[Arquivado] Pc não; Copia e cola, Inicia em Modo de Segurança

[Kaaah-rai 0]

- Pessoas, por favor, me ajudem.

Já estive olhando por muitos e muitos foruns, tópicos tutoriais e etc... já fiz de tudo ( até agora )

Mas meu erro ainda continua, então seguimos com umas dúvidas primeiramente.

 

O fato de meu pc dar erro ao copiar e colar, arrastar para outro local, recortar, tem haver com o svchost.exe?

Se tem ou não, qual a função desse aplicativo, é normal estar aparecendo 6 no Gerenciador de taferas?

Li também que "lsass.exe" é um virus, pois o normal é "L"sass... isso é verdade? Fiquei sabendo também que esse "coizinho"

tem haver com a conexão da internet, parecendo ou não coisa da minha cabeça, mas minha net ultimamente tem caido bastante e quando desligo

o computador a luz do moden DSL desliga também... enfim...

Li também, sobre atualizações do windons que pode fluenciar essas coisas;

Formatei meu computador e começou essas coisas, antes disso então, tinha colocado um pendrive no pc, e nele continha NADFOLDER

Apos isso, começou essas loucuras, meu avira detectava todos aplicativos .exe como ameaça, desativei-o e então foi entao que nervosa

formatei a máquina; unidade do windows...imaginei que outras unidades estaria com virus, ou seja lá o que, porem, agora nenhum antivirus instala

Malwarebyte's, dá arquivo conrrompido na instalação, em uma parte de indioma, algo assim...

Bom, de acordo com essa base, queria que se alguem que entende, poderia me responder, ficaria muito grata, e mais ainda se poder me ajudar.

 

Segue então um log do Hijack

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 03:54:02, on 28/4/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Boot mode: Normal

 

Running processes:

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\system32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\system32\spoolsv.exe

E:\WINDOWS\Explorer.EXE

E:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

E:\WINDOWS\system32\ctfmon.exe

E:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

E:\Arquivos de programas\Messenger\msmsgs.exe

E:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe

E:\Arquivos de programas\Orbitdownloader\orbitdm.exe

E:\Arquivos de programas\Orbitdownloader\orbitnet.exe

E:\Arquivos de programas\Java\jre6\bin\jqs.exe

E:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

E:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

E:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe

E:\WINDOWS\system32\wscntfy.exe

E:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

E:\WINDOWS\System32\svchost.exe

E:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe

E:\Downloads\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2567694

R3 - URLSearchHook: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - E:\Arquivos de programas\Messenger_Plus_Live_Brazil\tbMess.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - E:\Arquivos de programas\Messenger_Plus_Live_Brazil\tbMess.dll

O3 - Toolbar: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - E:\Arquivos de programas\Messenger_Plus_Live_Brazil\tbMess.dll

O4 - HKLM\..\Run: [NeroFilterCheck] E:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "E:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "E:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [TrojanScanner] E:\Arquivos de programas\Trojan Remover\Trjscan.exe /boot

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "E:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MSMSGS] "E:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe"

O4 - Global Startup: Orbit.lnk = E:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - E:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - E:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

 

--

End of file - 4320 bytes

 

 

:joia:

[wings 22]

Boa tarde Kaaah-rai.....

 

 

*Baixe o RSIT e salve-o no desktop

*Duplo clique em RSIT

*Clique em [Continue]

*Ao término do processo, cole o relatório criado em C:\rsit\log.txt

[Kaaah-rai 0]

Boa noite Wings.

 

Está aí!

-

 

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by QQQ at 2010-04-29 00:03:24

Microsoft Windows XP Professional Service Pack 2

System drive E: has 39 GB (76%) free of 51 GB

Total RAM: 1023 MB (53% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:03:29, on 29/4/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Boot mode: Normal

 

Running processes:

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\system32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\system32\spoolsv.exe

E:\WINDOWS\Explorer.EXE

E:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

E:\WINDOWS\system32\ctfmon.exe

E:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

E:\Arquivos de programas\Messenger\msmsgs.exe

E:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe

E:\Arquivos de programas\Orbitdownloader\orbitdm.exe

E:\Arquivos de programas\Orbitdownloader\orbitnet.exe

E:\Arquivos de programas\Java\jre6\bin\jqs.exe

E:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

E:\WINDOWS\system32\wuauclt.exe

E:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

E:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe

E:\WINDOWS\system32\wscntfy.exe

E:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

E:\WINDOWS\System32\svchost.exe

E:\Arquivos de programas\Mozilla Firefox\firefox.exe

E:\WINDOWS\system32\wuauclt.exe

E:\WINDOWS\system32\wuauclt.exe

E:\WINDOWS\system32\msiexec.exe

E:\WINDOWS\SoftwareDistribution\Download\b0fc0e65da9af2062ab3e8b1deb62f73\update\update.exe

E:\Documents and Settings\QQQ\Desktop\RSIT.exe

E:\Downloads\QQQ.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2567694

R3 - URLSearchHook: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - E:\Arquivos de programas\Messenger_Plus_Live_Brazil\tbMess.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - E:\Arquivos de programas\Messenger_Plus_Live_Brazil\tbMess.dll

O3 - Toolbar: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - E:\Arquivos de programas\Messenger_Plus_Live_Brazil\tbMess.dll

O4 - HKLM\..\Run: [NeroFilterCheck] E:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "E:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "E:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [TrojanScanner] E:\Arquivos de programas\Trojan Remover\Trjscan.exe /boot

O4 - HKLM\..\RunOnce: [KB923561] rundll32.exe apphelp.dll,ShimFlushCache

O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "E:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MSMSGS] "E:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe"

O4 - Global Startup: Orbit.lnk = E:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1272438532281

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - E:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - E:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

 

--

End of file - 4633 bytes

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Facilitador de Leitor de Link Adobe PDF - E:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-04-02 61888]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}]

Messenger Plus Live Brazil Toolbar - E:\Arquivos de programas\Messenger_Plus_Live_Brazil\tbMess.dll [2010-03-09 2355224]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - Messenger Plus Live Brazil Toolbar - E:\Arquivos de programas\Messenger_Plus_Live_Brazil\tbMess.dll [2010-03-09 2355224]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"=E:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe [2007-03-01 153136]

"NBKeyScan"=E:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-08-08 1828136]

"Adobe Reader Speed Launcher"=E:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe [2010-04-02 40368]

"Adobe ARM"=E:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]

"KernelFaultCheck"=E:\WINDOWS\system32\dumprep 0 -k []

"TrojanScanner"=E:\Arquivos de programas\Trojan Remover\Trjscan.exe /boot []

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"KB923561"=apphelp.dll,ShimFlushCache []

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=E:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]

"msnmsgr"=E:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840]

"MSMSGS"=E:\Arquivos de programas\Messenger\msmsgs.exe [2004-08-04 1724928]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=E:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe [2007-08-03 202024]

 

E:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar

Orbit.lnk - E:\Arquivos de programas\Orbitdownloader\orbitdm.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableLUA"=0

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"NoDrives"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"E:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="E:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"E:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="E:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:ipsec"

"F:\Arquivos de programas\Atlantica\Atlantica.exe"="F:\Arquivos de programas\Atlantica\Atlantica.exe:*:Enabled:ipsec"

"E:\WINDOWS\system32\wscntfy.exe"="E:\WINDOWS\system32\wscntfy.exe:*:Enabled:ipsec"

"E:\Arquivos de programas\uTorrent\uTorrent.exe"="E:\Arquivos de programas\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

"E:\Arquivos de programas\Orbitdownloader\orbitdm.exe"="E:\Arquivos de programas\Orbitdownloader\orbitdm.exe:*:Enabled:ipsec"

"E:\Arquivos de programas\Orbitdownloader\orbitnet.exe"="E:\Arquivos de programas\Orbitdownloader\orbitnet.exe:*:Enabled:ipsec"

"E:\Arquivos de programas\Windows Media Player\wmpnetwk.exe"="E:\Arquivos de programas\Windows Media Player\wmpnetwk.exe:*:Enabled:ipsec"

"E:\Arquivos de programas\Windows Media Player\wmpenc.exe"="E:\Arquivos de programas\Windows Media Player\wmpenc.exe:*:Enabled:ipsec"

"E:\Arquivos de programas\WinRAR\WinRAR.exe"="E:\Arquivos de programas\WinRAR\WinRAR.exe:*:Enabled:ipsec"

"E:\Arquivos de programas\MagicDisc\MagicDisc.exe"="E:\Arquivos de programas\MagicDisc\MagicDisc.exe:*:Enabled:ipsec"

"E:\Arquivos de programas\Mozilla Firefox\firefox.exe"="E:\Arquivos de programas\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"

"E:\Arquivos de programas\Java\jre6\bin\javaw.exe"="E:\Arquivos de programas\Java\jre6\bin\javaw.exe:*:Enabled:Java Platform SE binary"

"E:\Downloads\HijackThis.exe"="E:\Downloads\HijackThis.exe:*:Enabled:ipsec"

"E:\ComboFix\CF11996.cfxxe"="E:\ComboFix\CF11996.cfxxe:*:Enabled:ipsec"

"E:\WINDOWS\Explorer.EXE"="E:\WINDOWS\Explorer.EXE:*:Enabled:ipsec"

"E:\WINDOWS\system32\ctfmon.exe"="E:\WINDOWS\system32\ctfmon.exe:*:Enabled:ipsec"

"E:\Arquivos de programas\Messenger\msmsgs.exe"="E:\Arquivos de programas\Messenger\msmsgs.exe:*:Enabled:ipsec"

"E:\Arquivos de programas\Windows Media Player\wmplayer.exe"="E:\Arquivos de programas\Windows Media Player\wmplayer.exe:*:Enabled:ipsec"

"E:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe"="E:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe:*:Enabled:ipsec"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"E:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="E:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"E:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="E:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{879a5aac-4bf4-11df-bc1f-0019211e4536}]

shell\AutoRun\command - I:\EXPLORER.EXE

shell\explore\command - I:\EXPLORER.EXE

shell\open\command - I:\EXPLORER.EXE

 

 

======List of files/folders created in the last 1 months======

 

2010-04-29 00:03:24 ----D---- E:\rsit

2010-04-29 00:03:12 ----HDC---- E:\WINDOWS\$NtUninstallKB951066$

2010-04-29 00:02:59 ----HDC---- E:\WINDOWS\$NtUninstallKB979309$

2010-04-29 00:02:52 ----D---- E:\WINDOWS\ServicePackFiles

2010-04-29 00:02:50 ----HDC---- E:\WINDOWS\$NtUninstallKB958470$

2010-04-29 00:02:44 ----HDC---- E:\WINDOWS\$NtUninstallKB960803$

2010-04-29 00:02:38 ----HDC---- E:\WINDOWS\$NtUninstallKB973815$

2010-04-29 00:02:29 ----HDC---- E:\WINDOWS\$NtUninstallKB971032$

2010-04-29 00:02:22 ----HDC---- E:\WINDOWS\$NtUninstallKB955069$

2010-04-29 00:02:18 ----D---- E:\Arquivos de programas\MSXML 4.0

2010-04-29 00:02:09 ----HDC---- E:\WINDOWS\$NtUninstallKB979306$

2010-04-29 00:02:05 ----HDC---- E:\WINDOWS\$NtUninstallKB954154_WM11$

2010-04-29 00:02:00 ----HDC---- E:\WINDOWS\$NtUninstallKB923561$

2010-04-29 00:01:51 ----HDC---- E:\WINDOWS\$NtUninstallKB971961$

2010-04-29 00:01:49 ----D---- E:\WINDOWS\LastGood

2010-04-28 12:14:06 ----D---- E:\WINDOWS\system32\CatRoot_bak

2010-04-28 11:18:07 ----A---- E:\WINDOWS\system32\SET90.tmp

2010-04-28 11:06:18 ----A---- E:\WINDOWS\system32\SET25.tmp

2010-04-28 11:01:40 ----A---- E:\WINDOWS\system32\SET5.tmp

2010-04-28 04:11:40 ----A---- E:\WINDOWS\system32\wups2.dll

2010-04-28 04:11:40 ----A---- E:\WINDOWS\system32\wucltui.dll.mui

2010-04-28 04:11:39 ----A---- E:\WINDOWS\system32\wuaueng.dll.mui

2010-04-28 04:11:39 ----A---- E:\WINDOWS\system32\wuapi.dll.mui

2010-04-28 04:11:38 ----D---- E:\WINDOWS\system32\SoftwareDistribution

2010-04-28 03:40:06 ----D---- E:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2010-04-28 03:37:22 ----A---- E:\WINDOWS\system32\ztvunrar36.dll

2010-04-28 03:37:22 ----A---- E:\WINDOWS\system32\ztvunace26.dll

2010-04-28 03:37:22 ----A---- E:\WINDOWS\system32\ztvcabinet.dll

2010-04-28 03:37:22 ----A---- E:\WINDOWS\system32\UNRAR3.dll

2010-04-28 03:37:22 ----A---- E:\WINDOWS\system32\unacev2.dll

2010-04-28 03:37:20 ----D---- E:\Documents and Settings\QQQ\Dados de aplicativos\Simply Super Software

2010-04-28 03:37:20 ----D---- E:\Documents and Settings\All Users\Dados de aplicativos\Simply Super Software

2010-04-28 03:37:20 ----D---- E:\Arquivos de programas\Trojan Remover

2010-04-28 03:20:21 ----D---- E:\Malwarebytes' Anti-Malware

2010-04-28 02:50:16 ----HDC---- E:\WINDOWS\$NtUninstallKB958644$

2010-04-28 02:09:27 ----D---- E:\WINDOWS\Minidump

2010-04-28 01:58:11 ----D---- E:\!KillBox

2010-04-28 01:29:21 ----SD---- E:\ComboFix

2010-04-27 17:33:27 ----D---- E:\Arquivos de programas\Adobe

2010-04-26 17:41:50 ----D---- E:\Arquivos de programas\Conduit

2010-04-26 17:41:49 ----D---- E:\Arquivos de programas\Messenger_Plus_Live_Brazil

2010-04-22 02:30:51 ----A---- E:\WINDOWS\RtlRack.ini

2010-04-22 00:48:40 ----A---- E:\WINDOWS\NeroDigital.ini

2010-04-22 00:45:22 ----D---- E:\Documents and Settings\QQQ\Dados de aplicativos\Nero

2010-04-22 00:42:22 ----D---- E:\Documents and Settings\All Users\Dados de aplicativos\Nero

2010-04-22 00:42:22 ----D---- E:\Arquivos de programas\Nero

2010-04-22 00:42:21 ----D---- E:\Arquivos de programas\Arquivos comuns\Nero

2010-04-22 00:40:38 ----A---- E:\WINDOWS\system32\d3dx9_30.dll

2010-04-22 00:40:30 ----A---- E:\WINDOWS\system32\d3dx9_28.dll

2010-04-20 12:38:43 ----D---- E:\Documents and Settings\QQQ\Dados de aplicativos\Malwarebytes

2010-04-20 12:38:36 ----D---- E:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes

2010-04-20 04:49:13 ----A---- E:\WINDOWS\system32\shimgvw.dll

2010-04-20 03:36:43 ----A---- E:\WINDOWS\ntbtlog.txt

2010-04-20 02:56:26 ----D---- E:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files

2010-04-20 02:54:47 ----SHD---- E:\RECYCLER

2010-04-20 02:49:27 ----A---- E:\ComboFix.txt

2010-04-20 02:42:36 ----A---- E:\WINDOWS\zip.exe

2010-04-20 02:42:36 ----A---- E:\WINDOWS\SWXCACLS.exe

2010-04-20 02:42:36 ----A---- E:\WINDOWS\SWSC.exe

2010-04-20 02:42:36 ----A---- E:\WINDOWS\SWREG.exe

2010-04-20 02:42:36 ----A---- E:\WINDOWS\sed.exe

2010-04-20 02:42:36 ----A---- E:\WINDOWS\PEV.exe

2010-04-20 02:42:36 ----A---- E:\WINDOWS\NIRCMD.exe

2010-04-20 02:42:36 ----A---- E:\WINDOWS\MBR.exe

2010-04-20 02:42:36 ----A---- E:\WINDOWS\grep.exe

2010-04-20 02:42:31 ----D---- E:\WINDOWS\ERDNT

2010-04-20 02:42:25 ----D---- E:\Qoobox

2010-04-20 02:19:51 ----D---- E:\Documents and Settings\All Users\Dados de aplicativos\ESET

2010-04-20 02:11:38 ----N---- E:\WINDOWS\system32\spmsg.dll

2010-04-20 02:11:29 ----A---- E:\WINDOWS\system32\wmpns.dll

2010-04-20 02:06:07 ----D---- E:\Arquivos de programas\JDownloader

2010-04-20 02:05:57 ----A---- E:\WINDOWS\system32\javaws.exe

2010-04-20 02:05:57 ----A---- E:\WINDOWS\system32\javaw.exe

2010-04-20 02:05:57 ----A---- E:\WINDOWS\system32\java.exe

2010-04-20 02:05:57 ----A---- E:\WINDOWS\system32\deploytk.dll

2010-04-20 02:05:42 ----D---- E:\Arquivos de programas\Java

2010-04-20 01:59:29 ----A---- E:\WINDOWS\system32\ChCfg.exe

2010-04-20 01:59:00 ----A---- E:\WINDOWS\system32\ksuser.dll

2010-04-20 01:58:55 ----D---- E:\Arquivos de programas\Realtek Sound Manager

2010-04-20 01:58:55 ----D---- E:\Arquivos de programas\AvRack

2010-04-20 01:58:55 ----A---- E:\WINDOWS\avrack.ini

2010-04-20 01:58:43 ----D---- E:\Arquivos de programas\Realtek AC97

2010-04-20 01:58:43 ----A---- E:\WINDOWS\system32\RTLCPL.exe

2010-04-20 01:58:40 ----A---- E:\WINDOWS\system32\RtlCPAPI.dll

2010-04-20 01:58:40 ----A---- E:\WINDOWS\soundman.exe

2010-04-20 01:58:39 ----HD---- E:\Arquivos de programas\InstallShield Installation Information

2010-04-20 01:58:39 ----A---- E:\WINDOWS\alcupd.exe

2010-04-20 01:58:39 ----A---- E:\WINDOWS\Alcrmv.exe

2010-04-20 01:58:29 ----D---- E:\Arquivos de programas\Arquivos comuns\InstallShield

2010-04-20 01:44:19 ----D---- E:\WINDOWS\ShellNew

2010-04-19 17:13:09 ----D---- E:\Arquivos de programas\MagicDisc

2010-04-19 17:12:48 ----D---- E:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

2010-04-19 17:06:41 ----D---- E:\Documents and Settings\QQQ\Dados de aplicativos\WinRAR

2010-04-19 17:03:20 ----D---- E:\WINDOWS\system32\Lang

2010-04-19 17:02:20 ----D---- E:\Arquivos de programas\Mozilla Firefox

2010-04-19 17:02:19 ----D---- E:\Documents and Settings\QQQ\Dados de aplicativos\Mozilla

2010-04-19 17:02:12 ----D---- E:\Downloads

2010-04-19 17:02:09 ----D---- E:\Documents and Settings\QQQ\Dados de aplicativos\GrabPro

2010-04-19 17:02:05 ----D---- E:\Arquivos de programas\Orbitdownloader

2010-04-19 17:02:00 ----D---- E:\Documents and Settings\QQQ\Dados de aplicativos\Orbit

2010-04-19 17:01:42 ----D---- E:\Documents and Settings\All Users\Dados de aplicativos\Adobe

2010-04-19 17:01:38 ----D---- E:\Arquivos de programas\uTorrent

2010-04-19 17:01:30 ----D---- E:\Arquivos de programas\Arquivos comuns\Adobe

2010-04-19 17:01:03 ----D---- E:\Documents and Settings\QQQ\Dados de aplicativos\uTorrent

2010-04-19 16:56:21 ----D---- E:\Arquivos de programas\Arquivos comuns\Cisco Systems

2010-04-19 16:53:53 ----D---- E:\WINDOWS\35C03C043F1F42C2A989A757EE691F65.TMP

2010-04-19 16:51:21 ----D---- E:\Documents and Settings\QQQ\Dados de aplicativos\Real

2010-04-19 16:51:21 ----D---- E:\Documents and Settings\All Users\Dados de aplicativos\Real

2010-04-19 16:51:21 ----D---- E:\Arquivos de programas\Real Alternative

2010-04-19 16:51:21 ----A---- E:\WINDOWS\system32\rmoc3260.dll

2010-04-19 16:51:21 ----A---- E:\WINDOWS\system32\pndx5032.dll

2010-04-19 16:51:21 ----A---- E:\WINDOWS\system32\pndx5016.dll

2010-04-19 16:51:21 ----A---- E:\WINDOWS\system32\pncrt.dll

2010-04-19 16:51:21 ----A---- E:\WINDOWS\system32\msvcp71.dll

2010-04-19 16:48:15 ----D---- E:\Arquivos de programas\NSIS

2010-04-19 16:47:29 ----D---- E:\Documents and Settings\QQQ\Dados de aplicativos\Media Player Classic

2010-04-19 16:47:27 ----D---- E:\Documents and Settings\QQQ\Dados de aplicativos\Sun

2010-04-19 16:40:26 ----D---- E:\Arquivos de programas\Arquivos comuns\DirectX

2010-04-19 16:35:19 ----D---- E:\Arquivos de programas\PhotoScape

2010-04-19 16:34:16 ----HDC---- E:\WINDOWS\$NtUninstallKB926239$

2010-04-19 16:34:07 ----HDC---- E:\WINDOWS\$NtUninstallMSCompPackV1$

2010-04-19 16:33:58 ----D---- E:\Arquivos de programas\Windows Media Connect 2

2010-04-19 16:33:48 ----HDC---- E:\WINDOWS\$NtUninstallwmp11$

2010-04-19 16:33:23 ----HDC---- E:\WINDOWS\$NtUninstallWMFDist11$

2010-04-19 16:33:23 ----D---- E:\Arquivos de programas\Messenger Plus! Live

2010-04-19 16:33:10 ----D---- E:\1bd37db14c99c7519990265b

2010-04-19 16:32:59 ----D---- E:\WINDOWS\system32\LogFiles

2010-04-19 16:32:53 ----A---- E:\WINDOWS\system32\spupdsvc.exe

2010-04-19 16:32:52 ----HDC---- E:\WINDOWS\$NtUninstallWudf01000$

2010-04-19 16:32:18 ----D---- E:\Arquivos de programas\Microsoft

2010-04-19 16:32:02 ----D---- E:\Arquivos de programas\Windows Live SkyDrive

2010-04-19 16:31:40 ----D---- E:\Arquivos de programas\Windows Live

2010-04-19 16:31:21 ----D---- E:\Documents and Settings\All Users\Dados de aplicativos\Windows Genuine Advantage

2010-04-19 16:29:17 ----D---- E:\Arquivos de programas\Satsuki Decoder Pack

2010-04-19 16:27:54 ----D---- E:\Documents and Settings\QQQ\Dados de aplicativos\Macromedia

2010-04-19 16:27:54 ----D---- E:\Documents and Settings\QQQ\Dados de aplicativos\Adobe

2010-04-19 16:25:49 ----D---- E:\Arquivos de programas\Arquivos comuns\Windows Live

2010-04-19 16:23:04 ----D---- E:\Arquivos de programas\WinRAR

2010-04-19 16:20:25 ----D---- E:\Documents and Settings\QQQ\Dados de aplicativos\Identities

2010-04-19 16:20:06 ----ASH---- E:\Documents and Settings\QQQ\Dados de aplicativos\desktop.ini

2010-04-19 16:20:05 ----SD---- E:\Documents and Settings\QQQ\Dados de aplicativos\Microsoft

