programas\Ant.com\Ant.com IE toolbar\adxloader.dll (Add-in Express Ltd)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - H:\Arquivos de programas\Ask.com\GenericAskToolbar.dll (Ask.com)

O3 - HKCU\..\Toolbar\WebBrowser: (Ant.com Toolbar) - {6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - H:\Arquivos de programas\IEToolbar\Ant.com Toolbar\tbcore3.dll File not found

O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - H:\Arquivos de programas\Ask.com\GenericAskToolbar.dll (Ask.com)

O4 - HKLM..\Run: [280] H:\WINDOWS\System32\7.tmp.exe File not found

O4 - HKLM..\Run: [280] H:\WINDOWS\System32\7.tmp.exe File not found

O4 - HKLM..\Run: [bigDog303] H:\WINDOWS\VM303_STI.EXE File not found

O4 - HKLM..\Run: [Regedit32] H:\WINDOWS\System32\regedit.exe File not found

O4 - HKLM..\Run: [servises] H:\WINDOWS\System32\servises.exe ()

O4 - HKLM..\Run: [userFaultCheck] File not found

O4 - HKCU..\Run: [servises] H:\WINDOWS\System32\servises.exe ()

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_12)

O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_12)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_12)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\msdaipp - No CLSID value found

O33 - MountPoints2\{11291156-826a-11dd-b237-001bfcf6322e}\Shell - "" = AutoRun

O33 - MountPoints2\{1129115a-826a-11dd-b237-001bfcf6322e}\Shell\AutoRun\command - "" = E:\AutoTransfer.exe -- File not found

O33 - MountPoints2\{20a1d992-430f-11dd-b1a3-001bfcf6322e}\Shell\Auto\command - "" = C:\fun.xls.exe -- File not found

O33 - MountPoints2\{b56634cb-4fb0-11de-8331-001bfcf6322e}\Shell\Open(&0)\command - "" = L:\windrive.exe -- File not found

O33 - MountPoints2\{b7956206-b081-11dc-b07d-001bfcf6322e}\Shell\Open(&0)\command - "" = L:\windrive.exe -- File not found

O33 - MountPoints2\{d7e00fe6-8ac6-11de-83bc-001bfcf6322e}\Shell\AutoRun\command - "" = L:\setupSNK.exe -- File not found

:Files

H:\Arquivos de programas\Ant.com\Ant.com IE toolbar\adxloader.dll

H:\Arquivos de programas\IEToolbar\Ant.com Toolbar\tbcore3.dll

H:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

H:\Arquivos de programas\Ant.com\Ant.com IE toolbar

H:\Arquivos de programas\IEToolbar\Ant.com Toolbar

H:\Arquivos de programas\IEToolbar

H:\Arquivos de programas\Ant.com

H:\Arquivos de programas\Ask.com

H:\WINDOWS\system32\reader_s.exe

H:\WINDOWS\system32\servises.exe

H:\WINDOWS\System32\regedit.exe

:Commands

[resethosts]

[purity]

[emptytemp]

[start explorer]

[Reboot]

<@> Clique no botão Run Fix --> Aguarde a conclusão ou reboot.

<@> Terminando,vá até a pasta: H:\_OTL\MovedFiles\*.log <-- Poste!

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

log do toolbar SD:

 

 

-----------\\ ToolBar S&D 1.2.9 XP/Vista

 

 

"H:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )

Option : [2] ( --- 28/08/2009|14:55 )

 

-----------\\ Procura por Arquivos / Ficheiros ...

 

 

-----------\\ Extensions

 

(usuario) - {87F8774F-B485-47E2-A755-A40A8A5E886C} => gbmzhbb

 

 

-----------\\ [..\Internet Explorer\Main]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Local Page"="H:\\WINDOWS\\system32\\blank.htm"

"Start Page"="http://br.ask.com?o=14784&l=dis"

"Search Page"="http://www.google.com"

"Search Bar"="http://www.google.com/ie"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

"Default_Search_URL"="http://www.google.com/ie"

"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

"Start Page"="http://www.msn.com/"

 

 

--------------------\\ Procurando por outras infecções

 

--------------------\\ Cracks & Keygens ..

