Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

BAPTISTELLA

[Arquivado] &nbspverificacao de logs

Por , em Tópicos Arquivados (Seguranca & Malwares)

Recommended Posts

BAPTISTELLA    0

BAPTISTELLA
Postado

Galera preciso fazer uma compra Online, urgente, só que estou com receio, pois não tenho certeza de que meu pc está seguro,a ponto de fazer uma compra online.

 

No meu pc tenho:

Avira, SUPERAntiSpyware,Windows Defender,MalwareBytes,NortonInternetSecurity,COMODO firewall, sempre os mantenho atualizados

 

gostaria de saber de tem alguem invadindo meu pc,se tem spyware, malware, ou algo que possa coletar minhas informações.

 

 

COMEÇO DO LOG HIJACKTHIS ---------------------------------------------

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 13:43 marqu, on 18/12/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.17093)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\COMODO\COMODO Internet Security\cmdagent.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Windows Defender\MSASCui.exe

C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe

C:\Arquivos de programas\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\SUPERAntiSpyware\e9b7657d-aca1-48a0-ad0b-481257d522a7.com

C:\Documents and Settings\felipe\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\felipe\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\felipe\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\felipe\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\felipe\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\felipe\Meus documentos\Downloads\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2277128

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.localstrike.com.ar/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.localstrike.com.ar/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.localstrike.com.ar/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.localstrike.com.ar/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R3 - URLSearchHook: (no name) - {b5d39f9d-9d08-4466-8f80-9873ed5124dd} - (no file)

O1 - Hosts: <html>

O1 - Hosts: <head>

O1 - Hosts: <title>%produxt_name% - Alerta </title>

O1 - Hosts: <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

O1 - Hosts: </head>

O1 - Hosts: <body>

O1 - Hosts: <table width="500" height="300" border="1" bordercolor="#FFFFFF">

O1 - Hosts: <tr>

O1 - Hosts: <td align="center" valign="bottom" bordercolor="#000000" bgcolor="#B5131C"><table width="100%" border="0">

O1 - Hosts: <tr>

O1 - Hosts: <td><strong><font color="#FFFFFF" size="2" face="Arial, Helvetica, sans-serif">Alerta %produxt_name%</font></strong></td>

O1 - Hosts: </tr>

O1 - Hosts: </table>

O1 - Hosts: <table width="494" height="270" border="1" bordercolor="#B5131C">

O1 - Hosts: <tr>

O1 - Hosts: <td align="left" valign="top" bordercolor="#000000" bgcolor="#FFFFFF">

O1 - Hosts: <table width="100%" height="100%" border="0" cellspacing="2">

O1 - Hosts: <tr>

O1 - Hosts: <td height="40" align="right" valign="bottom" bgcolor="#B5131C"><strong><font color="#FFFFFF" size="4" face="Arial Black">Acesso

O1 - Hosts: negado !  </font></strong></td>

O1 - Hosts: </tr>

O1 - Hosts: <tr>

O1 - Hosts: <td bgcolor="#EEEEEE" height="100%"><table width="488" height="100%" border="0" cellspacing="0" cellpadding="0">

O1 - Hosts: <tr>

O1 - Hosts: <td align="left" valign="top"> <p> <br>

O1 - Hosts: <font size="2" face="Arial, Helvetica, sans-serif">

O1 - Hosts: <strong>Detalhes:</strong><br>

O1 - Hosts: <br>

O1 - Hosts: <strong>   Página Web:</strong><br>

O1 - Hosts:    http://222.219.29.81/icons/qpkill.gif</font><br>

O1 - Hosts: <font size="2" face="Arial, Helvetica, sans-serif"> <br>

O1 - Hosts: <strong>   Descrição:</strong><br>

O1 - Hosts:    O acesso a esta página web foi bloqueado pelo %produxt_name%.<br>

O1 - Hosts:    A página web está na lista de websites com conteúdo potencialmente perigoso.</font></p>

O1 - Hosts: <p align="right"><font size="1" face="Arial, Helvetica, sans-serif"><a href="http://www.eset.com.br">www.eset.com.br</a></font></p></td>

O1 - Hosts: </tr>

O1 - Hosts: </table></td>

O1 - Hosts: </tr>

O1 - Hosts: </table> </td>

O1 - Hosts: </tr>

O1 - Hosts: </table></td>

O1 - Hosts: </tr>

O1 - Hosts: </table>

O1 - Hosts: </body>

O1 - Hosts: </html>

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Arquivos de programas\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Arquivos de programas\Norton Internet Security\Engine\18.5.0.125\IPS\IPSBHO.DLL

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehCef.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Arquivos de programas\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [MSSE] "C:\Arquivos de programas\Microsoft Security Essentials\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe" -h

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\felipe\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" /startup

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{9F3FCC1B-872F-4158-A721-B4997B430D5F}: NameServer = 156.154.70.25,156.154.71.25

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.DLL

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Avira AntiVir Agendamento (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Arquivos de programas\COMODO\COMODO Internet Security\cmdagent.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Arquivos de programas\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe

 

--

End of file - 12267 bytes

 

FIM DO LOG -------------------------------------------

 

 

fiz scan com o malwarebyte e não tem nenhum item malicioso

super anti spyware detecto um adware e removeu

 

e se alg souber me responder outra coisa tambem, agradeço

 

a minha internet tá conectada, dai o PC/ACVITY fica estatico

não sei se é normal ou nao, mas qnd ele fica piscando a internet fica normal, e por alguma coisa qnd fica estatico a internet cai e tenho que REPARAR toda hora...

 

 

MUITO OBRIGADO!

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

Olá BAPTISTELLA

 

 

*Baixe o OTS e salve-o no desktop

*Execute o OTS e selecione a opção:

[x] Scan All Users

*Clique [Quick Scan] e aguarde o término

*Cole o relatório OTS.txt apresentado

Compartilhar este post

Link para o post
Compartilhar em outros sites

BAPTISTELLA    0

BAPTISTELLA
Postado

LOG OTS ABAIXO:

 

 

 

OTS logfile created on: 18/12/2010 14:04:58 - Run 1

OTS by OldTimer - Version 3.1.40.1 Folder = C:\Documents and Settings\felipe\Meus documentos\Downloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

 

734,00 Mb Total Physical Memory | 59,00 Mb Available Physical Memory | 8,00% Memory free

2,00 Gb Paging File | 1,00 Gb Available in Paging File | 47,00% Paging File free

Paging file location(s): C:\pagefile.sys 1104 2208 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 39,06 Gb Total Space | 21,19 Gb Free Space | 54,25% Space Free | Partition Type: NTFS

Drive D: | 35,44 Gb Total Space | 34,89 Gb Free Space | 98,46% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: HOME-81B69E2814

Current User Name: felipe

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 30 Days

Quick Scan

 

[Processes - Safe List]

ots.exe -> C:\Documents and Settings\felipe\Meus documentos\Downloads\OTS.exe -> [2010/12/18 14:01:51 | 000,642,048 | ---- | M] (OldTimer Tools)

e9b7657d-aca1-48a0-ad0b-481257d522a7.com -> C:\Arquivos de programas\SUPERAntiSpyware\e9b7657d-aca1-48a0-ad0b-481257d522a7.com -> [2010/12/18 12:28:25 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com)

awc.exe -> C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe -> [2010/12/14 15:18:46 | 002,402,512 | ---- | M] (IObit)

chrome.exe -> C:\Documents and Settings\felipe\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe -> [2010/12/08 21:28:23 | 000,991,800 | ---- | M] (Google Inc.)

ccsvchst.exe -> C:\Arquivos de programas\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe -> [2010/11/24 00:21:18 | 000,130,000 | R--- | M] (Symantec Corporation)

cmdagent.exe -> C:\Arquivos de programas\COMODO\COMODO Internet Security\cmdagent.exe -> [2010/09/10 23:41:42 | 001,901,056 | ---- | M] (COMODO)

cfp.exe -> C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe -> [2010/09/10 23:41:20 | 002,500,552 | ---- | M] (COMODO)

sched.exe -> C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe -> [2010/09/03 15:44:26 | 000,135,336 | ---- | M] (Avira GmbH)

avgnt.exe -> C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe -> [2010/09/03 15:44:21 | 000,281,768 | ---- | M] (Avira GmbH)

avguard.exe -> C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe -> [2010/09/03 15:44:21 | 000,267,944 | ---- | M] (Avira GmbH)

gbpsv.exe -> C:\Arquivos de programas\GbPlugin\gbpsv.exe -> [2010/06/09 12:59:40 | 000,054,824 | ---- | M] ( )

jusched.exe -> C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe -> [2010/05/14 11:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.)