2010-04-19 16:16:58 ----D---- E:\WINDOWS\SoftwareDistribution

2010-04-19 16:16:45 ----SD---- E:\WINDOWS\system32\Microsoft

2010-04-19 16:16:45 ----D---- E:\WINDOWS\Prefetch

2010-04-19 16:16:45 ----A---- E:\WINDOWS\SchedLgU.Txt

2010-04-19 16:13:41 ----D---- E:\WINDOWS\system32\xircom

2010-04-19 16:13:41 ----D---- E:\Arquivos de programas\xerox

2010-04-19 16:13:41 ----D---- E:\Arquivos de programas\microsoft frontpage

2010-04-19 16:13:30 ----D---- E:\WINDOWS\system32\bits

2010-04-19 16:13:28 ----N---- E:\WINDOWS\system32\bitsprx4.dll

2010-04-19 16:13:23 ----N---- E:\WINDOWS\system32\imapi2fs.dll

2010-04-19 16:13:23 ----N---- E:\WINDOWS\system32\imapi2.dll

2010-04-19 16:13:18 ----N---- E:\WINDOWS\system32\tzchange.exe

2010-04-19 16:13:13 ----HD---- E:\WINDOWS\$hf_mig$

2010-04-19 16:13:12 ----N---- E:\WINDOWS\system32\rspndr.exe

2010-04-19 16:12:51 ----A---- E:\WINDOWS\control.ini

2010-04-19 16:12:41 ----A---- E:\WINDOWS\OEWABLog.txt

2010-04-19 16:12:37 ----A---- E:\WINDOWS\system32\mapi32.dll

2010-04-19 16:11:29 ----RAH---- E:\WINDOWS\system32\logonui.exe.manifest

2010-04-19 16:11:25 ----RAH---- E:\WINDOWS\system32\cdplayer.exe.manifest

2010-04-19 16:11:19 ----HD---- E:\Arquivos de programas\WindowsUpdate

2010-04-19 16:11:15 ----D---- E:\Arquivos de programas\Serviços on-line

2010-04-19 16:11:01 ----D---- E:\WINDOWS\system32\DirectX

2010-04-19 16:10:44 ----A---- E:\WINDOWS\system32\atrace.dll

2010-04-19 16:10:42 ----A---- E:\WINDOWS\system32\desktop.ini

2010-04-19 16:10:42 ----A---- E:\WINDOWS\desktop.ini

2010-04-19 16:10:36 ----A---- E:\WINDOWS\system32\nmevtmsg.dll

2010-04-19 16:10:35 ----D---- E:\Arquivos de programas\Arquivos comuns\Serviços

2010-04-19 16:10:35 ----A---- E:\WINDOWS\system32\acctres.dll

2010-04-19 16:10:33 ----SD---- E:\WINDOWS\Tasks

2010-04-19 16:10:33 ----A---- E:\WINDOWS\system32\icfgnt5.dll

2010-04-19 16:10:32 ----D---- E:\Arquivos de programas\Arquivos comuns\MSSoap

2010-04-19 16:10:28 ----D---- E:\WINDOWS\system32\Macromed

2010-04-19 16:10:28 ----D---- E:\WINDOWS\srchasst

2010-04-19 16:10:26 ----A---- E:\WINDOWS\system32\wuweb.dll

2010-04-19 16:10:26 ----A---- E:\WINDOWS\system32\wucltui.dll

2010-04-19 16:10:25 ----A---- E:\WINDOWS\system32\wups.dll

2010-04-19 16:10:25 ----A---- E:\WINDOWS\system32\wuauserv.dll

2010-04-19 16:10:25 ----A---- E:\WINDOWS\system32\wuaueng1.dll

2010-04-19 16:10:25 ----A---- E:\WINDOWS\system32\wuaueng.dll

2010-04-19 16:10:25 ----A---- E:\WINDOWS\system32\wuauclt1.exe

2010-04-19 16:10:25 ----A---- E:\WINDOWS\system32\wuauclt.exe

2010-04-19 16:10:25 ----A---- E:\WINDOWS\system32\wuapi.dll

2010-04-19 16:10:25 ----A---- E:\WINDOWS\system32\qmgrprxy.dll

2010-04-19 16:10:25 ----A---- E:\WINDOWS\system32\bitsprx3.dll

2010-04-19 16:10:25 ----A---- E:\WINDOWS\system32\bitsprx2.dll

2010-04-19 16:10:24 ----A---- E:\WINDOWS\system32\qmgr.dll

2010-04-19 16:10:21 ----D---- E:\Arquivos de programas\Movie Maker

2010-04-19 16:10:18 ----A---- E:\WINDOWS\system32\safrslv.dll

2010-04-19 16:10:18 ----A---- E:\WINDOWS\system32\safrdm.dll

2010-04-19 16:10:18 ----A---- E:\WINDOWS\system32\safrcdlg.dll

2010-04-19 16:10:18 ----A---- E:\WINDOWS\system32\racpldlg.dll

2010-04-19 16:10:15 ----A---- E:\WINDOWS\system32\fltMc.exe

2010-04-19 16:10:15 ----A---- E:\WINDOWS\system32\fltlib.dll

2010-04-19 16:10:14 ----D---- E:\WINDOWS\system32\Restore

2010-04-19 16:10:14 ----A---- E:\WINDOWS\system32\srsvc.dll

2010-04-19 16:10:14 ----A---- E:\WINDOWS\system32\srrstr.dll

2010-04-19 16:10:14 ----A---- E:\WINDOWS\system32\srclient.dll

2010-04-19 16:10:13 ----A---- E:\WINDOWS\system32\nmmkcert.dll

2010-04-19 16:10:13 ----A---- E:\WINDOWS\system32\msconf.dll

2010-04-19 16:10:13 ----A---- E:\WINDOWS\system32\mnmsrvc.exe

2010-04-19 16:10:13 ----A---- E:\WINDOWS\system32\mnmdd.dll

2010-04-19 16:10:13 ----A---- E:\WINDOWS\system32\isrdbg32.dll

2010-04-19 16:10:13 ----A---- E:\WINDOWS\system32\ils.dll

2010-04-19 16:10:11 ----D---- E:\Arquivos de programas\NetMeeting

2010-04-19 16:10:10 ----A---- E:\WINDOWS\system32\msoert2.dll

2010-04-19 16:10:10 ----A---- E:\WINDOWS\system32\msoeacct.dll

2010-04-19 16:10:09 ----N---- E:\WINDOWS\system32\inetcomm.dll

2010-04-19 16:10:09 ----A---- E:\WINDOWS\system32\inetres.dll

2010-04-19 16:10:08 ----D---- E:\Arquivos de programas\Outlook Express

2010-04-19 16:10:08 ----A---- E:\WINDOWS\system32\schedsvc.dll

2010-04-19 16:10:08 ----A---- E:\WINDOWS\system32\mstinit.exe

2010-04-19 16:10:08 ----A---- E:\WINDOWS\system32\mstask.dll

2010-04-19 16:10:07 ----A---- E:\WINDOWS\system32\isign32.dll

2010-04-19 16:10:07 ----A---- E:\WINDOWS\system32\inetcfg.dll

2010-04-19 16:10:07 ----A---- E:\WINDOWS\system32\icwphbk.dll

2010-04-19 16:10:07 ----A---- E:\WINDOWS\system32\icwdial.dll

2010-04-19 16:10:03 ----D---- E:\Arquivos de programas\Arquivos comuns\System

2010-04-19 16:10:02 ----D---- E:\Arquivos de programas\Internet Explorer

2010-04-19 16:09:35 ----HD---- E:\Arquivos de programas\Uninstall Information

2010-04-19 16:09:25 ----D---- E:\Arquivos de programas\ComPlus Applications

2010-04-19 16:09:23 ----A---- E:\WINDOWS\vbaddin.ini

2010-04-19 16:09:23 ----A---- E:\WINDOWS\vb.ini

2010-04-19 16:09:18 ----D---- E:\WINDOWS\Registration

2010-04-19 16:09:11 ----D---- E:\Arquivos de programas\Windows Media Player

2010-04-19 16:09:05 ----D---- E:\Arquivos de programas\Messenger

2010-04-19 16:09:02 ----D---- E:\Arquivos de programas\MSN Gaming Zone

2010-04-19 16:09:02 ----A---- E:\WINDOWS\system32\write.exe

2010-04-19 16:08:55 ----A---- E:\WINDOWS\system32\sndvol32.exe

2010-04-19 16:08:55 ----A---- E:\WINDOWS\system32\hticons.dll

2010-04-19 16:08:55 ----A---- E:\WINDOWS\system32\avwav.dll

2010-04-19 16:08:55 ----A---- E:\WINDOWS\system32\avtapi.dll

2010-04-19 16:08:55 ----A---- E:\WINDOWS\system32\avmeter.dll

2010-04-19 16:08:54 ----A---- E:\WINDOWS\system32\winchat.exe

2010-04-19 16:08:49 ----A---- E:\WINDOWS\system32\winmine.exe

2010-04-19 16:08:49 ----A---- E:\WINDOWS\system32\sol.exe

2010-04-19 16:08:49 ----A---- E:\WINDOWS\system32\getuname.dll

2010-04-19 16:08:49 ----A---- E:\WINDOWS\system32\charmap.exe

2010-04-19 16:08:49 ----A---- E:\WINDOWS\system32\calc.exe

2010-04-19 16:08:48 ----A---- E:\WINDOWS\system32\usrlogon.cmd

2010-04-19 16:08:48 ----A---- E:\WINDOWS\system32\tsshutdn.exe

2010-04-19 16:08:48 ----A---- E:\WINDOWS\system32\tslabels.ini

2010-04-19 16:08:48 ----A---- E:\WINDOWS\system32\tskill.exe

2010-04-19 16:08:48 ----A---- E:\WINDOWS\system32\tsdiscon.exe

2010-04-19 16:08:48 ----A---- E:\WINDOWS\system32\tscon.exe

2010-04-19 16:08:48 ----A---- E:\WINDOWS\system32\shadow.exe

2010-04-19 16:08:48 ----A---- E:\WINDOWS\system32\rwinsta.exe

2010-04-19 16:08:48 ----A---- E:\WINDOWS\system32\reset.exe

2010-04-19 16:08:48 ----A---- E:\WINDOWS\system32\regini.exe

2010-04-19 16:08:48 ----A---- E:\WINDOWS\system32\rdpcfgex.dll

2010-04-19 16:08:48 ----A---- E:\WINDOWS\system32\qwinsta.exe

2010-04-19 16:08:48 ----A---- E:\WINDOWS\system32\mshearts.exe

2010-04-19 16:08:48 ----A---- E:\WINDOWS\system32\freecell.exe

2010-04-19 16:08:47 ----A---- E:\WINDOWS\system32\qappsrv.exe

2010-04-19 16:08:47 ----A---- E:\WINDOWS\system32\msg.exe

2010-04-19 16:08:47 ----A---- E:\WINDOWS\system32\msdtcprf.ini

2010-04-19 16:08:47 ----A---- E:\WINDOWS\system32\logoff.exe

2010-04-19 16:08:47 ----A---- E:\WINDOWS\system32\cdmodem.dll

2010-04-19 16:08:46 ----A---- E:\WINDOWS\system32\stclient.dll

2010-04-19 16:08:46 ----A---- E:\WINDOWS\system32\mtxlegih.dll

2010-04-19 16:08:46 ----A---- E:\WINDOWS\system32\mtxex.dll

2010-04-19 16:08:46 ----A---- E:\WINDOWS\system32\mtxdm.dll

2010-04-19 16:08:46 ----A---- E:\WINDOWS\system32\dcomcnfg.exe

2010-04-19 16:08:46 ----A---- E:\WINDOWS\system32\comsnap.dll

2010-04-19 16:08:46 ----A---- E:\WINDOWS\system32\comrepl.dll

2010-04-19 16:08:46 ----A---- E:\WINDOWS\system32\comaddin.dll

2010-04-19 16:08:42 ----A---- E:\WINDOWS\system32\wmimgmt.msc

2010-04-19 16:08:41 ----A---- E:\WINDOWS\system32\sndrec32.exe

2010-04-19 16:08:41 ----A---- E:\WINDOWS\system32\mplay32.exe

2010-04-19 16:08:41 ----A---- E:\WINDOWS\system32\hypertrm.dll

2010-04-19 16:08:41 ----A---- E:\WINDOWS\system32\accwiz.exe

2010-04-19 16:08:40 ----D---- E:\Arquivos de programas\Windows NT

2010-04-19 16:08:40 ----A---- E:\WINDOWS\system32\spider.exe

2010-04-19 16:08:40 ----A---- E:\WINDOWS\system32\mspaint.exe

2010-04-19 16:08:40 ----A---- E:\WINDOWS\system32\clipbrd.exe

2010-04-19 16:08:39 ----A---- E:\WINDOWS\system32\tscfgwmi.dll

2010-04-19 16:08:39 ----A---- E:\WINDOWS\system32\sessmgr.exe

2010-04-19 16:08:39 ----A---- E:\WINDOWS\system32\remotepg.dll

2010-04-19 16:08:39 ----A---- E:\WINDOWS\system32\rdshost.exe

2010-04-19 16:08:39 ----A---- E:\WINDOWS\system32\rdsaddin.exe

2010-04-19 16:08:39 ----A---- E:\WINDOWS\system32\rdchost.dll

2010-04-19 16:08:39 ----A---- E:\WINDOWS\system32\mstscax.dll

2010-04-19 16:08:39 ----A---- E:\WINDOWS\system32\mstsc.exe

2010-04-19 16:08:38 ----D---- E:\WINDOWS\system32\MsDtc

2010-04-19 16:08:38 ----A---- E:\WINDOWS\system32\tscupgrd.exe

2010-04-19 16:08:38 ----A---- E:\WINDOWS\system32\termsrv.dll

2010-04-19 16:08:38 ----A---- E:\WINDOWS\system32\rdpwsx.dll

2010-04-19 16:08:38 ----A---- E:\WINDOWS\system32\rdpsnd.dll

2010-04-19 16:08:38 ----A---- E:\WINDOWS\system32\rdpclip.exe

2010-04-19 16:08:38 ----A---- E:\WINDOWS\system32\qprocess.exe

2010-04-19 16:08:38 ----A---- E:\WINDOWS\system32\mtxoci.dll

2010-04-19 16:08:38 ----A---- E:\WINDOWS\system32\msdtcuiu.dll

2010-04-19 16:08:38 ----A---- E:\WINDOWS\system32\icaapi.dll

2010-04-19 16:08:38 ----A---- E:\WINDOWS\system32\cfgbkend.dll

2010-04-19 16:08:37 ----A---- E:\WINDOWS\system32\xolehlp.dll

2010-04-19 16:08:37 ----A---- E:\WINDOWS\system32\msdtctm.dll

2010-04-19 16:08:37 ----A---- E:\WINDOWS\system32\msdtcprx.dll

2010-04-19 16:08:37 ----A---- E:\WINDOWS\system32\msdtclog.dll

2010-04-19 16:08:37 ----A---- E:\WINDOWS\system32\msdtc.exe

2010-04-19 16:08:36 ----D---- E:\WINDOWS\system32\Com

2010-04-19 16:08:36 ----A---- E:\WINDOWS\system32\comsvcs.dll

2010-04-19 16:08:36 ----A---- E:\WINDOWS\system32\colbact.dll

2010-04-19 16:08:36 ----A---- E:\WINDOWS\system32\clbcatex.dll

2010-04-19 16:08:36 ----A---- E:\WINDOWS\system32\catsrvut.dll

2010-04-19 16:08:36 ----A---- E:\WINDOWS\system32\catsrvps.dll

2010-04-19 16:08:36 ----A---- E:\WINDOWS\system32\catsrv.dll

2010-04-19 16:08:35 ----A---- E:\WINDOWS\system32\comuid.dll

2010-04-19 16:08:35 ----A---- E:\WINDOWS\system32\clbcatq.dll

2010-04-19 16:08:30 ----A---- E:\WINDOWS\system32\servdeps.dll

2010-04-19 16:08:30 ----A---- E:\WINDOWS\system32\mmfutil.dll

2010-04-19 16:08:30 ----A---- E:\WINDOWS\system32\licwmi.dll

2010-04-19 16:08:30 ----A---- E:\WINDOWS\system32\cmprops.dll

2010-04-19 13:05:29 ----A---- E:\WINDOWS\system32\h323log.txt

2010-04-19 13:02:30 ----A---- E:\WINDOWS\system32\nv4_disp.dll

2010-04-19 13:02:10 ----A---- E:\WINDOWS\system32\usbui.dll

2010-04-19 12:24:23 ----A---- E:\WINDOWS\imsins.BAK

2010-04-19 12:24:20 ----SHD---- E:\WINDOWS\Installer

2010-04-19 12:24:20 ----D---- E:\Arquivos de programas\Arquivos comuns\ODBC

2010-04-19 12:24:20 ----A---- E:\WINDOWS\system32\PerfStringBackup.INI

2010-04-19 12:24:20 ----A---- E:\WINDOWS\ODBCINST.INI

2010-04-19 12:24:16 ----RD---- E:\Arquivos de programas

2010-04-19 12:24:16 ----D---- E:\Arquivos de programas\Arquivos comuns\SpeechEngines

2010-04-19 12:24:16 ----D---- E:\Arquivos de programas\Arquivos comuns\Microsoft Shared

2010-04-19 12:24:16 ----D---- E:\Arquivos de programas\Arquivos comuns

2010-04-19 12:24:14 ----RA---- E:\WINDOWS\system32\kbdazel.dll

2010-04-19 12:24:13 ----RA---- E:\WINDOWS\system32\kbdtuq.dll

2010-04-19 12:24:13 ----RA---- E:\WINDOWS\system32\kbdtuf.dll

2010-04-19 12:24:12 ----RA---- E:\WINDOWS\system32\kbdycc.dll

2010-04-19 12:24:12 ----RA---- E:\WINDOWS\system32\kbduzb.dll

2010-04-19 12:24:12 ----RA---- E:\WINDOWS\system32\kbdur.dll

2010-04-19 12:24:12 ----RA---- E:\WINDOWS\system32\kbdtat.dll

2010-04-19 12:24:12 ----RA---- E:\WINDOWS\system32\kbdru1.dll

2010-04-19 12:24:12 ----RA---- E:\WINDOWS\system32\kbdru.dll

2010-04-19 12:24:12 ----RA---- E:\WINDOWS\system32\kbdmon.dll

2010-04-19 12:24:12 ----RA---- E:\WINDOWS\system32\kbdkyr.dll

2010-04-19 12:24:12 ----RA---- E:\WINDOWS\system32\kbdkaz.dll

2010-04-19 12:24:12 ----RA---- E:\WINDOWS\system32\kbdbu.dll

2010-04-19 12:24:12 ----RA---- E:\WINDOWS\system32\kbdblr.dll

2010-04-19 12:24:12 ----RA---- E:\WINDOWS\system32\kbdaze.dll

2010-04-19 12:24:10 ----RA---- E:\WINDOWS\system32\kbdhept.dll

2010-04-19 12:24:10 ----RA---- E:\WINDOWS\system32\kbdhela3.dll

2010-04-19 12:24:10 ----RA---- E:\WINDOWS\system32\kbdhela2.dll

2010-04-19 12:24:10 ----RA---- E:\WINDOWS\system32\kbdhe319.dll

2010-04-19 12:24:10 ----RA---- E:\WINDOWS\system32\kbdhe220.dll

2010-04-19 12:24:10 ----RA---- E:\WINDOWS\system32\kbdhe.dll

2010-04-19 12:24:10 ----RA---- E:\WINDOWS\system32\kbdgkl.dll

2010-04-19 12:24:09 ----RA---- E:\WINDOWS\system32\kbdlv1.dll

2010-04-19 12:24:09 ----RA---- E:\WINDOWS\system32\kbdlv.dll

2010-04-19 12:24:09 ----RA---- E:\WINDOWS\system32\kbdlt1.dll

2010-04-19 12:24:09 ----RA---- E:\WINDOWS\system32\kbdlt.dll

2010-04-19 12:24:09 ----RA---- E:\WINDOWS\system32\kbdest.dll

2010-04-19 12:24:07 ----RA---- E:\WINDOWS\system32\kbdycl.dll

2010-04-19 12:24:07 ----RA---- E:\WINDOWS\system32\kbdsl1.dll

2010-04-19 12:24:07 ----RA---- E:\WINDOWS\system32\kbdsl.dll

2010-04-19 12:24:07 ----RA---- E:\WINDOWS\system32\kbdro.dll

2010-04-19 12:24:07 ----RA---- E:\WINDOWS\system32\kbdpl1.dll

2010-04-19 12:24:07 ----RA---- E:\WINDOWS\system32\kbdpl.dll

2010-04-19 12:24:07 ----RA---- E:\WINDOWS\system32\kbdhu1.dll

2010-04-19 12:24:07 ----RA---- E:\WINDOWS\system32\kbdhu.dll

2010-04-19 12:24:07 ----RA---- E:\WINDOWS\system32\kbdcz2.dll

2010-04-19 12:24:07 ----RA---- E:\WINDOWS\system32\kbdcz1.dll

2010-04-19 12:24:07 ----RA---- E:\WINDOWS\system32\kbdcz.dll

2010-04-19 12:24:07 ----RA---- E:\WINDOWS\system32\kbdcr.dll

2010-04-19 12:24:07 ----RA---- E:\WINDOWS\system32\KBDAL.DLL

2010-04-19 12:24:03 ----A---- E:\WINDOWS\system32\irclass.dll

2010-04-19 12:24:03 ----A---- E:\WINDOWS\system32\dgsetup.dll

2010-04-19 12:24:03 ----A---- E:\WINDOWS\system32\dgrpsetu.dll

2010-04-19 12:24:02 ----A---- E:\WINDOWS\system32\spxcoins.dll

2010-04-19 12:24:02 ----A---- E:\WINDOWS\system32\EqnClass.Dll

2010-04-19 12:24:01 ----A---- E:\WINDOWS\TASKMAN.EXE

2010-04-19 12:24:00 ----N---- E:\WINDOWS\system32\CONFIG.TMP

2010-04-19 12:24:00 ----A---- E:\WINDOWS\system32\storprop.dll

2010-04-19 12:24:00 ----A---- E:\WINDOWS\system32\batt.dll

2010-04-19 12:24:00 ----A---- E:\WINDOWS\NOTEPAD.EXE

2010-04-19 12:23:52 ----ASH---- E:\Documents and Settings\All Users\Dados de aplicativos\desktop.ini

2010-04-19 12:23:36 ----RA---- E:\WINDOWS\SET8.tmp

2010-04-19 12:23:34 ----RA---- E:\WINDOWS\SET4.tmp

2010-04-19 12:23:33 ----RA---- E:\WINDOWS\SET3.tmp

2010-04-19 12:23:29 ----D---- E:\WINDOWS\system32\CatRoot2

2010-04-19 12:23:29 ----D---- E:\WINDOWS\system32\CatRoot

2010-04-19 12:23:23 ----SD---- E:\Documents and Settings\All Users\Dados de aplicativos\Microsoft

2010-04-19 12:23:06 ----A---- E:\WINDOWS\setuplog.txt

2010-04-19 12:22:51 ----D---- E:\Documents and Settings

2010-04-19 12:22:50 ----SHD---- E:\System Volume Information

2010-04-19 12:18:58 ----SD---- E:\WINDOWS\Downloaded Program Files

2010-04-19 12:18:58 ----RSHDC---- E:\WINDOWS\system32\dllcache

2010-04-19 12:18:58 ----RSD---- E:\WINDOWS\Fonts

2010-04-19 12:18:58 ----RD---- E:\WINDOWS\Web

2010-04-19 12:18:58 ----HD---- E:\WINDOWS\inf

2010-04-19 12:18:58 ----D---- E:\WINDOWS\WinSxS

2010-04-19 12:18:58 ----D---- E:\WINDOWS\twain_32

2010-04-19 12:18:58 ----D---- E:\WINDOWS\Temp

2010-04-19 12:18:58 ----D---- E:\WINDOWS\system32\wins

2010-04-19 12:18:58 ----D---- E:\WINDOWS\system32\wbem

2010-04-19 12:18:58 ----D---- E:\WINDOWS\system32\usmt

2010-04-19 12:18:58 ----D---- E:\WINDOWS\system32\spool

2010-04-19 12:18:58 ----D---- E:\WINDOWS\system32\ShellExt

2010-04-19 12:18:58 ----D---- E:\WINDOWS\system32\Setup

2010-04-19 12:18:58 ----D---- E:\WINDOWS\system32\ras

2010-04-19 12:18:58 ----D---- E:\WINDOWS\system32\pt-br

2010-04-19 12:18:58 ----D---- E:\WINDOWS\system32\PreInstall

2010-04-19 12:18:58 ----D---- E:\WINDOWS\system32\oobe

2010-04-19 12:18:58 ----D---- E:\WINDOWS\system32\npp

2010-04-19 12:18:58 ----D---- E:\WINDOWS\system32\mui

2010-04-19 12:18:58 ----D---- E:\WINDOWS\system32\inetsrv

2010-04-19 12:18:58 ----D---- E:\WINDOWS\system32\IME

2010-04-19 12:18:58 ----D---- E:\WINDOWS\system32\icsxml

2010-04-19 12:18:58 ----D---- E:\WINDOWS\system32\ias

2010-04-19 12:18:58 ----D---- E:\WINDOWS\system32\export

2010-04-19 12:18:58 ----D---- E:\WINDOWS\system32\drivers

2010-04-19 12:18:58 ----D---- E:\WINDOWS\system32\dhcp

2010-04-19 12:18:58 ----D---- E:\WINDOWS\system32\config

2010-04-19 12:18:58 ----D---- E:\WINDOWS\system32\3com_dmi

2010-04-19 12:18:58 ----D---- E:\WINDOWS\system32\3076

2010-04-19 12:18:58 ----D---- E:\WINDOWS\system32\2052

2010-04-19 12:18:58 ----D---- E:\WINDOWS\system32\1054

2010-04-19 12:18:58 ----D---- E:\WINDOWS\system32\1046

2010-04-19 12:18:58 ----D---- E:\WINDOWS\system32\1042

2010-04-19 12:18:58 ----D---- E:\WINDOWS\system32\1041

2010-04-19 12:18:58 ----D---- E:\WINDOWS\system32\1037

2010-04-19 12:18:58 ----D---- E:\WINDOWS\system32\1033

2010-04-19 12:18:58 ----D---- E:\WINDOWS\system32\1031

2010-04-19 12:18:58 ----D---- E:\WINDOWS\system32\1028

2010-04-19 12:18:58 ----D---- E:\WINDOWS\system32\1025

2010-04-19 12:18:58 ----D---- E:\WINDOWS\system32

2010-04-19 12:18:58 ----D---- E:\WINDOWS\system

2010-04-19 12:18:58 ----D---- E:\WINDOWS\security

2010-04-19 12:18:58 ----D---- E:\WINDOWS\Resources

2010-04-19 12:18:58 ----D---- E:\WINDOWS\repair

2010-04-19 12:18:58 ----D---- E:\WINDOWS\Provisioning

2010-04-19 12:18:58 ----D---- E:\WINDOWS\PeerNet

2010-04-19 12:18:58 ----D---- E:\WINDOWS\pchealth

2010-04-19 12:18:58 ----D---- E:\WINDOWS\Offline Web Pages

2010-04-19 12:18:58 ----D---- E:\WINDOWS\mui

2010-04-19 12:18:58 ----D---- E:\WINDOWS\msapps

2010-04-19 12:18:58 ----D---- E:\WINDOWS\msagent

2010-04-19 12:18:58 ----D---- E:\WINDOWS\Media

2010-04-19 12:18:58 ----D---- E:\WINDOWS\java

2010-04-19 12:18:58 ----D---- E:\WINDOWS\ime

2010-04-19 12:18:58 ----D---- E:\WINDOWS\Help

2010-04-19 12:18:58 ----D---- E:\WINDOWS\ehome

2010-04-19 12:18:58 ----D---- E:\WINDOWS\Driver Cache

2010-04-19 12:18:58 ----D---- E:\WINDOWS\Debug

2010-04-19 12:18:58 ----D---- E:\WINDOWS\Cursors

2010-04-19 12:18:58 ----D---- E:\WINDOWS\Connection Wizard

2010-04-19 12:18:58 ----D---- E:\WINDOWS\Config

2010-04-19 12:18:58 ----D---- E:\WINDOWS\AppPatch

2010-04-19 12:18:58 ----D---- E:\WINDOWS\addins

2010-04-19 12:18:58 ----D---- E:\WINDOWS

 

======List of files/folders modified in the last 1 months======

[wings 22]

1.

*Desinstale o Malwarebytes

 

2.

*Desinstale o Combofix:

*Clique em [iniciar] > [Executar] > digite: Combofix /uninstall

*Clique [OK]

 

 

*Clique em [Executar]

*Aguarde até surgir a mensagem: "ComboFix está desinstalado"

*Clique [OK]

 

3.

*Baixe o USBFix e salve-o no desktop

*Desative temporariamente seu antivírus

*Espete o Pendrive no PC

*Duplo clique em UsbFix

*Tecle P > [ENTER]

*Tecle 1 > [ENTER] e aguarde o término

*Remova o Pendrive

*Cole o relatório criado em C:\UsbFix.txt

[Kaaah-rai 0]

Desistalei os programas...

 

Mas acontece que não possuo o Pendrive aqui, era emprestado de um amigo...

E agora?

[wings 22]

Siga o procedimento e desconsidere o Pendrive.