 

H:\DOCUME~1\usuario\Configurações locais\Temp\crack 9.0.2.rar

H:\DOCUME~1\usuario\Configurações locais\Temp\GTA San Andreas [PC Full Game][Crack Incl]_KaYz 2008 [mininova].torrent

H:\DOCUME~1\usuario\Configurações locais\Temporary Internet Files\Content.IE5\03ZV60T9\Crack[1].htm

H:\DOCUME~1\usuario\Configurações locais\Temporary Internet Files\Content.IE5\4P49QV8H\Crack[1].zip

H:\DOCUME~1\usuario\Configurações locais\Temporary Internet Files\Content.IE5\B7XJB5KW\Crack.html;jsessionid=3EEC7815EB99BCCC1D22A1535FD9D866[1].dc156

H:\DOCUME~1\usuario\Configurações locais\Temporary Internet Files\Content.IE5\B7XJB5KW\Crack.html;jsessionid=3EEC7815EB99BCCC1D22A1535FD9D866[1].htm

H:\DOCUME~1\usuario\Meus documentos\AdobeStockPhotos\Keygen PCS3

H:\DOCUME~1\usuario\Meus documentos\Downloads\Adobe_Photoshop_CS3_Extended_Final\Crack.txt

H:\DOCUME~1\usuario\Meus documentos\Downloads\FOOTBALL_MANAGER_2009\CRACK

H:\DOCUME~1\usuario\Meus documentos\Downloads\FOOTBALL_MANAGER_2009\crack 9.0.2

H:\DOCUME~1\usuario\Meus documentos\Downloads\FOOTBALL_MANAGER_2009\CRACK\fm2009-crack&patch

H:\DOCUME~1\usuario\Meus documentos\Downloads\FOOTBALL_MANAGER_2009\CRACK\fm2009-crack&patch.r00

H:\DOCUME~1\usuario\Meus documentos\Downloads\FOOTBALL_MANAGER_2009\CRACK\fm2009-crack&patch.r01

H:\DOCUME~1\usuario\Meus documentos\Downloads\FOOTBALL_MANAGER_2009\CRACK\fm2009-crack&patch.r02

H:\DOCUME~1\usuario\Meus documentos\Downloads\FOOTBALL_MANAGER_2009\CRACK\fm2009-crack&patch.r03

H:\DOCUME~1\usuario\Meus documentos\Downloads\FOOTBALL_MANAGER_2009\CRACK\fm2009-crack&patch.r04

H:\DOCUME~1\usuario\Meus documentos\Downloads\FOOTBALL_MANAGER_2009\CRACK\fm2009-crack&patch.r05

H:\DOCUME~1\usuario\Meus documentos\Downloads\FOOTBALL_MANAGER_2009\CRACK\fm2009-crack&patch.r06

H:\DOCUME~1\usuario\Meus documentos\Downloads\FOOTBALL_MANAGER_2009\CRACK\fm2009-crack&patch.r07

H:\DOCUME~1\usuario\Meus documentos\Downloads\FOOTBALL_MANAGER_2009\CRACK\fm2009-crack&patch.r08

H:\DOCUME~1\usuario\Meus documentos\Downloads\FOOTBALL_MANAGER_2009\CRACK\fm2009-crack&patch.r09

H:\DOCUME~1\usuario\Meus documentos\Downloads\FOOTBALL_MANAGER_2009\CRACK\fm2009-crack&patch.r10

H:\DOCUME~1\usuario\Meus documentos\Downloads\FOOTBALL_MANAGER_2009\CRACK\fm2009-crack&patch.rar

H:\DOCUME~1\usuario\Meus documentos\Downloads\FOOTBALL_MANAGER_2009\CRACK\fm2009-crack&patch.sfv

H:\DOCUME~1\usuario\Meus documentos\Downloads\FOOTBALL_MANAGER_2009\CRACK\fm2009-crack&patch\FM2009_v9.1.0_Patch.exe

H:\DOCUME~1\usuario\Meus documentos\Downloads\FOOTBALL_MANAGER_2009\CRACK\fm2009-crack&patch\fm91_t1.exe

H:\DOCUME~1\usuario\Meus documentos\Downloads\FOOTBALL_MANAGER_2009\crack 9.0.2\crack 9.0.2.rar

H:\DOCUME~1\usuario\Meus documentos\Downloads\FOOTBALL_MANAGER_2009\crack 9.0.2\Keygen.exe

H:\DOCUME~1\usuario\Meus documentos\Downloads\FOOTBALL_MANAGER_2009\crack 9.0.2\readme.txt

H:\DOCUME~1\usuario\Recent\Crack.lnk

 

 

 

1 - "H:\ToolBar SD\TB_1.txt" - --- 28/08/2009|14:56 - Option : [2]

 

 

------------------

 

já o OTL trava quando chega nesta linha:

 

O3 - HKLM\..\Toolbar: (Ant.com Toolbar) - {6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - H:\Arquivos de programas\IEToolbar\Ant.com Toolbar\tbcore3.dll File not found

Compartilhar este post


Link para o post
Compartilhar em outros sites
já o OTL trava quando chega nesta linha:

 

O3 - HKLM\..\Toolbar: (Ant.com Toolbar) - {6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - H:\Arquivos de programas\IEToolbar\Ant.com Toolbar\tbcore3.dll File not found

<><><><><><><><><>

Opa! ig0rf

 

<!> Desinstale:

 

<!> Ant.com IE toolbar

 

<!> Ask.com

 

<!> Reinicie e siga com o OTL.