avshadow.exe -> C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe -> [2010/01/14 22:11:42 | 000,076,968 | ---- | M] (Avira GmbH)

seaport.exe -> C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009/01/14 18:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.)

explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 09:00:00 | 001,035,776 | ---- | M] (Microsoft Corporation)

smax4pnp.exe -> C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe -> [2007/08/01 14:52:42 | 001,036,288 | ---- | M] (Analog Devices, Inc.)

msascui.exe -> C:\Arquivos de programas\Windows Defender\MSASCui.exe -> [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation)

msmpeng.exe -> C:\Arquivos de programas\Windows Defender\MsMpEng.exe -> [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation)

 

[Modules - Safe List]

ots.exe -> C:\Documents and Settings\felipe\Meus documentos\Downloads\OTS.exe -> [2010/12/18 14:01:51 | 000,642,048 | ---- | M] (OldTimer Tools)

asoehook.dll -> C:\Arquivos de programas\Norton Internet Security\Engine\18.5.0.125\asOEHook.dll -> [2010/12/04 04:58:45 | 000,413,112 | R--- | M] (Symantec Corporation)

guard32.dll -> C:\WINDOWS\system32\guard32.dll -> [2010/09/10 23:41:40 | 000,285,480 | ---- | M] (COMODO)

comctl32.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll -> [2010/08/23 14:11:58 | 001,054,208 | ---- | M] (Microsoft Corporation)

msvcr90.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll -> [2009/07/12 00:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation)

msvcp90.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll -> [2009/07/12 00:02:00 | 000,569,664 | ---- | M] (Microsoft Corporation)

 

[Win32 Services - Safe List]

(NIS) Norton Internet Security [unknown | Running] -> C:\Arquivos de programas\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe -> [2010/11/24 00:21:18 | 000,130,000 | R--- | M] (Symantec Corporation)

(cmdAgent) COMODO Internet Security Helper Service [Auto | Running] -> C:\Arquivos de programas\COMODO\COMODO Internet Security\cmdagent.exe -> [2010/09/10 23:41:42 | 001,901,056 | ---- | M] (COMODO)

(AntiVirSchedulerService) Avira AntiVir Agendamento [Auto | Running] -> C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe -> [2010/09/03 15:44:26 | 000,135,336 | ---- | M] (Avira GmbH)

(AntiVirService) Avira AntiVir Guard [Auto | Running] -> C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe -> [2010/09/03 15:44:21 | 000,267,944 | ---- | M] (Avira GmbH)

(GbpSv) Gbp Service [unknown | Running] -> C:\Arquivos de programas\GbPlugin\gbpsv.exe -> [2010/06/09 12:59:40 | 000,054,824 | ---- | M] ( )

(aspnet_state) ASP.NET State Service [On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -> [2010/03/18 17:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation)

(WPFFontCache_v0400) Windows Presentation Foundation Font Cache 4.0.0.0 [On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -> [2010/03/18 14:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation)

(clr_optimization_v4.0.30319_32) Microsoft .NET Framework NGEN v4.0.30319_X86 [Auto | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -> [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation)

(NetTcpPortSharing) Net.Tcp Port Sharing Service [Disabled | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -> [2010/03/18 14:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation)

(SeaPort) SeaPort [Auto | Running] -> C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009/01/14 18:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.)

(WinDefend) Windows Defender [Auto | Running] -> C:\Arquivos de programas\Windows Defender\MsMpEng.exe -> [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation)

(ose) Office Source Engine [On_Demand | Stopped] -> C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -> [2003/07/28 20:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation)

 

[Driver Services - Safe List]

(SABKUTIL) SABKUTIL [Kernel | System | Stopped] -> C:\Arquivos de programas\SUPERAntiSpyware\SABKUTIL.sys -> File not found

(NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> C:\Documents and Settings\All Users\Dados de aplicativos\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20101217.002\navex15.sys -> [2010/12/17 21:25:11 | 001,360,760 | ---- | M] (Symantec Corporation)

(NAVENG) NAVENG [Kernel | On_Demand | Running] -> C:\Documents and Settings\All Users\Dados de aplicativos\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20101217.002\naveng.sys -> [2010/12/17 21:25:11 | 000,086,008 | ---- | M] (Symantec Corporation)

(EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Running] -> C:\Arquivos de programas\Arquivos comuns\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> [2010/12/16 23:11:57 | 000,102,448 | ---- | M] (Symantec Corporation)

(SymEvent) SymEvent [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\SYMEVENT.SYS -> [2010/12/16 14:50:08 | 000,126,512 | ---- | M] (Symantec Corporation)

(eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> C:\Arquivos de programas\Arquivos comuns\Symantec Shared\EENGINE\eeCtrl.sys -> [2010/12/01 07:00:00 | 000,371,248 | ---- | M] (Symantec Corporation)

(SYMTDI) Symantec Network Dispatch Driver [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\NIS\1205000.07D\SYMTDI.SYS -> [2010/12/01 03:24:00 | 000,368,248 | R--- | M] (Symantec Corporation)

(BHDrvx86) BHDrvx86 [Kernel | System | Running] -> C:\Documents and Settings\All Users\Dados de aplicativos\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20101123.003\BHDrvx86.sys -> [2010/11/23 02:21:16 | 000,691,248 | ---- | M] (Symantec Corporation)

(SRTSP) Symantec Real Time Storage Protection [File_System | On_Demand | Running] -> C:\WINDOWS\system32\drivers\NIS\1205000.07D\SRTSP.SYS -> [2010/11/23 02:08:31 | 000,509,560 | R--- | M] (Symantec Corporation)

(SRTSPX) Symantec Real Time Storage Protection (PEL) [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\NIS\1205000.07D\SRTSPX.SYS -> [2010/11/23 02:08:31 | 000,050,168 | R--- | M] (Symantec Corporation)

(SymEFA) Symantec Extended File Attributes [File_System | Boot | Running] -> C:\WINDOWS\system32\drivers\NIS\1205000.07D\SYMEFA.SYS -> [2010/11/18 00:59:55 | 000,652,336 | R--- | M] (Symantec Corporation)

(SymIRON) Symantec Iron Driver [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\NIS\1205000.07D\Ironx86.SYS -> [2010/11/15 23:45:33 | 000,136,312 | R--- | M] (Symantec Corporation)

(IDSxpx86) IDSxpx86 [Kernel | On_Demand | Running] -> C:\Documents and Settings\All Users\Dados de aplicativos\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20101215.001\IDSXpx86.sys -> [2010/11/10 23:46:29 | 000,341,944 | ---- | M] (Symantec Corporation)

(SymDS) Symantec Data Store [Kernel | Boot | Running] -> C:\WINDOWS\system32\drivers\NIS\1205000.07D\SYMDS.SYS -> [2010/10/21 00:28:36 | 000,340,016 | R--- | M] (Symantec Corporation)

(sptd) sptd [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\sptd.sys -> [2010/10/11 21:24:56 | 000,697,328 | ---- | M] ()

(Inspect) COMODO Internet Security Firewall Driver [Kernel | Boot | Running] -> C:\WINDOWS\System32\DRIVERS\inspect.sys -> [2010/09/10 23:40:54 | 000,091,560 | ---- | M] (COMODO)

(cmdGuard) COMODO Internet Security Sandbox Driver [File_System | System | Running] -> C:\WINDOWS\system32\drivers\cmdGuard.sys -> [2010/09/10 23:40:52 | 000,239,240 | ---- | M] (COMODO)

(cmdHlp) COMODO Internet Security Helper Driver [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\cmdhlp.sys -> [2010/09/10 23:40:52 | 000,025,240 | ---- | M] (COMODO)

(avipbb) avipbb [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\avipbb.sys -> [2010/09/03 15:44:33 | 000,126,856 | ---- | M] (Avira GmbH)

(avgntflt) avgntflt [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\avgntflt.sys -> [2010/09/03 15:44:33 | 000,060,936 | ---- | M] (Avira GmbH)

(SCREAMINGBDRIVER) Screaming Bee Audio [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ScreamingBAudio.sys -> [2010/07/01 15:21:14 | 000,034,896 | ---- | M] (Screaming Bee LLC)

(ssmdrv) ssmdrv [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\ssmdrv.sys -> [2010/06/17 15:29:17 | 000,028,520 | ---- | M] (Avira GmbH)

(avgio) avgio [Kernel | System | Running] -> C:\Arquivos de programas\Avira\AntiVir Desktop\avgio.sys -> [2010/06/17 15:29:08 | 000,011,608 | ---- | M] (Avira GmbH)

