[Resolvido!] Hijack This

[wings 22]

OK...

 

 

1.

*Delete o arquivo klwk.com

 

2.

*Baixe o ComboFix e salve-o no desktop

*Duplo-clique no arquivo Combofix.exe

*Aceite o contrato

 

*Se o console de recuperação do Windows já estiver instalado, o ComboFix continuará o processo automaticamente. Caso não esteja, uma janela conforme abaixo será aberta. Clique em [sIM] para aceitar a instalação do mesmo.

 

 

*Após a instalação, clique em [sIM] para continuar.

 

 

*Importante: enquanto o ComboFix estiver em execução, não use o mouse nem o teclado!!..... Para interromper o procedimento tecle N ou 2 e depois ENTER.

 

*O programa será fechado automaticamente

 

*Cole o relatório criado em C:\combofix.txt

[Jubs 0]

Não criou nenhum relatório... O programa rodou, foi até a etapa 50, aí reiniciou sozinho e quando fui procurar o arquivo, só tem um ComboFix mas com um desenho de um monitor e quando clico ele abre o meu computador de novo.

Fui no pesquisar e digitei combofix.txt e não localizou nada também...

[wings 22]

Tá difícil...

 

1.

*Clique em [iniciar] > [Executar] > digite: Combofix /uninstall

*Clique [OK]

 

 

*Clique em [Executar]

*Aguarde até surgir a mensagem: "ComboFix está desinstalado"

 

*Clique [OK]

 

2.

*Baixe novamente o combofix e salve-o no desktop

Clique em Iniciar > Executar > digite: "%userprofile%\desktop\combofix.exe" /killall

 

Clique [OK], depois em [Executar]....aguarde a execução do programa e cole o relatório

[Jubs 0]

Difícil mesmo... será que tem que formatar??? Porque dessa vez o computador reiniciou sozinho depois que eu executei o que você pediu...

[Jubs 0]

Consegui instalar o AVG, vou deixar aqui rodando porque preciso ir pra facul, amanhã cedo eu digo o que houve!!!

 

Muito obrigada, beijos, boa noite!!!

[Jubs 0]

Bom dia!!!

 

Agora apareceu um monte de coisa no antivírus... e não consegui abrir o msn... :huh:.

[wings 22]

Desative temporariamente o AVG

 

Iniciar > Programas > AVG

Abra a Interface do usuário do AVG

Clique duas vezes na Proteção Residente

Desmarque a opção "Proteção Residente ativa"

Salve as alterações

 

Baixe o Combofix e execute-o conforme as últimas orientações.

 

Cole o relatório.

[Jubs 0]

O computador reiniciou sozinho... Vou tentar de novo...

[wings 22]

Caso não consiga...

 

 

1.

*Clique em [iniciar] > [Executar] > digite: Combofix /uninstall

*Clique [OK]

 

 

*Clique em [Executar]

*Aguarde até surgir a mensagem: "ComboFix está desinstalado"

 

*Clique [OK]

 

2.

 

*Baixe o RSIT e salve-o no desktop

*Duplo clique em RSIT

*Clique em [Continue]

*Ao término do processo, cole o relatório criado em C:\rsit\log.txt

[Jubs 0]

O combofix não deu certo, copiei do rsit, como você me pediu!!!

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by ccip at 2010-02-24 09:17:55

Microsoft Windows XP Professional Service Pack 2

System drive C: has 51 GB (70%) free of 73 GB

Total RAM: 958 MB (43% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:17:59, on 24/2/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe

C:\Arquivos de programas\AVG\AVG9\avgrsx.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

C:\WINDOWS\system32\FsUsbExService.Exe

C:\Arquivos de programas\AVG\AVG9\avgnsx.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Arquivos de programas\UltraVNC\WinVNC.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\ARQUIV~1\AVG\AVG9\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\msiexec.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Documents and Settings\ccip\Desktop\RSIT.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Documents and Settings\ccip\Meus documentos\Downloads\ccip.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG9\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\ARQUIV~1\GbPlugin\gbiehCef.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [AVG9_TRAY] C:\ARQUIV~1\AVG\AVG9\avgtray.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [nodenable] C:\Arquivos de programas\eset\nodenable.exe

O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Atalho para Winlab em 'servidor' (S).lnk = ?

O4 - Startup: mapear.bat

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MI1933~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MI1933~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MI1933~1\Office12\ONBttnIE.dll

O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MI1933~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/você/bin/AvSniff.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265814152625

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1265817234390

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa.gov.br/cab/GbPluginCef.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O17 - HKLM\System\CCS\Services\Tcpip\..\{856DF318-8902-4449-A988-1208C6DE89BC}: NameServer = 200.204.0.10,200.204.0.138

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG9\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginCef - C:\ARQUIV~1\GbPlugin\gbiehCef.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Arquivos de programas\UltraVNC\WinVNC.exe

O24 - Desktop Component 0: (no name) - http://www.proasa.org.br/form/SADT_Frente.jpg

 

--

End of file - 11158 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

C:\WINDOWS\tasks\OGALogon.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Facilitador de Leitor de Link Adobe PDF - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-12-18 61888]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]

Skype add-on (mastermind) - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

AVG Safe Search - C:\Arquivos de programas\AVG\AVG9\avgssie.dll [2010-02-23 1484056]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]

Search Helper - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Auxiliar de Conexão do Windows Live - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

AVG Security Toolbar BHO - C:\Arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll [2009-11-25 1230080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540003}]

GbIehObj Class - C:\ARQUIV~1\GbPlugin\gbiehCef.dll [2009-12-08 310312]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll [2009-03-25 35840]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]

Windows Live Toolbar Helper - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-25 73728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

 

{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll [2009-11-25 1230080]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-23 7630848]

"GrooveMonitor"=C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

"NPSStartup"= []

"Adobe Reader Speed Launcher"=C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe [2010-02-24 34816]

"Adobe ARM"=C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe [2010-02-24 943104]

"AVG9_TRAY"=C:\ARQUIV~1\AVG\AVG9\avgtray.exe [2010-02-23 2033432]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]

"nodenable"=C:\Arquivos de programas\eset\nodenable.exe []

"NitroPC"=C:\Arquivos de programas\NitroPC\NitroPC.exe -minimized []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe [2010-02-24 34816]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe [2010-02-24 196608]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]

C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe [2008-07-24 132680]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-09-20 1905960]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe [2010-02-24 147456]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

C:\WINDOWS\system32\NvCpl.dll [2006-08-23 7630848]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

C:\WINDOWS\system32\NvMcTray.dll [2006-08-23 86016]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

nwiz.exe /install []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Arquivos de programas\Java\jre6\bin\jusched.exe [2009-03-25 222616]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinVNC]