[Kaaah-rai 0]

############################## | UsbFix V6.110 |

 

User : QQQ (Administradores) # ALOKKKKK-D1D29C

Update on 29/04/2010 by El Desaparecido , C_XX & Chimay8

Start at: 13:44:40 | 29/4/2010

Website : http://pagesperso-orange.fr/NosTools/index.html

Contact : FindyKill.Contact@gmail.com

 

Intel® Pentium® Dual CPU E2140 @ 1.60GHz

Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 2

Internet Explorer 8.0.6001.18702

Windows Firewall Status : Disabled

 

C:\ -> Disco fixo local # 26,88 Go (12,75 Go free) [QQQQ] # NTFS

D:\ -> Disco fixo local # 996,19 Mo (967,25 Mo free) # NTFS

E:\ -> Disco fixo local # 49,8 Go (40,6 Go free) # NTFS

F:\ -> Disco fixo local # 152,4 Go (36,79 Go free) [Alokkk] # NTFS

H:\ -> Disco CD-ROM # 344,67 Mo (0 Mo free) [bSTRTB] # CDFS

 

################## | Ficheiros # pastas infeciosos |

 

E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Kosong.Bron.Tok.txt

E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\ListHost14.txt

E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\addr1@xinul.com.ini

E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\addr2@xinul.com.ini

E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\addr3@xinul.com.ini

E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\addr4@xinul.com.ini

E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\addr5@xinul.com.ini

E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\addr6@xinul.com.ini

E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\anders.nilsson@mbox8.swipnet.se.ini

E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\andreiw_cobain@hotmail.com.ini

E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\aramyscaliari@hotmail.com.ini

E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\avdbas@wi.leidenuniv.nl.ini

E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\calb@epsxe.com.ini

E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\carlos_xiku@hotmail.com.ini

E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\charsets@apple.com.ini

E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\frances@ensica.fr.ini

E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\gabrielsl14@hotmail.com.ini

E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\galtor@epsxe.com.ini

E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\gregod@cs.rpi.edu.ini

E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\jaakko.jarvi@cs.utu.fi.ini

E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\janne@mbox370.swipnet.se.ini

E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\lulu_deviling@hotmail.com.ini

E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\mariaeduardaqqq@hotmail.com.ini

E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\mark.gilbert@web.de.ini

E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\mcafee_beta@mcafee.com.ini

E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\mish@tendril.force9.net.ini

E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\msndicuerola@live.com.au.ini

E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\mspss@gto.net.om.ini

E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\mts@lebanon-online.com.lb.ini

E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\neomameplus@jmdzoom.com.ar.ini

E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\PeterH@cronuscom.com.ini

E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\rse@engelschall.com.ini

E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\shammah@voyager.net.ini

E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\stecnico@ea.com.ini

E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\System@noemail.com.ini

E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\tekninentuki@europe.ea.com.ini

E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\viper@vipersgp.cjb.net.ini

E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok

E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Ok-SendMail-Bron-tok

H:\autorun.inf

 

################## | Registro |

 

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLS] "nmklo"

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"

 

################## | Mountpoints2 |

 

HKCU\..\..\Explorer\MountPoints2\{879a5aac-4bf4-11df-bc1f-0019211e4536}

Shell\AutoRun\command =I:\EXPLORER.EXE

Shell\explore\Command =I:\EXPLORER.EXE

Shell\open\Command =I:\EXPLORER.EXE

 

HKCU\..\..\Explorer\MountPoints2\{994e2d3b-4be8-11df-bc1d-0019211e4536}

Shell\AutoRun\command =H:\setup.exe

 

################## | Vaccin |

 

 

################## | ! Fim do relatório # UsbFix V6.110 ! |

[wings 22]

*Duplo clique em UsbFix

*Tecle P > [ENTER]

*Tecle 2 > [ENTER] e aguarde o término

*Cole o relatório criado em C:\UsbFix.txt

[Kaaah-rai 0]

############################## | UsbFix V6.110 |

 

User : QQQ (Administradores) # ALOKKKKK-D1D29C

Update on 29/04/2010 by El Desaparecido , C_XX & Chimay8

Start at: 14:07:36 | 29/4/2010

Website : http://pagesperso-orange.fr/NosTools/index.html

Contact : FindyKill.Contact@gmail.com

 

Intel® Pentium® Dual CPU E2140 @ 1.60GHz

Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 2

Internet Explorer 8.0.6001.18702

Windows Firewall Status : Disabled

 

C:\ -> Disco fixo local # 26,88 Go (12,75 Go free) [QQQQ] # NTFS

D:\ -> Disco fixo local # 996,19 Mo (967,25 Mo free) # NTFS

E:\ -> Disco fixo local # 49,8 Go (40,57 Go free) # NTFS

F:\ -> Disco fixo local # 152,4 Go (36,79 Go free) [Alokkk] # NTFS

H:\ -> Disco CD-ROM # 344,67 Mo (0 Mo free) [bSTRTB] # CDFS

 

################## | Ficheiros # pastas infeciosos |

 

Supprimido ! E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Kosong.Bron.Tok.txt

Supprimido ! E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\ListHost14.txt

Supprimido ! E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\addr1@xinul.com.ini

Supprimido ! E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\addr2@xinul.com.ini

Supprimido ! E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\addr3@xinul.com.ini

Supprimido ! E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\addr4@xinul.com.ini

Supprimido ! E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\addr5@xinul.com.ini

Supprimido ! E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\addr6@xinul.com.ini

Supprimido ! E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\anders.nilsson@mbox8.swipnet.se.ini

Supprimido ! E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\andreiw_cobain@hotmail.com.ini

Supprimido ! E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\aramyscaliari@hotmail.com.ini

Supprimido ! E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\avdbas@wi.leidenuniv.nl.ini

Supprimido ! E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\calb@epsxe.com.ini

Supprimido ! E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\carlos_xiku@hotmail.com.ini

Supprimido ! E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\charsets@apple.com.ini

Supprimido ! E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\frances@ensica.fr.ini

Supprimido ! E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\gabrielsl14@hotmail.com.ini

Supprimido ! E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\galtor@epsxe.com.ini

Supprimido ! E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\gregod@cs.rpi.edu.ini

Supprimido ! E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\jaakko.jarvi@cs.utu.fi.ini

Supprimido ! E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\janne@mbox370.swipnet.se.ini

Supprimido ! E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\lulu_deviling@hotmail.com.ini

Supprimido ! E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\mariaeduardaqqq@hotmail.com.ini

Supprimido ! E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\mark.gilbert@web.de.ini

Supprimido ! E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\mcafee_beta@mcafee.com.ini

Supprimido ! E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\mish@tendril.force9.net.ini

Supprimido ! E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\msndicuerola@live.com.au.ini

Supprimido ! E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\mspss@gto.net.om.ini

Supprimido ! E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\mts@lebanon-online.com.lb.ini

Supprimido ! E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\neomameplus@jmdzoom.com.ar.ini

Supprimido ! E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\PeterH@cronuscom.com.ini

Supprimido ! E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\rse@engelschall.com.ini

Supprimido ! E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\shammah@voyager.net.ini

Supprimido ! E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\stecnico@ea.com.ini

Supprimido ! E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\System@noemail.com.ini

Supprimido ! E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\tekninentuki@europe.ea.com.ini

Supprimido ! E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok\viper@vipersgp.cjb.net.ini

Supprimido ! E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Loc.Mail.Bron.Tok

Supprimido ! E:\DOCUME~1\QQQ\CONFIG~1\DADOSD~1\Ok-SendMail-Bron-tok

Supprimido ! C:\Recycler\S-1-5-21-1060284298-1078145449-1801674531-500

Supprimido ! C:\Recycler\S-1-5-21-1606980848-688789844-682003330-1003

Supprimido ! D:\Recycler\S-1-5-21-1060284298-1078145449-1801674531-500

Supprimido ! D:\Recycler\S-1-5-21-1606980848-688789844-682003330-1003

Supprimido ! D:\Recycler\S-1-5-21-484763869-1708537768-1177238915-1003

Supprimido ! E:\Recycler\S-1-5-21-1606980848-688789844-682003330-1003

Supprimido ! F:\Recycler\S-1-5-21-1060284298-1078145449-1801674531-500

Supprimido ! F:\Recycler\S-1-5-21-1606980848-688789844-682003330-1003

Supprimido ! F:\Recycler\S-1-5-21-484763869-1708537768-1177238915-1003

(!) Não supprimido ! H:\autorun.inf

 

################## | Registro |

 

Supprimido ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"

Supprimido ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"

 

################## | Mountpoints2 |

 

Supprimido ! HKCU\...\Explorer\MountPoints2\{879a5aac-4bf4-11df-bc1f-0019211e4536}\Shell\AutoRun\Command

 

################## | Listing |

 

[26/04/2010 17:46|--a------|1464387] C:\12592682397.jpg

[26/04/2010 17:27|--a------|69412] C:\1272262936528.jpg

[26/04/2010 17:34|--a------|557175] C:\1272303805206.jpg

[26/04/2010 17:27|--a------|93960] C:\1272311490438.jpg

[26/04/2010 17:29|--a------|231195] C:\1272312962848.jpg

[20/04/2010 01:47|---hs----|7] C:\AUTOEXEC.BAT

[22/03/2010 16:00|--a------|361408512] C:\Battlestrike.T.R.B_BTG.iso

[19/04/2010 16:07|--a------|211] C:\Boot.bak

[20/04/2010 02:45|-rahs----|281] C:\boot.ini

[18/01/1782 19:14|-rahs----|4952] C:\Bootfont.bin

[03/08/2004 23:00|--a------|261856] C:\cmldr

[19/04/2010 16:12|--a------|0] C:\CONFIG.SYS

[15/04/2010 22:33|--a------|7548928] C:\Fahrenheit.exe

[28/04/2010 01:51|--a------|2352] C:\InfoSat.txt

[19/04/2010 16:12|-rahs----|0] C:\IO.SYS

[19/04/2010 16:12|-rahs----|0] C:\MSDOS.SYS

[03/08/2004 17:38|-rahs----|47564] C:\NTDETECT.COM

[03/08/2004 17:59|-rahs----|251168] C:\ntldr

[15/04/2010 22:34|--a------|2863104] C:\SILENT HILL 4.exe

[28/04/2010 00:25|--ahs----|20992] C:\Thumbs.db

[?|?|?] E:\hiberfil.sys

[?|?|?] E:\pagefile.sys

[29/04/2010 14:13|--a------|6566] E:\UsbFix.txt

[01/12/2003 11:50|-r-------|25] H:\autorun.inf

[22/06/2005 07:53|-r-------|323218724] H:\setup.exe

 

################## | Vaccinação |

 

# C:\autorun.inf -> Autorun.inf criado por UsbFix (El Desaparecido).

# D:\autorun.inf -> Autorun.inf criado por UsbFix (El Desaparecido).

# E:\autorun.inf -> Autorun.inf criado por UsbFix (El Desaparecido).

# F:\autorun.inf -> Autorun.inf criado por UsbFix (El Desaparecido).

 

################## | Upload |

 

Favor enviar o arquivo : E:\UsbFix_Upload_Me_ALOKKKKK-D1D29C.zip : http://chiquitine.changelog.fr/Sample/Upload.php

Obrigado pela sua contribuição .

 

################## | ! Fim do relatório # UsbFix V6.110 ! |

[wings 22]

1.

*Duplo clique em UsbFix

*Tecle P > [ENTER]

*Tecle 6 > [ENTER]

 

2.

*Desative temporariamente seu antivírus

 

*Baixe o ComboFix e salve-o no desktop

*Execute o Combofix e aceite o contrato

 

*Se o console de recuperação do Windows já estiver instalado, o ComboFix continuará o processo automaticamente. Caso contrário, clique em [sIM] para a sua instalação.

 

 

*Clique em [sIM] para continuar.

 

 

*Aguarde a conclusão de todas as etapas

 

 

*Enquanto o ComboFix estiver em execução, evite usar o mouse e o teclado!!..... Para interromper o procedimento tecle N ou 2 e depois ENTER.

 

*O programa será fechado automaticamente

 

*Cole o relatório criado em C:\combofix.txt

[Kaaah-rai 0]

ComboFix 10-04-29.04 - QQQ 29/04/2010 23:40:57.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1023.685 [GMT -3:00]

Executando de: e:\documents and settings\QQQ\Desktop\ComboFix.exe

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\InfoSat.txt

e:\documents and settings\QQQ\Recent\Thumbs.db

 

A cópia de e:\windows\system32\mshearts.exe foi encontrada e desinfectada

Cópia restaurada de - e:\windows\system32\dllcache\mshearts.exe

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-03-28 to 2010-04-30 ))))))))))))))))))))))))))))

.

 

2010-04-29 18:03 . 2010-04-29 18:03 -------- d-----w- e:\windows\l2schemas

2010-04-29 17:13 . 2010-04-29 17:13 19228 ----a-w- E:\UsbFix_Upload_Me_ALOKKKKK-D1D29C.zip

2010-04-29 16:48 . 2010-04-29 16:48 -------- d-sh--w- e:\documents and settings\QQQ\IECompatCache

2010-04-29 16:48 . 2010-04-29 16:48 -------- d-sh--w- e:\documents and settings\QQQ\PrivacIE

2010-04-29 16:34 . 2010-04-30 02:40 -------- d-----w- E:\UsbFix

2010-04-29 16:16 . 2010-04-29 16:16 -------- d-sh--w- e:\documents and settings\NetworkService\IETldCache

2010-04-29 16:15 . 2010-04-29 16:15 -------- d-sh--w- e:\documents and settings\QQQ\IETldCache

2010-04-29 16:13 . 2010-02-25 06:17 12800 -c----w- e:\windows\system32\dllcache\xpshims.dll

2010-04-29 16:13 . 2010-02-25 06:17 247808 -c----w- e:\windows\system32\dllcache\ieproxy.dll

2010-04-29 16:13 . 2010-04-29 16:13 -------- d-----w- e:\windows\ie8updates

2010-04-29 16:13 . 2010-02-16 04:50 64000 -c----w- e:\windows\system32\dllcache\iecompat.dll

2010-04-29 16:11 . 2010-04-29 16:12 -------- dc-h--w- e:\windows\ie8

2010-04-29 04:01 . 2008-04-14 02:21 20992 ------w- e:\windows\system32\spupdwxp.exe

2010-04-29 04:00 . 2008-04-14 02:20 32285 ------w- e:\windows\system32\hsfcisp2.dll

2010-04-29 03:03 . 2010-04-29 03:03 -------- d-----w- E:\rsit

2010-04-29 03:02 . 2010-04-29 03:02 -------- d-----w- e:\windows\ServicePackFiles

2010-04-29 03:02 . 2010-04-29 03:02 -------- d-----w- e:\arquivos de programas\MSXML 4.0

2010-04-28 15:00 . 2008-06-14 17:34 272384 -c----w- e:\windows\system32\dllcache\bthport.sys

2010-04-28 15:00 . 2008-06-14 17:34 272384 ------w- e:\windows\system32\drivers\bthport.sys

2010-04-28 14:59 . 2009-12-31 16:50 353792 -c----w- e:\windows\system32\dllcache\srv.sys

2010-04-28 14:55 . 2010-02-24 13:11 455680 -c----w- e:\windows\system32\dllcache\mrxsmb.sys

2010-04-28 14:54 . 2009-11-21 15:58 471552 -c----w- e:\windows\system32\dllcache\aclayers.dll

2010-04-28 14:42 . 2009-10-15 16:32 81920 -c----w- e:\windows\system32\dllcache\fontsub.dll

2010-04-28 14:42 . 2009-10-15 16:32 119808 -c----w- e:\windows\system32\dllcache\t2embed.dll

2010-04-28 14:41 . 2010-02-17 17:07 2194176 -c----w- e:\windows\system32\dllcache\ntoskrnl.exe

2010-04-28 14:41 . 2009-03-06 14:20 286208 -c----w- e:\windows\system32\dllcache\pdh.dll

2010-04-28 14:41 . 2009-02-09 11:25 111104 -c----w- e:\windows\system32\dllcache\services.exe

2010-04-28 14:41 . 2009-02-09 10:53 401408 -c----w- e:\windows\system32\dllcache\rpcss.dll

2010-04-28 14:41 . 2009-02-06 10:10 227840 -c----w- e:\windows\system32\dllcache\wmiprvse.exe

2010-04-28 14:41 . 2009-06-25 08:27 732672 -c----w- e:\windows\system32\dllcache\lsasrv.dll

2010-04-28 14:41 . 2009-02-09 10:53 730624 -c----w- e:\windows\system32\dllcache\ntdll.dll

2010-04-28 14:41 . 2009-02-09 10:53 683520 -c----w- e:\windows\system32\dllcache\advapi32.dll

2010-04-28 14:41 . 2009-02-09 10:53 473600 -c----w- e:\windows\system32\dllcache\fastprox.dll

2010-04-28 14:41 . 2009-02-09 10:53 453120 -c----w- e:\windows\system32\dllcache\wmiprvsd.dll

2010-04-28 14:41 . 2010-02-16 19:07 2150400 -c----w- e:\windows\system32\dllcache\ntkrnlmp.exe

2010-04-28 14:41 . 2010-02-16 19:07 2028544 -c----w- e:\windows\system32\dllcache\ntkrpamp.exe

2010-04-28 14:20 . 2008-05-08 14:02 203136 -c----w- e:\windows\system32\dllcache\rmcast.sys

2010-04-28 14:19 . 2009-07-10 13:27 1315328 -c----w- e:\windows\system32\dllcache\msoe.dll

2010-04-28 14:18 . 2008-04-11 19:05 691712 -c----w- e:\windows\system32\dllcache\inetcomm.dll

2010-04-28 14:03 . 2008-04-21 21:15 216064 -c----w- e:\windows\system32\dllcache\wordpad.exe

2010-04-28 07:11 . 2009-08-06 22:24 44768 ----a-w- e:\windows\system32\wups2.dll

2010-04-28 06:40 . 2010-04-28 06:40 -------- d-----w- e:\documents and settings\All Users\Dados de aplicativos\TEMP

2010-04-28 06:20 . 2010-04-28 06:20 -------- d-----w- E:\Malwarebytes' Anti-Malware

2010-04-28 05:50 . 2008-10-15 16:36 337408 -c----w- e:\windows\system32\dllcache\netapi32.dll

2010-04-26 20:41 . 2010-04-26 20:41 -------- d-----w- e:\arquivos de programas\Conduit

2010-04-26 20:41 . 2010-04-26 20:41 -------- d-----w- e:\arquivos de programas\Messenger_Plus_Live_Brazil

2010-04-26 20:41 . 2010-03-17 13:13 52224 ----a-w- e:\documents and settings\QQQ\Dados de aplicativos\Mozilla\Firefox\Profiles\96lqxdpq.default\extensions\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}\components\FFExternalAlert.dll

2010-04-26 20:41 . 2010-03-17 13:13 101376 ----a-w- e:\documents and settings\QQQ\Dados de aplicativos\Mozilla\Firefox\Profiles\96lqxdpq.default\extensions\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}\components\RadioWMPCore.dll

2010-04-22 03:45 . 2010-04-22 03:45 -------- d-----w- e:\documents and settings\QQQ\Dados de aplicativos\Nero

2010-04-22 03:42 . 2010-04-22 03:42 -------- d-----w- e:\documents and settings\All Users\Dados de aplicativos\Nero

2010-04-22 03:42 . 2010-04-22 03:42 -------- d-----w- e:\arquivos de programas\Nero

2010-04-22 03:42 . 2010-04-22 03:44 -------- d-----w- e:\arquivos de programas\Arquivos comuns\Nero

2010-04-20 15:38 . 2010-04-20 15:38 -------- d-----w- e:\documents and settings\QQQ\Dados de aplicativos\Malwarebytes

2010-04-20 15:38 . 2010-04-20 15:38 -------- d-----w- e:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2010-04-20 07:49 . 2008-04-14 02:20 439296 ----a-w- e:\windows\system32\shimgvw.dll

2010-04-20 05:56 . 2010-04-20 05:56 -------- d-----w- e:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files

2010-04-20 05:19 . 2010-04-20 05:19 -------- d-----w- e:\documents and settings\All Users\Dados de aplicativos\ESET

2010-04-20 05:13 . 2008-04-14 02:20 26624 ----a-w- e:\documents and settings\LocalService\Dados de aplicativos\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

2010-04-20 05:11 . 2004-08-03 22:45 221184 ----a-w- e:\windows\system32\wmpns.dll

2010-04-20 05:06 . 2010-04-28 04:55 -------- d-----w- e:\arquivos de programas\JDownloader

2010-04-20 05:05 . 2010-04-20 05:05 411368 ----a-w- e:\windows\system32\deploytk.dll

2010-04-20 05:05 . 2010-04-20 05:05 -------- d-----w- e:\arquivos de programas\Java

2010-04-20 05:05 . 2010-04-20 05:05 152576 ----a-w- e:\documents and settings\QQQ\Dados de aplicativos\Sun\Java\jre1.6.0_15\lzma.dll

2010-04-20 04:58 . 2010-04-20 05:26 -------- d-----w- e:\arquivos de programas\AvRack

2010-04-20 04:58 . 2010-04-20 04:58 -------- d-----w- e:\arquivos de programas\Realtek Sound Manager

2010-04-20 04:58 . 2010-04-20 04:58 -------- d-----w- e:\arquivos de programas\Realtek AC97

2010-04-20 04:58 . 2006-06-20 16:35 10527744 ----a-w- e:\windows\system32\RTLCPL.exe

2010-04-20 04:58 . 2006-06-27 04:42 3972672 ----a-w- e:\windows\system32\drivers\alcxwdm.sys

2010-04-20 04:58 . 2006-06-20 16:42 577536 ----a-w- e:\windows\soundman.exe

2010-04-20 04:58 . 2006-06-07 19:00 143360 ----a-w- e:\windows\system32\RtlCPAPI.dll

2010-04-20 04:58 . 2010-04-20 04:58 -------- d--h--w- e:\arquivos de programas\InstallShield Installation Information

2010-04-20 04:58 . 2006-03-19 22:48 315392 ----a-w- e:\windows\alcupd.exe

2010-04-20 04:58 . 2005-11-17 22:20 217088 ----a-w- e:\windows\Alcrmv.exe

2010-04-20 04:58 . 2010-04-20 04:58 -------- d-----w- e:\arquivos de programas\Arquivos comuns\InstallShield

2010-04-20 04:44 . 2010-04-20 05:20 -------- d-----w- e:\windows\ShellNew

2010-04-20 04:35 . 2010-04-20 04:35 162432 ----a-w- e:\windows\system32\drivers\ithsgt.sys

2010-04-20 04:35 . 2010-04-20 04:35 12032 ----a-w- e:\windows\system32\drivers\lilsgt.sys

2010-04-19 20:13 . 2010-04-20 05:32 -------- d-----w- e:\arquivos de programas\MagicDisc

2010-04-19 20:13 . 2009-02-24 21:42 116736 ----a-w- e:\windows\system32\drivers\mcdbus.sys

2010-04-19 20:12 . 2010-04-26 20:46 -------- d-----w- e:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2010-04-19 20:03 . 2010-04-19 20:03 -------- d-----w- e:\windows\system32\Lang

2010-04-19 20:02 . 2010-04-29 19:01 -------- d-----w- E:\Downloads

2010-04-19 20:02 . 2010-04-19 20:02 -------- d-----w- e:\documents and settings\QQQ\Dados de aplicativos\GrabPro

2010-04-19 20:02 . 2010-04-20 06:12 -------- d-----w- e:\arquivos de programas\Orbitdownloader

2010-04-19 20:02 . 2010-04-30 02:45 -------- d-----w- e:\documents and settings\QQQ\Dados de aplicativos\Orbit

2010-04-19 20:01 . 2010-04-19 20:23 -------- d-----w- e:\arquivos de programas\uTorrent

2010-04-19 20:01 . 2010-04-27 20:33 -------- d-----w- e:\arquivos de programas\Arquivos comuns\Adobe

2010-04-19 20:01 . 2010-04-20 05:38 -------- d-----w- e:\documents and settings\QQQ\Dados de aplicativos\uTorrent

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-04-29 18:14 . 1782-01-18 22:14 48628 ----a-w- e:\windows\system32\perfc016.dat

2010-04-29 18:14 . 1782-01-18 22:14 344380 ----a-w- e:\windows\system32\perfh016.dat

2010-04-26 20:40 . 2010-04-19 19:33 -------- d-----w- e:\arquivos de programas\Messenger Plus! Live

2010-04-20 21:13 . 2010-04-19 19:11 86327 ----a-w- e:\windows\pchealth\helpctr\OfflineCache\index.dat

2010-04-20 05:34 . 2010-04-19 19:35 -------- d-----w- e:\arquivos de programas\PhotoScape

2010-04-20 05:33 . 2010-04-19 19:48 -------- d-----w- e:\arquivos de programas\NSIS

2010-04-20 05:11 . 2010-04-19 19:33 -------- d-----w- e:\arquivos de programas\Windows Media Connect 2

2010-04-19 19:56 . 2010-04-19 19:56 152576 ----a-w- e:\documents and settings\QQQ\Dados de aplicativos\Sun\Java\jre1.6.0_16\lzma.dll

2010-04-19 19:56 . 2010-04-19 19:56 -------- d-----w- e:\arquivos de programas\Arquivos comuns\Cisco Systems

2010-04-19 19:51 . 2010-04-19 19:51 -------- d-----w- e:\arquivos de programas\Real Alternative

2010-04-19 19:47 . 2010-04-19 19:47 -------- d-----w- e:\documents and settings\QQQ\Dados de aplicativos\Media Player Classic

2010-04-19 19:40 . 2010-04-19 19:40 -------- d-----w- e:\arquivos de programas\Arquivos comuns\DirectX

2010-04-19 19:32 . 2010-04-19 19:32 -------- d-----w- e:\arquivos de programas\Microsoft

2010-04-19 19:32 . 2010-04-19 19:31 -------- d-----w- e:\arquivos de programas\Windows Live

2010-04-19 19:32 . 2010-04-19 19:32 -------- d-----w- e:\arquivos de programas\Windows Live SkyDrive

2010-04-19 19:29 . 2010-04-19 19:29 -------- d-----w- e:\arquivos de programas\Satsuki Decoder Pack

2010-04-19 19:25 . 2010-04-19 19:25 -------- d-----w- e:\arquivos de programas\Arquivos comuns\Windows Live

2010-04-19 19:13 . 2010-04-19 19:13 -------- d-----w- e:\arquivos de programas\microsoft frontpage

2010-04-19 19:11 . 2010-04-19 19:11 -------- d-----w- e:\arquivos de programas\Serviços on-line

2010-04-19 19:10 . 2010-04-19 19:10 -------- d-----w- e:\arquivos de programas\Arquivos comuns\Serviços

2010-04-19 19:09 . 2010-04-19 19:09 21844 ----a-w- e:\windows\system32\emptyregdb.dat

2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- e:\documents and settings\All Users\Dados de aplicativos\Adobe\Reader\8.2\ARM\23917\AdobeARM.exe

2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- e:\documents and settings\All Users\Dados de aplicativos\Adobe\Reader\8.2\ARM\23917\AdobeExtractFiles.dll

2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- e:\documents and settings\All Users\Dados de aplicativos\Adobe\Reader\8.2\ARM\23917\ReaderUpdater.exe

2010-02-25 06:17 . 2007-07-31 07:42 916480 ----a-w- e:\windows\system32\wininet.dll

2010-02-24 13:11 . 2007-07-30 22:36 455680 ----a-w- e:\windows\system32\drivers\mrxsmb.sys

2010-02-16 19:07 . 2007-07-30 22:38 2150400 ----a-w- e:\windows\system32\ntoskrnl.exe

2010-02-16 19:07 . 2007-02-28 13:08 2028544 ----a-w- e:\windows\system32\ntkrnlpa.exe

2010-02-12 04:34 . 2007-07-30 22:36 100864 ----a-w- e:\windows\system32\6to4svc.dll

2010-02-11 12:02 . 2007-07-30 22:36 226880 ----a-w- e:\windows\system32\drivers\tcpip6.sys

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}"= "e:\arquivos de programas\Messenger_Plus_Live_Brazil\tbMess.dll" [2010-03-09 2355224]

 

[HKEY_CLASSES_ROOT\clsid\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}]

2010-03-09 14:06 2355224 ----a-w- e:\arquivos de programas\Messenger_Plus_Live_Brazil\tbMess.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}"= "e:\arquivos de programas\Messenger_Plus_Live_Brazil\tbMess.dll" [2010-03-09 2355224]

 

[HKEY_CLASSES_ROOT\clsid\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{EDBCA961-4BF8-4CBE-8C63-A11DFF9ED2D9}"= "e:\arquivos de programas\Messenger_Plus_Live_Brazil\tbMess.dll" [2010-03-09 2355224]

 

[HKEY_CLASSES_ROOT\clsid\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="e:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="e:\arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="e:\arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]

"NBKeyScan"="e:\arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]

"Adobe Reader Speed Launcher"="e:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]

"Adobe ARM"="e:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

 

e:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Orbit.lnk - e:\arquivos de programas\Orbitdownloader\orbitdm.exe [2010-4-19 1773568]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"HonorAutoRunSetting"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"e:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"e:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"f:\\Arquivos de programas\\Atlantica\\Atlantica.exe"=

"e:\\WINDOWS\\system32\\wscntfy.exe"=

"e:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"e:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"e:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

"e:\\Arquivos de programas\\Windows Media Player\\wmpnetwk.exe"=

"e:\\Arquivos de programas\\Windows Media Player\\wmpenc.exe"=

"e:\\Arquivos de programas\\WinRAR\\WinRAR.exe"=

"e:\\Arquivos de programas\\MagicDisc\\MagicDisc.exe"=

"e:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"e:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=

"e:\\Downloads\\HijackThis.exe"=

"e:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"e:\\Arquivos de programas\\Windows Media Player\\wmplayer.exe"=

"e:\\Arquivos de programas\\Arquivos comuns\\Nero\\Lib\\NMBgMonitor.exe"=

"e:\\Arquivos de programas\\Satsuki Decoder Pack\\MPC\\mplayerc.exe"=

"e:\\WINDOWS\\system32\\dwwin.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

 

R3 dpti930;dpti930;\??\e:\windows\system32\drivers\ilhlne.sys --> e:\windows\system32\drivers\ilhlne.sys [?]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-04-29 e:\windows\Tasks\User_Feed_Synchronization-{C60BDEFE-0234-4A95-9EAC-0E17B17927F9}.job

- e:\windows\system32\msfeedssync.exe [2007-07-31 07:31]

.

.

------- Scan Suplementar -------

.

uInternet Connection Wizard,ShellNext = iexplore

FF - ProfilePath - e:\documents and settings\QQQ\Dados de aplicativos\Mozilla\Firefox\Profiles\96lqxdpq.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2567694&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2567694&q=

FF - component: e:\arquivos de programas\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll

FF - component: e:\documents and settings\QQQ\Dados de aplicativos\Mozilla\Firefox\Profiles\96lqxdpq.default\extensions\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}\components\FFExternalAlert.dll

FF - component: e:\documents and settings\QQQ\Dados de aplicativos\Mozilla\Firefox\Profiles\96lqxdpq.default\extensions\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}\components\RadioWMPCore.dll

 

---- FIREFOX POLICIES ----

e:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-04-29 23:44

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'explorer.exe'(2996)

e:\windows\system32\WININET.dll

e:\windows\system32\webcheck.dll

e:\windows\system32\WPDShServiceObj.dll

e:\windows\system32\PortableDeviceTypes.dll

e:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

e:\arquivos de programas\Java\jre6\bin\jqs.exe

e:\arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

e:\arquivos de programas\Orbitdownloader\orbitnet.exe

e:\arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

e:\windows\system32\wscntfy.exe

e:\arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe

e:\arquivos de programas\Windows Live\Contacts\wlcomm.exe

.

**************************************************************************

.