(GbpKm) Gbp KernelMode [Kernel | Boot | Running] -> C:\WINDOWS\system32\drivers\gbpkm.sys -> [2010/06/09 13:01:06 | 000,045,224 | ---- | M] (GAS Tecnologia)

(SASKUTIL) SASKUTIL [Kernel | System | Running] -> C:\Arquivos de programas\SUPERAntiSpyware\SASKUTIL.SYS -> [2010/05/10 16:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

(SASDIFSV) SASDIFSV [Kernel | System | Running] -> C:\Arquivos de programas\SUPERAntiSpyware\sasdifsv.sys -> [2010/02/17 16:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

(71832932) 71832932 Boot Guard Driver [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\71832932.sys -> [2009/10/22 12:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab)

(setup_9.0.0.722_16.12.2010_08-25drv) setup_9.0.0.722_16.12.2010_08-25drv [File_System | System | Running] -> C:\WINDOWS\system32\drivers\7183293.sys -> [2009/10/09 22:31:10 | 000,315,408 | ---- | M] (Kaspersky Lab)

(71832931) 71832931 [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\71832931.sys -> [2009/09/25 16:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab)

(HDAudBus) Driver de Barramento Microsoft UAA para High Definition Audio [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\hdaudbus.sys -> [2008/04/14 09:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider)

(ADIHdAudAddService) ADI UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ADIHdAud.sys -> [2007/08/03 15:29:12 | 000,307,712 | ---- | M] (Analog Devices, Inc.)

(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ati2mtag.sys -> [2006/10/29 15:17:14 | 001,681,920 | ---- | M] (ATI Technologies Inc.)

(bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\bcm4sbxp.sys -> [2006/10/29 15:10:46 | 000,045,312 | ---- | M] (Broadcom Corporation)

(atiide) atiide [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\atiide.sys -> [2006/09/13 19:01:48 | 000,003,456 | ---- | M] (ATI Technologies Inc.)

(SenFiltService) SenFilt Service [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\senfilt.sys -> [2006/03/17 18:18:58 | 000,392,960 | ---- | M] (Sensaura)

(ASPI) Advanced SCSI Programming Interface Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ASPI32.SYS -> [2002/07/17 09:05:10 | 000,016,512 | ---- | M] (Adaptec)

 

[Registry - Safe List]

< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->

HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://search.localstrike.com.ar/ ->

HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://search.localstrike.com.ar/ ->

HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->

HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://search.localstrike.com.ar/ ->

HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://search.localstrike.com.ar/ ->

< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->

HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->

< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->

HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->

< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->

< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->

HKEY_USERS\S-1-5-20\: "ProxyEnable" -> 0 ->

< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1957994488-1844823847-1801674531-1004\] > -> ->

HKEY_USERS\S-1-5-21-1957994488-1844823847-1801674531-1004\: Main\\"Start Page" -> http://search.conduit.com?SearchSource=10&ctid=CT2277128 ->

HKEY_USERS\S-1-5-21-1957994488-1844823847-1801674531-1004\: URLSearchHooks\\"{b5d39f9d-9d08-4466-8f80-9873ed5124dd}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

HKEY_USERS\S-1-5-21-1957994488-1844823847-1801674531-1004\: "ProxyEnable" -> 0 ->

< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla

HKLM\software\mozilla\Firefox\Extensions -> ->

HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB} -> C:\DOCUMENTS AND SETTINGS\ALL USERS\DADOS DE APLICATIVOS\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPLGN\ [C:\DOCUMENTS AND SETTINGS\ALL USERS\DADOS DE APLICATIVOS\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPLGN\] -> [2010/12/16 14:50:56 | 000,000,000 | ---D | M]

HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62} -> C:\DOCUMENTS AND SETTINGS\ALL USERS\DADOS DE APLICATIVOS\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\COFFPLGN\ [C:\DOCUMENTS AND SETTINGS\ALL USERS\DADOS DE APLICATIVOS\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\COFFPLGN\] -> [2010/12/16 14:47:47 | 000,000,000 | ---D | M]

< FireFox Extensions [user Folders] > ->

-> C:\Documents and Settings\felipe\Dados de aplicativos\Mozilla\Extensions -> [2010/08/15 17:48:15 | 000,000,000 | ---D | M]

-> C:\Documents and Settings\felipe\Dados de aplicativos\Mozilla\Extensions\mozswing@mozswing.org -> [2010/08/15 17:48:15 | 000,000,000 | ---D | M]

< HOSTS File > ([2010/12/16 14:09:14 | 000,002,386 | ---- | M] - 46 lines) -> C:\WINDOWS\system32\drivers\etc\hosts ->

First 25 entries...

Reset Hosts

<html>

<head>

<title>%produxt_name% - Alerta </title>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

</head>

<body>

<table width="500" height="300" border="1" bordercolor="#FFFFFF">

<tr>

<td align="center" valign="bottom" bordercolor="#000000" bgcolor="#B5131C"><table width="100%" border="0">

<tr>

<td><strong><font color="#FFFFFF" size="2" face="Arial, Helvetica, sans-serif">Alerta %produxt_name%</font></strong></td>

</tr>

</table>

<table width="494" height="270" border="1" bordercolor="#B5131C">

<tr>

<td align="left" valign="top" bordercolor="#000000" bgcolor="#FFFFFF">

<table width="100%" height="100%" border="0" cellspacing="2">

<tr>

<td height="40" align="right" valign="bottom" bgcolor="#B5131C"><strong><font color="#FFFFFF" size="4" face="Arial Black">Acesso

negado !  </font></strong></td>

</tr>

<tr>

<td bgcolor="#EEEEEE" height="100%"><table width="488" height="100%" border="0" cellspacing="0" cellpadding="0">

<tr>

< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> [2009/02/27 12:07:26 | 000,075,128 | ---- | M] (Adobe Systems Incorporated)

{5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} [HKLM] -> C:\Arquivos de programas\Norton Internet Security\Engine\18.5.0.125\CoIEPlg.dll [symantec NCO BHO] -> [2010/12/03 21:46:10 | 000,433,080 | R--- | M] (Symantec Corporation)

{6D53EC84-6AAE-4787-AEEE-F4628F01010C} [HKLM] -> C:\Arquivos de programas\Norton Internet Security\Engine\18.5.0.125\IPS\IPSBHO.dll [symantec Intrusion Prevention] -> [2010/12/01 02:39:27 | 000,210,360 | R--- | M] (Symantec Corporation)

{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} [HKLM] -> C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [search Helper] -> [2009/01/14 18:49:24 | 000,092,504 | ---- | M] (Microsoft Corp.)

{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Auxiliar de Conexão do Windows Live] -> [2009/01/22 15:41:30 | 000,408,448 | ---- | M] (Microsoft Corporation)

{C41A1C0E-EA6C-11D4-B1B8-444553540003} [HKLM] -> C:\Arquivos de programas\GbPlugin\gbiehcef.dll [GbIehObj Class] -> [2010/11/03 12:34:04 | 000,335,304 | ---- | M] (Caixa Economica Federal)

{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} [HKLM] -> C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll [Windows Live Toolbar Helper] -> [2010/04/16 20:55:34 | 001,067,872 | ---- | M] (Microsoft Corporation)

< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->

"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll [&Windows Live Toolbar] -> [2010/04/16 20:55:34 | 001,067,872 | ---- | M] (Microsoft Corporation)

"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" [HKLM] -> C:\Arquivos de programas\Norton Internet Security\Engine\18.5.0.125\CoIEPlg.dll [Norton Toolbar] -> [2010/12/03 21:46:10 | 000,433,080 | R--- | M] (Symantec Corporation)

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

< Internet Explorer ToolBars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\ ->

WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

WebBrowser\\"{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

< Internet Explorer ToolBars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\ ->

WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

WebBrowser\\"{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1957994488-1844823847-1801674531-1004\] > -> HKEY_USERS\S-1-5-21-1957994488-1844823847-1801674531-1004\Software\Microsoft\Internet Explorer\Toolbar\ ->

WebBrowser\\"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll [&Windows Live Toolbar] -> [2010/04/16 20:55:34 | 001,067,872 | ---- | M] (Microsoft Corporation)

WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

WebBrowser\\"{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->

"avgnt" -> C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe ["C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min] -> [2010/09/03 15:44:21 | 000,281,768 | ---- | M] (Avira GmbH)

"BluetoothAuthenticationAgent" -> C:\WINDOWS\System32\bthprops.cpl [rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent] -> [2008/04/14 09:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation)

"COMODO Internet Security" -> C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe ["C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe" -h] -> [2010/09/10 23:41:20 | 002,500,552 | ---- | M] (COMODO)

"MSSE" -> C:\Arquivos de programas\Microsoft Security Essentials\msseces.exe ["C:\Arquivos de programas\Microsoft Security Essentials\msseces.exe" -hide -runkey] -> [2010/09/15 04:34:02 | 001,094,224 | ---- | M] (Microsoft Corporation)

"SoundMAXPnP" -> C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe [C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe] -> [2007/08/01 14:52:42 | 001,036,288 | ---- | M] (Analog Devices, Inc.)