C:\Arquivos de programas\UltraVNC\WinVNC.exe [2005-08-06 974848]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^ccip^Menu Iniciar^Programas^Inicializar^BrOffice.org 2.0.lnk]

C:\ARQUIV~1\BROFFI~1.0\program\QUICKS~1.EXE [2006-10-15 393216]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^ccip^Menu Iniciar^Programas^Inicializar^hamachi.lnk]

C:\ARQUIV~1\Hamachi\hamachi.exe [2010-02-24 620544]

 

C:\Documents and Settings\ccip\Menu Iniciar\Programas\Inicializar

Atalho para Winlab em 'servidor' (S).lnk - S:\

mapear.bat

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginCef]

C:\ARQUIV~1\GbPlugin\gbiehCef.dll [2009-12-08 310312]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]

C:\WINDOWS\system32\avgrsstx.dll [2010-02-23 12464]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]

C:\WINDOWS\system32\LMIinit.dll [2009-10-05 87352]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"=C:\ARQUIV~1\GbPlugin\gbiehCef.dll [2009-12-08 310312]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"dontdisplayusername"=0

"shutdownwithlogon"=1

"undockwithlogon"=1

"EnableLUA"=0

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\CA2000\comamigo.exe"="C:\CA2000\comamigo.exe:*:Enabled:comamigo"

"C:\ProxAtendente\ProxAtendente.exe"="C:\ProxAtendente\ProxAtendente.exe:*:Enabled:ProxAtendente"

"\\laboratorio2\C\Proxy\ProxAtendente.exe"="\\laboratorio2\C\Proxy\ProxAtendente.exe:*:Enabled:ProxAtendente.exe"

"C:\Arquivos de programas\Messenger\msmsgs.exe"="C:\Arquivos de programas\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"\\AUTORIZACAO\D\setup.exe"="\\AUTORIZACAO\D\setup.exe:*:Enabled:setup.exe"

"C:\Arquivos de programas\LeechFTP\Leechftp.exe"="C:\Arquivos de programas\LeechFTP\Leechftp.exe:*:Enabled:LeechFTP"

"C:\Arquivos de programas\LimeWire\LimeWire.exe"="C:\Arquivos de programas\LimeWire\LimeWire.exe:*:Enabled:LimeWire"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Arquivos de programas\Hamachi\hamachi.exe"="C:\Arquivos de programas\Hamachi\hamachi.exe:*:Enabled:Hamachi Client"

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE"="C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"

"C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE"="C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

"C:\Documents and Settings\ccip\Configurações locais\Temp\IXP000.TMP\SMPCSetup.exe"="C:\Documents and Settings\ccip\Configurações locais\Temp\IXP000.TMP\SMPCSetup.exe:*:Enabled:SMPCSetup"

"C:\Documents and Settings\ccip\Configurações locais\Temp\IXP000.TMP\smwinvnc.exe"="C:\Documents and Settings\ccip\Configurações locais\Temp\IXP000.TMP\smwinvnc.exe:*:Enabled:TightVNC Win32 Server"

"C:\Arquivos de programas\Samsung\Samsung New PC Studio\npsasvr.exe"="C:\Arquivos de programas\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server"

"C:\Arquivos de programas\Samsung\Samsung New PC Studio\npsvsvr.exe"="C:\Arquivos de programas\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server"

"C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe"="C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"

"C:\EditorTiss\setup.exe"="C:\EditorTiss\setup.exe:*:Enabled:ipsec"

"C:\WINDOWS\Explorer.EXE"="C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec"

"C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe:*:Enabled:ipsec"

"C:\Arquivos de programas\Skype\Phone\Skype.exe"="C:\Arquivos de programas\Skype\Phone\Skype.exe:*:Enabled:Skype"

"C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"="C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe:*:Enabled:ipsec"

"C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe"="C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe:*:Enabled:ipsec"

"C:\Arquivos de programas\NitroPC\NitroPC.exe"="C:\Arquivos de programas\NitroPC\NitroPC.exe:*:Enabled:NitroPC"

"C:\Arquivos de programas\AVG\AVG9\avgupd.exe"="C:\Arquivos de programas\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"

"C:\Arquivos de programas\AVG\AVG9\avgnsx.exe"="C:\Arquivos de programas\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

 

======List of files/folders created in the last 1 months======

 

2010-02-24 09:17:55 ----D---- C:\rsit

2010-02-24 09:03:50 ----SHD---- C:\Config.Msi

2010-02-24 09:01:48 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$

2010-02-24 09:01:20 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$

2010-02-24 09:00:13 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$

2010-02-24 08:41:51 ----SD---- C:\ComboFix

2010-02-23 17:09:50 ----HD---- C:\$AVG

2010-02-23 17:09:32 ----A---- C:\WINDOWS\system32\avgrsstx.dll

2010-02-23 17:09:04 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\AVG Security Toolbar