Tempo para conclusão: 2010-04-29 23:49:46 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-04-30 02:49

 

Pré-execução: 9 pasta(s) 42.669.674.496 bytes disponíveis

Pós execução: 11 pasta(s) 42.648.973.312 bytes disponíveis

 

- - End Of File - - F2C69A68069AA1CF2D6B9FFB766F3F19

[wings 22]

*Abra o bloco de notas, selecione, copie e cole nele todo o conteúdo do código abaixo:

 

File::

e:\windows\system32\drivers\ilhlne.sys

Driver::

dpti930

*Salve o arquivo no desktop como CFScript.txt

*Arraste o arquivo para o Combofix conforme ilustração abaixo:

 

 

*Importante: enquanto o combofix estiver em execução, evite usar o mouse nem o teclado!!..para interromper o processo tecle N ou 2.

 

*Cole o relatório criado em C:\combofix.txt

[Kaaah-rai 0]

ComboFix 10-04-29.04 - QQQ 30/04/2010 2:11.4.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1023.716 [GMT -3:00]

Executando de: e:\documents and settings\QQQ\Desktop\ComboFix.exe

Comandos utilizados :: e:\documents and settings\QQQ\Desktop\CFScript.txt

 

FILE ::

"e:\windows\system32\drivers\ilhlne.sys"

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_DPTI930

-------\Service_dpti930

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2010-03-28 to 2010-04-30 ))))))))))))))))))))))))))))

.

 

2010-04-29 18:03 . 2010-04-29 18:03 -------- d-----w- e:\windows\l2schemas

2010-04-29 17:13 . 2010-04-29 17:13 19228 ----a-w- E:\UsbFix_Upload_Me_ALOKKKKK-D1D29C.zip

2010-04-29 16:48 . 2010-04-29 16:48 -------- d-sh--w- e:\documents and settings\QQQ\IECompatCache

2010-04-29 16:48 . 2010-04-29 16:48 -------- d-sh--w- e:\documents and settings\QQQ\PrivacIE

2010-04-29 16:34 . 2010-04-30 02:40 -------- d-----w- E:\UsbFix

2010-04-29 16:16 . 2010-04-29 16:16 -------- d-sh--w- e:\documents and settings\NetworkService\IETldCache

2010-04-29 16:15 . 2010-04-29 16:15 -------- d-sh--w- e:\documents and settings\QQQ\IETldCache

2010-04-29 16:13 . 2010-02-25 06:17 12800 -c----w- e:\windows\system32\dllcache\xpshims.dll

2010-04-29 16:13 . 2010-02-25 06:17 247808 -c----w- e:\windows\system32\dllcache\ieproxy.dll

2010-04-29 16:13 . 2010-04-29 16:13 -------- d-----w- e:\windows\ie8updates

2010-04-29 16:13 . 2010-02-16 04:50 64000 -c----w- e:\windows\system32\dllcache\iecompat.dll

2010-04-29 16:11 . 2010-04-29 16:12 -------- dc-h--w- e:\windows\ie8

2010-04-29 04:01 . 2008-04-14 02:21 20992 ------w- e:\windows\system32\spupdwxp.exe

2010-04-29 04:00 . 2008-04-14 02:20 32285 ------w- e:\windows\system32\hsfcisp2.dll

2010-04-29 03:03 . 2010-04-29 03:03 -------- d-----w- E:\rsit

2010-04-29 03:02 . 2010-04-29 03:02 -------- d-----w- e:\windows\ServicePackFiles

2010-04-29 03:02 . 2010-04-29 03:02 -------- d-----w- e:\arquivos de programas\MSXML 4.0

2010-04-28 15:00 . 2008-06-14 17:34 272384 -c----w- e:\windows\system32\dllcache\bthport.sys

2010-04-28 15:00 . 2008-06-14 17:34 272384 ------w- e:\windows\system32\drivers\bthport.sys

2010-04-28 14:59 . 2009-12-31 16:50 353792 -c----w- e:\windows\system32\dllcache\srv.sys

2010-04-28 14:55 . 2010-02-24 13:11 455680 -c----w- e:\windows\system32\dllcache\mrxsmb.sys

2010-04-28 14:54 . 2009-11-21 15:58 471552 -c----w- e:\windows\system32\dllcache\aclayers.dll

2010-04-28 14:42 . 2009-10-15 16:32 81920 -c----w- e:\windows\system32\dllcache\fontsub.dll

2010-04-28 14:42 . 2009-10-15 16:32 119808 -c----w- e:\windows\system32\dllcache\t2embed.dll

2010-04-28 14:41 . 2010-02-17 17:07 2194176 -c----w- e:\windows\system32\dllcache\ntoskrnl.exe

2010-04-28 14:41 . 2009-03-06 14:20 286208 -c----w- e:\windows\system32\dllcache\pdh.dll

2010-04-28 14:41 . 2009-02-09 11:25 111104 -c----w- e:\windows\system32\dllcache\services.exe

2010-04-28 14:41 . 2009-02-09 10:53 401408 -c----w- e:\windows\system32\dllcache\rpcss.dll

2010-04-28 14:41 . 2009-02-06 10:10 227840 -c----w- e:\windows\system32\dllcache\wmiprvse.exe

2010-04-28 14:41 . 2009-06-25 08:27 732672 -c----w- e:\windows\system32\dllcache\lsasrv.dll

2010-04-28 14:41 . 2009-02-09 10:53 730624 -c----w- e:\windows\system32\dllcache\ntdll.dll

2010-04-28 14:41 . 2009-02-09 10:53 683520 -c----w- e:\windows\system32\dllcache\advapi32.dll

2010-04-28 14:41 . 2009-02-09 10:53 473600 -c----w- e:\windows\system32\dllcache\fastprox.dll

2010-04-28 14:41 . 2009-02-09 10:53 453120 -c----w- e:\windows\system32\dllcache\wmiprvsd.dll

2010-04-28 14:41 . 2010-02-16 19:07 2150400 -c----w- e:\windows\system32\dllcache\ntkrnlmp.exe

2010-04-28 14:41 . 2010-02-16 19:07 2028544 -c----w- e:\windows\system32\dllcache\ntkrpamp.exe

2010-04-28 14:20 . 2008-05-08 14:02 203136 -c----w- e:\windows\system32\dllcache\rmcast.sys

2010-04-28 14:19 . 2009-07-10 13:27 1315328 -c----w- e:\windows\system32\dllcache\msoe.dll

2010-04-28 14:18 . 2008-04-11 19:05 691712 -c----w- e:\windows\system32\dllcache\inetcomm.dll

2010-04-28 14:03 . 2008-04-21 21:15 216064 -c----w- e:\windows\system32\dllcache\wordpad.exe

2010-04-28 07:11 . 2009-08-06 22:24 44768 ----a-w- e:\windows\system32\wups2.dll

2010-04-28 06:40 . 2010-04-28 06:40 -------- d-----w- e:\documents and settings\All Users\Dados de aplicativos\TEMP

2010-04-28 06:20 . 2010-04-28 06:20 -------- d-----w- E:\Malwarebytes' Anti-Malware

2010-04-28 05:50 . 2008-10-15 16:36 337408 -c----w- e:\windows\system32\dllcache\netapi32.dll

2010-04-26 20:41 . 2010-04-26 20:41 -------- d-----w- e:\arquivos de programas\Conduit

2010-04-26 20:41 . 2010-04-26 20:41 -------- d-----w- e:\arquivos de programas\Messenger_Plus_Live_Brazil

2010-04-26 20:41 . 2010-03-17 13:13 52224 ----a-w- e:\documents and settings\QQQ\Dados de aplicativos\Mozilla\Firefox\Profiles\96lqxdpq.default\extensions\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}\components\FFExternalAlert.dll

2010-04-26 20:41 . 2010-03-17 13:13 101376 ----a-w- e:\documents and settings\QQQ\Dados de aplicativos\Mozilla\Firefox\Profiles\96lqxdpq.default\extensions\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}\components\RadioWMPCore.dll

2010-04-22 03:45 . 2010-04-22 03:45 -------- d-----w- e:\documents and settings\QQQ\Dados de aplicativos\Nero

2010-04-22 03:42 . 2010-04-22 03:42 -------- d-----w- e:\documents and settings\All Users\Dados de aplicativos\Nero

2010-04-22 03:42 . 2010-04-22 03:42 -------- d-----w- e:\arquivos de programas\Nero

2010-04-22 03:42 . 2010-04-22 03:44 -------- d-----w- e:\arquivos de programas\Arquivos comuns\Nero

2010-04-20 15:38 . 2010-04-20 15:38 -------- d-----w- e:\documents and settings\QQQ\Dados de aplicativos\Malwarebytes

2010-04-20 15:38 . 2010-04-20 15:38 -------- d-----w- e:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2010-04-20 07:49 . 2008-04-14 02:20 439296 ----a-w- e:\windows\system32\shimgvw.dll

2010-04-20 05:56 . 2010-04-20 05:56 -------- d-----w- e:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files

2010-04-20 05:19 . 2010-04-20 05:19 -------- d-----w- e:\documents and settings\All Users\Dados de aplicativos\ESET

2010-04-20 05:13 . 2008-04-14 02:20 26624 ----a-w- e:\documents and settings\LocalService\Dados de aplicativos\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

2010-04-20 05:11 . 2004-08-03 22:45 221184 ----a-w- e:\windows\system32\wmpns.dll

2010-04-20 05:06 . 2010-04-28 04:55 -------- d-----w- e:\arquivos de programas\JDownloader

2010-04-20 05:05 . 2010-04-20 05:05 411368 ----a-w- e:\windows\system32\deploytk.dll

2010-04-20 05:05 . 2010-04-20 05:05 -------- d-----w- e:\arquivos de programas\Java

2010-04-20 05:05 . 2010-04-20 05:05 152576 ----a-w- e:\documents and settings\QQQ\Dados de aplicativos\Sun\Java\jre1.6.0_15\lzma.dll

2010-04-20 04:58 . 2010-04-20 05:26 -------- d-----w- e:\arquivos de programas\AvRack

2010-04-20 04:58 . 2010-04-20 04:58 -------- d-----w- e:\arquivos de programas\Realtek Sound Manager

2010-04-20 04:58 . 2010-04-20 04:58 -------- d-----w- e:\arquivos de programas\Realtek AC97

2010-04-20 04:58 . 2006-06-20 16:35 10527744 ----a-w- e:\windows\system32\RTLCPL.exe

2010-04-20 04:58 . 2006-06-27 04:42 3972672 ----a-w- e:\windows\system32\drivers\alcxwdm.sys

2010-04-20 04:58 . 2006-06-20 16:42 577536 ----a-w- e:\windows\soundman.exe

2010-04-20 04:58 . 2006-06-07 19:00 143360 ----a-w- e:\windows\system32\RtlCPAPI.dll

2010-04-20 04:58 . 2010-04-20 04:58 -------- d--h--w- e:\arquivos de programas\InstallShield Installation Information

2010-04-20 04:58 . 2006-03-19 22:48 315392 ----a-w- e:\windows\alcupd.exe

2010-04-20 04:58 . 2005-11-17 22:20 217088 ----a-w- e:\windows\Alcrmv.exe

2010-04-20 04:58 . 2010-04-20 04:58 -------- d-----w- e:\arquivos de programas\Arquivos comuns\InstallShield

2010-04-20 04:44 . 2010-04-20 05:20 -------- d-----w- e:\windows\ShellNew

2010-04-20 04:35 . 2010-04-20 04:35 162432 ----a-w- e:\windows\system32\drivers\ithsgt.sys

2010-04-20 04:35 . 2010-04-20 04:35 12032 ----a-w- e:\windows\system32\drivers\lilsgt.sys

2010-04-19 20:13 . 2010-04-20 05:32 -------- d-----w- e:\arquivos de programas\MagicDisc

2010-04-19 20:13 . 2009-02-24 21:42 116736 ----a-w- e:\windows\system32\drivers\mcdbus.sys

2010-04-19 20:12 . 2010-04-26 20:46 -------- d-----w- e:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2010-04-19 20:03 . 2010-04-19 20:03 -------- d-----w- e:\windows\system32\Lang

2010-04-19 20:02 . 2010-04-30 02:55 -------- d-----w- E:\Downloads

2010-04-19 20:02 . 2010-04-19 20:02 -------- d-----w- e:\documents and settings\QQQ\Dados de aplicativos\GrabPro

2010-04-19 20:02 . 2010-04-20 06:12 -------- d-----w- e:\arquivos de programas\Orbitdownloader

2010-04-19 20:02 . 2010-04-30 05:18 -------- d-----w- e:\documents and settings\QQQ\Dados de aplicativos\Orbit

2010-04-19 20:01 . 2010-04-19 20:23 -------- d-----w- e:\arquivos de programas\uTorrent

2010-04-19 20:01 . 2010-04-27 20:33 -------- d-----w- e:\arquivos de programas\Arquivos comuns\Adobe

2010-04-19 20:01 . 2010-04-20 05:38 -------- d-----w- e:\documents and settings\QQQ\Dados de aplicativos\uTorrent

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-04-29 18:14 . 1782-01-18 22:14 48628 ----a-w- e:\windows\system32\perfc016.dat

2010-04-29 18:14 . 1782-01-18 22:14 344380 ----a-w- e:\windows\system32\perfh016.dat

2010-04-26 20:40 . 2010-04-19 19:33 -------- d-----w- e:\arquivos de programas\Messenger Plus! Live

2010-04-20 21:13 . 2010-04-19 19:11 86327 ----a-w- e:\windows\pchealth\helpctr\OfflineCache\index.dat

2010-04-20 05:34 . 2010-04-19 19:35 -------- d-----w- e:\arquivos de programas\PhotoScape

2010-04-20 05:33 . 2010-04-19 19:48 -------- d-----w- e:\arquivos de programas\NSIS

2010-04-20 05:11 . 2010-04-19 19:33 -------- d-----w- e:\arquivos de programas\Windows Media Connect 2

2010-04-19 19:56 . 2010-04-19 19:56 152576 ----a-w- e:\documents and settings\QQQ\Dados de aplicativos\Sun\Java\jre1.6.0_16\lzma.dll

2010-04-19 19:56 . 2010-04-19 19:56 -------- d-----w- e:\arquivos de programas\Arquivos comuns\Cisco Systems

2010-04-19 19:51 . 2010-04-19 19:51 -------- d-----w- e:\arquivos de programas\Real Alternative

2010-04-19 19:47 . 2010-04-19 19:47 -------- d-----w- e:\documents and settings\QQQ\Dados de aplicativos\Media Player Classic

2010-04-19 19:40 . 2010-04-19 19:40 -------- d-----w- e:\arquivos de programas\Arquivos comuns\DirectX

2010-04-19 19:32 . 2010-04-19 19:32 -------- d-----w- e:\arquivos de programas\Microsoft

2010-04-19 19:32 . 2010-04-19 19:31 -------- d-----w- e:\arquivos de programas\Windows Live

2010-04-19 19:32 . 2010-04-19 19:32 -------- d-----w- e:\arquivos de programas\Windows Live SkyDrive

2010-04-19 19:29 . 2010-04-19 19:29 -------- d-----w- e:\arquivos de programas\Satsuki Decoder Pack

2010-04-19 19:25 . 2010-04-19 19:25 -------- d-----w- e:\arquivos de programas\Arquivos comuns\Windows Live

2010-04-19 19:13 . 2010-04-19 19:13 -------- d-----w- e:\arquivos de programas\microsoft frontpage

2010-04-19 19:11 . 2010-04-19 19:11 -------- d-----w- e:\arquivos de programas\Serviços on-line

2010-04-19 19:10 . 2010-04-19 19:10 -------- d-----w- e:\arquivos de programas\Arquivos comuns\Serviços

2010-04-19 19:09 . 2010-04-19 19:09 21844 ----a-w- e:\windows\system32\emptyregdb.dat

2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- e:\documents and settings\All Users\Dados de aplicativos\Adobe\Reader\8.2\ARM\23917\AdobeARM.exe

2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- e:\documents and settings\All Users\Dados de aplicativos\Adobe\Reader\8.2\ARM\23917\AdobeExtractFiles.dll

2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- e:\documents and settings\All Users\Dados de aplicativos\Adobe\Reader\8.2\ARM\23917\ReaderUpdater.exe

2010-02-25 06:17 . 2007-07-31 07:42 916480 ----a-w- e:\windows\system32\wininet.dll

2010-02-24 13:11 . 2007-07-30 22:36 455680 ----a-w- e:\windows\system32\drivers\mrxsmb.sys

2010-02-16 19:07 . 2007-07-30 22:38 2150400 ----a-w- e:\windows\system32\ntoskrnl.exe

2010-02-16 19:07 . 2007-02-28 13:08 2028544 ----a-w- e:\windows\system32\ntkrnlpa.exe

2010-02-12 04:34 . 2007-07-30 22:36 100864 ----a-w- e:\windows\system32\6to4svc.dll

2010-02-11 12:02 . 2007-07-30 22:36 226880 ----a-w- e:\windows\system32\drivers\tcpip6.sys

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}"= "e:\arquivos de programas\Messenger_Plus_Live_Brazil\tbMess.dll" [2010-03-09 2355224]

 

[HKEY_CLASSES_ROOT\clsid\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}]

2010-03-09 14:06 2355224 ----a-w- e:\arquivos de programas\Messenger_Plus_Live_Brazil\tbMess.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}"= "e:\arquivos de programas\Messenger_Plus_Live_Brazil\tbMess.dll" [2010-03-09 2355224]

 

[HKEY_CLASSES_ROOT\clsid\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{EDBCA961-4BF8-4CBE-8C63-A11DFF9ED2D9}"= "e:\arquivos de programas\Messenger_Plus_Live_Brazil\tbMess.dll" [2010-03-09 2355224]

 

[HKEY_CLASSES_ROOT\clsid\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="e:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="e:\arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="e:\arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]

"NBKeyScan"="e:\arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]

"Adobe Reader Speed Launcher"="e:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]

"Adobe ARM"="e:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

 

e:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Orbit.lnk - e:\arquivos de programas\Orbitdownloader\orbitdm.exe [2010-4-19 1773568]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"HonorAutoRunSetting"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"e:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"e:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"f:\\Arquivos de programas\\Atlantica\\Atlantica.exe"=

"e:\\WINDOWS\\system32\\wscntfy.exe"=

"e:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"e:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"e:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

"e:\\Arquivos de programas\\Windows Media Player\\wmpnetwk.exe"=

"e:\\Arquivos de programas\\Windows Media Player\\wmpenc.exe"=

"e:\\Arquivos de programas\\WinRAR\\WinRAR.exe"=

"e:\\Arquivos de programas\\MagicDisc\\MagicDisc.exe"=

"e:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"e:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=

"e:\\Downloads\\HijackThis.exe"=

"e:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"e:\\Arquivos de programas\\Windows Media Player\\wmplayer.exe"=

"e:\\Arquivos de programas\\Arquivos comuns\\Nero\\Lib\\NMBgMonitor.exe"=

"e:\\Arquivos de programas\\Satsuki Decoder Pack\\MPC\\mplayerc.exe"=

"e:\\WINDOWS\\system32\\dwwin.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

 

 

--- =Outros Serviços/Drivers Na Memória ---

 

*NewlyCreated* - DPTI930

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-04-29 e:\windows\Tasks\User_Feed_Synchronization-{C60BDEFE-0234-4A95-9EAC-0E17B17927F9}.job

- e:\windows\system32\msfeedssync.exe [2007-07-31 07:31]

.

.

------- Scan Suplementar -------

.

uInternet Connection Wizard,ShellNext = iexplore

FF - ProfilePath - e:\documents and settings\QQQ\Dados de aplicativos\Mozilla\Firefox\Profiles\96lqxdpq.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2567694&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2567694&q=

FF - component: e:\arquivos de programas\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll

FF - component: e:\documents and settings\QQQ\Dados de aplicativos\Mozilla\Firefox\Profiles\96lqxdpq.default\extensions\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}\components\FFExternalAlert.dll

FF - component: e:\documents and settings\QQQ\Dados de aplicativos\Mozilla\Firefox\Profiles\96lqxdpq.default\extensions\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}\components\RadioWMPCore.dll

 

---- FIREFOX POLICIES ----

e:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-04-30 02:17

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'explorer.exe'(1936)

e:\windows\system32\WININET.dll

e:\windows\system32\webcheck.dll

e:\windows\system32\WPDShServiceObj.dll

e:\windows\system32\PortableDeviceTypes.dll

e:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

e:\arquivos de programas\Java\jre6\bin\jqs.exe

e:\arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

e:\arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

e:\arquivos de programas\Orbitdownloader\orbitnet.exe

e:\arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe

e:\windows\system32\wscntfy.exe

e:\arquivos de programas\Windows Live\Contacts\wlcomm.exe

.

**************************************************************************

.

Tempo para conclusão: 2010-04-30 02:21:53 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-04-30 05:21

ComboFix2.txt 2010-04-30 02:49

 

Pré-execução: 10 pasta(s) 42.399.145.984 bytes disponíveis

Pós execução: 11 pasta(s) 42.291.593.216 bytes disponíveis

 

- - End Of File - - 4DFD90BE5C2D4F564586148D6B8097B8

[wings 22]

*Abra o bloco de notas, selecione, copie e cole nele todo o conteúdo do código abaixo:

 

Driver::

DPTI930

*Salve o arquivo no desktop como CFScript.txt

*Arraste o arquivo para o Combofix conforme ilustração abaixo:

 

 

*Importante: enquanto o combofix estiver em execução, evite usar o mouse nem o teclado!!..para interromper o processo tecle N ou 2.

*Cole o relatório criado em C:\combofix.txt e novo log do hijack

[Kaaah-rai 0]

ComboFix 10-04-29.05 - QQQ 30/04/2010 13:45:59.5.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1023.476 [GMT -3:00]

Executando de: e:\documents and settings\QQQ\Desktop\ComboFix.exe

Comandos utilizados :: e:\documents and settings\QQQ\Desktop\CFScript.txt

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_DPTI930

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2010-03-28 to 2010-04-30 ))))))))))))))))))))))))))))

.

 

2010-04-29 18:03 . 2010-04-29 18:03 -------- d-----w- e:\windows\l2schemas

2010-04-29 17:13 . 2010-04-29 17:13 19228 ----a-w- E:\UsbFix_Upload_Me_ALOKKKKK-D1D29C.zip

2010-04-29 16:48 . 2010-04-29 16:48 -------- d-sh--w- e:\documents and settings\QQQ\IECompatCache

2010-04-29 16:48 . 2010-04-29 16:48 -------- d-sh--w- e:\documents and settings\QQQ\PrivacIE

2010-04-29 16:34 . 2010-04-30 02:40 -------- d-----w- E:\UsbFix

2010-04-29 16:16 . 2010-04-29 16:16 -------- d-sh--w- e:\documents and settings\NetworkService\IETldCache

2010-04-29 16:15 . 2010-04-29 16:15 -------- d-sh--w- e:\documents and settings\QQQ\IETldCache

2010-04-29 16:13 . 2010-02-25 06:17 12800 -c----w- e:\windows\system32\dllcache\xpshims.dll

2010-04-29 16:13 . 2010-02-25 06:17 247808 -c----w- e:\windows\system32\dllcache\ieproxy.dll

2010-04-29 16:13 . 2010-04-29 16:13 -------- d-----w- e:\windows\ie8updates

2010-04-29 16:13 . 2010-02-16 04:50 64000 -c----w- e:\windows\system32\dllcache\iecompat.dll

2010-04-29 16:11 . 2010-04-29 16:12 -------- dc-h--w- e:\windows\ie8

2010-04-29 04:01 . 2008-04-14 02:21 20992 ------w- e:\windows\system32\spupdwxp.exe

2010-04-29 04:00 . 2008-04-14 02:20 32285 ------w- e:\windows\system32\hsfcisp2.dll

2010-04-29 03:03 . 2010-04-29 03:03 -------- d-----w- E:\rsit

2010-04-29 03:02 . 2010-04-29 03:02 -------- d-----w- e:\windows\ServicePackFiles

2010-04-29 03:02 . 2010-04-29 03:02 -------- d-----w- e:\arquivos de programas\MSXML 4.0

2010-04-28 15:00 . 2008-06-14 17:34 272384 -c----w- e:\windows\system32\dllcache\bthport.sys

2010-04-28 15:00 . 2008-06-14 17:34 272384 ------w- e:\windows\system32\drivers\bthport.sys

2010-04-28 14:59 . 2009-12-31 16:50 353792 -c----w- e:\windows\system32\dllcache\srv.sys

2010-04-28 14:55 . 2010-02-24 13:11 455680 -c----w- e:\windows\system32\dllcache\mrxsmb.sys

2010-04-28 14:54 . 2009-11-21 15:58 471552 -c----w- e:\windows\system32\dllcache\aclayers.dll

2010-04-28 14:42 . 2009-10-15 16:32 81920 -c----w- e:\windows\system32\dllcache\fontsub.dll

2010-04-28 14:42 . 2009-10-15 16:32 119808 -c----w- e:\windows\system32\dllcache\t2embed.dll

2010-04-28 14:41 . 2010-02-17 17:07 2194176 -c----w- e:\windows\system32\dllcache\ntoskrnl.exe

2010-04-28 14:41 . 2009-03-06 14:20 286208 -c----w- e:\windows\system32\dllcache\pdh.dll

2010-04-28 14:41 . 2009-02-09 11:25 111104 -c----w- e:\windows\system32\dllcache\services.exe

2010-04-28 14:41 . 2009-02-09 10:53 401408 -c----w- e:\windows\system32\dllcache\rpcss.dll

2010-04-28 14:41 . 2009-02-06 10:10 227840 -c----w- e:\windows\system32\dllcache\wmiprvse.exe

2010-04-28 14:41 . 2009-06-25 08:27 732672 -c----w- e:\windows\system32\dllcache\lsasrv.dll

2010-04-28 14:41 . 2009-02-09 10:53 730624 -c----w- e:\windows\system32\dllcache\ntdll.dll

2010-04-28 14:41 . 2009-02-09 10:53 683520 -c----w- e:\windows\system32\dllcache\advapi32.dll

2010-04-28 14:41 . 2009-02-09 10:53 473600 -c----w- e:\windows\system32\dllcache\fastprox.dll

2010-04-28 14:41 . 2009-02-09 10:53 453120 -c----w- e:\windows\system32\dllcache\wmiprvsd.dll

2010-04-28 14:41 . 2010-02-16 19:07 2150400 -c----w- e:\windows\system32\dllcache\ntkrnlmp.exe

2010-04-28 14:41 . 2010-02-16 19:07 2028544 -c----w- e:\windows\system32\dllcache\ntkrpamp.exe

2010-04-28 14:20 . 2008-05-08 14:02 203136 -c----w- e:\windows\system32\dllcache\rmcast.sys

2010-04-28 14:19 . 2009-07-10 13:27 1315328 -c----w- e:\windows\system32\dllcache\msoe.dll

2010-04-28 14:18 . 2008-04-11 19:05 691712 -c----w- e:\windows\system32\dllcache\inetcomm.dll

2010-04-28 14:03 . 2008-04-21 21:15 216064 -c--a-w- e:\windows\system32\dllcache\wordpad.exe

2010-04-28 07:11 . 2009-08-06 22:24 44768 ----a-w- e:\windows\system32\wups2.dll

2010-04-28 06:40 . 2010-04-28 06:40 -------- d-----w- e:\documents and settings\All Users\Dados de aplicativos\TEMP

2010-04-28 06:20 . 2010-04-28 06:20 -------- d-----w- E:\Malwarebytes' Anti-Malware

2010-04-28 05:50 . 2008-10-15 16:36 337408 -c----w- e:\windows\system32\dllcache\netapi32.dll

2010-04-26 20:41 . 2010-04-26 20:41 -------- d-----w- e:\arquivos de programas\Conduit

2010-04-26 20:41 . 2010-04-26 20:41 -------- d-----w- e:\arquivos de programas\Messenger_Plus_Live_Brazil

2010-04-26 20:41 . 2010-03-17 13:13 52224 ----a-w- e:\documents and settings\QQQ\Dados de aplicativos\Mozilla\Firefox\Profiles\96lqxdpq.default\extensions\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}\components\FFExternalAlert.dll

2010-04-26 20:41 . 2010-03-17 13:13 101376 ----a-w- e:\documents and settings\QQQ\Dados de aplicativos\Mozilla\Firefox\Profiles\96lqxdpq.default\extensions\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}\components\RadioWMPCore.dll

2010-04-22 03:45 . 2010-04-22 03:45 -------- d-----w- e:\documents and settings\QQQ\Dados de aplicativos\Nero

2010-04-22 03:42 . 2010-04-22 03:42 -------- d-----w- e:\documents and settings\All Users\Dados de aplicativos\Nero

2010-04-22 03:42 . 2010-04-22 03:42 -------- d-----w- e:\arquivos de programas\Nero