<!> O relatório do Toolbar SD,está incompleto,repita seu scan e poste o relatório.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá! Desculpa a demora... é que essa semana acabei viajando e só volto a ter acesso a meu PC na segunda feira... peço que não tranquem o tópico, quando voltar continuarei tentando arrumar.

 

Abraços, Igor

 

Opa! Voltei!

Usei o PC normalmente hoje desde manhã, mas parece que o Windows ficou meio capenga por causa do virus :no:

Apesar disso, ele não aparenta ter mais nenhuma infecção... o problema é que quando fui tentar remover o ant.com toolbar, ele disse que não foi possível acessar o windows installer e que parece que ele não está instalado corretamente, ou seja, parece que quando apaguei alguns arquivos acabou danificando algumas coisas do sistema, e aí?

segue o atual log do hijackthis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:42:26, on 10/9/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Unable to get Internet Explorer version!

Boot mode: Normal

 

Running processes:

H:\WINDOWS\System32\smss.exe

H:\WINDOWS\system32\winlogon.exe

H:\WINDOWS\system32\services.exe

H:\WINDOWS\system32\lsass.exe

H:\ARQUIV~1\GbPlugin\GbpSv.exe

H:\WINDOWS\system32\svchost.exe

H:\WINDOWS\System32\svchost.exe

H:\WINDOWS\system32\svchost.exe

H:\WINDOWS\Explorer.EXE

H:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

H:\Arquivos de programas\a-squared Free\a2service.exe

H:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

H:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

H:\WINDOWS\system32\svchost.exe

H:\ARQUIV~1\AVG\AVG8\avgrsx.exe

H:\ARQUIV~1\AVG\AVG8\avgnsx.exe

H:\ARQUIV~1\AVG\AVG8\avgemc.exe

H:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

H:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

H:\WINDOWS\system32\wuauclt.exe

H:\Documents and Settings\usuario\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

H:\Documents and Settings\usuario\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

H:\Documents and Settings\usuario\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

H:\WINDOWS\system32\wuauclt.exe

H:\Documents and Settings\usuario\Desktop\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Arquivos de programas\Java\jre1.5.0_12\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - H:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Arquivos de programas\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - H:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - H:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - H:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [280] H:\WINDOWS\system32\7.tmp.exe

O4 - HKLM\..\Run: [Regedit32] H:\WINDOWS\system32\regedit.exe

O4 - HKLM\..\Run: [servises] H:\WINDOWS\system32\servises.exe

O4 - HKLM\..\Run: [bigDog303] H:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [MsnMsgr] "H:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Google Update] "H:\Documents and Settings\usuario\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [swg] "H:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [servises] H:\WINDOWS\system32\servises.exe

O4 - HKLM\..\Policies\Explorer\Run: [servises] H:\WINDOWS\system32\servises.exe

O4 - HKCU\..\Policies\Explorer\Run: [servises] H:\WINDOWS\system32\servises.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [servises] H:\WINDOWS\system32\servises.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [servises] H:\WINDOWS\system32\servises.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [servises] H:\WINDOWS\system32\servises.exe (User 'Default user')

O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [servises] H:\WINDOWS\system32\servises.exe (User 'Default user')

O4 - Startup: is-L252I.lnk = H:\Documents and Settings\usuario\Desktop\Virus Removal Tool1\is-L252I\startup.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://H:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: h:\windows\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: GbPluginBb - H:\Arquivos de programas\GbPlugin\gbieh.dll

O20 - Winlogon Notify: avgrsstarter - H:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - H:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - H:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - H:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: FCI - Unknown owner - H:\WINDOWS\system32\svchost.exe:ext.exe

O23 - Service: Gbp Service (GbpSv) - - H:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Software Updater (gusvc) - Google - H:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - H:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - H:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: MS Software Shadow Copy Provider (SwPrv) - Unknown owner - H:\WINDOWS\system32\dllhost.exe (file missing)

 

--

End of file - 7364 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! ig0rf

 

<@> Baixe: < AVPTool > ( by Kaspersky Labs )

 

<@> < Link-2 >

 

<@> Salve-o em Arquivos de Programas,e instale-o aí mesmo!

<@> Reinicie o computador,em Modo de Segurança! <-- Importante!

<@> Dê início ao exame,clicando em "Scan".

<@> A verificação é muito demorada. <-- Aguarde!

<@> Caso sejam encontradas infecções,clique em "disinfect" se a opção estiver habilitada.

<@> Ps: Para algumas detecções ( Cracks ou Keygens ),conhecidas,clique em skip.

<@> Evite,para esses casos,a opção "Delete".

<@> Terminando,clique na aba Events.

<@> Desmarque a caixa de seleção "Show all events".

<@> Clique em "Save to file".

<@> Nomeie-o e salve-o no desktop! <-- Relatório para postagem!

<@> Poste,também,HijackThis atualizado.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.