"SunJavaUpdateSched" -> C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe ["C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"] -> [2010/05/14 11:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.)

"Windows Defender" -> C:\Arquivos de programas\Windows Defender\MSASCui.exe ["C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide] -> [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation)

< RunOnce [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->

"nltide_2" -> [regsvr32 /s /n /i:U shell32] -> File not found

< RunOnce [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->

"nltide_2" -> [regsvr32 /s /n /i:U shell32] -> File not found

< RunOnce [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->

"nltide_2" -> [regsvr32 /s /n /i:U shell32] -> File not found

< RunOnce [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->

"nltide_2" -> [regsvr32 /s /n /i:U shell32] -> File not found

< Run [HKEY_USERS\S-1-5-21-1957994488-1844823847-1801674531-1004\] > -> HKEY_USERS\S-1-5-21-1957994488-1844823847-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->

"Advanced SystemCare 3" -> C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe ["C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" /startup] -> [2010/12/14 15:18:46 | 002,402,512 | ---- | M] (IObit)

< All Users Startup Folder > -> C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar ->

< Default User Startup Folder > -> C:\Documents and Settings\Default User\Menu Iniciar\Programas\Inicializar ->

< Home Startup Folder > -> C:\Documents and Settings\Home\Menu Iniciar\Programas\Inicializar ->

C:\Documents and Settings\Home\Menu Iniciar\Programas\Inicializar\LimeWire On Startup.lnk -> C:\Arquivos de programas\LimeWire\LimeWire.exe -> File not found

< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer ->

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions

\Infodelivery\Restrictions\\"NoUpdateCheck" -> [1] -> File not found

< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

\\"NoDesktopCleanupWizard" -> [1] -> File not found

\\"HonorAutoRunSetting" -> [1] -> File not found

\\"LinkResolveIgnoreLinkInfo" -> [0] -> File not found

\\"NoResolveSearch" -> [1] -> File not found

< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System

\\"EnableLUA" -> [0] -> File not found

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\dontdisplaylastusername

< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

\\"NoDriveTypeAutoRun" -> [145] -> File not found

\\"NoLowDiskSpaceChecks" -> [1] -> File not found

< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

\\"NoDriveTypeAutoRun" -> [145] -> File not found

\\"NoLowDiskSpaceChecks" -> [1] -> File not found

< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->

HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

\\"NoDriveTypeAutoRun" -> [145] -> File not found

\\"NoLowDiskSpaceChecks" -> [1] -> File not found

< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->

HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

\\"NoDriveTypeAutoRun" -> [145] -> File not found

\\"NoLowDiskSpaceChecks" -> [1] -> File not found

< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1957994488-1844823847-1801674531-1004] > -> HKEY_USERS\S-1-5-21-1957994488-1844823847-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->

HKEY_USERS\S-1-5-21-1957994488-1844823847-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

\\"NoDriveTypeAutoRun" -> [145] -> File not found

\\"NoLowDiskSpaceChecks" -> [1] -> File not found

\\"LinkResolveIgnoreLinkInfo" -> [0] -> File not found

< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1957994488-1844823847-1801674531-1004] > -> HKEY_USERS\S-1-5-21-1957994488-1844823847-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->

< Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ ->

Google Sidewiki... -> C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll [res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html] -> File not found

< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ ->

Google Sidewiki... -> C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll [res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html] -> File not found

< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-1957994488-1844823847-1801674531-1004\] > -> HKEY_USERS\S-1-5-21-1957994488-1844823847-1801674531-1004\Software\Microsoft\Internet Explorer\MenuExt\ ->

Google Sidewiki... -> C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll [res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html] -> File not found

< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->

< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix

"" -> http://

< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->

< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->

< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->

< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->

< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->

< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->

< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->

HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->

< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->

HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->

< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->

HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->

< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->

HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->

< Trusted Sites Domains [HKEY_USERS\S-1-5-21-1957994488-1844823847-1801674531-1004\] > -> HKEY_USERS\S-1-5-21-1957994488-1844823847-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->

HKEY_USERS\S-1-5-21-1957994488-1844823847-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4818 domain(s) found. ->

< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1957994488-1844823847-1801674531-1004\] > -> HKEY_USERS\S-1-5-21-1957994488-1844823847-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->

HKEY_USERS\S-1-5-21-1957994488-1844823847-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->

< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->

{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab [Java Plug-in 1.6.0_23] ->

{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab [Java Plug-in 1.6.0_01] ->

{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab [Java Plug-in 1.6.0_23] ->

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab [Java Plug-in 1.6.0_23] ->

{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab [shockwave Flash Object] ->

{DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} [HKLM] -> https://imagem.caixa.gov.br/cab/gbpdist.cab [GbpDistObj Class] ->

< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->

DhcpNameServer -> 189.4.128.102 189.4.128.103 ->

< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->

{9F3FCC1B-872F-4158-A721-B4997B430D5F}\\DhcpNameServer -> 189.4.128.102 189.4.128.103 (Broadcom 440x 10/100 Integrated Controller) ->

{9F3FCC1B-872F-4158-A721-B4997B430D5F}\\NameServer -> 156.154.70.25,156.154.71.25 (Broadcom 440x 10/100 Integrated Controller) ->

< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->

*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->

Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 09:00:00 | 001,035,776 | ---- | M] (Microsoft Corporation)

*MultiFile Done* -> ->

< Winlogon settings [HKEY_USERS\S-1-5-21-1957994488-1844823847-1801674531-1004] > -> HKEY_USERS\S-1-5-21-1957994488-1844823847-1801674531-1004\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->

*Shell* -> HKEY_USERS\S-1-5-21-1957994488-1844823847-1801674531-1004\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->

EXPLORER.EXE -> C:\WINDOWS\explorer.exe -> [2008/04/14 09:00:00 | 001,035,776 | ---- | M] (Microsoft Corporation)

*MultiFile Done* -> ->

< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->

GbPluginCef -> C:\Arquivos de programas\GbPlugin\gbiehcef.dll -> [2010/11/03 12:34:04 | 000,335,304 | ---- | M] (Caixa Economica Federal)

!SASWinLogon -> C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.DLL -> [2009/09/03 20:21:41 | 000,548,352 | ---- | M] (SUPERAntiSpyware.com)

AtiExtEvent -> C:\WINDOWS\System32\ati2evxx.dll -> [2006/10/29 15:17:14 | 000,086,016 | ---- | M] (ATI Technologies Inc.)

< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->

"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" [HKLM] -> C:\Arquivos de programas\Windows Defender\MpShHook.dll [Microsoft AntiMalware ShellExecuteHook] -> [2006/11/03 19:20:00 | 000,083,224 | ---- | M] (Microsoft Corporation)

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" [HKLM] -> C:\Arquivos de programas\SUPERAntiSpyware\SASSEH.DLL [] -> [2008/05/13 15:13:36 | 000,077,824 | ---- | M] (SuperAdBlocker.com)

"{E37CB5F0-51F5-4395-A808-5FA49E399003}" [HKLM] -> C:\Arquivos de programas\GbPlugin\gbiehcef.dll [GbPlugin ShlObj] -> [2010/11/03 12:34:04 | 000,335,304 | ---- | M] (Caixa Economica Federal)

< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->

< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->

< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->

< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->

"AutoRun" -> 1 ->

"DisplayName" -> Driver de CD-ROM ->

"ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found

< Drives with AutoRun files > -> ->

C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2010/01/09 17:02:37 | 000,000,000 | ---- | M] ()

< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->

\{fb6fb568-0077-11e0-9aa6-001aa00a5ba8}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb6fb568-0077-11e0-9aa6-001aa00a5ba8}\Shell\AutoRun\command

\{fb6fb568-0077-11e0-9aa6-001aa00a5ba8}\Shell\AutoRun\command\\"" -> E:\InstallTomTomHOME.exe [E:\InstallTomTomHOME.exe] -> File not found

< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->

comfile [open] -> "%1" %* ->

exefile [open] -> "%1" %* ->

< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->

.com [@ = comfile] -> "%1" %* ->

.exe [@ = exefile] -> "%1" %* ->

 

 

[Files/Folders - Created Within 30 Days]

VritualRoot -> C:\VritualRoot -> [2010/12/18 00:12:33 | 000,000,000 | -H-D | C]

COMODO -> C:\Arquivos de programas\COMODO -> [2010/12/18 00:06:02 | 000,000,000 | ---D | C]

Comodo -> C:\Documents and Settings\All Users\Dados de aplicativos\Comodo -> [2010/12/18 00:03:53 | 000,000,000 | ---D | C]

7183293.sys -> C:\WINDOWS\System32\drivers\7183293.sys -> [2010/12/17 09:55:57 | 000,315,408 | ---- | C] (Kaspersky Lab)

71832931.sys -> C:\WINDOWS\System32\drivers\71832931.sys -> [2010/12/17 09:55:57 | 000,128,016 | ---- | C] (Kaspersky Lab)

71832932.sys -> C:\WINDOWS\System32\drivers\71832932.sys -> [2010/12/17 09:55:57 | 000,037,392 | ---- | C] (Kaspersky Lab)

Virus Removal Tool -> C:\Documents and Settings\felipe\Desktop\Virus Removal Tool -> [2010/12/17 09:55:55 | 000,000,000 | ---D | C]

NPE -> C:\Documents and Settings\felipe\Configurações locais\Dados de aplicativos\NPE -> [2010/12/17 00:56:21 | 000,000,000 | ---D | C]

Prefetch -> C:\WINDOWS\Prefetch -> [2010/12/16 23:37:39 | 000,000,000 | ---D | C]

SYMEVENT.SYS -> C:\WINDOWS\System32\drivers\SYMEVENT.SYS -> [2010/12/16 14:50:08 | 000,126,512 | ---- | C] (Symantec Corporation)

S32EVNT1.DLL -> C:\WINDOWS\System32\S32EVNT1.DLL -> [2010/12/16 14:50:08 | 000,060,808 | ---- | C] (Symantec Corporation)

Symantec -> C:\Arquivos de programas\Symantec -> [2010/12/16 14:50:08 | 000,000,000 | ---D | C]

SymEFA.sys -> C:\WINDOWS\System32\drivers\NIS\1205000.07D\SymEFA.sys -> [2010/12/16 14:48:43 | 000,652,336 | R--- | C] (Symantec Corporation)

symtdi.sys -> C:\WINDOWS\System32\drivers\NIS\1205000.07D\symtdi.sys -> [2010/12/16 14:48:43 | 000,368,248 | R--- | C] (Symantec Corporation)

SymDS.sys -> C:\WINDOWS\System32\drivers\NIS\1205000.07D\SymDS.sys -> [2010/12/16 14:48:43 | 000,340,016 | R--- | C] (Symantec Corporation)

symtdiv.sys -> C:\WINDOWS\System32\drivers\NIS\1205000.07D\symtdiv.sys -> [2010/12/16 14:48:43 | 000,330,360 | R--- | C] (Symantec Corporation)

symnets.sys -> C:\WINDOWS\System32\drivers\NIS\1205000.07D\symnets.sys -> [2010/12/16 14:48:43 | 000,295,032 | R--- | C] (Symantec Corporation)

srtspx.sys -> C:\WINDOWS\System32\drivers\NIS\1205000.07D\srtspx.sys -> [2010/12/16 14:48:43 | 000,050,168 | R--- | C] (Symantec Corporation)

srtsp.sys -> C:\WINDOWS\System32\drivers\NIS\1205000.07D\srtsp.sys -> [2010/12/16 14:48:42 | 000,509,560 | R--- | C] (Symantec Corporation)

Ironx86.sys -> C:\WINDOWS\System32\drivers\NIS\1205000.07D\Ironx86.sys -> [2010/12/16 14:48:42 | 000,136,312 | R--- | C] (Symantec Corporation)

NIS -> C:\WINDOWS\System32\drivers\NIS -> [2010/12/16 14:47:54 | 000,000,000 | ---D | C]

1205000.07D -> C:\WINDOWS\System32\drivers\NIS\1205000.07D -> [2010/12/16 14:47:54 | 000,000,000 | ---D | C]

Windows Sidebar -> C:\Arquivos de programas\Windows Sidebar -> [2010/12/16 14:47:47 | 000,000,000 | ---D | C]

Norton Internet Security -> C:\Arquivos de programas\Norton Internet Security -> [2010/12/16 14:47:47 | 000,000,000 | ---D | C]

NortonInstaller -> C:\Arquivos de programas\NortonInstaller -> [2010/12/16 14:47:33 | 000,000,000 | ---D | C]

SUPERAntiSpyware.com -> C:\Documents and Settings\All Users\Dados de aplicativos\SUPERAntiSpyware.com -> [2010/12/16 14:46:42 | 000,000,000 | ---D | C]

SUPERAntiSpyware -> C:\Arquivos de programas\SUPERAntiSpyware -> [2010/12/16 14:45:35 | 000,000,000 | ---D | C]

Sun -> C:\Documents and Settings\All Users\Dados de aplicativos\Sun -> [2010/12/16 14:25:03 | 000,000,000 | ---D | C]

Sun -> C:\Documents and Settings\felipe\Dados de aplicativos\Sun -> [2010/12/16 14:19:07 | 000,000,000 | ---D | C]

LinhaDefensiva -> C:\LinhaDefensiva -> [2010/12/16 14:08:07 | 000,000,000 | ---D | C]

IObit -> C:\Documents and Settings\felipe\Dados de aplicativos\IObit -> [2010/12/16 10:47:37 | 000,000,000 | ---D | C]

IObit -> C:\Arquivos de programas\IObit -> [2010/12/16 10:47:36 | 000,000,000 | ---D | C]

Malwarebytes -> C:\Documents and Settings\felipe\Dados de aplicativos\Malwarebytes -> [2010/12/16 10:01:37 | 000,000,000 | ---D | C]

mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2010/12/16 09:58:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation)

Malwarebytes -> C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes -> [2010/12/16 09:58:07 | 000,000,000 | ---D | C]

mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2010/12/16 09:57:54 | 000,020,952 | ---- | C] (Malwarebytes Corporation)

Malwarebytes' Anti-Malware -> C:\Arquivos de programas\Malwarebytes' Anti-Malware -> [2010/12/16 09:57:53 | 000,000,000 | ---D | C]

Windows Defender -> C:\Arquivos de programas\Windows Defender -> [2010/12/16 09:41:10 | 000,000,000 | ---D | C]

Avira -> C:\Documents and Settings\felipe\Dados de aplicativos\Avira -> [2010/12/16 09:17:30 | 000,000,000 | ---D | C]

ssmdrv.sys -> C:\WINDOWS\System32\drivers\ssmdrv.sys -> [2010/12/16 09:12:10 | 000,028,520 | ---- | C] (Avira GmbH)

avipbb.sys -> C:\WINDOWS\System32\drivers\avipbb.sys -> [2010/12/16 09:12:09 | 000,126,856 | ---- | C] (Avira GmbH)

avgntflt.sys -> C:\WINDOWS\System32\drivers\avgntflt.sys -> [2010/12/16 09:12:08 | 000,060,936 | ---- | C] (Avira GmbH)

avgntdd.sys -> C:\WINDOWS\System32\drivers\avgntdd.sys -> [2010/12/16 09:12:08 | 000,045,416 | ---- | C] (Avira GmbH)

avgntmgr.sys -> C:\WINDOWS\System32\drivers\avgntmgr.sys -> [2010/12/16 09:12:08 | 000,022,360 | ---- | C] (Avira GmbH)

Avira -> C:\Documents and Settings\All Users\Dados de aplicativos\Avira -> [2010/12/16 09:12:08 | 000,000,000 | ---D | C]

Avira -> C:\Arquivos de programas\Avira -> [2010/12/16 09:12:08 | 000,000,000 | ---D | C]

pss -> C:\WINDOWS\pss -> [2010/12/16 07:40:06 | 000,000,000 | ---D | C]

GroupPolicy -> C:\WINDOWS\System32\GroupPolicy -> [2010/12/16 07:28:05 | 000,000,000 | -H-D | C]

$AVG -> C:\$AVG -> [2010/12/15 18:59:32 | 000,000,000 | -H-D | C]

SUPERAntiSpyware.com -> C:\Documents and Settings\felipe\Dados de aplicativos\SUPERAntiSpyware.com -> [2010/12/15 18:59:11 | 000,000,000 | ---D | C]