2010-04-22 03:42 . 2010-04-22 03:44 -------- d-----w- e:\arquivos de programas\Arquivos comuns\Nero

2010-04-20 15:38 . 2010-04-20 15:38 -------- d-----w- e:\documents and settings\QQQ\Dados de aplicativos\Malwarebytes

2010-04-20 15:38 . 2010-04-20 15:38 -------- d-----w- e:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2010-04-20 07:49 . 2008-04-14 02:20 439296 -c--a-w- e:\windows\system32\dllcache\shimgvw.dll

2010-04-20 07:49 . 2008-04-14 02:20 439296 ----a-w- e:\windows\system32\shimgvw.dll

2010-04-20 05:56 . 2010-04-20 05:56 -------- d-----w- e:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files

2010-04-20 05:19 . 2010-04-20 05:19 -------- d-----w- e:\documents and settings\All Users\Dados de aplicativos\ESET

2010-04-20 05:13 . 2008-04-14 02:20 26624 ----a-w- e:\documents and settings\LocalService\Dados de aplicativos\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

2010-04-20 05:11 . 2004-08-03 22:45 221184 ----a-w- e:\windows\system32\wmpns.dll

2010-04-20 05:06 . 2010-04-28 04:55 -------- d-----w- e:\arquivos de programas\JDownloader

2010-04-20 05:05 . 2010-04-20 05:05 411368 ----a-w- e:\windows\system32\deploytk.dll

2010-04-20 05:05 . 2010-04-20 05:05 -------- d-----w- e:\arquivos de programas\Java

2010-04-20 05:05 . 2010-04-20 05:05 152576 ----a-w- e:\documents and settings\QQQ\Dados de aplicativos\Sun\Java\jre1.6.0_15\lzma.dll

2010-04-20 04:58 . 2010-04-20 05:26 -------- d-----w- e:\arquivos de programas\AvRack

2010-04-20 04:58 . 2010-04-20 04:58 -------- d-----w- e:\arquivos de programas\Realtek Sound Manager

2010-04-20 04:58 . 2010-04-20 04:58 -------- d-----w- e:\arquivos de programas\Realtek AC97

2010-04-20 04:58 . 2006-06-20 16:35 10527744 ----a-w- e:\windows\system32\RTLCPL.exe

2010-04-20 04:58 . 2006-06-27 04:42 3972672 ----a-w- e:\windows\system32\drivers\alcxwdm.sys

2010-04-20 04:58 . 2006-06-20 16:42 577536 ----a-w- e:\windows\soundman.exe

2010-04-20 04:58 . 2006-06-07 19:00 143360 ----a-w- e:\windows\system32\RtlCPAPI.dll

2010-04-20 04:58 . 2010-04-20 04:58 -------- d--h--w- e:\arquivos de programas\InstallShield Installation Information

2010-04-20 04:58 . 2006-03-19 22:48 315392 ----a-w- e:\windows\alcupd.exe

2010-04-20 04:58 . 2005-11-17 22:20 217088 ----a-w- e:\windows\Alcrmv.exe

2010-04-20 04:58 . 2010-04-20 04:58 -------- d-----w- e:\arquivos de programas\Arquivos comuns\InstallShield

2010-04-20 04:44 . 2010-04-20 05:20 -------- d-----w- e:\windows\ShellNew

2010-04-20 04:35 . 2010-04-20 04:35 162432 ----a-w- e:\windows\system32\drivers\ithsgt.sys

2010-04-20 04:35 . 2010-04-20 04:35 12032 ----a-w- e:\windows\system32\drivers\lilsgt.sys

2010-04-19 20:13 . 2010-04-20 05:32 -------- d-----w- e:\arquivos de programas\MagicDisc

2010-04-19 20:13 . 2009-02-24 21:42 116736 ----a-w- e:\windows\system32\drivers\mcdbus.sys

2010-04-19 20:12 . 2010-04-26 20:46 -------- d-----w- e:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2010-04-19 20:03 . 2010-04-19 20:03 -------- d-----w- e:\windows\system32\Lang

2010-04-19 20:02 . 2010-04-30 02:55 -------- d-----w- E:\Downloads

2010-04-19 20:02 . 2010-04-19 20:02 -------- d-----w- e:\documents and settings\QQQ\Dados de aplicativos\GrabPro

2010-04-19 20:02 . 2010-04-20 06:12 -------- d-----w- e:\arquivos de programas\Orbitdownloader

2010-04-19 20:02 . 2010-04-30 17:02 -------- d-----w- e:\documents and settings\QQQ\Dados de aplicativos\Orbit

2010-04-19 20:01 . 2010-04-19 20:23 -------- d-----w- e:\arquivos de programas\uTorrent

2010-04-19 20:01 . 2010-04-27 20:33 -------- d-----w- e:\arquivos de programas\Arquivos comuns\Adobe

2010-04-19 20:01 . 2010-04-20 05:38 -------- d-----w- e:\documents and settings\QQQ\Dados de aplicativos\uTorrent

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-04-29 18:14 . 1782-01-18 22:14 48628 ----a-w- e:\windows\system32\perfc016.dat

2010-04-29 18:14 . 1782-01-18 22:14 344380 ----a-w- e:\windows\system32\perfh016.dat

2010-04-26 20:40 . 2010-04-19 19:33 -------- d-----w- e:\arquivos de programas\Messenger Plus! Live

2010-04-20 21:13 . 2010-04-19 19:11 86327 ----a-w- e:\windows\pchealth\helpctr\OfflineCache\index.dat

2010-04-20 05:34 . 2010-04-19 19:35 -------- d-----w- e:\arquivos de programas\PhotoScape

2010-04-20 05:33 . 2010-04-19 19:48 -------- d-----w- e:\arquivos de programas\NSIS

2010-04-20 05:11 . 2010-04-19 19:33 -------- d-----w- e:\arquivos de programas\Windows Media Connect 2

2010-04-19 19:56 . 2010-04-19 19:56 152576 ----a-w- e:\documents and settings\QQQ\Dados de aplicativos\Sun\Java\jre1.6.0_16\lzma.dll

2010-04-19 19:56 . 2010-04-19 19:56 -------- d-----w- e:\arquivos de programas\Arquivos comuns\Cisco Systems

2010-04-19 19:51 . 2010-04-19 19:51 -------- d-----w- e:\arquivos de programas\Real Alternative

2010-04-19 19:47 . 2010-04-19 19:47 -------- d-----w- e:\documents and settings\QQQ\Dados de aplicativos\Media Player Classic

2010-04-19 19:40 . 2010-04-19 19:40 -------- d-----w- e:\arquivos de programas\Arquivos comuns\DirectX

2010-04-19 19:32 . 2010-04-19 19:32 -------- d-----w- e:\arquivos de programas\Microsoft

2010-04-19 19:32 . 2010-04-19 19:31 -------- d-----w- e:\arquivos de programas\Windows Live

2010-04-19 19:32 . 2010-04-19 19:32 -------- d-----w- e:\arquivos de programas\Windows Live SkyDrive

2010-04-19 19:29 . 2010-04-19 19:29 -------- d-----w- e:\arquivos de programas\Satsuki Decoder Pack

2010-04-19 19:25 . 2010-04-19 19:25 -------- d-----w- e:\arquivos de programas\Arquivos comuns\Windows Live

2010-04-19 19:13 . 2010-04-19 19:13 -------- d-----w- e:\arquivos de programas\microsoft frontpage

2010-04-19 19:11 . 2010-04-19 19:11 -------- d-----w- e:\arquivos de programas\Serviços on-line

2010-04-19 19:10 . 2010-04-19 19:10 -------- d-----w- e:\arquivos de programas\Arquivos comuns\Serviços

2010-04-19 19:09 . 2010-04-19 19:09 21844 ----a-w- e:\windows\system32\emptyregdb.dat

2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- e:\documents and settings\All Users\Dados de aplicativos\Adobe\Reader\8.2\ARM\23917\AdobeARM.exe

2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- e:\documents and settings\All Users\Dados de aplicativos\Adobe\Reader\8.2\ARM\23917\AdobeExtractFiles.dll

2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- e:\documents and settings\All Users\Dados de aplicativos\Adobe\Reader\8.2\ARM\23917\ReaderUpdater.exe

2010-02-25 06:17 . 2007-07-31 07:42 916480 ----a-w- e:\windows\system32\wininet.dll

2010-02-24 13:11 . 2007-07-30 22:36 455680 ----a-w- e:\windows\system32\drivers\mrxsmb.sys

2010-02-16 19:07 . 2007-07-30 22:38 2150400 ----a-w- e:\windows\system32\ntoskrnl.exe

2010-02-16 19:07 . 2007-02-28 13:08 2028544 ----a-w- e:\windows\system32\ntkrnlpa.exe

2010-02-12 04:34 . 2007-07-30 22:36 100864 ----a-w- e:\windows\system32\6to4svc.dll

2010-02-11 12:02 . 2007-07-30 22:36 226880 ----a-w- e:\windows\system32\drivers\tcpip6.sys

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}"= "e:\arquivos de programas\Messenger_Plus_Live_Brazil\tbMess.dll" [2010-03-09 2355224]

 

[HKEY_CLASSES_ROOT\clsid\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}]

2010-03-09 14:06 2355224 ----a-w- e:\arquivos de programas\Messenger_Plus_Live_Brazil\tbMess.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}"= "e:\arquivos de programas\Messenger_Plus_Live_Brazil\tbMess.dll" [2010-03-09 2355224]

 

[HKEY_CLASSES_ROOT\clsid\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{EDBCA961-4BF8-4CBE-8C63-A11DFF9ED2D9}"= "e:\arquivos de programas\Messenger_Plus_Live_Brazil\tbMess.dll" [2010-03-09 2355224]

 

[HKEY_CLASSES_ROOT\clsid\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="e:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="e:\arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="e:\arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]

"NBKeyScan"="e:\arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]

"Adobe Reader Speed Launcher"="e:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]

"Adobe ARM"="e:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

 

e:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Orbit.lnk - e:\arquivos de programas\Orbitdownloader\orbitdm.exe [2010-4-19 1773568]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"HonorAutoRunSetting"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"e:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"e:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"f:\\Arquivos de programas\\Atlantica\\Atlantica.exe"=

"e:\\WINDOWS\\system32\\wscntfy.exe"=

"e:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"e:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"e:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

"e:\\Arquivos de programas\\Windows Media Player\\wmpnetwk.exe"=

"e:\\Arquivos de programas\\Windows Media Player\\wmpenc.exe"=

"e:\\Arquivos de programas\\WinRAR\\WinRAR.exe"=

"e:\\Arquivos de programas\\MagicDisc\\MagicDisc.exe"=

"e:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"e:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=

"e:\\Downloads\\HijackThis.exe"=

"e:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"e:\\Arquivos de programas\\Windows Media Player\\wmplayer.exe"=

"e:\\Arquivos de programas\\Arquivos comuns\\Nero\\Lib\\NMBgMonitor.exe"=

"e:\\Arquivos de programas\\Satsuki Decoder Pack\\MPC\\mplayerc.exe"=

"e:\\WINDOWS\\system32\\dwwin.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

 

R3 dpti930;dpti930;\??\e:\windows\system32\drivers\ilhlne.sys --> e:\windows\system32\drivers\ilhlne.sys [?]

 

--- =Outros Serviços/Drivers Na Memória ---

 

*NewlyCreated* - DPTI930

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-04-30 e:\windows\Tasks\User_Feed_Synchronization-{C60BDEFE-0234-4A95-9EAC-0E17B17927F9}.job

- e:\windows\system32\msfeedssync.exe [2007-07-31 07:31]

.

.

------- Scan Suplementar -------

.

uInternet Connection Wizard,ShellNext = iexplore

FF - ProfilePath - e:\documents and settings\QQQ\Dados de aplicativos\Mozilla\Firefox\Profiles\96lqxdpq.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2567694&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2567694&q=

FF - component: e:\arquivos de programas\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll

FF - component: e:\documents and settings\QQQ\Dados de aplicativos\Mozilla\Firefox\Profiles\96lqxdpq.default\extensions\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}\components\FFExternalAlert.dll

FF - component: e:\documents and settings\QQQ\Dados de aplicativos\Mozilla\Firefox\Profiles\96lqxdpq.default\extensions\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}\components\RadioWMPCore.dll

 

---- FIREFOX POLICIES ----

e:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-04-30 14:02

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'explorer.exe'(3840)

e:\windows\system32\WININET.dll

e:\windows\system32\webcheck.dll

e:\windows\system32\WPDShServiceObj.dll

e:\windows\system32\PortableDeviceTypes.dll

e:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

e:\arquivos de programas\Java\jre6\bin\jqs.exe

e:\arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

e:\arquivos de programas\Orbitdownloader\orbitnet.exe

e:\arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

e:\windows\system32\wscntfy.exe

e:\arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe

e:\arquivos de programas\Windows Live\Contacts\wlcomm.exe

.

**************************************************************************

.

Tempo para conclusão: 2010-04-30 14:07:00 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-04-30 17:06

ComboFix2.txt 2010-04-30 05:21

ComboFix3.txt 2010-04-30 02:49

 

Pré-execução: 10 pasta(s) 42.098.393.088 bytes disponíveis

Pós execução: 11 pasta(s) 42.026.835.968 bytes disponíveis

 

- - End Of File - - 50D768B2B48F5E0BB934CB0A63D78EB7

[wings 22]

Oi...

 

Há um driver teimoso...

 

Delete a pasta C:\qoobox e o arquivo C:\combofix.txt

 

Reinicie o PC em Modo de Segurança.

 

Repita o procedimento do combofix usando o script abaixo:

 

Rootkit::

e:\windows\system32\drivers\ilhlne.sys

Driver::

dpti930

DPTI930

Cole o relatório

[Kaaah-rai 0]

ComboFix 10-04-29.05 - QQQ 30/04/2010 15:24:07.6.2 - x86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1023.843 [GMT -3:00]

Executando de: e:\documents and settings\QQQ\Desktop\ComboFix.exe

Comandos utilizados :: e:\documents and settings\QQQ\Desktop\CFScript.txt

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_DPTI930

-------\Service_dpti930

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2010-03-28 to 2010-04-30 ))))))))))))))))))))))))))))

.

 

2010-04-29 18:03 . 2010-04-29 18:03 -------- d-----w- e:\windows\l2schemas

2010-04-29 17:13 . 2010-04-29 17:13 19228 ----a-w- E:\UsbFix_Upload_Me_ALOKKKKK-D1D29C.zip

2010-04-29 16:48 . 2010-04-29 16:48 -------- d-sh--w- e:\documents and settings\QQQ\IECompatCache

2010-04-29 16:48 . 2010-04-29 16:48 -------- d-sh--w- e:\documents and settings\QQQ\PrivacIE

2010-04-29 16:34 . 2010-04-30 02:40 -------- d-----w- E:\UsbFix

2010-04-29 16:16 . 2010-04-29 16:16 -------- d-sh--w- e:\documents and settings\NetworkService\IETldCache

2010-04-29 16:15 . 2010-04-29 16:15 -------- d-sh--w- e:\documents and settings\QQQ\IETldCache

2010-04-29 16:13 . 2010-02-25 06:17 12800 -c----w- e:\windows\system32\dllcache\xpshims.dll

2010-04-29 16:13 . 2010-02-25 06:17 247808 -c----w- e:\windows\system32\dllcache\ieproxy.dll

2010-04-29 16:13 . 2010-04-29 16:13 -------- d-----w- e:\windows\ie8updates

2010-04-29 16:13 . 2010-02-16 04:50 64000 -c----w- e:\windows\system32\dllcache\iecompat.dll

2010-04-29 16:11 . 2010-04-29 16:12 -------- dc-h--w- e:\windows\ie8

2010-04-29 04:01 . 2008-04-14 02:21 20992 ------w- e:\windows\system32\spupdwxp.exe

2010-04-29 04:00 . 2008-04-14 02:20 32285 ------w- e:\windows\system32\hsfcisp2.dll

2010-04-29 03:03 . 2010-04-29 03:03 -------- d-----w- E:\rsit

2010-04-29 03:02 . 2010-04-29 03:02 -------- d-----w- e:\windows\ServicePackFiles

2010-04-29 03:02 . 2010-04-29 03:02 -------- d-----w- e:\arquivos de programas\MSXML 4.0

2010-04-28 15:00 . 2008-06-14 17:34 272384 -c----w- e:\windows\system32\dllcache\bthport.sys

2010-04-28 15:00 . 2008-06-14 17:34 272384 ------w- e:\windows\system32\drivers\bthport.sys

2010-04-28 14:59 . 2009-12-31 16:50 353792 -c----w- e:\windows\system32\dllcache\srv.sys

2010-04-28 14:55 . 2010-02-24 13:11 455680 -c----w- e:\windows\system32\dllcache\mrxsmb.sys

2010-04-28 14:54 . 2009-11-21 15:58 471552 -c----w- e:\windows\system32\dllcache\aclayers.dll

2010-04-28 14:42 . 2009-10-15 16:32 81920 -c----w- e:\windows\system32\dllcache\fontsub.dll

2010-04-28 14:42 . 2009-10-15 16:32 119808 -c----w- e:\windows\system32\dllcache\t2embed.dll

2010-04-28 14:41 . 2010-02-17 17:07 2194176 -c----w- e:\windows\system32\dllcache\ntoskrnl.exe

2010-04-28 14:41 . 2009-03-06 14:20 286208 -c----w- e:\windows\system32\dllcache\pdh.dll

2010-04-28 14:41 . 2009-02-09 11:25 111104 -c----w- e:\windows\system32\dllcache\services.exe

2010-04-28 14:41 . 2009-02-09 10:53 401408 -c----w- e:\windows\system32\dllcache\rpcss.dll

2010-04-28 14:41 . 2009-02-06 10:10 227840 -c----w- e:\windows\system32\dllcache\wmiprvse.exe

2010-04-28 14:41 . 2009-06-25 08:27 732672 -c----w- e:\windows\system32\dllcache\lsasrv.dll

2010-04-28 14:41 . 2009-02-09 10:53 730624 -c----w- e:\windows\system32\dllcache\ntdll.dll

2010-04-28 14:41 . 2009-02-09 10:53 683520 -c----w- e:\windows\system32\dllcache\advapi32.dll

2010-04-28 14:41 . 2009-02-09 10:53 473600 -c----w- e:\windows\system32\dllcache\fastprox.dll

2010-04-28 14:41 . 2009-02-09 10:53 453120 -c----w- e:\windows\system32\dllcache\wmiprvsd.dll

2010-04-28 14:41 . 2010-02-16 19:07 2150400 -c----w- e:\windows\system32\dllcache\ntkrnlmp.exe

2010-04-28 14:41 . 2010-02-16 19:07 2028544 -c----w- e:\windows\system32\dllcache\ntkrpamp.exe

2010-04-28 14:20 . 2008-05-08 14:02 203136 -c----w- e:\windows\system32\dllcache\rmcast.sys

2010-04-28 14:19 . 2009-07-10 13:27 1315328 -c----w- e:\windows\system32\dllcache\msoe.dll

2010-04-28 14:18 . 2008-04-11 19:05 691712 -c----w- e:\windows\system32\dllcache\inetcomm.dll

2010-04-28 14:03 . 2008-04-21 21:15 216064 -c--a-w- e:\windows\system32\dllcache\wordpad.exe

2010-04-28 07:11 . 2009-08-06 22:24 44768 ----a-w- e:\windows\system32\wups2.dll

2010-04-28 06:40 . 2010-04-28 06:40 -------- d-----w- e:\documents and settings\All Users\Dados de aplicativos\TEMP

2010-04-28 06:20 . 2010-04-28 06:20 -------- d-----w- E:\Malwarebytes' Anti-Malware

2010-04-28 05:50 . 2008-10-15 16:36 337408 -c----w- e:\windows\system32\dllcache\netapi32.dll

2010-04-26 20:41 . 2010-04-26 20:41 -------- d-----w- e:\arquivos de programas\Conduit

2010-04-26 20:41 . 2010-04-26 20:41 -------- d-----w- e:\arquivos de programas\Messenger_Plus_Live_Brazil

2010-04-26 20:41 . 2010-03-17 13:13 52224 ----a-w- e:\documents and settings\QQQ\Dados de aplicativos\Mozilla\Firefox\Profiles\96lqxdpq.default\extensions\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}\components\FFExternalAlert.dll

2010-04-26 20:41 . 2010-03-17 13:13 101376 ----a-w- e:\documents and settings\QQQ\Dados de aplicativos\Mozilla\Firefox\Profiles\96lqxdpq.default\extensions\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}\components\RadioWMPCore.dll

2010-04-22 03:45 . 2010-04-22 03:45 -------- d-----w- e:\documents and settings\QQQ\Dados de aplicativos\Nero

2010-04-22 03:42 . 2010-04-22 03:42 -------- d-----w- e:\documents and settings\All Users\Dados de aplicativos\Nero

2010-04-22 03:42 . 2010-04-22 03:42 -------- d-----w- e:\arquivos de programas\Nero

2010-04-22 03:42 . 2010-04-22 03:44 -------- d-----w- e:\arquivos de programas\Arquivos comuns\Nero

2010-04-20 15:38 . 2010-04-20 15:38 -------- d-----w- e:\documents and settings\QQQ\Dados de aplicativos\Malwarebytes

2010-04-20 15:38 . 2010-04-20 15:38 -------- d-----w- e:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2010-04-20 07:49 . 2008-04-14 02:20 439296 -c--a-w- e:\windows\system32\dllcache\shimgvw.dll

2010-04-20 07:49 . 2008-04-14 02:20 439296 ----a-w- e:\windows\system32\shimgvw.dll

2010-04-20 05:56 . 2010-04-20 05:56 -------- d-----w- e:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files

2010-04-20 05:19 . 2010-04-20 05:19 -------- d-----w- e:\documents and settings\All Users\Dados de aplicativos\ESET

2010-04-20 05:11 . 2004-08-03 22:45 221184 ----a-w- e:\windows\system32\wmpns.dll

2010-04-20 05:06 . 2010-04-28 04:55 -------- d-----w- e:\arquivos de programas\JDownloader

2010-04-20 05:05 . 2010-04-20 05:05 411368 ----a-w- e:\windows\system32\deploytk.dll

2010-04-20 05:05 . 2010-04-20 05:05 -------- d-----w- e:\arquivos de programas\Java

2010-04-20 05:05 . 2010-04-20 05:05 152576 ----a-w- e:\documents and settings\QQQ\Dados de aplicativos\Sun\Java\jre1.6.0_15\lzma.dll

2010-04-20 04:58 . 2010-04-20 05:26 -------- d-----w- e:\arquivos de programas\AvRack

2010-04-20 04:58 . 2010-04-20 04:58 -------- d-----w- e:\arquivos de programas\Realtek Sound Manager

2010-04-20 04:58 . 2010-04-20 04:58 -------- d-----w- e:\arquivos de programas\Realtek AC97

2010-04-20 04:58 . 2006-06-20 16:35 10527744 ----a-w- e:\windows\system32\RTLCPL.exe

2010-04-20 04:58 . 2006-06-27 04:42 3972672 ----a-w- e:\windows\system32\drivers\alcxwdm.sys

2010-04-20 04:58 . 2006-06-20 16:42 577536 ----a-w- e:\windows\soundman.exe

2010-04-20 04:58 . 2006-06-07 19:00 143360 ----a-w- e:\windows\system32\RtlCPAPI.dll

2010-04-20 04:58 . 2010-04-20 04:58 -------- d--h--w- e:\arquivos de programas\InstallShield Installation Information

2010-04-20 04:58 . 2006-03-19 22:48 315392 ----a-w- e:\windows\alcupd.exe

2010-04-20 04:58 . 2005-11-17 22:20 217088 ----a-w- e:\windows\Alcrmv.exe

2010-04-20 04:58 . 2010-04-20 04:58 -------- d-----w- e:\arquivos de programas\Arquivos comuns\InstallShield

2010-04-20 04:44 . 2010-04-20 05:20 -------- d-----w- e:\windows\ShellNew

2010-04-20 04:35 . 2010-04-20 04:35 162432 ----a-w- e:\windows\system32\drivers\ithsgt.sys

2010-04-20 04:35 . 2010-04-20 04:35 12032 ----a-w- e:\windows\system32\drivers\lilsgt.sys

2010-04-19 20:13 . 2010-04-20 05:32 -------- d-----w- e:\arquivos de programas\MagicDisc

2010-04-19 20:13 . 2009-02-24 21:42 116736 ----a-w- e:\windows\system32\drivers\mcdbus.sys

2010-04-19 20:12 . 2010-04-26 20:46 -------- d-----w- e:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2010-04-19 20:03 . 2010-04-19 20:03 -------- d-----w- e:\windows\system32\Lang

2010-04-19 20:02 . 2010-04-30 17:17 -------- d-----w- E:\Downloads

2010-04-19 20:02 . 2010-04-19 20:02 -------- d-----w- e:\documents and settings\QQQ\Dados de aplicativos\GrabPro

2010-04-19 20:02 . 2010-04-20 06:12 -------- d-----w- e:\arquivos de programas\Orbitdownloader

2010-04-19 20:02 . 2010-04-30 18:30 -------- d-----w- e:\documents and settings\QQQ\Dados de aplicativos\Orbit

2010-04-19 20:01 . 2010-04-19 20:23 -------- d-----w- e:\arquivos de programas\uTorrent

2010-04-19 20:01 . 2010-04-27 20:33 -------- d-----w- e:\arquivos de programas\Arquivos comuns\Adobe

2010-04-19 20:01 . 2010-04-20 05:38 -------- d-----w- e:\documents and settings\QQQ\Dados de aplicativos\uTorrent

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-04-29 18:14 . 1782-01-18 22:14 48628 ----a-w- e:\windows\system32\perfc016.dat

2010-04-29 18:14 . 1782-01-18 22:14 344380 ----a-w- e:\windows\system32\perfh016.dat

2010-04-26 20:40 . 2010-04-19 19:33 -------- d-----w- e:\arquivos de programas\Messenger Plus! Live

2010-04-20 21:13 . 2010-04-19 19:11 86327 ----a-w- e:\windows\pchealth\helpctr\OfflineCache\index.dat

2010-04-20 05:34 . 2010-04-19 19:35 -------- d-----w- e:\arquivos de programas\PhotoScape

2010-04-20 05:33 . 2010-04-19 19:48 -------- d-----w- e:\arquivos de programas\NSIS

2010-04-20 05:11 . 2010-04-19 19:33 -------- d-----w- e:\arquivos de programas\Windows Media Connect 2

2010-04-19 19:56 . 2010-04-19 19:56 152576 ----a-w- e:\documents and settings\QQQ\Dados de aplicativos\Sun\Java\jre1.6.0_16\lzma.dll

2010-04-19 19:56 . 2010-04-19 19:56 -------- d-----w- e:\arquivos de programas\Arquivos comuns\Cisco Systems

2010-04-19 19:51 . 2010-04-19 19:51 -------- d-----w- e:\arquivos de programas\Real Alternative

2010-04-19 19:47 . 2010-04-19 19:47 -------- d-----w- e:\documents and settings\QQQ\Dados de aplicativos\Media Player Classic

2010-04-19 19:40 . 2010-04-19 19:40 -------- d-----w- e:\arquivos de programas\Arquivos comuns\DirectX

2010-04-19 19:32 . 2010-04-19 19:32 -------- d-----w- e:\arquivos de programas\Microsoft

2010-04-19 19:32 . 2010-04-19 19:31 -------- d-----w- e:\arquivos de programas\Windows Live

2010-04-19 19:32 . 2010-04-19 19:32 -------- d-----w- e:\arquivos de programas\Windows Live SkyDrive

2010-04-19 19:29 . 2010-04-19 19:29 -------- d-----w- e:\arquivos de programas\Satsuki Decoder Pack

2010-04-19 19:25 . 2010-04-19 19:25 -------- d-----w- e:\arquivos de programas\Arquivos comuns\Windows Live

2010-04-19 19:13 . 2010-04-19 19:13 -------- d-----w- e:\arquivos de programas\microsoft frontpage

2010-04-19 19:11 . 2010-04-19 19:11 -------- d-----w- e:\arquivos de programas\Serviços on-line

2010-04-19 19:10 . 2010-04-19 19:10 -------- d-----w- e:\arquivos de programas\Arquivos comuns\Serviços

2010-04-19 19:09 . 2010-04-19 19:09 21844 ----a-w- e:\windows\system32\emptyregdb.dat

2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- e:\documents and settings\All Users\Dados de aplicativos\Adobe\Reader\8.2\ARM\23917\AdobeARM.exe

2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- e:\documents and settings\All Users\Dados de aplicativos\Adobe\Reader\8.2\ARM\23917\AdobeExtractFiles.dll

2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- e:\documents and settings\All Users\Dados de aplicativos\Adobe\Reader\8.2\ARM\23917\ReaderUpdater.exe

2010-02-25 06:17 . 2007-07-31 07:42 916480 ----a-w- e:\windows\system32\wininet.dll

2010-02-24 13:11 . 2007-07-30 22:36 455680 ----a-w- e:\windows\system32\drivers\mrxsmb.sys

2010-02-16 19:07 . 2007-07-30 22:38 2150400 ----a-w- e:\windows\system32\ntoskrnl.exe

2010-02-16 19:07 . 2007-02-28 13:08 2028544 ----a-w- e:\windows\system32\ntkrnlpa.exe

2010-02-12 04:34 . 2007-07-30 22:36 100864 ----a-w- e:\windows\system32\6to4svc.dll

2010-02-11 12:02 . 2007-07-30 22:36 226880 ----a-w- e:\windows\system32\drivers\tcpip6.sys

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}"= "e:\arquivos de programas\Messenger_Plus_Live_Brazil\tbMess.dll" [2010-03-09 2355224]

 

[HKEY_CLASSES_ROOT\clsid\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}]

2010-03-09 14:06 2355224 ----a-w- e:\arquivos de programas\Messenger_Plus_Live_Brazil\tbMess.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}"= "e:\arquivos de programas\Messenger_Plus_Live_Brazil\tbMess.dll" [2010-03-09 2355224]

 

[HKEY_CLASSES_ROOT\clsid\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{EDBCA961-4BF8-4CBE-8C63-A11DFF9ED2D9}"= "e:\arquivos de programas\Messenger_Plus_Live_Brazil\tbMess.dll" [2010-03-09 2355224]

 

[HKEY_CLASSES_ROOT\clsid\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="e:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="e:\arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="e:\arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]

"NBKeyScan"="e:\arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]

"Adobe Reader Speed Launcher"="e:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]

"Adobe ARM"="e:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

 

e:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Orbit.lnk - e:\arquivos de programas\Orbitdownloader\orbitdm.exe [2010-4-19 1773568]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"HonorAutoRunSetting"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"e:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"e:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"f:\\Arquivos de programas\\Atlantica\\Atlantica.exe"=

"e:\\WINDOWS\\system32\\wscntfy.exe"=

"e:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"e:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"e:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

"e:\\Arquivos de programas\\Windows Media Player\\wmpnetwk.exe"=

"e:\\Arquivos de programas\\Windows Media Player\\wmpenc.exe"=

"e:\\Arquivos de programas\\WinRAR\\WinRAR.exe"=

"e:\\Arquivos de programas\\MagicDisc\\MagicDisc.exe"=

"e:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"e:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=

"e:\\Downloads\\HijackThis.exe"=

"e:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"e:\\Arquivos de programas\\Windows Media Player\\wmplayer.exe"=

"e:\\Arquivos de programas\\Arquivos comuns\\Nero\\Lib\\NMBgMonitor.exe"=

"e:\\Arquivos de programas\\Satsuki Decoder Pack\\MPC\\mplayerc.exe"=

"e:\\WINDOWS\\system32\\dwwin.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

 

 

--- =Outros Serviços/Drivers Na Memória ---

 

*NewlyCreated* - DPTI930

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-04-30 e:\windows\Tasks\User_Feed_Synchronization-{C60BDEFE-0234-4A95-9EAC-0E17B17927F9}.job

- e:\windows\system32\msfeedssync.exe [2007-07-31 07:31]

.