2010-02-23 17:08:36 ----D---- C:\Arquivos de programas\AVG

2010-02-23 17:08:33 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\avg9

2010-02-23 16:42:42 ----D---- C:\Qoobox

2010-02-23 15:26:46 ----HD---- C:\WINDOWS\PIF

2010-02-23 13:56:16 ----A---- C:\WhatsNew.txt

2010-02-23 13:56:16 ----A---- C:\ReadMe.txt

2010-02-23 11:29:23 ----A---- C:\eula.txt

2010-02-23 09:21:28 ----D---- C:\WINDOWS\system32\XPSViewer

2010-02-23 09:21:15 ----D---- C:\Arquivos de programas\Reference Assemblies

2010-02-23 09:20:51 ----N---- C:\WINDOWS\system32\xpssvcs.dll

2010-02-23 09:20:51 ----N---- C:\WINDOWS\system32\xpsshhdr.dll

2010-02-23 09:20:51 ----N---- C:\WINDOWS\system32\prntvpt.dll

2010-02-23 09:20:51 ----D---- C:\dcd45ca6c50e48a1cfbfc162b9

2010-02-23 09:18:19 ----HDC---- C:\WINDOWS\$NtUninstallWIC$

2010-02-23 09:18:15 ----D---- C:\Arquivos de programas\MSXML 6.0

2010-02-23 09:13:58 ----A---- C:\WINDOWS\UPGRADE.TXT

2010-02-23 09:13:57 ----D---- C:\WINDOWS\setup.pss

2010-02-23 09:13:34 ----D---- C:\WINDOWS\setupupd

2010-02-23 08:06:29 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$

2010-02-23 08:03:38 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$

2010-02-22 11:43:41 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$

2010-02-22 11:42:42 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$

2010-02-22 11:42:36 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$

2010-02-22 11:42:08 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$

2010-02-22 11:42:05 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$

2010-02-22 11:39:28 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$

2010-02-22 11:39:20 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$

2010-02-22 11:39:13 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$

2010-02-22 11:38:21 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$

2010-02-22 11:38:13 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$

2010-02-22 11:38:06 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$

2010-02-22 11:37:17 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$

2010-02-22 11:37:10 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$

2010-02-22 11:36:23 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$

2010-02-22 11:36:06 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$

2010-02-22 11:35:54 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$

2010-02-22 11:35:49 ----D---- C:\WINDOWS\system32\zh-TW

2010-02-22 11:35:49 ----D---- C:\WINDOWS\system32\zh-HK

2010-02-22 11:35:49 ----D---- C:\WINDOWS\system32\tr-TR

2010-02-22 11:35:49 ----D---- C:\WINDOWS\system32\sv-SE

2010-02-22 11:35:49 ----D---- C:\WINDOWS\system32\nl-NL

2010-02-22 11:35:49 ----D---- C:\WINDOWS\system32\nb-NO

2010-02-22 11:35:49 ----D---- C:\WINDOWS\system32\ko-KR

2010-02-22 11:35:49 ----D---- C:\WINDOWS\system32\it-IT

2010-02-22 11:35:49 ----D---- C:\WINDOWS\system32\he-IL

2010-02-22 11:35:49 ----D---- C:\WINDOWS\system32\fr-FR

2010-02-22 11:35:49 ----D---- C:\WINDOWS\system32\fi-FI

2010-02-22 11:35:49 ----D---- C:\WINDOWS\system32\es-ES

2010-02-22 11:35:49 ----D---- C:\WINDOWS\system32\en-US

2010-02-22 11:35:49 ----D---- C:\WINDOWS\system32\el-GR

2010-02-22 11:35:49 ----D---- C:\WINDOWS\system32\de-DE

2010-02-22 11:35:49 ----D---- C:\WINDOWS\system32\da-DK

2010-02-22 11:35:49 ----D---- C:\WINDOWS\system32\ar-SA

2010-02-22 11:35:43 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$

2010-02-22 11:33:55 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$

2010-02-22 11:33:39 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$

2010-02-22 11:33:30 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$

2010-02-22 10:49:25 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$

2010-02-22 10:47:11 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$

2010-02-22 10:46:38 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$

2010-02-22 10:42:54 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$

2010-02-22 10:42:08 ----A---- C:\WINDOWS\imsins.BAK

2010-02-22 10:41:56 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$

2010-02-22 08:00:55 ----D---- C:\Documents and Settings\ccip\Dados de aplicativos\Malwarebytes

2010-02-22 08:00:48 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes

2010-02-22 08:00:47 ----D---- C:\Arquivos de programas\Malwarebytes' Anti-Malware

2010-02-19 15:58:55 ----D---- C:\Documents and Settings\ccip\Dados de aplicativos\Yahoo!

2010-02-19 15:58:49 ----D---- C:\Arquivos de programas\Yahoo!

2010-02-19 10:17:16 ----A---- C:\Boot.bak

2010-02-19 10:17:10 ----RASHD---- C:\cmdcons

2010-02-19 10:16:07 ----D---- C:\WINDOWS\ERDNT

2010-02-19 10:03:30 ----D---- C:\Documents and Settings\ccip\Dados de aplicativos\GetRightToGo

2010-02-19 09:31:19 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

2010-02-12 08:10:59 ----D---- C:\EditorTiss

2010-02-10 12:03:26 ----A---- C:\WINDOWS\system32\wuapi.dll.mui

2010-02-05 09:05:01 ----D---- C:\WINDOWS\Minidump

 

======List of files/folders modified in the last 1 months======

 

2010-02-24 09:15:17 ----SHD---- C:\WINDOWS\Installer

2010-02-24 09:15:17 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Google

2010-02-24 09:15:17 ----D---- C:\Arquivos de programas\Google

2010-02-24 09:11:13 ----D---- C:\WINDOWS\Microsoft.NET

2010-02-24 09:11:12 ----RSD---- C:\WINDOWS\assembly

2010-02-24 09:09:03 ----D---- C:\WINDOWS\Temp

2010-02-24 09:08:30 ----D---- C:\WINDOWS

2010-02-24 09:07:21 ----A---- C:\WINDOWS\system32\PARTIZAN.TXT

2010-02-24 09:06:52 ----AD---- C:\WINDOWS\system32\drivers

2010-02-24 09:05:44 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-02-24 09:05:10 ----D---- C:\WINDOWS\system32

2010-02-24 09:05:10 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2010-02-24 09:04:39 ----D---- C:\WINDOWS\WinSxS

2010-02-24 09:02:47 ----HD---- C:\WINDOWS\inf

2010-02-24 09:02:46 ----RSHDC---- C:\WINDOWS\system32\dllcache

2010-02-24 09:02:43 ----HD---- C:\WINDOWS\$hf_mig$

2010-02-24 09:02:36 ----D---- C:\WINDOWS\system32\CatRoot2

2010-02-24 09:02:36 ----D---- C:\WINDOWS\system32\CatRoot

2010-02-24 08:52:18 ----RD---- C:\Arquivos de programas

2010-02-24 08:52:18 ----D---- C:\Arquivos de programas\Arquivos comuns

2010-02-24 08:51:02 ----AD---- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2010-02-24 08:50:43 ----D---- C:\WINDOWS\Prefetch

2010-02-24 08:50:40 ----SD---- C:\WINDOWS\Tasks

2010-02-24 07:47:37 ----D---- C:\Arquivos de programas\LogMeIn

2010-02-24 04:56:44 ----D---- C:\upg

2010-02-23 19:45:38 ----D---- C:\Arquivos de programas\Windows NT

2010-02-23 19:45:15 ----D---- C:\Arquivos de programas\Windows Media Player

2010-02-23 19:22:51 ----D---- C:\Arquivos de programas\Outlook Express

2010-02-23 19:22:04 ----D---- C:\Arquivos de programas\NetMeeting

2010-02-23 19:02:09 ----D---- C:\Arquivos de programas\Movie Maker

2010-02-23 18:14:00 ----D---- C:\Arquivos de programas\Internet Explorer

2010-02-23 16:18:18 ----D---- C:\WINDOWS\AppPatch

2010-02-23 15:29:04 ----SHD---- C:\System Volume Information

2010-02-23 15:29:04 ----D---- C:\WINDOWS\system32\Restore

2010-02-23 14:50:58 ----D---- C:\WINDOWS\system32\config

2010-02-23 14:01:40 ----D---- C:\Arquivos de programas\ESET

2010-02-23 13:50:52 ----D---- C:\WINDOWS\network diagnostic

2010-02-23 11:25:40 ----D---- C:\WINDOWS\system32\CatRoot_bak

2010-02-23 09:21:22 ----RSD---- C:\WINDOWS\Fonts

2010-02-23 09:21:00 ----D---- C:\WINDOWS\system32\spool

2010-02-23 08:06:20 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2010-02-22 19:05:05 ----D---- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared

2010-02-22 19:04:31 ----D---- C:\Arquivos de programas\Microsoft Works

2010-02-22 19:02:10 ----A---- C:\WINDOWS\WIN.INI

2010-02-22 11:43:21 ----D---- C:\WINDOWS\ie8updates

2010-02-22 11:43:10 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$

2010-02-22 11:39:42 ----D---- C:\WINDOWS\Debug

2010-02-22 11:38:00 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$

2010-02-22 11:37:05 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$

2010-02-22 11:36:58 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$

2010-02-22 11:36:30 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$

2010-02-22 11:36:18 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$

2010-02-22 11:35:59 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$

2010-02-22 11:35:49 ----D---- C:\WINDOWS\system32\pt-br

2010-02-22 11:34:51 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$

2010-02-22 11:33:49 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$

2010-02-22 11:08:18 ----D---- C:\WINDOWS\system32\Setup

2010-02-22 11:08:02 ----HDC---- C:\WINDOWS\$NtUninstallKB901214$

2010-02-22 10:48:58 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$

2010-02-22 10:46:11 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$

2010-02-22 10:45:51 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$

2010-02-22 10:45:03 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$

2010-02-22 10:42:30 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$

2010-02-22 08:52:09 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$

2010-02-22 08:49:20 ----D---- C:\WINDOWS\system32\service

2010-02-19 16:57:06 ----D---- C:\WINDOWS\Registration

2010-02-19 10:17:16 ----RASH---- C:\boot.ini

2010-02-19 09:42:30 ----D---- C:\spdatai

2010-02-19 09:27:38 ----D---- C:\Arquivos de programas\Messenger Plus! Live

2010-02-19 09:08:32 ----D---- C:\Arquivos de programas\Adobe

2010-02-19 09:08:29 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Adobe

2010-02-19 09:08:29 ----D---- C:\Arquivos de programas\Arquivos comuns\Adobe

2010-02-19 08:27:24 ----D---- C:\CA2000

2010-02-19 08:21:08 ----D---- C:\Arquivos de programas\WinRAR

2010-02-19 08:09:26 ----D---- C:\Arquivos de programas\UltraVNC

2010-02-19 08:09:25 ----D---- C:\Arquivos de programas\PC Connectivity Solution

2010-02-19 08:09:18 ----D---- C:\Arquivos de programas\Hamachi

2010-02-19 08:07:21 ----D---- C:\Arquivos de programas\Messenger

2010-02-17 17:21:53 ----D---- C:\Documents and Settings\ccip\Dados de aplicativos\Skype

2010-02-17 16:02:18 ----D---- C:\Documents and Settings\ccip\Dados de aplicativos\skypePM

2010-02-12 08:10:27 ----A---- C:\WINDOWS\system.ini

2010-02-12 07:59:59 ----A---- C:\WINDOWS\system32\dxva_sig.txt

2010-02-10 12:54:02 ----D---- C:\WINDOWS\SoftwareDistribution

2010-02-10 12:54:01 ----SD---- C:\WINDOWS\Downloaded Program Files

2010-02-10 12:03:56 ----D---- C:\WINDOWS\Help

2010-02-01 11:26:22 ----A---- C:\WINDOWS\system32\MRT.exe

2010-01-25 10:45:14 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2010-01-25 10:45:11 ----D---- C:\Arquivos de programas\GbPlugin

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-02-23 333192]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-02-23 28424]

R1 AvgTdiX;AVG Free Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-02-23 360584]

R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]

R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Arquivos de programas\LogMeIn\x86\RaInfo.sys []

R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []

R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2006-11-21 45568]

R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []

R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2007-12-10 25280]

R3 hidusb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-28 9600]

R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-07-24 10144]

R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-28 12288]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-08-23 3959712]

R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-28 5888]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]

R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]

S1 syscip;Driver; \??\c:\windows\system32\syscip.sys []

S2 BemaIO;BemaIO; C:\WINDOWS\system32\drivers\BemaIO.sys []

S3 asc3360pr;asc3360pr; \??\C:\WINDOWS\system32\drivers\mjnhsn.sys []

S3 catchme;catchme; \??\C:\DOCUME~1\ccip\CONFIG~1\Temp\catchme.sys []

S3 MemStPCI;Sony Memory Stick controller (PCI); C:\WINDOWS\system32\DRIVERS\MemStPCI.SYS [2004-08-03 26112]

S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]

S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\WINDOWS\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]

S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]

S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]

S3 usb2vcom;USB to Serial Bridge Controller; C:\WINDOWS\System32\Drivers\usb2vcom.sys [2006-07-16 30368]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 avg9wd;AVG Free WatchDog; C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe [2010-02-23 285392]

R2 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe [2010-02-24 65536]

R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2009-04-07 233472]

R2 GbpSv;Gbp Service; C:\ARQUIV~1\GbPlugin\GbpSv.exe [2009-12-08 53800]

R2 JavaQuickStarterService;Java Quick Starter; C:\Arquivos de programas\Java\jre6\bin\jqs.exe [2009-03-25 152984]

R2 LMIMaint;LogMeIn Maintenance Service; C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe [2009-10-05 116032]

R2 LogMeIn;LogMeIn; C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe [2008-07-24 63040]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-23 155715]

R2 SeaPort;SeaPort; C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]

R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]

R2 winvnc;VNC Server; C:\Arquivos de programas\UltraVNC\WinVNC.exe [2005-08-06 974848]

R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe [2010-02-24 1527808]

S2 gupdate;Google Update Service (gupdate); C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [2010-02-24 135664]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Arquivos de programas\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 143712]

S3 odserv;Microsoft Office Diagnostics Service; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE [2010-02-24 434688]

S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2010-02-24 138240]

S3 ServiceLayer;ServiceLayer; C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 500224]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

 

-----------------EOF-----------------

[wings 22]

Envie o arquivo abaixo para análise em http://virscan.org

 

c:\windows\system32\syscip.sys

 

Cole o link contendo o resultado.

 

você está contaminada por um vírus de difícil remoção. Possivelmente o Sality.

[Jubs 0]

Não abre a página.

[wings 22]

Não abre a página.

 

Você está contaminada por um vírus de difícil remoção. Possivelmente o Sality.

 

Vamos tentar um procedimento.

 

Caso não consiga êxito, recomendo formatar o PC. Este vírus contamina arquivos .exe e .scr. Recomendo que faça um backup (gravar num cd) dos seus arquivos pessoais exceto arquivos .exe (aplicativos, programas), antes de continuar. Caso deseje a formatação, instale o Windows, Office e em seguida baixe um antivírus (recomendo o AVIRA). Baixe o antivírus com a máquina formatada, senão o arquivo do antivírus será contaminado.