Microsoft Security Essentials -> C:\Arquivos de programas\Microsoft Security Essentials -> [2010/12/15 17:44:34 | 000,000,000 | ---D | C]

AVG10 -> C:\Documents and Settings\felipe\Dados de aplicativos\AVG10 -> [2010/12/15 17:38:15 | 000,000,000 | ---D | C]

Common Files -> C:\Documents and Settings\All Users\Dados de aplicativos\Common Files -> [2010/12/15 17:35:23 | 000,000,000 | -H-D | C]

AVG10 -> C:\Documents and Settings\All Users\Dados de aplicativos\AVG10 -> [2010/12/15 17:33:29 | 000,000,000 | ---D | C]

MFAData -> C:\Documents and Settings\All Users\Dados de aplicativos\MFAData -> [2010/12/15 13:55:08 | 000,000,000 | ---D | C]

Kaspersky Lab Setup Files -> C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files -> [2010/12/15 13:34:08 | 000,000,000 | ---D | C]

Windows Genuine Advantage -> C:\Documents and Settings\All Users\Dados de aplicativos\Windows Genuine Advantage -> [2010/12/15 12:32:10 | 000,000,000 | ---D | C]

desktop -> C:\Arquivos de programas\desktop -> [2010/12/14 11:14:48 | 000,000,000 | ---D | C]

EMX -> C:\Documents and Settings\felipe\Dados de aplicativos\EMX -> [2010/12/14 10:16:17 | 000,000,000 | ---D | C]

mxpvct26.dat -> C:\WINDOWS\System32\mxpvct26.dat -> [2010/12/14 10:10:10 | 001,519,616 | ---- | C] (Chilkat Software, Inc.)

PE Explorer -> C:\Documents and Settings\felipe\Dados de aplicativos\PE Explorer -> [2010/12/14 10:01:47 | 000,000,000 | ---D | C]

-> C:\Documents and Settings\felipe\Desktop\ -> [2010/12/13 12:02:22 | 000,000,000 | R--D | C]

TomTom DesktopSuite -> C:\Arquivos de programas\TomTom DesktopSuite -> [2010/12/05 14:12:58 | 000,000,000 | ---D | C]

 

[Files/Folders - Modified Within 30 Days]

GoogleUpdateTaskUserS-1-5-21-1957994488-1844823847-1801674531-1004UA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1844823847-1801674531-1004UA.job -> [2010/12/18 13:58:05 | 000,001,148 | ---- | M] ()

MP Scheduled Scan.job -> C:\WINDOWS\tasks\MP Scheduled Scan.job -> [2010/12/18 08:10:34 | 000,000,346 | -H-- | M] ()

WGASetup.job -> C:\WINDOWS\tasks\WGASetup.job -> [2010/12/18 08:07:57 | 000,000,260 | ---- | M] ()

bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/12/18 08:07:20 | 000,002,048 | --S- | M] ()

FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2010/12/18 08:07:17 | 000,188,200 | ---- | M] ()

Cat.DB -> C:\WINDOWS\System32\drivers\NIS\1205000.07D\Cat.DB -> [2010/12/18 03:15:18 | 000,480,742 | ---- | M] ()

COMODO Firewall.lnk -> C:\Documents and Settings\All Users\Desktop\COMODO Firewall.lnk -> [2010/12/18 00:07:17 | 000,001,709 | ---- | M] ()

boot.ini -> C:\boot.ini -> [2010/12/17 23:51:31 | 000,000,211 | -HS- | M] ()

GoogleUpdateTaskUserS-1-5-21-1957994488-1844823847-1801674531-1004Core.job -> C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1844823847-1801674531-1004Core.job -> [2010/12/17 22:54:02 | 000,001,096 | ---- | M] ()

SMRResults161.dat -> C:\Documents and Settings\felipe\Dados de aplicativos\SMRResults161.dat -> [2010/12/17 12:18:17 | 000,002,638 | ---- | M] ()

SMRBackup161.dat -> C:\Documents and Settings\felipe\Dados de aplicativos\SMRBackup161.dat -> [2010/12/17 09:45:23 | 007,557,843 | ---- | M] ()

SYMEVENT.SYS -> C:\WINDOWS\System32\drivers\SYMEVENT.SYS -> [2010/12/16 14:50:08 | 000,126,512 | ---- | M] (Symantec Corporation)

S32EVNT1.DLL -> C:\WINDOWS\System32\S32EVNT1.DLL -> [2010/12/16 14:50:08 | 000,060,808 | ---- | M] (Symantec Corporation)

SYMEVENT.CAT -> C:\WINDOWS\System32\drivers\SYMEVENT.CAT -> [2010/12/16 14:50:08 | 000,007,456 | ---- | M] ()

SYMEVENT.INF -> C:\WINDOWS\System32\drivers\SYMEVENT.INF -> [2010/12/16 14:50:08 | 000,000,805 | ---- | M] ()

Norton Internet Security.LNK -> C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK -> [2010/12/16 14:49:23 | 000,002,063 | ---- | M] ()

SUPERAntiSpyware Free Edition.lnk -> C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk -> [2010/12/16 14:45:42 | 000,001,757 | ---- | M] ()

ntuser.pol -> C:\Documents and Settings\felipe\ntuser.pol -> [2010/12/16 14:05:53 | 000,000,468 | RHS- | M] ()

Advanced SystemCare.lnk -> C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk -> [2010/12/16 10:48:22 | 000,000,937 | ---- | M] ()

Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/12/16 10:31:54 | 000,000,847 | ---- | M] ()

wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2010/12/16 09:39:52 | 000,002,206 | ---- | M] ()

Centro de controle do Avira AntiVir.lnk -> C:\Documents and Settings\All Users\Desktop\Centro de controle do Avira AntiVir.lnk -> [2010/12/16 09:12:21 | 000,001,786 | ---- | M] ()

Microsoft Security Essentials.lnk -> C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk -> [2010/12/15 17:44:39 | 000,000,871 | ---- | M] ()

p_ekran.jpg -> C:\WINDOWS\p_ekran.jpg -> [2010/12/14 11:15:15 | 000,034,004 | ---- | M] ()

DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\felipe\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010/12/05 18:24:24 | 000,021,504 | ---- | M] ()

isolate.ini -> C:\WINDOWS\System32\drivers\NIS\1205000.07D\isolate.ini -> [2010/12/04 08:53:10 | 000,000,172 | ---- | M] ()

symnetv.cat -> C:\WINDOWS\System32\drivers\NIS\1205000.07D\symnetv.cat -> [2010/12/02 01:15:10 | 000,007,877 | R--- | M] ()

SymNet.cat -> C:\WINDOWS\System32\drivers\NIS\1205000.07D\SymNet.cat -> [2010/12/02 01:15:10 | 000,007,458 | R--- | M] ()

symtdi.sys -> C:\WINDOWS\System32\drivers\NIS\1205000.07D\symtdi.sys -> [2010/12/01 03:24:00 | 000,368,248 | R--- | M] (Symantec Corporation)

symnets.sys -> C:\WINDOWS\System32\drivers\NIS\1205000.07D\symnets.sys -> [2010/12/01 03:24:00 | 000,295,032 | R--- | M] (Symantec Corporation)

symtdiv.sys -> C:\WINDOWS\System32\drivers\NIS\1205000.07D\symtdiv.sys -> [2010/12/01 03:23:59 | 000,330,360 | R--- | M] (Symantec Corporation)

SymNetV.inf -> C:\WINDOWS\System32\drivers\NIS\1205000.07D\SymNetV.inf -> [2010/12/01 03:23:53 | 000,001,474 | R--- | M] ()

SymNet.inf -> C:\WINDOWS\System32\drivers\NIS\1205000.07D\SymNet.inf -> [2010/12/01 03:23:53 | 000,001,446 | R--- | M] ()

mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation)

mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation)

SymEFA.cat -> C:\WINDOWS\System32\drivers\NIS\1205000.07D\SymEFA.cat -> [2010/11/23 02:59:06 | 000,007,456 | R--- | M] ()