.

------- Scan Suplementar -------

.

uInternet Connection Wizard,ShellNext = iexplore

FF - ProfilePath - e:\documents and settings\QQQ\Dados de aplicativos\Mozilla\Firefox\Profiles\96lqxdpq.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2567694&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2567694&q=

FF - component: e:\arquivos de programas\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll

FF - component: e:\documents and settings\QQQ\Dados de aplicativos\Mozilla\Firefox\Profiles\96lqxdpq.default\extensions\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}\components\FFExternalAlert.dll

FF - component: e:\documents and settings\QQQ\Dados de aplicativos\Mozilla\Firefox\Profiles\96lqxdpq.default\extensions\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}\components\RadioWMPCore.dll

 

---- FIREFOX POLICIES ----

e:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-04-30 15:30

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'explorer.exe'(1564)

e:\windows\system32\WININET.dll

e:\windows\system32\webcheck.dll

e:\windows\system32\WPDShServiceObj.dll

e:\windows\system32\PortableDeviceTypes.dll

e:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

e:\arquivos de programas\Java\jre6\bin\jqs.exe

e:\arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

e:\arquivos de programas\Orbitdownloader\orbitnet.exe

e:\arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

e:\arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe

e:\arquivos de programas\Windows Live\Contacts\wlcomm.exe

e:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Tempo para conclusão: 2010-04-30 15:35:10 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-04-30 18:35

 

Pré-execução: 10 pasta(s) 42.781.835.264 bytes disponíveis

Pós execução: 11 pasta(s) 41.663.934.464 bytes disponíveis

 

- - End Of File - - 834068E85EB41366612413BAF20F9E06

[wings 22]

1.

*Clique em [iniciar] > [Executar] > digite: Combofix /uninstall

*Clique [OK]

 

 

*Clique em [Executar]

*Aguarde até surgir a mensagem: "ComboFix está desinstalado"

*Clique [OK]

 

2.

*Baixe o OTL e salve-o no desktop

*Duplo clique em OTL.exe

*Selecione as opções abaixo:

 

[x] Scan All Users

[x[ Minimal Output

[x] Use Company Name WhiteList

[x] Skip Microsoft Files

[x] LOP Check

[x] Purity Check

*Em Custom Scans/Fixes cole o código abaixo:

 

safebootminimal

safebootnetwork

drivers32

%SYSTEMDRIVE%\*.exe

/md5start

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

sceclt.dll

ntelogon.dll

logevent.dll

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

/md5stop

%systemroot%\*. /mp /s

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

netsvcs

CREATERESTOREPOINT

*Clique em [Run Scan] e aguarde o término do processo

*Dois relatórios serão criados no desktop chamados: OTL.txt e Extras.txt

*Cole o relatório OTL.txt

[Kaaah-rai 0]

OTL logfile created on: 30/4/2010 18:14:28 - Run 1

OTL by OldTimer - Version 3.2.3.1 Folder = E:\Documents and Settings\QQQ\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

 

1.023,00 Mb Total Physical Memory | 500,00 Mb Available Physical Memory | 49,00% Memory free

2,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free

Paging file location(s): E:\pagefile.sys 1536 3072 [binary data]

 

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Arquivos de programas

Drive C: | 26,88 Gb Total Space | 13,06 Gb Free Space | 48,58% Space Free | Partition Type: NTFS

Drive D: | 996,19 Mb Total Space | 967,28 Mb Free Space | 97,10% Space Free | Partition Type: NTFS

Drive E: | 49,80 Gb Total Space | 39,74 Gb Free Space | 79,80% Space Free | Partition Type: NTFS

Drive F: | 152,40 Gb Total Space | 36,51 Gb Free Space | 23,96% Space Free | Partition Type: NTFS

G: Drive not present or media not loaded

Drive H: | 344,67 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

I: Drive not present or media not loaded

 

Computer Name: ALOKKKKK-D1D29C

Current User Name: QQQ

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Minimal

Quick Scan

 

========== Processes (SafeList) ==========

 

PRC - E:\Documents and Settings\QQQ\Desktop\OTL.exe (OldTimer Tools)

PRC - E:\Arquivos de programas\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - E:\Arquivos de programas\Java\jre6\bin\javaw.exe (Sun Microsystems, Inc.)

PRC - E:\Arquivos de programas\Orbitdownloader\orbitdm.exe (Orbitdownloader.com)

PRC - E:\Arquivos de programas\Orbitdownloader\orbitnet.exe (Orbitdownloader.com)

PRC - E:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)

PRC - E:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - E:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)

PRC - E:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe (Nero AG)

PRC - E:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe (Nero AG)

 

 

========== Modules (SafeList) ==========

 

MOD - E:\Documents and Settings\QQQ\Desktop\OTL.exe (OldTimer Tools)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (NMIndexingService) -- E:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe (Nero AG)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (dpti930) -- File not found

DRV - (ithsgt) -- E:\WINDOWS\system32\drivers\ithsgt.sys ()

DRV - (lilsgt) -- E:\WINDOWS\system32\drivers\lilsgt.sys ()

DRV - (ViaIde) -- E:\WINDOWS\system32\drivers\viaide.sys (VIA Technologies, Inc.)

DRV - (mcdbus) -- E:\WINDOWS\system32\drivers\mcdbus.sys (MagicISO, Inc.)

DRV - (xfilt) -- E:\WINDOWS\system32\DRIVERS\xfilt.sys (VIA Technologies,Inc)

DRV - (videX32) -- E:\WINDOWS\system32\DRIVERS\videX32.sys (VIA Technologies, Inc.)

DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- E:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)

DRV - (nv) -- E:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-1606980848-688789844-682003330-1003\..\URLSearchHook: {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - E:\Arquivos de programas\Messenger_Plus_Live_Brazil\tbMess.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-1606980848-688789844-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultthis.engineName: "Messenger Plus Live Brazil Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2567694&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}:2.5.8.6

FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.4

FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3

FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2567694&q="

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: E:\Arquivos de programas\Mozilla Firefox\components [2010/04/21 06:16:59 | 000,000,000 | ---D %

[Kaaah-rai 0]

Internet tá uma bosta! afff...

 

----

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultthis.engineName: "Messenger Plus Live Brazil Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2567694&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}:2.5.8.6

FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.4

FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3

FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2567694&q="

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: E:\Arquivos de programas\Mozilla Firefox\components [2010/04/21 06:16:59 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: E:\Arquivos de programas\Mozilla Firefox\plugins [2010/04/28 10:52:43 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: E:\Arquivos de programas\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

 

[2010/04/19 17:21:08 | 000,000,000 | ---D | M] -- E:\Documents and Settings\QQQ\Dados de aplicativos\Mozilla\Extensions

[2010/04/19 17:02:19 | 000,000,000 | ---D | M] -- E:\Documents and Settings\QQQ\Dados de aplicativos\Mozilla\Firefox\extensions

[2010/04/19 17:02:20 | 000,000,000 | ---D | M] (No name found) -- E:\Documents and Settings\QQQ\Dados de aplicativos\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

[2010/04/30 15:06:17 | 000,000,000 | ---D | M] -- E:\Documents and Settings\QQQ\Dados de aplicativos\Mozilla\Firefox\Profiles\96lqxdpq.default\extensions

[2010/04/26 17:41:47 | 000,000,000 | ---D | M] (Messenger Plus Live Brazil Toolbar) -- E:\Documents and Settings\QQQ\Dados de aplicativos\Mozilla\Firefox\Profiles\96lqxdpq.default\extensions\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}

[2010/04/30 15:06:17 | 000,000,000 | ---D | M] -- E:\Documents and Settings\QQQ\Dados de aplicativos\Mozilla\Firefox\Profiles\96lqxdpq.default\extensions\personas@christopher.beard

[2010/03/17 10:13:52 | 000,000,955 | ---- | M] () -- E:\Documents and Settings\QQQ\Dados de aplicativos\Mozilla\Firefox\Profiles\96lqxdpq.default\searchplugins\conduit.xml

[2010/04/30 02:32:38 | 000,000,000 | ---D | M] -- E:\Arquivos de programas\Mozilla Firefox\extensions

[2010/04/21 06:16:50 | 000,001,027 | ---- | M] () -- E:\Arquivos de programas\Mozilla Firefox\searchplugins\buscape.xml

[2010/04/21 06:16:50 | 000,001,135 | ---- | M] () -- E:\Arquivos de programas\Mozilla Firefox\searchplugins\mercadolivre.xml

[2010/04/21 06:16:50 | 000,001,168 | ---- | M] () -- E:\Arquivos de programas\Mozilla Firefox\searchplugins\wikipedia-br.xml

[2010/04/21 06:16:50 | 000,000,648 | ---- | M] () -- E:\Arquivos de programas\Mozilla Firefox\searchplugins\yahoo-br.xml

 

O1 HOSTS File: ([2010/04/30 15:30:11 | 000,000,027 | ---- | M]) - E:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Facilitador de Leitor de Link Adobe PDF) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - E:\Arquivos de programas\McAfee\VirusScan Enterprise\Scriptcl.dll File not found

O2 - BHO: (Messenger Plus Live Brazil Toolbar) - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - E:\Arquivos de programas\Messenger_Plus_Live_Brazil\tbMess.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Messenger Plus Live Brazil Toolbar) - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - E:\Arquivos de programas\Messenger_Plus_Live_Brazil\tbMess.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-1606980848-688789844-682003330-1003\..\Toolbar\Webbrowser: (Messenger Plus Live Brazil Toolbar) - {EDBCA961-4BF8-4CBE-8C63-A11DFF9ED2D9} - E:\Arquivos de programas\Messenger_Plus_Live_Brazil\tbMess.dll (Conduit Ltd.)

O4 - HKLM..\Run: [Adobe ARM] E:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] E:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [NBKeyScan] E:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)

O4 - HKLM..\Run: [NeroFilterCheck] E:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe (Nero AG)

O4 - HKU\S-1-5-21-1606980848-688789844-682003330-1003..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] E:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe (Nero AG)

O4 - Startup: E:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Orbit.lnk = E:\Arquivos de programas\Orbitdownloader\orbitdm.exe (Orbitdownloader.com)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1606980848-688789844-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1606980848-688789844-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-1606980848-688789844-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-1606980848-688789844-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0

O7 - HKU\S-1-5-21-1606980848-688789844-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab (UnoCtrl Class)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1272438532281 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Arquivos de programas\Arquivos comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\Arquivos de programas\Arquivos comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Arquivos de programas\Arquivos comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\Arquivos de programas\Arquivos comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Arquivos de programas\Arquivos comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Arquivos de programas\Arquivos comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\Arquivos de programas\Arquivos comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - E:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Minha página inicial atual) - About:Home

O24 - Desktop WallPaper: E:\Documents and Settings\QQQ\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: E:\Documents and Settings\QQQ\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/04/20 01:47:29 | 000,000,007 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2010/04/29 14:13:32 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2010/04/29 14:13:32 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2010/04/29 14:13:32 | 000,000,000 | R--D | M] - E:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2010/04/29 14:13:32 | 000,000,000 | R--D | M] - F:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2003/12/01 11:50:50 | 000,000,025 | R--- | M] () - H:\autorun.inf -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

 

 

Drivers32: msacm.iac2 - E:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - E:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.siren - E:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)

Drivers32: msacm.sl_anet - E:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - E:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: msacm.vorbis - E:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)

Drivers32: vidc.cvid - E:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.ffds - E:\WINDOWS\System32\ff_vfw.dll ()

Drivers32: vidc.iv31 - E:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - E:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - E:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - E:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

 

NetSvcs: 6to4 - File not found

NetSvcs: Ias - E:\WINDOWS\system32\ias [2010/04/19 16:12:21 | 000,000,000 | ---D | M]

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

 

CREATERESTOREPOINT

Error starting restore point: System Restore is disabled.

Error closing restore point: System Restore is disabled.

 

========== Files/Folders - Created Within 90 Days ==========

 

[2010/04/30 18:09:51 | 000,562,176 | ---- | C] (OldTimer Tools) -- E:\Documents and Settings\QQQ\Desktop\OTL.exe

[2010/04/30 18:09:47 | 000,000,000 | --SD | C] -- E:\ComboFix

[2010/04/30 16:21:47 | 000,000,000 | ---D | C] -- E:\Arquivos de programas\Lavalys

[2010/04/30 15:28:23 | 000,000,000 | ---D | C] -- E:\WINDOWS\temp

[2010/04/30 15:19:07 | 000,288,654 | ---- | C] ( ) -- E:\Documents and Settings\QQQ\Desktop\SafeBootKeyRepair.exe

[2010/04/29 15:12:33 | 000,000,000 | ---D | C] -- E:\WINDOWS\Prefetch

[2010/04/29 15:03:53 | 000,000,000 | ---D | C] -- E:\WINDOWS\l2schemas

[2010/04/29 15:00:04 | 000,000,000 | ---D | C] -- E:\WINDOWS\network diagnostic

[2010/04/29 14:36:40 | 000,501,248 | ---- | C] (MSNVirusRemoval.com - Macka's Software) -- E:\Documents and Settings\QQQ\Desktop\MSN Virus Remover.exe

[2010/04/29 14:13:32 | 000,000,000 | R--D | C] -- E:\autorun.inf

[2010/04/29 13:48:41 | 000,000,000 | -HSD | C] -- E:\Documents and Settings\QQQ\IECompatCache

[2010/04/29 13:48:08 | 000,000,000 | -HSD | C] -- E:\Documents and Settings\QQQ\PrivacIE

[2010/04/29 13:34:56 | 000,000,000 | ---D | C] -- E:\UsbFix

[2010/04/29 13:26:49 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\ReinstallBackups

[2010/04/29 13:23:35 | 000,000,000 | -H-D | C] -- E:\WINDOWS\$NtServicePackUninstall$

[2010/04/29 13:15:29 | 000,000,000 | -HSD | C] -- E:\Documents and Settings\QQQ\IETldCache

[2010/04/29 13:13:12 | 000,000,000 | ---D | C] -- E:\WINDOWS\ie8updates

[2010/04/29 13:12:55 | 000,000,000 | ---D | C] -- E:\WINDOWS\WBEM

[2010/04/29 13:11:08 | 000,000,000 | -H-D | C] -- E:\WINDOWS\ie8

[2010/04/29 00:05:51 | 000,000,000 | ---D | C] -- E:\WINDOWS\ie7updates

[2010/04/29 00:03:24 | 000,000,000 | ---D | C] -- E:\rsit

[2010/04/29 00:02:52 | 000,000,000 | ---D | C] -- E:\WINDOWS\ServicePackFiles

[2010/04/29 00:02:18 | 000,000,000 | ---D | C] -- E:\Arquivos de programas\MSXML 4.0

[2010/04/28 04:11:38 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\SoftwareDistribution

[2010/04/28 03:40:06 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Dados de aplicativos\TEMP

[2010/04/28 03:37:39 | 000,000,000 | ---D | C] -- E:\Documents and Settings\QQQ\Meus documentos\Simply Super Software

[2010/04/28 03:32:02 | 009,456,952 | ---- | C] (Simply Super Software ) -- E:\Documents and Settings\QQQ\Desktop\trjsetup681.exe

[2010/04/28 03:20:21 | 000,000,000 | ---D | C] -- E:\Malwarebytes' Anti-Malware

[2010/04/28 02:25:54 | 001,058,423 | ---- | C] (Symantec) -- E:\Documents and Settings\QQQ\Desktop\SymRegFix.exe

[2010/04/28 02:09:27 | 000,000,000 | ---D | C] -- E:\WINDOWS\Minidump

[2010/04/27 17:33:27 | 000,000,000 | ---D | C] -- E:\Arquivos de programas\Adobe

[2010/04/26 17:41:51 | 000,000,000 | ---D | C] -- E:\Documents and Settings\QQQ\Configurações locais\Dados de aplicativos\Conduit

[2010/04/26 17:41:50 | 000,000,000 | ---D | C] -- E:\Documents and Settings\QQQ\Configurações locais\Dados de aplicativos\Messenger_Plus_Live_Brazil

[2010/04/26 17:41:50 | 000,000,000 | ---D | C] -- E:\Arquivos de programas\Conduit

[2010/04/26 17:41:49 | 000,000,000 | ---D | C] -- E:\Arquivos de programas\Messenger_Plus_Live_Brazil

[2010/04/22 00:46:02 | 000,000,000 | ---D | C] -- E:\Documents and Settings\QQQ\Configurações locais\Dados de aplicativos\Ahead

[2010/04/22 00:45:22 | 000,000,000 | ---D | C] -- E:\Documents and Settings\QQQ\Dados de aplicativos\Nero

[2010/04/22 00:42:22 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Dados de aplicativos\Nero

[2010/04/22 00:42:22 | 000,000,000 | ---D | C] -- E:\Arquivos de programas\Nero

[2010/04/22 00:42:21 | 000,000,000 | ---D | C] -- E:\Arquivos de programas\Arquivos comuns\Nero

[2010/04/20 19:40:28 | 000,000,000 | ---D | C] -- E:\Documents and Settings\QQQ\Configurações locais\Dados de aplicativos\Identities

[2010/04/20 12:40:23 | 000,000,000 | R--D | C] -- E:\Documents and Settings\QQQ\Meus documentos\Meus vídeos

[2010/04/20 12:38:43 | 000,000,000 | ---D | C] -- E:\Documents and Settings\QQQ\Dados de aplicativos\Malwarebytes

[2010/04/20 12:38:36 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes

[2010/04/20 02:56:26 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files

[2010/04/20 02:42:31 | 000,000,000 | ---D | C] -- E:\WINDOWS\ERDNT

[2010/04/20 02:37:32 | 000,000,000 | ---D | C] -- E:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\ESET

[2010/04/20 02:20:32 | 000,000,000 | ---D | C] -- E:\Documents and Settings\QQQ\Configurações locais\Dados de aplicativos\ESET

[2010/04/20 02:19:51 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Dados de aplicativos\ESET

[2010/04/20 02:06:07 | 000,000,000 | ---D | C] -- E:\Arquivos de programas\JDownloader

[2010/04/20 02:05:42 | 000,000,000 | ---D | C] -- E:\Arquivos de programas\Java

[2010/04/20 01:58:55 | 000,000,000 | ---D | C] -- E:\Arquivos de programas\Realtek Sound Manager

[2010/04/20 01:58:55 | 000,000,000 | ---D | C] -- E:\Arquivos de programas\AvRack

[2010/04/20 01:58:43 | 000,000,000 | ---D | C] -- E:\Arquivos de programas\Realtek AC97

[2010/04/20 01:58:39 | 000,000,000 | -H-D | C] -- E:\Arquivos de programas\InstallShield Installation Information

[2010/04/20 01:58:29 | 000,000,000 | ---D | C] -- E:\Arquivos de programas\Arquivos comuns\InstallShield

[2010/04/20 01:44:23 | 000,000,000 | ---D | C] -- E:\Documents and Settings\QQQ\Configurações locais\Dados de aplicativos\Bron.tok-14-20

[2010/04/20 01:44:19 | 000,000,000 | ---D | C] -- E:\WINDOWS\ShellNew

[2010/04/20 01:43:23 | 000,000,000 | ---D | C] -- E:\Documents and Settings\QQQ\Meus documentos\atari

[2010/04/19 17:21:06 | 000,000,000 | ---D | C] -- E:\Documents and Settings\QQQ\Configurações locais\Dados de aplicativos\Mozilla

[2010/04/19 17:13:09 | 000,116,736 | ---- | C] (MagicISO, Inc.) -- E:\WINDOWS\System32\drivers\mcdbus.sys

[2010/04/19 17:13:09 | 000,000,000 | ---D | C] -- E:\Arquivos de programas\MagicDisc

[2010/04/19 17:12:48 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

[2010/04/19 17:06:41 | 000,000,000 | ---D | C] -- E:\Documents and Settings\QQQ\Dados de aplicativos\WinRAR

[2010/04/19 17:03:20 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\Lang

[2010/04/19 17:02:20 | 000,000,000 | ---D | C] -- E:\Arquivos de programas\Mozilla Firefox

[2010/04/19 17:02:19 | 000,000,000 | ---D | C] -- E:\Documents and Settings\QQQ\Dados de aplicativos\Mozilla

[2010/04/19 17:02:15 | 000,000,000 | ---D | C] -- E:\Documents and Settings\QQQ\Configurações locais\Dados de aplicativos\Adobe

[2010/04/19 17:02:12 | 000,000,000 | ---D | C] -- E:\Downloads

[2010/04/19 17:02:09 | 000,000,000 | ---D | C] -- E:\Documents and Settings\QQQ\Dados de aplicativos\GrabPro

[2010/04/19 17:02:05 | 000,000,000 | ---D | C] -- E:\Arquivos de programas\Orbitdownloader

[2010/04/19 17:02:00 | 000,000,000 | ---D | C] -- E:\Documents and Settings\QQQ\Dados de aplicativos\Orbit

[2010/04/19 17:01:42 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Dados de aplicativos\Adobe

[2010/04/19 17:01:38 | 000,000,000 | ---D | C] -- E:\Arquivos de programas\uTorrent

[2010/04/19 17:01:30 | 000,000,000 | ---D | C] -- E:\Arquivos de programas\Arquivos comuns\Adobe

[2010/04/19 17:01:03 | 000,000,000 | ---D | C] -- E:\Documents and Settings\QQQ\Dados de aplicativos\uTorrent

[2010/04/19 16:56:21 | 000,000,000 | ---D | C] -- E:\Arquivos de programas\Arquivos comuns\Cisco Systems

[2010/04/19 16:53:53 | 000,000,000 | ---D | C] -- E:\WINDOWS\35C03C043F1F42C2A989A757EE691F65.TMP

[2010/04/19 16:51:21 | 000,278,528 | ---- | C] (Real Networks, Inc) -- E:\WINDOWS\System32\pncrt.dll

[2010/04/19 16:51:21 | 000,000,000 | ---D | C] -- E:\Arquivos de programas\Real Alternative

[2010/04/19 16:51:21 | 000,000,000 | ---D | C] -- E:\Documents and Settings\QQQ\Dados de aplicativos\Real

[2010/04/19 16:51:21 | 000,000,000 | ---D | C] -- E:\Documents and Settings\QQQ\Configurações locais\Dados de aplicativos\Real

[2010/04/19 16:51:21 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Dados de aplicativos\Real

[2010/04/19 16:48:15 | 000,000,000 | ---D | C] -- E:\Arquivos de programas\NSIS

[2010/04/19 16:47:29 | 000,000,000 | ---D | C] -- E:\Documents and Settings\QQQ\Dados de aplicativos\Media Player Classic

[2010/04/19 16:47:27 | 000,000,000 | ---D | C] -- E:\Documents and Settings\QQQ\Dados de aplicativos\Sun

[2010/04/19 16:40:26 | 000,000,000 | ---D | C] -- E:\Arquivos de programas\Arquivos comuns\DirectX

[2010/04/19 16:40:04 | 000,000,000 | ---D | C] -- E:\Documents and Settings\QQQ\Meus documentos\Os Meus Registos

[2010/04/19 16:38:22 | 000,000,000 | ---D | C] -- E:\Documents and Settings\QQQ\Meus documentos\Meus arquivos recebidos

[2010/04/19 16:35:19 | 000,000,000 | ---D | C] -- E:\Arquivos de programas\PhotoScape

[2010/04/19 16:33:58 | 000,000,000 | ---D | C] -- E:\Arquivos de programas\Windows Media Connect 2

[2010/04/19 16:33:23 | 000,000,000 | ---D | C] -- E:\Arquivos de programas\Messenger Plus! Live

[2010/04/19 16:33:18 | 000,000,000 | ---D | C] -- E:\Documents and Settings\QQQ\Tracing

[2010/04/19 16:33:10 | 000,000,000 | ---D | C] -- E:\1bd37db14c99c7519990265b

[2010/04/19 16:32:59 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\drivers\UMDF

[2010/04/19 16:32:59 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\LogFiles

[2010/04/19 16:32:18 | 000,000,000 | ---D | C] -- E:\Arquivos de programas\Microsoft

[2010/04/19 16:32:08 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Documentos\microsoft

[2010/04/19 16:32:02 | 000,000,000 | ---D | C] -- E:\Arquivos de programas\Windows Live SkyDrive

[2010/04/19 16:31:40 | 000,000,000 | ---D | C] -- E:\Arquivos de programas\Windows Live

[2010/04/19 16:31:21 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Dados de aplicativos\Windows Genuine Advantage

[2010/04/19 16:29:17 | 000,000,000 | ---D | C] -- E:\Arquivos de programas\Satsuki Decoder Pack

[2010/04/19 16:27:54 | 000,000,000 | ---D | C] -- E:\Documents and Settings\QQQ\Dados de aplicativos\Macromedia

[2010/04/19 16:27:54 | 000,000,000 | ---D | C] -- E:\Documents and Settings\QQQ\Dados de aplicativos\Adobe

[2010/04/19 16:25:49 | 000,000,000 | ---D | C] -- E:\Arquivos de programas\Arquivos comuns\Windows Live

[2010/04/19 16:23:04 | 000,000,000 | ---D | C] -- E:\Arquivos de programas\WinRAR

[2010/04/19 16:20:25 | 000,000,000 | ---D | C] -- E:\Documents and Settings\QQQ\Dados de aplicativos\Identities

[2010/04/19 16:20:23 | 000,000,000 | R--D | C] -- E:\Documents and Settings\QQQ\Meus documentos\Minhas músicas

[2010/04/19 16:20:23 | 000,000,000 | R--D | C] -- E:\Documents and Settings\QQQ\Meus documentos\Minhas imagens

[2010/04/19 16:20:06 | 000,000,000 | --SD | C] -- E:\Documents and Settings\QQQ\Configurações locais\Dados de aplicativos\Microsoft

[2010/04/19 16:20:06 | 000,000,000 | -H-D | C] -- E:\Documents and Settings\QQQ\Ambiente de rede

[2010/04/19 16:20:06 | 000,000,000 | -H-D | C] -- E:\Documents and Settings\QQQ\Ambiente de impressão

[2010/04/19 16:20:05 | 000,000,000 | --SD | C] -- E:\Documents and Settings\QQQ\Dados de aplicativos\Microsoft

[2010/04/19 16:20:05 | 000,000,000 | RH-D | C] -- E:\Documents and Settings\QQQ\SendTo

[2010/04/19 16:20:05 | 000,000,000 | RH-D | C] -- E:\Documents and Settings\QQQ\Recent

[2010/04/19 16:20:05 | 000,000,000 | RH-D | C] -- E:\Documents and Settings\QQQ\Dados de aplicativos

[2010/04/19 16:20:05 | 000,000,000 | R--D | C] -- E:\Documents and Settings\QQQ\Meus documentos

[2010/04/19 16:20:05 | 000,000,000 | R--D | C] -- E:\Documents and Settings\QQQ\Menu Iniciar

[2010/04/19 16:20:05 | 000,000,000 | R--D | C] -- E:\Documents and Settings\QQQ\Favoritos

[2010/04/19 16:20:05 | 000,000,000 | -HSD | C] -- E:\Documents and Settings\QQQ\Cookies

[2010/04/19 16:20:05 | 000,000,000 | -H-D | C] -- E:\Documents and Settings\QQQ\Modelos

[2010/04/19 16:20:05 | 000,000,000 | -H-D | C] -- E:\Documents and Settings\QQQ\Configurações locais

[2010/04/19 16:20:05 | 000,000,000 | ---D | C] -- E:\Documents and Settings\QQQ\Desktop

[2010/04/19 16:16:58 | 000,000,000 | ---D | C] -- E:\WINDOWS\SoftwareDistribution

[2010/04/19 16:16:45 | 000,000,000 | --SD | C] -- E:\WINDOWS\System32\Microsoft

[2010/04/19 16:16:44 | 000,000,000 | --SD | C] -- E:\Documents and Settings\LocalService\Dados de aplicativos\Microsoft

[2010/04/19 16:16:44 | 000,000,000 | --SD | C] -- E:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft

[2010/04/19 16:16:36 | 000,000,000 | --SD | C] -- E:\Documents and Settings\NetworkService\Dados de aplicativos\Microsoft

[2010/04/19 16:16:36 | 000,000,000 | --SD | C] -- E:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft

[2010/04/19 16:14:59 | 000,080,896 | ---- | C] (Ricoh Co., Ltd.) -- E:\WINDOWS\System32\dllcache\rwia330.dll

[2010/04/19 16:14:59 | 000,080,896 | ---- | C] (Ricoh Co., Ltd.) -- E:\WINDOWS\System32\dllcache\rwia001.dll

[2010/04/19 16:14:01 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- E:\WINDOWS\System32\dllcache\cap7146.sys

[2010/04/19 16:13:41 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\xircom

[2010/04/19 16:13:41 | 000,000,000 | ---D | C] -- E:\Arquivos de programas\xerox

[2010/04/19 16:13:41 | 000,000,000 | ---D | C] -- E:\Arquivos de programas\microsoft frontpage

[2010/04/19 16:13:30 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\bits

[2010/04/19 16:13:13 | 000,000,000 | -H-D | C] -- E:\WINDOWS\$hf_mig$

[2010/04/19 16:11:41 | 000,000,000 | -HSD | C] -- E:\Documents and Settings\All Users\DRM

[2010/04/19 16:11:19 | 000,000,000 | -H-D | C] -- E:\Arquivos de programas\WindowsUpdate

[2010/04/19 16:11:15 | 000,000,000 | ---D | C] -- E:\Arquivos de programas\Serviços on-line

[2010/04/19 16:11:01 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\DirectX

[2010/04/19 16:10:35 | 000,000,000 | ---D | C] -- E:\Arquivos de programas\Arquivos comuns\Serviços

[2010/04/19 16:10:33 | 000,000,000 | --SD | C] -- E:\WINDOWS\Tasks

[2010/04/19 16:10:32 | 000,000,000 | ---D | C] -- E:\Arquivos de programas\Arquivos comuns\MSSoap

[2010/04/19 16:10:28 | 000,000,000 | ---D | C] -- E:\WINDOWS\srchasst

[2010/04/19 16:10:28 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\Macromed

[2010/04/19 16:10:21 | 000,000,000 | ---D | C] -- E:\Arquivos de programas\Movie Maker

[2010/04/19 16:10:14 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\Restore

[2010/04/19 16:10:11 | 000,000,000 | ---D | C] -- E:\Arquivos de programas\NetMeeting

[2010/04/19 16:10:08 | 000,000,000 | ---D | C] -- E:\Arquivos de programas\Outlook Express

[2010/04/19 16:10:03 | 000,000,000 | ---D | C] -- E:\Arquivos de programas\Arquivos comuns\System

[2010/04/19 16:10:02 | 000,000,000 | ---D | C] -- E:\Arquivos de programas\Internet Explorer

[2010/04/19 16:10:01 | 000,000,000 | R--D | C] -- E:\Documents and Settings\All Users\Documentos\Minhas imagens

[2010/04/19 16:09:35 | 000,000,000 | -H-D | C] -- E:\Arquivos de programas\Uninstall Information

[2010/04/19 16:09:25 | 000,000,000 | ---D | C] -- E:\Arquivos de programas\ComPlus Applications

[2010/04/19 16:09:18 | 000,000,000 | ---D | C] -- E:\WINDOWS\Registration

[2010/04/19 16:09:11 | 000,000,000 | R--D | C] -- E:\Documents and Settings\All Users\Documentos\Minhas músicas

[2010/04/19 16:09:11 | 000,000,000 | ---D | C] -- E:\Arquivos de programas\Windows Media Player

[2010/04/19 16:09:05 | 000,000,000 | ---D | C] -- E:\Arquivos de programas\Messenger

[2010/04/19 16:09:02 | 000,000,000 | ---D | C] -- E:\Arquivos de programas\MSN Gaming Zone

[2010/04/19 16:08:40 | 000,000,000 | ---D | C] -- E:\Arquivos de programas\Windows NT

[2010/04/19 16:08:38 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\MsDtc

[2010/04/19 16:08:36 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\Com

[2010/04/19 16:08:23 | 000,000,000 | R--D | C] -- E:\Documents and Settings\All Users\Documentos\Meus vídeos

[2010/04/19 12:24:20 | 000,000,000 | -HSD | C] -- E:\WINDOWS\Installer

[2010/04/19 12:24:20 | 000,000,000 | ---D | C] -- E:\Arquivos de programas\Arquivos comuns\ODBC

[2010/04/19 12:24:16 | 000,000,000 | R--D | C] -- E:\Arquivos de programas

[2010/04/19 12:24:16 | 000,000,000 | ---D | C] -- E:\Arquivos de programas\Arquivos comuns\SpeechEngines

[2010/04/19 12:24:16 | 000,000,000 | ---D | C] -- E:\Arquivos de programas\Arquivos comuns\Microsoft Shared

[2010/04/19 12:24:16 | 000,000,000 | ---D | C] -- E:\Arquivos de programas\Arquivos comuns

[2010/04/19 12:23:52 | 000,000,000 | R--D | C] -- E:\Documents and Settings\All Users\Menu Iniciar

[2010/04/19 12:23:52 | 000,000,000 | R--D | C] -- E:\Documents and Settings\All Users\Documentos

[2010/04/19 12:23:52 | 000,000,000 | -H-D | C] -- E:\Documents and Settings\All Users\Modelos

[2010/04/19 12:23:52 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Favoritos

[2010/04/19 12:23:52 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Desktop

[2010/04/19 12:23:29 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\CatRoot2

[2010/04/19 12:23:29 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\CatRoot

[2010/04/19 12:23:23 | 000,000,000 | --SD | C] -- E:\Documents and Settings\All Users\Dados de aplicativos\Microsoft

[2010/04/19 12:23:23 | 000,000,000 | RH-D | C] -- E:\Documents and Settings\All Users\Dados de aplicativos

[2010/04/19 12:23:05 | 000,021,144 | ---- | C] (VIA Technologies,Inc) -- E:\WINDOWS\System32\drivers\xfilt.sys

[2010/04/19 12:22:51 | 000,000,000 | ---D | C] -- E:\Documents and Settings

[2010/04/19 12:22:50 | 000,000,000 | -HSD | C] -- E:\System Volume Information

[2010/04/19 12:18:58 | 000,000,000 | --SD | C] -- E:\WINDOWS\Downloaded Program Files

[2010/04/19 12:18:58 | 000,000,000 | R-SD | C] -- E:\WINDOWS\Fonts

[2010/04/19 12:18:58 | 000,000,000 | RHSD | C] -- E:\WINDOWS\System32\dllcache

[2010/04/19 12:18:58 | 000,000,000 | R--D | C] -- E:\WINDOWS\Web

[2010/04/19 12:18:58 | 000,000,000 | -H-D | C] -- E:\WINDOWS\inf

[2010/04/19 12:18:58 | 000,000,000 | ---D | C] -- E:\WINDOWS\WinSxS

[2010/04/19 12:18:58 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\wins

[2010/04/19 12:18:58 | 000,000,000 | ---D | C] -- E:\WINDOWS

[2010/04/19 12:18:58 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\wbem

[2010/04/19 12:18:58 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\usmt

[2010/04/19 12:18:58 | 000,000,000 | ---D | C] -- E:\WINDOWS\twain_32

[2010/04/19 12:18:58 | 000,000,000 | ---D | C] -- E:\WINDOWS\system32

[2010/04/19 12:18:58 | 000,000,000 | ---D | C] -- E:\WINDOWS\system

[2010/04/19 12:18:58 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\spool

[2010/04/19 12:18:58 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\ShellExt

[2010/04/19 12:18:58 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\Setup

[2010/04/19 12:18:58 | 000,000,000 | ---D | C] -- E:\WINDOWS\security

[2010/04/19 12:18:58 | 000,000,000 | ---D | C] -- E:\WINDOWS\Resources

[2010/04/19 12:18:58 | 000,000,000 | ---D | C] -- E:\WINDOWS\repair

[2010/04/19 12:18:58 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\ras

[2010/04/19 12:18:58 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\pt-br

[2010/04/19 12:18:58 | 000,000,000 | ---D | C] -- E:\WINDOWS\Provisioning

[2010/04/19 12:18:58 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\PreInstall

[2010/04/19 12:18:58 | 000,000,000 | ---D | C] -- E:\WINDOWS\PeerNet

[2010/04/19 12:18:58 | 000,000,000 | ---D | C] -- E:\WINDOWS\pchealth

[2010/04/19 12:18:58 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\oobe

[2010/04/19 12:18:58 | 000,000,000 | ---D | C] -- E:\WINDOWS\Offline Web Pages

[2010/04/19 12:18:58 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\npp

[2010/04/19 12:18:58 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\mui

[2010/04/19 12:18:58 | 000,000,000 | ---D | C] -- E:\WINDOWS\mui

[2010/04/19 12:18:58 | 000,000,000 | ---D | C] -- E:\WINDOWS\msapps

[2010/04/19 12:18:58 | 000,000,000 | ---D | C] -- E:\WINDOWS\msagent

[2010/04/19 12:18:58 | 000,000,000 | ---D | C] -- E:\WINDOWS\Media

[2010/04/19 12:18:58 | 000,000,000 | ---D | C] -- E:\WINDOWS\java

[2010/04/19 12:18:58 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\inetsrv

[2010/04/19 12:18:58 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\IME

[2010/04/19 12:18:58 | 000,000,000 | ---D | C] -- E:\WINDOWS\ime

[2010/04/19 12:18:58 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\icsxml

[2010/04/19 12:18:58 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\ias

[2010/04/19 12:18:58 | 000,000,000 | ---D | C] -- E:\WINDOWS\Help

[2010/04/19 12:18:58 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\export

[2010/04/19 12:18:58 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\drivers\etc

[2010/04/19 12:18:58 | 000,000,000 | ---D | C] -- E:\WINDOWS\ehome

[2010/04/19 12:18:58 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\drivers

[2010/04/19 12:18:58 | 000,000,000 | ---D | C] -- E:\WINDOWS\Driver Cache

[2010/04/19 12:18:58 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\drivers\disdn

[2010/04/19 12:18:58 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\dhcp

[2010/04/19 12:18:58 | 000,000,000 | ---D | C] -- E:\WINDOWS\Debug

[2010/04/19 12:18:58 | 000,000,000 | ---D | C] -- E:\WINDOWS\Cursors

[2010/04/19 12:18:58 | 000,000,000 | ---D | C] -- E:\WINDOWS\Connection Wizard

[2010/04/19 12:18:58 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\config

[2010/04/19 12:18:58 | 000,000,000 | ---D | C] -- E:\WINDOWS\Config

[2010/04/19 12:18:58 | 000,000,000 | ---D | C] -- E:\WINDOWS\AppPatch

[2010/04/19 12:18:58 | 000,000,000 | ---D | C] -- E:\WINDOWS\addins

[2010/04/19 12:18:58 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\3com_dmi

[2010/04/19 12:18:58 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\3076

[2010/04/19 12:18:58 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\2052

[2010/04/19 12:18:58 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\1054

[2010/04/19 12:18:58 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\1046

[2010/04/19 12:18:58 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\1042

[2010/04/19 12:18:58 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\1041

[2010/04/19 12:18:58 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\1037

[2010/04/19 12:18:58 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\1033

[2010/04/19 12:18:58 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\1031

[2010/04/19 12:18:58 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\1028

[2010/04/19 12:18:58 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\1025

[6 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]

[10 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ]

 

========== Files - Modified Within 90 Days ==========

 

[2010/04/30 18:10:05 | 000,562,176 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\QQQ\Desktop\OTL.exe

[2010/04/30 17:52:29 | 000,002,206 | ---- | M] () -- E:\WINDOWS\System32\wpa.dbl

[2010/04/30 17:52:17 | 000,001,610 | ---- | M] () -- E:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Orbit.lnk

[2010/04/30 17:52:13 | 000,000,006 | -H-- | M] () -- E:\WINDOWS\tasks\SA.DAT

[2010/04/30 17:52:12 | 000,002,048 | --S- | M] () -- E:\WINDOWS\bootstat.dat

[2010/04/30 17:52:11 | 1073,008,640 | -HS- | M] () -- E:\hiberfil.sys

[2010/04/30 16:21:49 | 000,000,827 | ---- | M] () -- E:\Documents and Settings\QQQ\Desktop\EVEREST Ultimate Edition.lnk

[2010/04/30 15:30:32 | 000,000,264 | ---- | M] () -- E:\WINDOWS\system.ini

[2010/04/30 15:30:11 | 000,000,027 | ---- | M] () -- E:\WINDOWS\System32\drivers\etc\hosts

[2010/04/30 15:29:21 | 000,000,210 | -HS- | M] () -- E:\Documents and Settings\QQQ\ntuser.ini

[2010/04/30 15:29:20 | 003,407,872 | -H-- | M] () -- E:\Documents and Settings\QQQ\NTUSER.DAT

[2010/04/30 15:29:17 | 003,184,656 | -H-- | M] () -- E:\Documents and Settings\QQQ\Configurações locais\Dados de aplicativos\IconCache.db

[2010/04/30 15:19:11 | 000,288,654 | ---- | M] ( ) -- E:\Documents and Settings\QQQ\Desktop\SafeBootKeyRepair.exe

[2010/04/30 14:51:16 | 021,610,840 | ---- | M] () -- E:\Documents and Settings\QQQ\Desktop\NMT Clipe.flv

[2010/04/30 14:32:37 | 000,000,450 | -H-- | M] () -- E:\WINDOWS\tasks\User_Feed_Synchronization-{C60BDEFE-0234-4A95-9EAC-0E17B17927F9}.job

[2010/04/30 02:37:41 | 000,005,161 | ---- | M] () -- E:\Documents and Settings\QQQ\Desktop\preview_large.jpg

[2010/04/30 02:26:31 | 000,033,792 | ---- | M] () -- E:\Documents and Settings\QQQ\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/04/30 02:26:29 | 000,000,069 | ---- | M] () -- E:\WINDOWS\NeroDigital.ini

[2010/04/29 23:55:09 | 000,009,310 | ---- | M] () -- E:\Documents and Settings\QQQ\Desktop\OQAAAOoSQ8b7AovsY5cwapEU7a-0vH04ZR869R1C6IY32zBj0AOvxSfrPozo-8cIViUaZxx72ODM-5ZsZ85iqZlr7JkAm1T1UD5wFjX8ZEmpMuHwTjAXS_5JcZ8-.jpg

[2010/04/29 15:14:26 | 000,752,074 | ---- | M] () -- E:\WINDOWS\System32\PerfStringBackup.INI

[2010/04/29 15:14:26 | 000,344,380 | ---- | M] () -- E:\WINDOWS\System32\perfh016.dat

[2010/04/29 15:14:26 | 000,311,604 | ---- | M] () -- E:\WINDOWS\System32\perfh009.dat

[2010/04/29 15:14:26 | 000,048,628 | ---- | M] () -- E:\WINDOWS\System32\perfc016.dat

[2010/04/29 15:14:26 | 000,039,992 | ---- | M] () -- E:\WINDOWS\System32\perfc009.dat

[2010/04/29 15:13:37 | 000,013,688 | ---- | M] () -- E:\Documents and Settings\QQQ\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT

[2010/04/29 15:12:16 | 000,095,864 | ---- | M] () -- E:\WINDOWS\System32\FNTCACHE.DAT

[2010/04/29 14:36:51 | 000,501,248 | ---- | M] (MSNVirusRemoval.com - Macka's Software) -- E:\Documents and Settings\QQQ\Desktop\MSN Virus Remover.exe

[2010/04/29 14:13:33 | 000,019,228 | ---- | M] () -- E:\UsbFix_Upload_Me_ALOKKKKK-D1D29C.zip

[2010/04/29 00:02:49 | 000,781,909 | ---- | M] () -- E:\Documents and Settings\QQQ\Desktop\RSIT.exe

[2010/04/28 12:19:25 | 000,023,107 | ---- | M] () -- E:\Documents and Settings\QQQ\Desktop\DSC05827.JPG

[2010/04/28 10:52:44 | 000,001,769 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk

[2010/04/28 03:36:52 | 009,456,952 | ---- | M] (Simply Super Software ) -- E:\Documents and Settings\QQQ\Desktop\trjsetup681.exe

[2010/04/28 03:08:56 | 000,149,504 | ---- | M] () -- E:\Documents and Settings\QQQ\Desktop\f-sasser.exe

[2010/04/28 02:38:32 | 000,000,610 | ---- | M] () -- E:\Documents and Settings\QQQ\Desktop\UnHookExec.inf

[2010/04/26 13:50:54 | 002,811,724 | ---- | M] () -- E:\Documents and Settings\QQQ\Meus documentos\01 Ven a Bailar.mp3

[2010/04/26 03:19:35 | 000,765,141 | ---- | M] () -- E:\Documents and Settings\QQQ\Meus documentos\126023133916s.gif

[2010/04/26 01:33:48 | 001,180,065 | ---- | M] () -- E:\Documents and Settings\QQQ\Desktop\126884072220.jpg

[2010/04/26 01:05:36 | 000,364,789 | ---- | M] () -- E:\Documents and Settings\QQQ\Desktop\1272247346814.jpg

[2010/04/24 16:19:01 | 004,124,023 | ---- | M] () -- E:\Documents and Settings\QQQ\Meus documentos\04 Nada Puede Mas.mp3

[2010/04/24 16:19:01 | 003,760,816 | ---- | M] () -- E:\Documents and Settings\QQQ\Meus documentos\06 Debia Ser Amor.mp3

[2010/04/24 16:19:01 | 003,552,316 | ---- | M] () -- E:\Documents and Settings\QQQ\Meus documentos\03 Ella Tiene un Amor.mp3

[2010/04/24 16:19:01 | 003,536,053 | ---- | M] () -- E:\Documents and Settings\QQQ\Meus documentos\05 Y Abrir Los Ojos.mp3

[2010/04/24 16:19:01 | 003,378,844 | ---- | M] () -- E:\Documents and Settings\QQQ\Meus documentos\11 Te Habla mi Corazón.mp3

[2010/04/24 16:19:01 | 003,264,169 | ---- | M] () -- E:\Documents and Settings\QQQ\Meus documentos\10 Para Mi (No Habra Otro Amor).mp3

[2010/04/24 16:19:00 | 004,001,008 | ---- | M] () -- E:\Documents and Settings\QQQ\Meus documentos\09 Amigas Como Tu.mp3

[2010/04/24 16:19:00 | 003,326,302 | ---- | M] () -- E:\Documents and Settings\QQQ\Meus documentos\02 Vamos a Vivir.mp3

[2010/04/24 16:19:00 | 003,135,316 | ---- | M] () -- E:\Documents and Settings\QQQ\Meus documentos\07 La Princesa.mp3

[2010/04/24 16:19:00 | 002,867,602 | ---- | M] () -- E:\Documents and Settings\QQQ\Meus documentos\08 Yo Digo.mp3

[2010/04/24 16:18:28 | 000,015,501 | -HS- | M] () -- E:\Documents and Settings\QQQ\Meus documentos\folder.jpg

[2010/04/24 16:18:28 | 000,015,501 | -HS- | M] () -- E:\Documents and Settings\QQQ\Meus documentos\AlbumArt_{2C91D7A3-2024-45D8-9F2D-22501BB02445}_Large.jpg

[2010/04/24 16:18:27 | 000,003,571 | -HS- | M] () -- E:\Documents and Settings\QQQ\Meus documentos\AlbumArtSmall.jpg

[2010/04/24 16:18:27 | 000,003,571 | -HS- | M] () -- E:\Documents and Settings\QQQ\Meus documentos\AlbumArt_{2C91D7A3-2024-45D8-9F2D-22501BB02445}_Small.jpg

[2010/04/22 14:15:27 | 000,005,956 | ---- | M] () -- E:\Documents and Settings\QQQ\Desktop\avatar.jpg.gif

[2010/04/22 02:30:51 | 000,000,169 | ---- | M] () -- E:\WINDOWS\RtlRack.ini

[2010/04/22 00:48:50 | 000,000,208 | ---- | M] () -- E:\Documents and Settings\QQQ\default.pls

[2010/04/20 03:12:01 | 000,000,091 | ---- | M] () -- E:\WINDOWS\System32\drivers\etc\hosts.msn

[2010/04/20 02:16:24 | 000,012,407 | ---- | M] () -- E:\Documents and Settings\QQQ\Configurações locais\Dados de aplicativos\Update.14.Bron.Tok.bin

[2010/04/20 02:11:30 | 000,023,392 | ---- | M] () -- E:\WINDOWS\System32\nscompat.tlb

[2010/04/20 02:11:30 | 000,016,832 | ---- | M] () -- E:\WINDOWS\System32\amcompat.tlb

[2010/04/20 02:06:32 | 000,000,776 | ---- | M] () -- E:\Documents and Settings\QQQ\Desktop\JDownloader.lnk

[2010/04/20 01:59:22 | 000,012,407 | ---- | M] () -- E:\Documents and Settings\QQQ\Configurações locais\Dados de aplicativos\Bron.tok.A14.em.bin

[2010/04/20 01:45:27 | 000,000,564 | ---- | M] () -- E:\Documents and Settings\QQQ\Desktop\Atalho para Odin.lnk

[2010/04/20 01:43:11 | 000,000,639 | ---- | M] () -- E:\Documents and Settings\QQQ\Desktop\Atlantica Online.lnk

[2010/04/20 01:41:28 | 000,000,634 | ---- | M] () -- E:\Documents and Settings\QQQ\Desktop\Beyond Divinity.lnk

[2010/04/20 01:41:17 | 000,000,684 | ---- | M] () -- E:\Documents and Settings\QQQ\Desktop\Digimon Battle.lnk

[2010/04/20 01:39:40 | 000,000,497 | ---- | M] () -- E:\Documents and Settings\QQQ\Desktop\Lionheart.lnk

[2010/04/20 01:35:33 | 000,162,432 | ---- | M] () -- E:\WINDOWS\System32\drivers\ithsgt.sys

[2010/04/20 01:35:32 | 000,012,032 | ---- | M] () -- E:\WINDOWS\System32\drivers\lilsgt.sys

[2010/04/19 16:34:02 | 000,000,507 | ---- | M] () -- E:\WINDOWS\win.ini

[2010/04/19 16:33:35 | 000,316,640 | ---- | M] () -- E:\WINDOWS\WMSysPr9.prx

[2010/04/19 16:33:08 | 000,000,000 | -H-- | M] () -- E:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf

[2010/04/19 16:16:39 | 000,008,192 | ---- | M] () -- E:\WINDOWS\REGLOCS.OLD

[2010/04/19 16:15:35 | 000,000,541 | ---- | M] () -- E:\WINDOWS\System32\$winnt$.inf

[2010/04/19 16:12:51 | 000,002,969 | ---- | M] () -- E:\WINDOWS\System32\CONFIG.NT

[2010/04/19 16:12:51 | 000,000,000 | ---- | M] () -- E:\WINDOWS\control.ini

[2010/04/19 16:12:37 | 000,004,205 | ---- | M] () -- E:\WINDOWS\ODBCINST.INI

[2010/04/19 16:11:29 | 000,000,488 | RH-- | M] () -- E:\WINDOWS\System32\WindowsLogon.manifest

[2010/04/19 16:11:29 | 000,000,488 | RH-- | M] () -- E:\WINDOWS\System32\logonui.exe.manifest

[2010/04/19 16:11:25 | 000,000,749 | RH-- | M] () -- E:\WINDOWS\System32\wuaucpl.cpl.manifest

[2010/04/19 16:11:25 | 000,000,749 | RH-- | M] () -- E:\WINDOWS\WindowsShell.Manifest

[2010/04/19 16:11:25 | 000,000,749 | RH-- | M] () -- E:\WINDOWS\System32\sapi.cpl.manifest

[2010/04/19 16:11:25 | 000,000,749 | RH-- | M] () -- E:\WINDOWS\System32\nwc.cpl.manifest

[2010/04/19 16:11:25 | 000,000,749 | RH-- | M] () -- E:\WINDOWS\System32\ncpa.cpl.manifest

[2010/04/19 16:11:25 | 000,000,749 | RH-- | M] () -- E:\WINDOWS\System32\cdplayer.exe.manifest

[2010/04/19 16:09:34 | 000,021,844 | ---- | M] () -- E:\WINDOWS\System32\emptyregdb.dat

[2010/04/19 16:09:23 | 000,000,037 | ---- | M] () -- E:\WINDOWS\vbaddin.ini

[2010/04/19 16:09:23 | 000,000,036 | ---- | M] () -- E:\WINDOWS\vb.ini

[6 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]

[10 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2010/04/30 16:21:49 | 000,000,827 | ---- | C] () -- E:\Documents and Settings\QQQ\Desktop\EVEREST Ultimate Edition.lnk

[2010/04/30 15:30:05 | 1073,008,640 | -HS- | C] () -- E:\hiberfil.sys

[2010/04/30 14:51:15 | 021,610,840 | ---- | C] () -- E:\Documents and Settings\QQQ\Desktop\NMT Clipe.flv

[2010/04/30 02:37:40 | 000,005,161 | ---- | C] () -- E:\Documents and Settings\QQQ\Desktop\preview_large.jpg

[2010/04/29 23:55:08 | 000,009,310 | ---- | C] () -- E:\Documents and Settings\QQQ\Desktop\OQAAAOoSQ8b7AovsY5cwapEU7a-0vH04ZR869R1C6IY32zBj0AOvxSfrPozo-8cIViUaZxx72ODM-5ZsZ85iqZlr7JkAm1T1UD5wFjX8ZEmpMuHwTjAXS_5JcZ8-.jpg

[2010/04/29 14:13:33 | 000,019,228 | ---- | C] () -- E:\UsbFix_Upload_Me_ALOKKKKK-D1D29C.zip

[2010/04/29 13:48:39 | 000,000,450 | -H-- | C] () -- E:\WINDOWS\tasks\User_Feed_Synchronization-{C60BDEFE-0234-4A95-9EAC-0E17B17927F9}.job

[2010/04/29 01:01:34 | 000,067,866 | ---- | C] () -- E:\WINDOWS\System32\drivers\netwlan5.img

[2010/04/29 01:01:03 | 000,001,950 | ---- | C] () -- E:\WINDOWS\System32\pid.inf

[2010/04/29 01:00:50 | 000,129,045 | ---- | C] () -- E:\WINDOWS\System32\drivers\cxthsfs2.cty

[2010/04/29 01:00:45 | 000,064,352 | ---- | C] () -- E:\WINDOWS\System32\drivers\ativmc20.cod

[2010/04/29 00:02:32 | 000,781,909 | ---- | C] () -- E:\Documents and Settings\QQQ\Desktop\RSIT.exe

[2010/04/28 12:19:25 | 000,023,107 | ---- | C] () -- E:\Documents and Settings\QQQ\Desktop\DSC05827.JPG

[2010/04/28 03:08:56 | 000,149,504 | ---- | C] () -- E:\Documents and Settings\QQQ\Desktop\f-sasser.exe

[2010/04/28 02:58:53 | 000,081,920 | ---- | C] () -- E:\Documents and Settings\QQQ\Desktop\memtest.exe

[2010/04/28 02:38:32 | 000,000,610 | ---- | C] () -- E:\Documents and Settings\QQQ\Desktop\UnHookExec.inf

[2010/04/27 17:33:47 | 000,001,769 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk

[2010/04/26 03:17:08 | 000,765,141 | ---- | C] () -- E:\Documents and Settings\QQQ\Meus documentos\126023133916s.gif

[2010/04/26 01:33:47 | 001,180,065 | ---- | C] () -- E:\Documents and Settings\QQQ\Desktop\126884072220.jpg

[2010/04/26 01:05:35 | 000,364,789 | ---- | C] () -- E:\Documents and Settings\QQQ\Desktop\1272247346814.jpg

[2010/04/22 14:15:26 | 000,005,956 | ---- | C] () -- E:\Documents and Settings\QQQ\Desktop\avatar.jpg.gif

[2010/04/22 02:30:51 | 000,000,169 | ---- | C] () -- E:\WINDOWS\RtlRack.ini

[2010/04/22 00:48:50 | 000,000,208 | ---- | C] () -- E:\Documents and Settings\QQQ\default.pls

[2010/04/22 00:48:40 | 000,000,069 | ---- | C] () -- E:\WINDOWS\NeroDigital.ini

[2010/04/21 21:20:37 | 000,015,501 | -HS- | C] () -- E:\Documents and Settings\QQQ\Meus documentos\AlbumArt_{2C91D7A3-2024-45D8-9F2D-22501BB02445}_Large.jpg

[2010/04/21 21:20:37 | 000,003,571 | -HS- | C] () -- E:\Documents and Settings\QQQ\Meus documentos\AlbumArtSmall.jpg

[2010/04/21 21:20:37 | 000,003,571 | -HS- | C] () -- E:\Documents and Settings\QQQ\Meus documentos\AlbumArt_{2C91D7A3-2024-45D8-9F2D-22501BB02445}_Small.jpg

[2010/04/20 12:10:06 | 000,000,091 | ---- | C] () -- E:\WINDOWS\System32\drivers\etc\hosts.msn

[2010/04/20 03:31:12 | 000,001,610 | ---- | C] () -- E:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Orbit.lnk

[2010/04/20 02:16:24 | 000,012,407 | ---- | C] () -- E:\Documents and Settings\QQQ\Configurações locais\Dados de aplicativos\Update.14.Bron.Tok.bin

[2010/04/20 02:06:32 | 000,000,776 | ---- | C] () -- E:\Documents and Settings\QQQ\Desktop\JDownloader.lnk

[2010/04/20 01:59:29 | 000,040,960 | ---- | C] () -- E:\WINDOWS\System32\ChCfg.exe

[2010/04/20 01:59:22 | 000,012,407 | ---- | C] () -- E:\Documents and Settings\QQQ\Configurações locais\Dados de aplicativos\Bron.tok.A14.em.bin

[2010/04/20 01:58:55 | 000,000,164 | ---- | C] () -- E:\WINDOWS\avrack.ini

[2010/04/20 01:58:43 | 000,141,016 | ---- | C] () -- E:\WINDOWS\System32\alsndmgr.wav

[2010/04/20 01:58:40 | 000,143,360 | ---- | C] () -- E:\WINDOWS\System32\RtlCPAPI.dll

[2010/04/20 01:45:43 | 000,000,027 | ---- | C] () -- E:\WINDOWS\System32\drivers\etc\hosts

[2010/04/20 01:45:27 | 000,000,564 | ---- | C] () -- E:\Documents and Settings\QQQ\Desktop\Atalho para Odin.lnk

[2010/04/20 01:43:11 | 000,000,639 | ---- | C] () -- E:\Documents and Settings\QQQ\Desktop\Atlantica Online.lnk

[2010/04/20 01:41:28 | 000,000,634 | ---- | C] () -- E:\Documents and Settings\QQQ\Desktop\Beyond Divinity.lnk

[2010/04/20 01:41:17 | 000,000,684 | ---- | C] () -- E:\Documents and Settings\QQQ\Desktop\Digimon Battle.lnk

[2010/04/20 01:39:40 | 000,000,497 | ---- | C] () -- E:\Documents and Settings\QQQ\Desktop\Lionheart.lnk

[2010/04/20 01:35:33 | 000,162,432 | ---- | C] () -- E:\WINDOWS\System32\drivers\ithsgt.sys

[2010/04/20 01:35:32 | 000,012,032 | ---- | C] () -- E:\WINDOWS\System32\drivers\lilsgt.sys

[2010/04/19 19:09:25 | 004,001,008 | ---- | C] () -- E:\Documents and Settings\QQQ\Meus documentos\09 Amigas Como Tu.mp3

[2010/04/19 19:09:25 | 003,378,844 | ---- | C] () -- E:\Documents and Settings\QQQ\Meus documentos\11 Te Habla mi Corazón.mp3

[2010/04/19 19:09:25 | 003,264,169 | ---- | C] () -- E:\Documents and Settings\QQQ\Meus documentos\10 Para Mi (No Habra Otro Amor).mp3

[2010/04/19 19:09:25 | 000,015,501 | -HS- | C] () -- E:\Documents and Settings\QQQ\Meus documentos\folder.jpg

[2010/04/19 19:09:24 | 004,124,023 | ---- | C] () -- E:\Documents and Settings\QQQ\Meus documentos\04 Nada Puede Mas.mp3

[2010/04/19 19:09:24 | 003,760,816 | ---- | C] () -- E:\Documents and Settings\QQQ\Meus documentos\06 Debia Ser Amor.mp3

[2010/04/19 19:09:24 | 003,552,316 | ---- | C] () -- E:\Documents and Settings\QQQ\Meus documentos\03 Ella Tiene un Amor.mp3

[2010/04/19 19:09:24 | 003,536,053 | ---- | C] () -- E:\Documents and Settings\QQQ\Meus documentos\05 Y Abrir Los Ojos.mp3

[2010/04/19 19:09:24 | 003,326,302 | ---- | C] () -- E:\Documents and Settings\QQQ\Meus documentos\02 Vamos a Vivir.mp3

[2010/04/19 19:09:24 | 003,135,316 | ---- | C] () -- E:\Documents and Settings\QQQ\Meus documentos\07 La Princesa.mp3

[2010/04/19 19:09:24 | 002,867,602 | ---- | C] () -- E:\Documents and Settings\QQQ\Meus documentos\08 Yo Digo.mp3

[2010/04/19 19:09:24 | 002,811,724 | ---- | C] () -- E:\Documents and Settings\QQQ\Meus documentos\01 Ven a Bailar.mp3

[2010/04/19 16:34:32 | 000,033,792 | ---- | C] () -- E:\Documents and Settings\QQQ\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/04/19 16:33:08 | 000,000,000 | -H-- | C] () -- E:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf

[2010/04/19 16:20:07 | 000,000,210 | -HS- | C] () -- E:\Documents and Settings\QQQ\ntuser.ini

[2010/04/19 16:20:05 | 003,407,872 | -H-- | C] () -- E:\Documents and Settings\QQQ\NTUSER.DAT

[2010/04/19 16:20:05 | 000,020,480 | -H-- | C] () -- E:\Documents and Settings\QQQ\NTUSER.DAT.LOG

[2010/04/19 16:16:39 | 000,008,192 | ---- | C] () -- E:\WINDOWS\REGLOCS.OLD

[2010/04/19 16:15:30 | 000,002,048 | --S- | C] () -- E:\WINDOWS\bootstat.dat

[2010/04/19 16:15:24 | 000,028,288 | ---- | C] () -- E:\WINDOWS\System32\dllcache\xjis.nls

[2010/04/19 16:14:55 | 000,083,748 | ---- | C] () -- E:\WINDOWS\System32\dllcache\prcp.nls

[2010/04/19 16:14:55 | 000,083,748 | ---- | C] () -- E:\WINDOWS\System32\dllcache\prc.nls

[2010/04/19 16:14:53 | 000,175,104 | ---- | C] () -- E:\WINDOWS\System32\dllcache\pintlcsa.dll

[2010/04/19 16:14:37 | 001,158,818 | ---- | C] () -- E:\WINDOWS\System32\dllcache\korwbrkr.lex

[2010/04/19 16:14:37 | 000,047,066 | ---- | C] () -- E:\WINDOWS\System32\dllcache\ksc.nls

[2010/04/19 16:14:30 | 000,196,665 | ---- | C] () -- E:\WINDOWS\System32\dllcache\imjpinst.exe

[2010/04/19 16:14:30 | 000,059,392 | ---- | C] () -- E:\WINDOWS\System32\dllcache\imscinst.exe

[2010/04/19 16:14:28 | 000,134,339 | ---- | C] () -- E:\WINDOWS\System32\dllcache\imekr.lex

[2010/04/19 16:14:20 | 013,463,552 | ---- | C] () -- E:\WINDOWS\System32\dllcache\hwxjpn.dll

[2010/04/19 16:14:16 | 000,108,827 | ---- | C] () -- E:\WINDOWS\System32\dllcache\hanja.lex

[2010/04/19 16:14:04 | 000,173,568 | ---- | C] () -- E:\WINDOWS\System32\dllcache\chtskf.dll

[2010/04/19 16:14:01 | 000,066,594 | ---- | C] () -- E:\WINDOWS\System32\dllcache\c_720.nls

[2010/04/19 16:13:59 | 000,082,172 | ---- | C] () -- E:\WINDOWS\System32\dllcache\bopomofo.nls

[2010/04/19 16:13:59 | 000,066,728 | ---- | C] () -- E:\WINDOWS\System32\dllcache\big5.nls

[2010/04/19 16:12:51 | 000,002,969 | ---- | C] () -- E:\WINDOWS\System32\CONFIG.NT

[2010/04/19 16:12:47 | 000,023,392 | ---- | C] () -- E:\WINDOWS\System32\nscompat.tlb

[2010/04/19 16:12:47 | 000,016,832 | ---- | C] () -- E:\WINDOWS\System32\amcompat.tlb

[2010/04/19 16:12:46 | 000,316,640 | ---- | C] () -- E:\WINDOWS\WMSysPr9.prx

[2010/04/19 16:11:29 | 000,000,488 | RH-- | C] () -- E:\WINDOWS\System32\WindowsLogon.manifest

[2010/04/19 16:11:29 | 000,000,488 | RH-- | C] () -- E:\WINDOWS\System32\logonui.exe.manifest

[2010/04/19 16:11:25 | 000,000,749 | RH-- | C] () -- E:\WINDOWS\System32\wuaucpl.cpl.manifest

[2010/04/19 16:11:25 | 000,000,749 | RH-- | C] () -- E:\WINDOWS\WindowsShell.Manifest

[2010/04/19 16:11:25 | 000,000,749 | RH-- | C] () -- E:\WINDOWS\System32\sapi.cpl.manifest

[2010/04/19 16:11:25 | 000,000,749 | RH-- | C] () -- E:\WINDOWS\System32\nwc.cpl.manifest

[2010/04/19 16:11:25 | 000,000,749 | RH-- | C] () -- E:\WINDOWS\System32\ncpa.cpl.manifest

[2010/04/19 16:11:25 | 000,000,749 | RH-- | C] () -- E:\WINDOWS\System32\cdplayer.exe.manifest

[2010/04/19 16:11:06 | 004,399,505 | ---- | C] () -- E:\WINDOWS\System32\dllcache\nls302en.lex

[2010/04/19 16:10:42 | 000,048,680 | -HS- | C] () -- E:\WINDOWS\winnt256.bmp

[2010/04/19 16:10:42 | 000,048,680 | -HS- | C] () -- E:\WINDOWS\winnt.bmp

[2010/04/19 16:10:37 | 000,000,984 | ---- | C] () -- E:\WINDOWS\System32\dllcache\srframe.mmf

[2010/04/19 16:09:34 | 000,021,844 | ---- | C] () -- E:\WINDOWS\System32\emptyregdb.dat

[2010/04/19 16:08:51 | 000,065,954 | ---- | C] () -- E:\WINDOWS\Bruma.bmp

[2010/04/19 16:08:51 | 000,065,832 | ---- | C] () -- E:\WINDOWS\Deserto.bmp

[2010/04/19 16:08:51 | 000,026,680 | ---- | C] () -- E:\WINDOWS\Leques.bmp

[2010/04/19 16:08:51 | 000,017,362 | ---- | C] () -- E:\WINDOWS\Rododentro.bmp

[2010/04/19 16:08:51 | 000,009,522 | ---- | C] () -- E:\WINDOWS\Tapete.bmp

[2010/04/19 16:08:50 | 000,093,702 | ---- | C] () -- E:\WINDOWS\System32\subrange.uce

[2010/04/19 16:08:50 | 000,065,978 | ---- | C] () -- E:\WINDOWS\Bolhas de sabão.bmp

[2010/04/19 16:08:50 | 000,060,458 | ---- | C] () -- E:\WINDOWS\System32\ideograf.uce

[2010/04/19 16:08:50 | 000,026,582 | ---- | C] () -- E:\WINDOWS\Areia.bmp

[2010/04/19 16:08:50 | 000,017,336 | ---- | C] () -- E:\WINDOWS\Pescaria.bmp

[2010/04/19 16:08:50 | 000,017,062 | ---- | C] () -- E:\WINDOWS\Cafezinho.bmp

[2010/04/19 16:08:50 | 000,016,740 | ---- | C] () -- E:\WINDOWS\System32\shiftjis.uce

[2010/04/19 16:08:50 | 000,016,730 | ---- | C] () -- E:\WINDOWS\Seda.bmp

[2010/04/19 16:08:50 | 000,012,876 | ---- | C] () -- E:\WINDOWS\System32\korean.uce

[2010/04/19 16:08:50 | 000,008,484 | ---- | C] () -- E:\WINDOWS\System32\kanji_2.uce

[2010/04/19 16:08:50 | 000,006,948 | ---- | C] () -- E:\WINDOWS\System32\kanji_1.uce

[2010/04/19 16:08:50 | 000,001,272 | ---- | C] () -- E:\WINDOWS\Renda azul 16.bmp

[2010/04/19 16:08:49 | 000,024,006 | ---- | C] () -- E:\WINDOWS\System32\gb2312.uce

[2010/04/19 16:08:49 | 000,022,984 | ---- | C] () -- E:\WINDOWS\System32\bopomofo.uce

[2010/04/19 16:08:48 | 000,003,286 | ---- | C] () -- E:\WINDOWS\System32\tslabels.h

[2010/04/19 16:08:48 | 000,001,221 | ---- | C] () -- E:\WINDOWS\System32\usrlogon.cmd

[2010/04/19 16:08:47 | 000,000,768 | ---- | C] () -- E:\WINDOWS\System32\msdtcprf.h

[2010/04/19 16:08:42 | 000,063,488 | ---- | C] () -- E:\WINDOWS\System32\wmimgmt.msc

[2010/04/19 12:24:17 | 001,685,606 | ---- | C] () -- E:\WINDOWS\System32\dllcache\sam.spd

[2010/04/19 12:24:17 | 000,643,717 | ---- | C] () -- E:\WINDOWS\System32\dllcache\ltts1033.lxa

[2010/04/19 12:24:17 | 000,605,050 | ---- | C] () -- E:\WINDOWS\System32\dllcache\r1033tts.lxa

[2010/04/19 12:24:17 | 000,000,888 | ---- | C] () -- E:\WINDOWS\System32\dllcache\sam.sdf

[2010/04/19 12:24:15 | 000,066,082 | ---- | C] () -- E:\WINDOWS\System32\dllcache\c_28603.nls

[2010/04/19 12:24:15 | 000,066,082 | ---- | C] () -- E:\WINDOWS\System32\c_28603.nls

[2010/04/19 12:24:13 | 000,066,594 | ---- | C] () -- E:\WINDOWS\System32\dllcache\c_857.nls

[2010/04/19 12:24:13 | 000,066,594 | ---- | C] () -- E:\WINDOWS\System32\c_857.nls

[2010/04/19 12:24:13 | 000,066,082 | ---- | C] () -- E:\WINDOWS\System32\dllcache\c_10081.nls

[2010/04/19 12:24:13 | 000,066,082 | ---- | C] () -- E:\WINDOWS\System32\c_10081.nls

[2010/04/19 12:24:12 | 000,066,082 | ---- | C] () -- E:\WINDOWS\System32\dllcache\c_10017.nls

[2010/04/19 12:24:12 | 000,066,082 | ---- | C] () -- E:\WINDOWS\System32\c_10017.nls

[2010/04/19 12:24:11 | 000,066,082 | ---- | C] () -- E:\WINDOWS\System32\dllcache\c_10007.nls

[2010/04/19 12:24:11 | 000,066,082 | ---- | C] () -- E:\WINDOWS\System32\c_10007.nls

[2010/04/19 12:24:10 | 000,066,594 | ---- | C] () -- E:\WINDOWS\System32\dllcache\c_869.nls

[2010/04/19 12:24:10 | 000,066,594 | ---- | C] () -- E:\WINDOWS\System32\c_869.nls

[2010/04/19 12:24:10 | 000,066,594 | ---- | C] () -- E:\WINDOWS\System32\dllcache\c_737.nls

[2010/04/19 12:24:10 | 000,066,594 | ---- | C] () -- E:\WINDOWS\System32\c_737.nls

[2010/04/19 12:24:10 | 000,066,082 | ---- | C] () -- E:\WINDOWS\System32\dllcache\c_875.nls

[2010/04/19 12:24:10 | 000,066,082 | ---- | C] () -- E:\WINDOWS\System32\c_875.nls

[2010/04/19 12:24:10 | 000,066,082 | ---- | C] () -- E:\WINDOWS\System32\dllcache\c_10006.nls

[2010/04/19 12:24:10 | 000,066,082 | ---- | C] () -- E:\WINDOWS\System32\c_10006.nls

[2010/04/19 12:24:09 | 000,066,594 | ---- | C] () -- E:\WINDOWS\System32\dllcache\c_866.nls

[2010/04/19 12:24:09 | 000,066,594 | ---- | C] () -- E:\WINDOWS\System32\c_866.nls

[2010/04/19 12:24:09 | 000,066,594 | ---- | C] () -- E:\WINDOWS\System32\dllcache\c_855.nls

[2010/04/19 12:24:09 | 000,066,594 | ---- | C] () -- E:\WINDOWS\System32\c_855.nls

[2010/04/19 12:24:07 | 000,066,594 | ---- | C] () -- E:\WINDOWS\System32\dllcache\c_852.nls

[2010/04/19 12:24:07 | 000,066,594 | ---- | C] () -- E:\WINDOWS\System32\c_852.nls

[2010/04/19 12:24:07 | 000,066,082 | ---- | C] () -- E:\WINDOWS\System32\dllcache\c_10082.nls

[2010/04/19 12:24:07 | 000,066,082 | ---- | C] () -- E:\WINDOWS\System32\c_10082.nls

[2010/04/19 12:24:07 | 000,066,082 | ---- | C] () -- E:\WINDOWS\System32\dllcache\c_10029.nls

[2010/04/19 12:24:07 | 000,066,082 | ---- | C] () -- E:\WINDOWS\System32\c_10029.nls

[2010/04/19 12:24:07 | 000,066,082 | ---- | C] () -- E:\WINDOWS\System32\dllcache\c_10010.nls

[2010/04/19 12:24:07 | 000,066,082 | ---- | C] () -- E:\WINDOWS\System32\c_10010.nls

[2010/04/19 12:24:00 | 000,000,515 | ---- | C] () -- E:\WINDOWS\System32\AUTOEXEC.NT

[2010/04/19 12:23:39 | 000,008,599 | ---- | C] () -- E:\WINDOWS\System32\dllcache\IASNT4.CAT

[2010/04/19 12:23:39 | 000,007,382 | ---- | C] () -- E:\WINDOWS\System32\dllcache\OEMBIOS.CAT

[2010/04/19 12:23:38 | 001,014,492 | ---- | C] () -- E:\WINDOWS\System32\dllcache\SP2.CAT

[2010/04/19 12:23:38 | 000,809,104 | ---- | C] () -- E:\WINDOWS\System32\dllcache\NT5IIS.CAT

[2010/04/19 12:23:38 | 000,399,670 | ---- | C] () -- E:\WINDOWS\System32\dllcache\MAPIMIG.CAT

[2010/04/19 12:23:38 | 000,037,509 | ---- | C] () -- E:\WINDOWS\System32\dllcache\MW770.CAT

[2010/04/19 12:23:38 | 000,013,497 | ---- | C] () -- E:\WINDOWS\System32\dllcache\HPCRDP.CAT

[2010/04/19 12:23:38 | 000,007,334 | ---- | C] () -- E:\WINDOWS\System32\dllcache\wmerrenu.cat

[2010/04/19 12:22:50 | 000,095,864 | ---- | C] () -- E:\WINDOWS\System32\FNTCACHE.DAT

[2010/04/19 12:21:52 | 000,000,541 | ---- | C] () -- E:\WINDOWS\System32\$winnt$.inf

[2009/06/02 13:11:16 | 000,085,504 | ---- | C] () -- E:\WINDOWS\System32\ff_vfw.dll

[2007/07/10 13:10:12 | 000,000,547 | ---- | C] () -- E:\WINDOWS\System32\ff_vfw.dll.manifest

 

========== LOP Check ==========

 

[2010/04/20 02:19:51 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Dados de aplicativos\ESET

[2010/04/26 17:46:32 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

[2010/04/28 03:40:06 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Dados de aplicativos\TEMP

[2010/04/19 17:02:09 | 000,000,000 | ---D | M] -- E:\Documents and Settings\QQQ\Dados de aplicativos\GrabPro

[2010/04/30 17:52:47 | 000,000,000 | ---D | M] -- E:\Documents and Settings\QQQ\Dados de aplicativos\Orbit

[2010/04/20 02:38:01 | 000,000,000 | ---D | M] -- E:\Documents and Settings\QQQ\Dados de aplicativos\uTorrent

[2010/04/30 14:32:37 | 000,000,450 | -H-- | M] () -- E:\WINDOWS\Tasks\User_Feed_Synchronization-{C60BDEFE-0234-4A95-9EAC-0E17B17927F9}.job

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.exe >

 

 

< MD5 for: AGP440.SYS >

[2007/07/30 19:46:33 | 016,783,127 | ---- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

[2010/04/29 13:23:28 | 023,893,088 | ---- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

[2010/04/29 13:23:28 | 023,893,088 | ---- | M] () .cab file -- E:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys

[2010/04/29 13:23:28 | 023,893,088 | ---- | M] () .cab file -- E:\WINDOWS\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\sp3.cab:AGP440.sys

[2008/04/13 15:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- E:\WINDOWS\ERDNT\cache\agp440.sys

[2008/04/13 15:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- E:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008/04/13 15:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- E:\WINDOWS\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\agp440.sys

[2008/04/13 15:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- E:\WINDOWS\system32\drivers\agp440.sys

 

< MD5 for: ATAPI.SYS >

[2007/07/30 19:46:33 | 016,783,127 | ---- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[2010/04/29 13:23:28 | 023,893,088 | ---- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2010/04/29 13:23:28 | 023,893,088 | ---- | M] () .cab file -- E:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys

[2010/04/29 13:23:28 | 023,893,088 | ---- | M] () .cab file -- E:\WINDOWS\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\sp3.cab:atapi.sys

[2008/04/13 15:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- E:\WINDOWS\ERDNT\cache\atapi.sys

[2008/04/13 15:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- E:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008/04/13 15:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- E:\WINDOWS\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\atapi.sys

[2008/04/13 15:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- E:\WINDOWS\system32\drivers\atapi.sys

[2004/08/03 17:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- E:\WINDOWS\$NtServicePackUninstall$\atapi.sys

 

< MD5 for: EVENTLOG.DLL >

[2008/04/13 23:20:26 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=A8CDC8DECE4735B86BBEF28460996C30 -- E:\WINDOWS\ERDNT\cache\eventlog.dll

[2008/04/13 23:20:26 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=A8CDC8DECE4735B86BBEF28460996C30 -- E:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008/04/13 23:20:26 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=A8CDC8DECE4735B86BBEF28460996C30 -- E:\WINDOWS\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\eventlog.dll

[2008/04/13 23:20:26 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=A8CDC8DECE4735B86BBEF28460996C30 -- E:\WINDOWS\system32\eventlog.dll

[2004/08/03 19:45:22 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=BD18C87A4E1EA136C44D374296B981DC -- E:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

 

< MD5 for: NETLOGON.DLL >

[2008/04/13 23:20:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=49897D67B04E62F8E59EB8B1C7DF7072 -- E:\WINDOWS\ERDNT\cache\netlogon.dll

[2008/04/13 23:20:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=49897D67B04E62F8E59EB8B1C7DF7072 -- E:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008/04/13 23:20:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=49897D67B04E62F8E59EB8B1C7DF7072 -- E:\WINDOWS\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\netlogon.dll

[2008/04/13 23:20:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=49897D67B04E62F8E59EB8B1C7DF7072 -- E:\WINDOWS\system32\netlogon.dll

[2004/08/03 19:45:26 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=82777C1BE8E9F0B1574DAC5BC29C7D6F -- E:\WINDOWS\$NtUninstallKB968389_0$\netlogon.dll

[2009/02/06 15:46:47 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=B8F0B2CF73FD662A39F0E4392C28E73D -- E:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

[2009/02/06 15:46:47 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=B8F0B2CF73FD662A39F0E4392C28E73D -- E:\WINDOWS\$NtUninstallKB975467_0$\netlogon.dll

[2009/02/06 15:46:47 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=B8F0B2CF73FD662A39F0E4392C28E73D -- E:\WINDOWS\SoftwareDistribution\Download\8e79d2cbda3bd9d98c8929bede21ccbc\sp2qfe\netlogon.dll

[2009/02/06 15:46:47 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=B8F0B2CF73FD662A39F0E4392C28E73D -- E:\WINDOWS\SoftwareDistribution\Download\a981ef14113959c049288dcf4309ea49\sp2qfe\netlogon.dll

 

< MD5 for: SCECLI.DLL >

[2008/04/13 23:20:40 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=879E802EF4EF2405014B170EA41E552B -- E:\WINDOWS\ERDNT\cache\scecli.dll

[2008/04/13 23:20:40 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=879E802EF4EF2405014B170EA41E552B -- E:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008/04/13 23:20:40 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=879E802EF4EF2405014B170EA41E552B -- E:\WINDOWS\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\scecli.dll

[2008/04/13 23:20:40 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=879E802EF4EF2405014B170EA41E552B -- E:\WINDOWS\system32\scecli.dll

[2004/08/03 19:45:26 | 000,183,808 | ---- | M] (Microsoft Corporation) MD5=E95230A31F912E07B19F8335D4DFF110 -- E:\WINDOWS\$NtServicePackUninstall$\scecli.dll

 

< %systemroot%\*. /mp /s >

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-04-29 18:10:50

< End of report >