 

 

Caso deseje tentar a remoção, siga os passos abaixo:

 

1.

*Baixe o RegUnlocker e salve-o no desktop

*Execute o programa e na opção A - Restricciones selecione:

 

1 - Eliminar restricciones del Sistema

2 - Eliminar restricciones del Explorador

*Clique em [Aplicar]

 

2.

*Baixe o salitykiller e salve-o no desktop

*Extraia o seu conteúdo para C:\

 

*Desative a Restauração do Sistema

 

Clique com o botão direito do mouse em Meu Computador > Propriedades > Restauração do Sistema > Desativar Restauração do Sistema > OK > Sim

*Desative seu antivírus temporariamente

 

Iniciar > Programas > AVG

Abra a Interface do usuário do AVG

Clique duas vezes na Proteção Residente

Desmarque a opção "Proteção Residente ativa"

Salve as alterações

*Este programa irá rodar em 2 janelas distintas ao mesmo tempo!!

 

*A primeira janela:

*Clique em [iniciar] > [Executar] > copie e cole: C:\salitykiller.exe -m

*Clique [OK]

*Mantenha a janela rodando. Não feche-a!! Se desejar, minimize-a.

 

*A segunda janela:

*Clique em [iniciar] > [Executar] > copie e cole: C:\salitykiller.exe -y -x -j -l sality.txt -v

*Clique [OK]

*Ao término, a janela 2 será fechada automaticamente. Feche, então, a janela 1.

*Cole o relatório criado em C:\sality.txt. Como ele deve ser grande, cole o resumo localizado no final do arquivo conforme o texto em destaque:

Infected files: 6382

19:59:42 Infected processes: 0

19:59:42 Infected threads: 0

19:59:42 Cured files: 5808

19:59:42 Executed registry scripts: 1

[Jubs 0]

Ok, assim que terminar eu colo aqui!!!

 

Obrigada

[Jubs 0]

completed

13:31:27:843 Infected files: 334

13:31:27:843 Infected processes: 0

13:31:27:843 Infected threads: 0

13:31:27:843 Cured files: 333

13:31:27:843 Executed registry scripts: 1

 

 

 

É isso???

[wings 22]

*Duplo clique em RSIT

*Clique em [Continue]

*Ao término do processo, cole o relatório criado em C:\rsit\log.txt

[Jubs 0]

Logfile of random's system information tool 1.06 (written by random/random)

Run by ccip at 2010-02-24 17:04:12

Microsoft Windows XP Professional Service Pack 2

System drive C: has 52 GB (71%) free of 73 GB

Total RAM: 958 MB (22% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:04:16, on 24/2/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe

C:\Arquivos de programas\AVG\AVG9\avgrsx.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

C:\WINDOWS\system32\FsUsbExService.Exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\AVG\AVG9\avgnsx.exe

C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\ARQUIV~1\AVG\AVG9\avgtray.exe

C:\Arquivos de programas\UltraVNC\WinVNC.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\spdatai\SGHSPD.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\spdatai\Sghtab.exe

C:\Documents and Settings\ccip\Desktop\RSIT.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Documents and Settings\ccip\Meus documentos\Downloads\ccip.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG9\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\ARQUIV~1\GbPlugin\gbiehCef.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [AVG9_TRAY] C:\ARQUIV~1\AVG\AVG9\avgtray.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [nodenable] C:\Arquivos de programas\eset\nodenable.exe

O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Atalho para Winlab em 'servidor' (S).lnk = ?

O4 - Startup: mapear.bat

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MI1933~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MI1933~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MI1933~1\Office12\ONBttnIE.dll

O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MI1933~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/você/bin/AvSniff.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265814152625

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1265817234390

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa.gov.br/cab/GbPluginCef.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O17 - HKLM\System\CCS\Services\Tcpip\..\{856DF318-8902-4449-A988-1208C6DE89BC}: NameServer = 200.204.0.10,200.204.0.138

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG9\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginCef - C:\ARQUIV~1\GbPlugin\gbiehCef.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Arquivos de programas\UltraVNC\WinVNC.exe

O24 - Desktop Component 0: (no name) - http://www.proasa.org.br/form/SADT_Frente.jpg

 

--

End of file - 10926 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

C:\WINDOWS\tasks\OGALogon.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Facilitador de Leitor de Link Adobe PDF - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-12-18 61888]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]

Skype add-on (mastermind) - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

AVG Safe Search - C:\Arquivos de programas\AVG\AVG9\avgssie.dll [2010-02-23 1484056]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]

Search Helper - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Auxiliar de Conexão do Windows Live - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

AVG Security Toolbar BHO - C:\Arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll [2009-11-25 1230080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540003}]

GbIehObj Class - C:\ARQUIV~1\GbPlugin\gbiehCef.dll [2009-12-08 310312]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll [2009-03-25 35840]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]

Windows Live Toolbar Helper - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-25 73728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

 

{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll [2009-11-25 1230080]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-23 7630848]

"GrooveMonitor"=C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

"NPSStartup"= []

"AVG9_TRAY"=C:\ARQUIV~1\AVG\AVG9\avgtray.exe [2010-02-23 2033432]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]

"nodenable"=C:\Arquivos de programas\eset\nodenable.exe []

"NitroPC"=C:\Arquivos de programas\NitroPC\NitroPC.exe -minimized []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe [2010-02-24 196608]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]

C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe [2010-02-24 57344]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2010-02-24 1836328]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe [2010-02-24 147456]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

C:\WINDOWS\system32\NvCpl.dll [2006-08-23 7630848]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

C:\WINDOWS\system32\NvMcTray.dll [2006-08-23 86016]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

nwiz.exe /install []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Arquivos de programas\Java\jre6\bin\jusched.exe [2010-02-24 143360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinVNC]

C:\Arquivos de programas\UltraVNC\WinVNC.exe [2005-08-06 974848]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^ccip^Menu Iniciar^Programas^Inicializar^BrOffice.org 2.0.lnk]

C:\ARQUIV~1\BROFFI~1.0\program\QUICKS~1.EXE [2006-10-15 393216]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^ccip^Menu Iniciar^Programas^Inicializar^hamachi.lnk]

C:\ARQUIV~1\Hamachi\hamachi.exe [2010-02-24 620544]

 

C:\Documents and Settings\ccip\Menu Iniciar\Programas\Inicializar

Atalho para Winlab em 'servidor' (S).lnk - S:\

mapear.bat

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginCef]

C:\ARQUIV~1\GbPlugin\gbiehCef.dll [2009-12-08 310312]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]

C:\WINDOWS\system32\avgrsstx.dll [2010-02-23 12464]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]

C:\WINDOWS\system32\LMIinit.dll [2009-10-05 87352]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"=C:\ARQUIV~1\GbPlugin\gbiehCef.dll [2009-12-08 310312]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\CA2000\comamigo.exe"="C:\CA2000\comamigo.exe:*:Enabled:comamigo"

"C:\ProxAtendente\ProxAtendente.exe"="C:\ProxAtendente\ProxAtendente.exe:*:Enabled:ProxAtendente"

"\\laboratorio2\C\Proxy\ProxAtendente.exe"="\\laboratorio2\C\Proxy\ProxAtendente.exe:*:Enabled:ProxAtendente.exe"

"C:\Arquivos de programas\Messenger\msmsgs.exe"="C:\Arquivos de programas\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"\\AUTORIZACAO\D\setup.exe"="\\AUTORIZACAO\D\setup.exe:*:Enabled:setup.exe"

"C:\Arquivos de programas\LeechFTP\Leechftp.exe"="C:\Arquivos de programas\LeechFTP\Leechftp.exe:*:Enabled:LeechFTP"

"C:\Arquivos de programas\LimeWire\LimeWire.exe"="C:\Arquivos de programas\LimeWire\LimeWire.exe:*:Enabled:LimeWire"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Arquivos de programas\Hamachi\hamachi.exe"="C:\Arquivos de programas\Hamachi\hamachi.exe:*:Enabled:Hamachi Client"

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:ipsec"

"C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE"="C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"

"C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE"="C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

"C:\Documents and Settings\ccip\Configurações locais\Temp\IXP000.TMP\SMPCSetup.exe"="C:\Documents and Settings\ccip\Configurações locais\Temp\IXP000.TMP\SMPCSetup.exe:*:Enabled:SMPCSetup"

"C:\Documents and Settings\ccip\Configurações locais\Temp\IXP000.TMP\smwinvnc.exe"="C:\Documents and Settings\ccip\Configurações locais\Temp\IXP000.TMP\smwinvnc.exe:*:Enabled:TightVNC Win32 Server"

"C:\Arquivos de programas\Samsung\Samsung New PC Studio\npsasvr.exe"="C:\Arquivos de programas\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server"

"C:\Arquivos de programas\Samsung\Samsung New PC Studio\npsvsvr.exe"="C:\Arquivos de programas\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server"

"C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe"="C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"

"C:\EditorTiss\setup.exe"="C:\EditorTiss\setup.exe:*:Enabled:ipsec"

"C:\WINDOWS\Explorer.EXE"="C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec"

"C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe:*:Enabled:ipsec"

"C:\Arquivos de programas\Skype\Phone\Skype.exe"="C:\Arquivos de programas\Skype\Phone\Skype.exe:*:Enabled:Skype"

"C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"="C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe:*:Enabled:ipsec"

"C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe"="C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe:*:Enabled:ipsec"

"C:\Arquivos de programas\NitroPC\NitroPC.exe"="C:\Arquivos de programas\NitroPC\NitroPC.exe:*:Enabled:NitroPC"

"C:\Arquivos de programas\AVG\AVG9\avgupd.exe"="C:\Arquivos de programas\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"

"C:\Arquivos de programas\AVG\AVG9\avgnsx.exe"="C:\Arquivos de programas\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

 

======List of files/folders created in the last 1 months======

 

2010-02-24 12:45:59 ----A---- C:\sality.txt

2010-02-24 12:44:41 ----A---- C:\SalityKiller.exe

2010-02-24 12:43:58 ----D---- C:\RegUnlocker Backups

2010-02-24 09:22:00 ----A---- C:\WINDOWS\zip.exe

2010-02-24 09:22:00 ----A---- C:\WINDOWS\SWXCACLS.exe

2010-02-24 09:22:00 ----A---- C:\WINDOWS\SWSC.exe

2010-02-24 09:22:00 ----A---- C:\WINDOWS\SWREG.exe

2010-02-24 09:22:00 ----A---- C:\WINDOWS\sed.exe

2010-02-24 09:22:00 ----A---- C:\WINDOWS\PEV.exe

2010-02-24 09:22:00 ----A---- C:\WINDOWS\NIRCMD.exe

2010-02-24 09:22:00 ----A---- C:\WINDOWS\MBR.exe

2010-02-24 09:22:00 ----A---- C:\WINDOWS\grep.exe

2010-02-24 09:21:54 ----SD---- C:\ComboFix

2010-02-24 09:17:55 ----D---- C:\rsit

2010-02-24 09:03:50 ----SHD---- C:\Config.Msi

2010-02-24 09:01:48 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$

2010-02-24 09:01:20 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$

2010-02-24 09:00:13 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$

2010-02-23 17:09:50 ----HD---- C:\$AVG

2010-02-23 17:09:32 ----A---- C:\WINDOWS\system32\avgrsstx.dll

2010-02-23 17:09:04 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\AVG Security Toolbar

2010-02-23 17:08:36 ----D---- C:\Arquivos de programas\AVG

2010-02-23 17:08:33 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\avg9

2010-02-23 16:42:42 ----D---- C:\Qoobox

2010-02-23 15:26:46 ----HD---- C:\WINDOWS\PIF

2010-02-23 13:56:16 ----A---- C:\WhatsNew.txt

2010-02-23 13:56:16 ----A---- C:\ReadMe.txt

2010-02-23 11:29:23 ----A---- C:\eula.txt

2010-02-23 09:21:28 ----D---- C:\WINDOWS\system32\XPSViewer

2010-02-23 09:21:15 ----D---- C:\Arquivos de programas\Reference Assemblies

2010-02-23 09:20:51 ----N---- C:\WINDOWS\system32\xpssvcs.dll

2010-02-23 09:20:51 ----N---- C:\WINDOWS\system32\xpsshhdr.dll

2010-02-23 09:20:51 ----N---- C:\WINDOWS\system32\prntvpt.dll

2010-02-23 09:20:51 ----D---- C:\dcd45ca6c50e48a1cfbfc162b9

2010-02-23 09:18:19 ----HDC---- C:\WINDOWS\$NtUninstallWIC$

2010-02-23 09:18:15 ----D---- C:\Arquivos de programas\MSXML 6.0

2010-02-23 09:13:58 ----A---- C:\WINDOWS\UPGRADE.TXT

2010-02-23 09:13:57 ----D---- C:\WINDOWS\setup.pss

2010-02-23 09:13:34 ----D---- C:\WINDOWS\setupupd

2010-02-23 08:06:29 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$

2010-02-23 08:03:38 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$

2010-02-22 11:43:41 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$

2010-02-22 11:42:42 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$

2010-02-22 11:42:36 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$

2010-02-22 11:42:08 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$

2010-02-22 11:42:05 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$

2010-02-22 11:39:28 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$

2010-02-22 11:39:20 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$

2010-02-22 11:39:13 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$

2010-02-22 11:38:21 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$

2010-02-22 11:38:13 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$

2010-02-22 11:38:06 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$

2010-02-22 11:37:17 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$

2010-02-22 11:37:10 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$

2010-02-22 11:36:23 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$

2010-02-22 11:36:06 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$

2010-02-22 11:35:54 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$

2010-02-22 11:35:49 ----D---- C:\WINDOWS\system32\zh-TW

2010-02-22 11:35:49 ----D---- C:\WINDOWS\system32\zh-HK

2010-02-22 11:35:49 ----D---- C:\WINDOWS\system32\tr-TR

2010-02-22 11:35:49 ----D---- C:\WINDOWS\system32\sv-SE

2010-02-22 11:35:49 ----D---- C:\WINDOWS\system32\nl-NL

2010-02-22 11:35:49 ----D---- C:\WINDOWS\system32\nb-NO

2010-02-22 11:35:49 ----D---- C:\WINDOWS\system32\ko-KR

2010-02-22 11:35:49 ----D---- C:\WINDOWS\system32\it-IT

2010-02-22 11:35:49 ----D---- C:\WINDOWS\system32\he-IL

2010-02-22 11:35:49 ----D---- C:\WINDOWS\system32\fr-FR

2010-02-22 11:35:49 ----D---- C:\WINDOWS\system32\fi-FI

2010-02-22 11:35:49 ----D---- C:\WINDOWS\system32\es-ES

2010-02-22 11:35:49 ----D---- C:\WINDOWS\system32\en-US

2010-02-22 11:35:49 ----D---- C:\WINDOWS\system32\el-GR

2010-02-22 11:35:49 ----D---- C:\WINDOWS\system32\de-DE

2010-02-22 11:35:49 ----D---- C:\WINDOWS\system32\da-DK

2010-02-22 11:35:49 ----D---- C:\WINDOWS\system32\ar-SA

2010-02-22 11:35:43 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$

2010-02-22 11:33:55 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$

2010-02-22 11:33:39 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$

2010-02-22 11:33:30 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$

2010-02-22 10:49:25 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$

2010-02-22 10:47:11 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$

2010-02-22 10:46:38 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$

2010-02-22 10:42:54 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$

2010-02-22 10:42:08 ----A---- C:\WINDOWS\imsins.BAK

2010-02-22 10:41:56 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$

2010-02-22 08:00:55 ----D---- C:\Documents and Settings\ccip\Dados de aplicativos\Malwarebytes

2010-02-22 08:00:48 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes

2010-02-22 08:00:47 ----D---- C:\Arquivos de programas\Malwarebytes' Anti-Malware

2010-02-19 15:58:55 ----D---- C:\Documents and Settings\ccip\Dados de aplicativos\Yahoo!

2010-02-19 15:58:49 ----D---- C:\Arquivos de programas\Yahoo!

2010-02-19 10:17:16 ----A---- C:\Boot.bak

2010-02-19 10:17:10 ----RASHD---- C:\cmdcons

2010-02-19 10:16:07 ----D---- C:\WINDOWS\ERDNT

2010-02-19 10:03:30 ----D---- C:\Documents and Settings\ccip\Dados de aplicativos\GetRightToGo

2010-02-19 09:31:19 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

2010-02-12 08:10:59 ----D---- C:\EditorTiss

2010-02-10 12:03:26 ----A---- C:\WINDOWS\system32\wuapi.dll.mui

2010-02-05 09:05:01 ----D---- C:\WINDOWS\Minidump

 

======List of files/folders modified in the last 1 months======

 

2010-02-24 13:26:40 ----A---- C:\WINDOWS\system32\rundll32.exe.tmp

2010-02-24 12:55:09 ----D---- C:\WINDOWS\Prefetch

2010-02-24 12:47:20 ----D---- C:\WINDOWS\Temp

2010-02-24 12:46:24 ----A---- C:\lj1022nfw_win_20050401.exe

2010-02-24 12:46:23 ----A---- C:\lj1020-1022-HB-pd-win2kxp-pr.exe

2010-02-24 12:46:22 ----A---- C:\WINDOWS\system.ini

2010-02-24 12:45:18 ----D---- C:\WINDOWS\system32\Restore

2010-02-24 12:43:28 ----D---- C:\WINDOWS\system32

2010-02-24 12:26:08 ----RSHDC---- C:\WINDOWS\system32\dllcache

2010-02-24 12:26:03 ----D---- C:\Arquivos de programas\Internet Explorer

2010-02-24 11:56:54 ----D---- C:\WINDOWS\Microsoft.NET

2010-02-24 11:56:52 ----RSD---- C:\WINDOWS\assembly

2010-02-24 11:21:12 ----D---- C:\WINDOWS\system32\CatRoot2

2010-02-24 10:54:44 ----AD---- C:\WINDOWS\system32\drivers

2010-02-24 10:48:00 ----D---- C:\WINDOWS

2010-02-24 10:47:56 ----A---- C:\WINDOWS\system32\PARTIZAN.TXT

2010-02-24 10:45:08 ----D---- C:\WINDOWS\AppPatch

2010-02-24 10:45:07 ----D---- C:\Arquivos de programas\Arquivos comuns

2010-02-24 09:22:04 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-02-24 09:15:17 ----SHD---- C:\WINDOWS\Installer

2010-02-24 09:15:17 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Google

2010-02-24 09:15:17 ----D---- C:\Arquivos de programas\Google

2010-02-24 09:05:10 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2010-02-24 09:04:39 ----D---- C:\WINDOWS\WinSxS

2010-02-24 09:02:47 ----HD---- C:\WINDOWS\inf

2010-02-24 09:02:43 ----HD---- C:\WINDOWS\$hf_mig$

2010-02-24 09:02:36 ----D---- C:\WINDOWS\system32\CatRoot

2010-02-24 08:52:18 ----RD---- C:\Arquivos de programas

2010-02-24 08:51:02 ----AD---- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2010-02-24 08:50:40 ----SD---- C:\WINDOWS\Tasks

2010-02-24 07:47:37 ----D---- C:\Arquivos de programas\LogMeIn

2010-02-24 04:56:44 ----D---- C:\upg

2010-02-23 19:45:38 ----D---- C:\Arquivos de programas\Windows NT

2010-02-23 19:45:15 ----D---- C:\Arquivos de programas\Windows Media Player

2010-02-23 19:22:51 ----D---- C:\Arquivos de programas\Outlook Express

2010-02-23 19:22:04 ----D---- C:\Arquivos de programas\NetMeeting

2010-02-23 19:02:09 ----D---- C:\Arquivos de programas\Movie Maker

2010-02-23 15:29:04 ----SHD---- C:\System Volume Information

2010-02-23 14:50:58 ----D---- C:\WINDOWS\system32\config

2010-02-23 14:01:40 ----D---- C:\Arquivos de programas\ESET

2010-02-23 13:50:52 ----D---- C:\WINDOWS\network diagnostic

2010-02-23 11:25:40 ----D---- C:\WINDOWS\system32\CatRoot_bak

2010-02-23 09:21:22 ----RSD---- C:\WINDOWS\Fonts

2010-02-23 09:21:00 ----D---- C:\WINDOWS\system32\spool

2010-02-23 08:06:20 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2010-02-22 19:05:05 ----D---- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared

2010-02-22 19:04:31 ----D---- C:\Arquivos de programas\Microsoft Works

2010-02-22 19:02:10 ----A---- C:\WINDOWS\WIN.INI

2010-02-22 11:43:21 ----D---- C:\WINDOWS\ie8updates

2010-02-22 11:43:10 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$

2010-02-22 11:39:42 ----D---- C:\WINDOWS\Debug

2010-02-22 11:38:00 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$

2010-02-22 11:37:05 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$

2010-02-22 11:36:58 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$

2010-02-22 11:36:30 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$

2010-02-22 11:36:18 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$

2010-02-22 11:35:59 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$

2010-02-22 11:35:49 ----D---- C:\WINDOWS\system32\pt-br

2010-02-22 11:34:51 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$

2010-02-22 11:33:49 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$

2010-02-22 11:08:18 ----D---- C:\WINDOWS\system32\Setup

2010-02-22 11:08:02 ----HDC---- C:\WINDOWS\$NtUninstallKB901214$

2010-02-22 10:48:58 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$

2010-02-22 10:46:11 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$

2010-02-22 10:45:51 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$

2010-02-22 10:45:03 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$

2010-02-22 10:42:30 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$

2010-02-22 08:52:09 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$

2010-02-22 08:49:20 ----D---- C:\WINDOWS\system32\service

2010-02-19 16:57:06 ----D---- C:\WINDOWS\Registration

2010-02-19 10:17:16 ----RASH---- C:\boot.ini

2010-02-19 09:42:30 ----D---- C:\spdatai

2010-02-19 09:27:38 ----D---- C:\Arquivos de programas\Messenger Plus! Live

2010-02-19 09:08:32 ----D---- C:\Arquivos de programas\Adobe

2010-02-19 09:08:29 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Adobe

2010-02-19 09:08:29 ----D---- C:\Arquivos de programas\Arquivos comuns\Adobe

2010-02-19 08:27:24 ----D---- C:\CA2000

2010-02-19 08:21:08 ----D---- C:\Arquivos de programas\WinRAR

2010-02-19 08:09:26 ----D---- C:\Arquivos de programas\UltraVNC

2010-02-19 08:09:25 ----D---- C:\Arquivos de programas\PC Connectivity Solution

2010-02-19 08:09:18 ----D---- C:\Arquivos de programas\Hamachi

2010-02-19 08:07:21 ----D---- C:\Arquivos de programas\Messenger

2010-02-17 17:21:53 ----D---- C:\Documents and Settings\ccip\Dados de aplicativos\Skype

2010-02-17 16:02:18 ----D---- C:\Documents and Settings\ccip\Dados de aplicativos\skypePM

2010-02-12 07:59:59 ----A---- C:\WINDOWS\system32\dxva_sig.txt

2010-02-10 12:54:02 ----D---- C:\WINDOWS\SoftwareDistribution

2010-02-10 12:54:01 ----SD---- C:\WINDOWS\Downloaded Program Files

2010-02-10 12:03:56 ----D---- C:\WINDOWS\Help

2010-02-01 11:26:22 ----A---- C:\WINDOWS\system32\MRT.exe

2010-01-25 10:45:14 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2010-01-25 10:45:11 ----D---- C:\Arquivos de programas\GbPlugin

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-02-23 333192]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-02-23 28424]

R1 AvgTdiX;AVG Free Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-02-23 360584]

R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]

R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Arquivos de programas\LogMeIn\x86\RaInfo.sys []

R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []

R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2006-11-21 45568]

R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []

R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2007-12-10 25280]

R3 hidusb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-28 9600]

R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-07-24 10144]

R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-28 12288]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-08-23 3959712]

R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-28 5888]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]

R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]

R4 sr;Driver de filtro de restauração do sistema; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-03 73472]

S1 syscip;Driver; \??\c:\windows\system32\syscip.sys []

S2 BemaIO;BemaIO; C:\WINDOWS\system32\drivers\BemaIO.sys []

S3 catchme;catchme; \??\C:\DOCUME~1\ccip\CONFIG~1\Temp\catchme.sys []

S3 MemStPCI;Sony Memory Stick controller (PCI); C:\WINDOWS\system32\DRIVERS\MemStPCI.SYS [2004-08-03 26112]

S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]

S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\WINDOWS\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]

S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]

S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]

S3 usb2vcom;USB to Serial Bridge Controller; C:\WINDOWS\System32\Drivers\usb2vcom.sys [2006-07-16 30368]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 avg9wd;AVG Free WatchDog; C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe [2010-02-23 285392]

R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe [2010-02-24 65536]

R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2009-04-07 233472]

R2 GbpSv;Gbp Service; C:\ARQUIV~1\GbPlugin\GbpSv.exe [2009-12-08 53800]

R2 JavaQuickStarterService;Java Quick Starter; C:\Arquivos de programas\Java\jre6\bin\jqs.exe [2009-03-25 152984]

R2 LMIMaint;LogMeIn Maintenance Service; C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe [2009-10-05 116032]

R2 LogMeIn;LogMeIn; C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe [2008-07-24 63040]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-23 155715]

R2 SeaPort;SeaPort; C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]

R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]

R2 winvnc;VNC Server; C:\Arquivos de programas\UltraVNC\WinVNC.exe [2005-08-06 974848]

R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe [2010-02-24 1527808]

S2 gupdate;Google Update Service (gupdate); C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [2010-02-24 130048]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Arquivos de programas\Microsoft Office\Office12\GrooveAuditService.exe [2010-02-24 65888]

S3 odserv;Microsoft Office Diagnostics Service; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE [2010-02-24 434688]

S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2010-02-24 138240]

S3 ServiceLayer;ServiceLayer; C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe [2010-02-24 430592]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

 

-----------------EOF-----------------

[wings 22]

OK...como está a máquina?

[Jubs 0]

Ah, tá de boa... não travou mais, nem tá lenta... o anti vírus continua desabilitado...

[Jubs 0]

Preciso ir pra facul... amanhã cedo entro aqui para ver se tenho que fazer mais alguma coisa!!!

 

Obrigada, beijos, boa noite!!!