SymDS.cat -> C:\WINDOWS\System32\drivers\NIS\1205000.07D\SymDS.cat -> [2010/11/23 02:58:56 | 000,007,450 | R--- | M] ()

iron.cat -> C:\WINDOWS\System32\drivers\NIS\1205000.07D\iron.cat -> [2010/11/23 02:27:39 | 000,007,528 | R--- | M] ()

srtsp.sys -> C:\WINDOWS\System32\drivers\NIS\1205000.07D\srtsp.sys -> [2010/11/23 02:08:31 | 000,509,560 | R--- | M] (Symantec Corporation)

srtspx.sys -> C:\WINDOWS\System32\drivers\NIS\1205000.07D\srtspx.sys -> [2010/11/23 02:08:31 | 000,050,168 | R--- | M] (Symantec Corporation)

srtspx.cat -> C:\WINDOWS\System32\drivers\NIS\1205000.07D\srtspx.cat -> [2010/11/23 02:08:31 | 000,007,454 | R--- | M] ()

srtsp.cat -> C:\WINDOWS\System32\drivers\NIS\1205000.07D\srtsp.cat -> [2010/11/23 02:08:31 | 000,007,450 | R--- | M] ()

srtspx.inf -> C:\WINDOWS\System32\drivers\NIS\1205000.07D\srtspx.inf -> [2010/11/23 02:08:31 | 000,001,389 | R--- | M] ()

srtsp.inf -> C:\WINDOWS\System32\drivers\NIS\1205000.07D\srtsp.inf -> [2010/11/23 02:08:31 | 000,001,383 | R--- | M] ()

4 C:\Documents and Settings\felipe\Configurações locais\Temp\*.tmp files -> C:\Documents and Settings\felipe\Configurações locais\Temp\*.tmp ->

 

[Files - No Company Name]

COMODO Firewall.lnk -> C:\Documents and Settings\All Users\Desktop\COMODO Firewall.lnk -> [2010/12/18 00:07:16 | 000,001,709 | ---- | C] ()

SMRResults161.dat -> C:\Documents and Settings\felipe\Dados de aplicativos\SMRResults161.dat -> [2010/12/17 12:18:10 | 000,002,638 | ---- | C] ()

SMRBackup161.dat -> C:\Documents and Settings\felipe\Dados de aplicativos\SMRBackup161.dat -> [2010/12/17 05:38:44 | 007,557,843 | ---- | C] ()

Cat.DB -> C:\WINDOWS\System32\drivers\NIS\1205000.07D\Cat.DB -> [2010/12/16 14:50:14 | 000,480,742 | ---- | C] ()

SYMEVENT.CAT -> C:\WINDOWS\System32\drivers\SYMEVENT.CAT -> [2010/12/16 14:50:08 | 000,007,456 | ---- | C] ()

SYMEVENT.INF -> C:\WINDOWS\System32\drivers\SYMEVENT.INF -> [2010/12/16 14:50:08 | 000,000,805 | ---- | C] ()

Norton Internet Security.LNK -> C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK -> [2010/12/16 14:49:23 | 000,002,063 | ---- | C] ()

SymEFA.inf -> C:\WINDOWS\System32\drivers\NIS\1205000.07D\SymEFA.inf -> [2010/12/16 14:48:14 | 000,003,374 | R--- | C] ()

SymDS.inf -> C:\WINDOWS\System32\drivers\NIS\1205000.07D\SymDS.inf -> [2010/12/16 14:48:14 | 000,002,792 | R--- | C] ()

SymNetV.inf -> C:\WINDOWS\System32\drivers\NIS\1205000.07D\SymNetV.inf -> [2010/12/16 14:48:14 | 000,001,474 | R--- | C] ()

SymNet.inf -> C:\WINDOWS\System32\drivers\NIS\1205000.07D\SymNet.inf -> [2010/12/16 14:48:14 | 000,001,446 | R--- | C] ()

srtspx.inf -> C:\WINDOWS\System32\drivers\NIS\1205000.07D\srtspx.inf -> [2010/12/16 14:48:13 | 000,001,389 | R--- | C] ()

srtsp.inf -> C:\WINDOWS\System32\drivers\NIS\1205000.07D\srtsp.inf -> [2010/12/16 14:48:13 | 000,001,383 | R--- | C] ()

Iron.inf -> C:\WINDOWS\System32\drivers\NIS\1205000.07D\Iron.inf -> [2010/12/16 14:48:13 | 000,000,742 | R--- | C] ()

symnetv.cat -> C:\WINDOWS\System32\drivers\NIS\1205000.07D\symnetv.cat -> [2010/12/16 14:47:54 | 000,007,877 | R--- | C] ()

iron.cat -> C:\WINDOWS\System32\drivers\NIS\1205000.07D\iron.cat -> [2010/12/16 14:47:54 | 000,007,528 | R--- | C] ()

SymNet.cat -> C:\WINDOWS\System32\drivers\NIS\1205000.07D\SymNet.cat -> [2010/12/16 14:47:54 | 000,007,458 | R--- | C] ()

SymEFA.cat -> C:\WINDOWS\System32\drivers\NIS\1205000.07D\SymEFA.cat -> [2010/12/16 14:47:54 | 000,007,456 | R--- | C] ()

srtspx.cat -> C:\WINDOWS\System32\drivers\NIS\1205000.07D\srtspx.cat -> [2010/12/16 14:47:54 | 000,007,454 | R--- | C] ()

SymDS.cat -> C:\WINDOWS\System32\drivers\NIS\1205000.07D\SymDS.cat -> [2010/12/16 14:47:54 | 000,007,450 | R--- | C] ()

srtsp.cat -> C:\WINDOWS\System32\drivers\NIS\1205000.07D\srtsp.cat -> [2010/12/16 14:47:54 | 000,007,450 | R--- | C] ()

isolate.ini -> C:\WINDOWS\System32\drivers\NIS\1205000.07D\isolate.ini -> [2010/12/16 14:47:54 | 000,000,172 | ---- | C] ()

SUPERAntiSpyware Free Edition.lnk -> C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk -> [2010/12/16 14:45:42 | 000,001,757 | ---- | C] ()

ntuser.pol -> C:\Documents and Settings\felipe\ntuser.pol -> [2010/12/16 14:05:53 | 000,000,468 | RHS- | C] ()

Advanced SystemCare.lnk -> C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk -> [2010/12/16 10:48:22 | 000,000,937 | ---- | C] ()

Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/12/16 09:58:16 | 000,000,847 | ---- | C] ()

MP Scheduled Scan.job -> C:\WINDOWS\tasks\MP Scheduled Scan.job -> [2010/12/16 09:44:27 | 000,000,346 | -H-- | C] ()

Centro de controle do Avira AntiVir.lnk -> C:\Documents and Settings\All Users\Desktop\Centro de controle do Avira AntiVir.lnk -> [2010/12/16 09:12:21 | 000,001,786 | ---- | C] ()

Microsoft Security Essentials.lnk -> C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk -> [2010/12/15 17:44:39 | 000,000,871 | ---- | C] ()

p_ekran.jpg -> C:\WINDOWS\p_ekran.jpg -> [2010/12/14 11:15:15 | 000,034,004 | ---- | C] ()

bwmedia.dll -> C:\WINDOWS\System32\bwmedia.dll -> [2010/10/20 23:06:09 | 000,150,016 | ---- | C] ()

sysmwwod.dll -> C:\WINDOWS\System32\sysmwwod.dll -> [2010/10/20 22:59:47 | 000,000,037 | ---- | C] ()

lame_enc.dll -> C:\WINDOWS\System32\lame_enc.dll -> [2010/10/20 21:22:37 | 000,237,568 | ---- | C] ()

mp3dec.dll -> C:\WINDOWS\System32\mp3dec.dll -> [2010/10/20 14:22:07 | 000,118,784 | ---- | C] ()

sptd.sys -> C:\WINDOWS\System32\drivers\sptd.sys -> [2010/10/11 21:24:56 | 000,697,328 | ---- | C] ()

psisdecd.dll -> C:\WINDOWS\System32\psisdecd.dll -> [2010/10/10 21:40:32 | 000,354,816 | ---- | C] ()

DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\felipe\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010/03/25 19:03:56 | 000,021,504 | ---- | C] ()

drwtsn32.dll -> C:\WINDOWS\System32\drwtsn32.dll -> [2010/01/19 10:44:33 | 000,000,076 | ---- | C] ()

ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2010/01/09 18:25:46 | 000,000,421 | ---- | C] ()

unrar.dll -> C:\WINDOWS\System32\unrar.dll -> [2010/01/09 17:56:44 | 000,168,448 | ---- | C] ()

avisplitter.ini -> C:\WINDOWS\avisplitter.ini -> [2010/01/09 17:56:43 | 000,000,038 | ---- | C] ()

xvidcore.dll -> C:\WINDOWS\System32\xvidcore.dll -> [2010/01/09 17:56:42 | 000,881,664 | ---- | C] ()

xvidvfw.dll -> C:\WINDOWS\System32\xvidvfw.dll -> [2010/01/09 17:56:42 | 000,205,824 | ---- | C] ()

qt-dx331.dll -> C:\WINDOWS\System32\qt-dx331.dll -> [2010/01/09 17:56:41 | 003,596,288 | ---- | C] ()

ff_vfw.dll -> C:\WINDOWS\System32\ff_vfw.dll -> [2010/01/09 17:56:40 | 000,085,504 | ---- | C] ()

everest_cpl.ini -> C:\WINDOWS\System32\everest_cpl.ini -> [2010/01/09 17:27:13 | 000,000,066 | ---- | C] ()

ODBCINST.INI -> C:\WINDOWS\ODBCINST.INI -> [2010/01/09 14:54:50 | 000,004,205 | ---- | C] ()

powermp3wavconverter.ini -> C:\WINDOWS\powermp3wavconverter.ini -> [2006/12/30 18:50:08 | 000,000,395 | ---- | C] ()

mp3enc.dll -> C:\WINDOWS\System32\mp3enc.dll -> [2002/01/18 21:56:54 | 000,217,088 | ---- | C] ()

 

[File - Lop Check]

AVG10 -> C:\Documents and Settings\All Users\Dados de aplicativos\AVG10 -> [2010/12/16 08:41:06 | 000,000,000 | ---D | M]

Common Files -> C:\Documents and Settings\All Users\Dados de aplicativos\Common Files -> [2010/12/15 17:35:23 | 000,000,000 | -H-D | M]

DAEMON Tools Pro -> C:\Documents and Settings\All Users\Dados de aplicativos\DAEMON Tools Pro -> [2010/10/11 21:24:27 | 000,000,000 | ---D | M]

ESET -> C:\Documents and Settings\All Users\Dados de aplicativos\ESET -> [2010/01/09 17:59:29 | 000,000,000 | ---D | M]

GbPlugin -> C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin -> [2010/12/11 08:23:40 | 000,000,000 | ---D | M]

Messenger Plus! -> C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus! -> [2010/02/08 13:15:36 | 000,000,000 | ---D | M]

MFAData -> C:\Documents and Settings\All Users\Dados de aplicativos\MFAData -> [2010/12/15 17:33:14 | 000,000,000 | ---D | M]

NCH Swift Sound -> C:\Documents and Settings\All Users\Dados de aplicativos\NCH Swift Sound -> [2010/10/20 21:54:18 | 000,000,000 | ---D | M]

Pianosoft -> C:\Documents and Settings\All Users\Dados de aplicativos\Pianosoft -> [2010/10/20 22:25:07 | 000,000,000 | ---D | M]

Screaming Bee -> C:\Documents and Settings\All Users\Dados de aplicativos\Screaming Bee -> [2010/06/02 17:31:41 | 000,000,000 | ---D | M]

TEMP -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP -> [2010/02/03 01:35:27 | 000,000,000 | ---D | M]

AVG10 -> C:\Documents and Settings\felipe\Dados de aplicativos\AVG10 -> [2010/12/15 17:38:15 | 000,000,000 | ---D | M]

DAEMON Tools Pro -> C:\Documents and Settings\felipe\Dados de aplicativos\DAEMON Tools Pro -> [2010/10/11 21:30:47 | 000,000,000 | ---D | M]

EMX -> C:\Documents and Settings\felipe\Dados de aplicativos\EMX -> [2010/12/14 10:16:17 | 000,000,000 | ---D | M]

ESET -> C:\Documents and Settings\felipe\Dados de aplicativos\ESET -> [2010/03/16 18:47:01 | 000,000,000 | ---D | M]

FreeAudioPack -> C:\Documents and Settings\felipe\Dados de aplicativos\FreeAudioPack -> [2010/10/20 14:44:14 | 000,000,000 | ---D | M]

FreeCDRipper -> C:\Documents and Settings\felipe\Dados de aplicativos\FreeCDRipper -> [2010/10/20 14:46:40 | 000,000,000 | ---D | M]

IObit -> C:\Documents and Settings\felipe\Dados de aplicativos\IObit -> [2010/12/16 10:47:37 | 000,000,000 | ---D | M]

NCH Swift Sound -> C:\Documents and Settings\felipe\Dados de aplicativos\NCH Swift Sound -> [2010/10/20 21:54:03 | 000,000,000 | ---D | M]

PE Explorer -> C:\Documents and Settings\felipe\Dados de aplicativos\PE Explorer -> [2010/12/17 01:07:02 | 000,000,000 | ---D | M]

River Past G5 -> C:\Documents and Settings\felipe\Dados de aplicativos\River Past G5 -> [2010/10/20 13:41:53 | 000,000,000 | ---D | M]

WinFF -> C:\Documents and Settings\felipe\Dados de aplicativos\WinFF -> [2010/10/20 22:45:08 | 000,000,000 | ---D | M]

AVG10 -> C:\Documents and Settings\Home\Dados de aplicativos\AVG10 -> [2010/12/15 18:12:55 | 000,000,000 | ---D | M]

Avnex -> C:\Documents and Settings\Home\Dados de aplicativos\Avnex -> [2010/06/02 17:14:28 | 000,000,000 | ---D | M]

ESET -> C:\Documents and Settings\Home\Dados de aplicativos\ESET -> [2010/01/09 18:01:07 | 000,000,000 | ---D | M]

Hide IP NG -> C:\Documents and Settings\Home\Dados de aplicativos\Hide IP NG -> [2010/07/01 23:57:40 | 000,000,000 | ---D | M]

LimeWire -> C:\Documents and Settings\Home\Dados de aplicativos\LimeWire -> [2010/08/25 15:29:05 | 000,000,000 | ---D | M]

MP3Rocket -> C:\Documents and Settings\Home\Dados de aplicativos\MP3Rocket -> [2010/05/08 22:37:31 | 000,000,000 | ---D | M]

Opera -> C:\Documents and Settings\Home\Dados de aplicativos\Opera -> [2010/10/23 00:54:55 | 000,000,000 | ---D | M]

Screaming Bee -> C:\Documents and Settings\Home\Dados de aplicativos\Screaming Bee -> [2010/06/03 20:00:29 | 000,000,000 | ---D | M]

Thinstall -> C:\Documents and Settings\Home\Dados de aplicativos\Thinstall -> [2010/01/09 18:37:43 | 000,000,000 | ---D | M]

Toolbar4 -> C:\Documents and Settings\Home\Dados de aplicativos\Toolbar4 -> [2010/02/22 22:27:37 | 000,000,000 | ---D | M]

MP Scheduled Scan.job -> C:\WINDOWS\Tasks\MP Scheduled Scan.job -> [2010/12/18 08:10:34 | 000,000,346 | -H-- | M] ()

WGASetup.job -> C:\WINDOWS\Tasks\WGASetup.job -> [2010/12/18 08:07:57 | 000,000,260 | ---- | M] ()

 

[File - Purity Scan]

 

 

[Alternate Data Streams]

@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:05EE1EEF

@Alternate Data Stream - 2 bytes -> C:\WINDOWS\system32:688EF60C_Cef.gbp

@Alternate Data Stream - 208 bytes -> C:\WINDOWS\System32\drivers:GbpKmAp.lst

< End of report >

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

*Selecione e copie o código abaixo:

[unregister Dlls]

[Registry - Safe List]

< HOSTS File > ([2010/12/16 14:09:14 | 000,002,386 | ---- | M] - 46 lines) -> C:\WINDOWS\system32\drivers\etc\hosts

YN -> Reset Hosts ->

< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar

YN -> "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]

[Files/Folders - Created Within 30 Days]

NY -> LinhaDefensiva -> C:\LinhaDefensiva

[Alternate Data Streams]

NY -> @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:05EE1EEF

[Empty Temp Folders]

[Reboot]

*Execute o OTS

*Clique no espaço abaixo de "Paste Fix Here", e cole o código

*Clique [Run Fix]

*O PC será reiniciado

*Cole o relatório apresentado após a reinicialização (C:\_OTS\MovedFiles\MDA_HMS.txt onde MDA é mês dia ano e HMS é hora minuto segundo) e novo log do hijack

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

OK...

 

1.

*Execute o OTS

*Clique [CleanUp] > [Yes]

*O PC será reiniciado

 

2.

*Baixe o HostsXpert e salve-o no desktop

*Extraia para o desktop

*Execute o HostsXpert

*Clique [Restore Microsoft's Hosts File]

 

3.

*Baixe novamente o HijackThis e salve-o no desktop

*Execute o HijackThis

*Clique [Do a system scan and save a logfile].

*Cole o relatório

Compartilhar este post

Link para o post
Compartilhar em outros sites

Mário Monteiro    179

Mário Monteiro
Postado

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Arquivados (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito