Remoção de vírus

[Spartacus]

Continuando, segue o Extras Report.

Spoiler

OTL Extras logfile created on: 28/03/2010 20:49:50 - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Eduardo\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

6,00 Gb Total Physical Memory | 5,00 Gb Available Physical Memory | 76,00% Memory free
12,00 Gb Paging File | 10,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,50 Gb Total Space | 633,41 Gb Free Space | 68,00% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: EDUARDO-PC
Current User Name: Eduardo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 90 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MIF5BA~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MIF5BA~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{23F108F0-BD12-A639-8C6E-BB1F7AF736C1}" = ccc-utility64
"{31791DA6-7F3C-AA85-348B-59E0F434F91A}" = ATI Problem Report Wizard
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C8C2790-F773-9A42-3ACD-9117E22B8180}" = ATI AVIVO64 Codecs
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{6741B646-3DBE-AF40-75FA-959847831D9F}" = ATI Catalyst Install Manager
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0416-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Pacote de Driver do Windows - Nokia Modem (10/05/2009 4.2)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Pacote de Driver do Windows - Nokia Modem (06/01/2009 7.01.0.4)
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Pacote de Driver do Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"WinRAR archiver" = Arquivo do WinRAR

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{185AEB6C-54E1-40E6-D2AC-46342FA6DBD3}" = HydraVision
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{32BC546A-8AA3-4239-AE92-9CF3291C35A6}" = Windows Live Call
"{36D8A747-3FC1-121F-6C92-2F79A9B3172D}" = Catalyst Control Center Graphics Full New
"{3762698E-E9DF-4DD8-99F1-8192D0F8EE06}" = Nokia_Multimedia_Common_Components_2_5
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}" = Assistente de Conexão do Windows Live
"{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX
"{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.20
"{89D16846-7491-A3C3-89D9-006906602FA2}" = Catalyst Control Center Graphics Previews Common
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8CDCDD72-388E-0A2A-4847-873C448033EA}" = Catalyst Control Center Graphics Previews Vista
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{90120000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2007
"{90120000-0015-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007
"{90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007
"{90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007
"{90120000-0019-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007
"{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007
"{90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0416-0000-0000000FF1CE}_ENTERPRISE_{75EBE365-7FC5-4720-A7D3-804BF550D1BC}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0416-1000-0000000FF1CE}_ENTERPRISE_{9A141B2B-7C5E-47D2-8E9E-9AC6018F3C42}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007
"{90120000-0044-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007
"{90120000-006E-0416-0000-0000000FF1CE}_ENTERPRISE_{9A141B2B-7C5E-47D2-8E9E-9AC6018F3C42}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007
"{90120000-00A1-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2007
"{90120000-00BA-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9312191B-30A5-44E1-8D8D-6936FE06CDE8}" = Wanted: Weapons of Fate
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A31951C5-DCD8-4DFE-A525-CFC701F54792}" = TurboV
"{A528306A-C5EC-481C-A619-6106334E6800}" = Nokia Ovi Player
"{AC76BA86-7AD7-1046-7B44-A93000000001}" = Adobe Reader 9.3 - Português
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B5ED7AB0-3838-4389-8549-7C8E22DD48F4}" = Windows Live Messenger
"{C50EF365-2898-489A-B6C7-30DAA466E9A2}" = Nokia Connectivity Cable Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.26 Game
"{DC3F66CA-9DFD-41EA-9D9E-FD86F1446A3D}" = Catalyst Control Center Core Implementation
"{E25BEA72-89F8-121D-5481-0347B9446673}" = ccc-core-static
"{E288FAEB-D102-0ACA-DF6A-9BD3C90FA08B}" = Catalyst Control Center HydraVision Full
"{E4D35928-2C24-A87E-8240-CC7E25548F52}" = Catalyst Control Center Graphics Full Existing
"{E76CDA48-6FB1-49C5-0769-7B9444664056}" = Catalyst Control Center Graphics Light
"{EB3B36B9-E1F4-81BA-BEB5-4FB07D4CEE39}" = Catalyst Control Center InstallProxy
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2CD4651-F948-467C-B014-71FD981B7F59}" = Windows Live Essentials
"{F5E0B89C-AABA-639D-B6F5-C3FB085FB120}" = CCC Help English
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"CCleaner" = CCleaner
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30
"Garena" = Garena
"HijackThis" = HijackThis 2.0.2
"Host OpenAL (ADI)" = Host OpenAL (ADI)
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Messenger Plus! Live" = Messenger Plus! Live
"Messenger_Plus_Live_Brazil Toolbar" = Messenger_Plus_Live_Brazil Toolbar
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"Nokia PC Suite" = Nokia PC Suite
"OpenAL" = OpenAL
"rayatitray" = Ray Adams ATI Tray Tools
"Satsuki Decoder Pack" = Satsuki Decoder Pack 4302
"Steam App 12840" = DiRT 2
"UltraISO_is1" = UltraISO Premium V9.35
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.5
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3166456774-1947370463-365579536-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

 

[Tello]

Tello, surpreendentemente, o antivirus da Microsoft está muito bom sim. Tem apresentado ótimas taxas de detecção, levesa e estabilidade. Não o comparo com o Avira AntiVir que, para mim, continua sendo o melhor antivirus gratuito. Mas não está longe. Acho até que o MSE ultrapassou o Avast!, embora a versão 5 do Avast! esteja ótima também. Enfim, hoje, estamos bem servidos de antivirus gratuitos.

Todavia, vale a pena testar o MSE e tirar suas próprias conclusões, ainda mais que no Seven ele roda perfeitamente. Agora, lembre-se: nenhum antivirus é 100%.

O Comodo Firewall, ultimamente, está irrecomendável por motivos de segurança. Para não embarcar muito neste assunto, impactando a resposta, sugiro que dê uma lida com calma neste tópico, Tello. O tópico é de maio de 2009, porém, nada mudou. O Comodo tem tudo para ser um excelente firewall, como sempre foi, mas a empresa não conseguiu interpretar positivamente sua boa reputação, e fez essa lambança.

O firewall do Windows é básico. Em outras palavras, é melhor do que nada. Obviamente, o firewall default do Windows (seja do XP, Vista ou 7) não oferece a mesma proteção que os firewalls de terceiros. No entanto, não podemos ignorar o fato de que o firewall do Windows melhorou, e muito, desde o Vista. Portanto, se é um usuário cauteloso e desfruta de um bom senso, o firewall do Windows está mais do que bom.

De qualquer forma, uma excelente alternativa é o Outpost Firewall.

Olá Mr. Obrigado pelas respostas.

Então, eu andei lendo algumas coisas, e estou pensando em pegar o Avira para fazer alguns testes. O AVG já deu no saco.
Se eu não me engano, há versão em pt-BR do Avira né? É que no site oficial não tem isso, mas no superdownloads tem.

E qnto ao Firewall, obrigado pela dica, mesmo sendo cauteloso, é sempre bom conhecer algumas ferramentas a mais!

Obrigado mais uma vez amigo!
Abraços.

 

[thi@go]

Bom dia Mr. Wolf, somente hoje pude fazer os procedimentos no micro infectado pois não trabalho na empresa no final de semana, seguem os logs que o Sr. me pediu.

Spoiler

ComboFix 10-03-28.03 - Administrador 29/03/2010 10:10:00.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.958.635 [GMT -3:00]
Executando de: C:\Documents and Settings\Administrador.ARTHI-SERVER\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
ADS - drivers: deleted 204 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CARLHOS
-------\Service_carlhos


(((((((((((((((( Arquivos/Ficheiros criados de 2010-02-28 to 2010-03-29 ))))))))))))))))))))))))))))
.

2010-03-29 12:33:05 . 2007-08-30 20:22:58 2015808 ----a-w- C:\Documents and Settings\Administrador.ARTHI-SERVER\Dados de aplicativos\Simply Super Software\Trojan Remover\bcu4D0.exe
2010-03-26 13:35:17 . 2010-03-22 12:23:35 532480 ----a-w- C:\Documents and Settings\Administrador.ARTHI-SERVER\Dados de aplicativos\Notepad++\plugins\Config\plugin_install_temp\plugin1\plugins\PluginManager.dll
2010-03-26 13:35:16 . 2010-03-22 12:23:35 401408 ----a-w- C:\Documents and Settings\Administrador.ARTHI-SERVER\Dados de aplicativos\Notepad++\plugins\Config\plugin_install_temp\plugin1\updater\gpup.exe
2010-03-26 13:34:43 . 2009-10-28 18:19:40 152576 ----a-w- C:\Documents and Settings\Administrador.ARTHI-SERVER\Dados de aplicativos\Sun\Java\jre1.6.0_15\lzma.dll
2010-03-26 13:34:41 . 2010-03-24 10:09:56 -------- d-----w- C:\Documents and Settings\Administrador.ARTHI-SERVER\.netbeans-registration
2010-03-26 13:34:41 . 2010-03-24 10:09:55 -------- d-----w- C:\Documents and Settings\Administrador.ARTHI-SERVER\.netbeans
2010-03-26 13:34:40 . 2010-03-22 11:21:09 -------- d-----w- C:\Documents and Settings\Administrador.ARTHI-SERVER\Dados de aplicativos\Logitech
2010-03-26 13:34:40 . 2009-12-17 17:49:50 -------- d-----w- C:\Documents and Settings\Administrador.ARTHI-SERVER\Dados de aplicativos\IObit
2010-03-26 13:34:40 . 2009-10-09 16:40:56 -------- d-----w- C:\Documents and Settings\Administrador.ARTHI-SERVER\Dados de aplicativos\3M
2010-03-26 13:34:40 . 2008-07-22 17:40:55 -------- d-----w- C:\Documents and Settings\Administrador.ARTHI-SERVER\Dados de aplicativos\Babylon
2010-03-26 13:34:38 . 2010-03-22 12:23:41 -------- d-----w- C:\Documents and Settings\Administrador.ARTHI-SERVER\Dados de aplicativos\Notepad++
2010-03-26 13:34:37 . 2010-03-23 16:59:57 -------- d-sh--w- C:\Documents and Settings\Administrador.ARTHI-SERVER\IECompatCache
2010-03-26 13:34:37 . 2008-12-15 12:03:53 -------- d-----w- C:\Documents and Settings\Administrador.ARTHI-SERVER\Dados de aplicativos\Windows Desktop Search
2010-03-25 14:25:57 . 2010-03-25 14:25:57 -------- d-----w- C:\Documents and Settings\Administrador.ARTHI-SERVER\Dados de aplicativos\Malwarebytes
2010-03-25 14:25:35 . 2010-02-27 23:46:36 3691384 ----a-w- C:\Documents and Settings\Administrador.ARTHI-SERVER\Dados de aplicativos\Simply Super Software\Trojan Remover\pjy233.exe
2010-03-25 14:18:45 . 2010-03-23 16:59:31 -------- d-sh--w- C:\Documents and Settings\Administrador.ARTHI-SERVER\PrivacIE
2010-03-25 14:15:06 . 2010-03-25 14:23:39 -------- d-----w- C:\Documents and Settings\Administrador.ARTHI-SERVER\Dados de aplicativos\Simply Super Software
2010-03-25 14:13:47 . 2009-11-23 10:32:56 -------- d-sh--w- C:\Documents and Settings\Administrador.ARTHI-SERVER\IETldCache
2010-03-12 16:29:02 . 2010-03-12 16:29:11 473600 ----a-w- C:\WINDOWS\system32\Ms000002.exe
2010-03-10 18:40:44 . 2009-10-23 15:28:37 3558912 -c----w- C:\WINDOWS\system32\dllcache\moviemk.exe

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-29 12:35:38 . 2009-11-09 16:03:49 -------- d--h--w- C:\Arquivos de programas\Scpad
2010-03-29 12:34:11 . 2009-02-11 15:03:25 -------- d-----w- C:\Arquivos de programas\GBPLUGIN
2010-03-26 13:38:38 . 2008-06-02 19:10:01 -------- d---a-w- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP
2010-03-25 14:29:49 . 2009-02-04 16:49:54 -------- d-----w- C:\Arquivos de programas\Malwarebytes' Anti-Malware
2010-03-25 14:27:38 . 2009-02-04 16:53:13 5115824 ----a-w- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-03-25 10:00:04 . 2008-10-02 14:53:38 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin
2010-02-18 13:20:44 . 2009-02-11 15:04:14 30752 ----a-w- C:\WINDOWS\system32\drivers\gbpkm.sys
2010-02-08 13:43:25 . 2010-02-08 13:43:25 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\NVIDIA
2010-01-08 15:04:32 . 2010-01-08 15:04:32 5376 ----a-w- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP\hdahelper.sys
2010-01-07 19:07:14 . 2009-02-04 16:49:56 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-01-07 19:07:04 . 2009-02-04 16:49:57 19160 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2009-12-31 16:50:03 . 2003-04-08 12:00:00 353792 ----a-w- C:\WINDOWS\system32\drivers\srv.sys
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-16 07:35:00 7630848]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 12:06:38 88363]
"egui"="C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-11 10:23:46 2054360]
"DB Audio Control Panel"="C:\Arquivos de programas\Windows Media Player\RtHDVCpl.exe" [2010-03-17 13:58:49 627200]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 02:20:54 15360]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\
108Mbps Wireless LAN Adapter Configuration Utility.lnk - C:\Arquivos de programas\108Mbps Wireless LAN Adapter\WLANPRO.exe [2008-12-17 2945024]
Reg.lnk - C:\Arquivos de programas\108Mbps Wireless LAN Adapter\Reg.exe [2008-12-17 24576]
USB FireWall.lnk - C:\Arquivos de programas\Net Studio\USB FireWall\USB FireWall.exe [2008-12-17 1330688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2010-02-18 13:19:34 323360 ----a-w- C:\Arquivos de programas\GBPLUGIN\gbieh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 01:16:38 39792 ----a-w- C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43:00 69632 ------r- C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 02:20:54 15360 ------w- C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 18:57:24 153136 ----a-w- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-08-16 07:35:00 7630848 ----a-w- C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-08-16 07:35:00 86016 ----a-w- C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-08-16 07:35:00 1617920 ----a-w- C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-12-19 03:12:00 16062464 ------r- C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 10:04:00 2879488 ------r- C:\WINDOWS\SkyTel.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=
"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

R0 GbpKm;Gbp KernelMode;C:\WINDOWS\system32\drivers\gbpkm.sys [11/2/2009 12:04:14 30752]
R1 ehdrv;ehdrv;C:\WINDOWS\system32\drivers\ehdrv.sys [11/9/2009 07:23:50 108792]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\drivers\epfwtdir.sys [11/9/2009 07:26:26 96408]
R2 ekrn;ESET Service;C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe [11/9/2009 07:24:32 735960]
R2 GbpSv;Gbp Service;C:\ARQUIV~1\GbPlugin\GbpSv.exe [11/2/2009 12:04:11 54048]
R2 uvnc_service;uvnc_service;C:\Arquivos de programas\UltraVNC\winvnc.exe [5/5/2008 07:14:54 1148480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Conteúdo da pasta 'Tarefas Agendadas'

2009-12-01 C:\WINDOWS\Tasks\SmartDefrag.job
- C:\Arquivos de programas\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-12-01 10:23:55 . 2009-07-02 12:22:24]

2010-03-29 C:\WINDOWS\Tasks\User_Feed_Synchronization-{595680FE-1915-4F0F-88F7-D058F4DC45C8}.job
- C:\WINDOWS\system32\msfeedssync.exe [2006-10-17 14:58:32 . 2009-03-08 07:31:54]
.
.
------- Scan Suplementar -------
.
TCP: {7ABA396C-9CC4-4E5B-A28C-9751DED46115} = 192.168.10.10,192.168.10.2
TCP: {BB7EF997-5482-4E69-B08D-CFF0CD2EC3B3} = 192.168.10.10,192.168.10.2
DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab
.
- - - - ORFÃOS REMOVIDOS - - - -

HKLM-Run-ashDip.exe - C:\Windows\System32\ashDip.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-29 10:14:29
Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DB Audio Control Panel = C:\Arquivos de programas\Windows Media Player\RtHDVCpl.exe??????????????

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_USERS\S-1-5-21-1429768884-1966009547-2647462659-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b3,e4,0f,df,1c,06,61,4b,90,54,3f,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b3,e4,0f,df,1c,06,61,4b,90,54,3f,\
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(620)
C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

- - - - - - - > 'explorer.exe'(3376)
C:\WINDOWS\system32\WININET.dll
C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
C:\WINDOWS\system32\webcheck.dll
C:\WINDOWS\system32\WPDShServiceObj.dll
C:\WINDOWS\system32\PortableDeviceTypes.dll
C:\WINDOWS\system32\PortableDeviceApi.dll
.
Tempo para conclusão: 2010-03-29 10:16:16
ComboFix-quarantined-files.txt 2010-03-29 13:15:59

Pré-execução: 12 pasta(s) 38.304.907.264 bytes disponíveis
Pós execução: 13 pasta(s) 38.267.715.584 bytes disponíveis

- - End Of File - - FFE7318F937456DF9AD99C4712240BF8

Spoiler

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP . (5.1.2600) Service Pack 3
[32_bits] - x86 Family 15 Model 95 Stepping 2, AuthenticAMD
.
[wscsvc] STOPPED (state:1) : Security Center -> Disabled !
[SharedAccess] RUNNING (state:4)
.
Internet Explorer 8.0.6001.18702
.
A:\ [Removable]
C:\ [Fixed-NTFS] .. ( Total:74 Go - Free:35 Go )
D:\ [CD_Rom]
.
Scan : 10:21.57
Path : C:\Documents and Settings\Administrador.ARTHI-SERVER\Desktop\Rooter.exe
User : Administrador ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (548)
______ \??\C:\WINDOWS\system32\csrss.exe (596)
______ \??\C:\WINDOWS\system32\winlogon.exe (620)
______ C:\WINDOWS\system32\services.exe (664)
______ C:\WINDOWS\system32\lsass.exe (676)
______ C:\ARQUIV~1\GbPlugin\GbpSv.exe (828)
______ C:\WINDOWS\system32\svchost.exe (860)
______ C:\WINDOWS\system32\svchost.exe (924)
______ C:\WINDOWS\System32\svchost.exe (960)
______ C:\WINDOWS\System32\svchost.exe (1108)
______ C:\WINDOWS\system32\svchost.exe (1144)
______ C:\WINDOWS\system32\spoolsv.exe (1292)
______ C:\WINDOWS\System32\svchost.exe (1436)
______ C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe (1524)
______ C:\WINDOWS\System32\nvsvc32.exe (1600)
______ C:\WINDOWS\System32\svchost.exe (1692)
______ C:\Arquivos de programas\UltraVNC\WinVNC.exe (1716)
______ C:\WINDOWS\System32\alg.exe (212)
______ C:\Arquivos de programas\UltraVNC\WinVNC.exe (1396)
______ C:\WINDOWS\AGRSMMSG.exe (2388)
______ C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe (2424)
______ C:\Arquivos de programas\108Mbps Wireless LAN Adapter\WLANPRO.exe (2660)
______ C:\Arquivos de programas\Net Studio\USB FireWall\USB FireWall.exe (2764)
______ C:\WINDOWS\explorer.exe (3376)
______ C:\Documents and Settings\Administrador.ARTHI-SERVER\Desktop\Rooter.exe (476)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:80015491584)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\SA.DAT
C:\WINDOWS\Tasks\User_Feed_Synchronization-{595680FE-1915-4F0F-88F7-D058F4DC45C8}.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 10:21.58
.
C:\Rooter$\Rooter_1.txt - (29/03/2010 | 10:21.58)

Muito obrigado Mr.

 

[XDyuXD]

Poxa,ninguem?Aqueria um antivirus bem leve para o PC2 da assinatura.

 

[XDyuXD]

Poxa,ninguem,um antivirus leve para o ps2 dinossauro da assinatura.

 

[Spartacus]

Abaixo sua mensagem anterior Mr. Wolf.

Spoiler

Olá pessoal, boa tarde a todos!


Amigo Eduardo Macedo, trata-se realmente do InfoStealer, como eu havia conjeturado.

Vamos lá, siga abaixo:

Spoiler

1ª Etapa

● Dê um duplo clique no OTL.exe para executá-lo novamente.

● Copie este texto abaixo (começando por :OTL), exatamente como está aí, sem pular nenhum dos caracteres, e cole no campo

da janela do OTL.

:OTL
PRC - C:\Users\Eduardo\AppData\YinthkilU.exe ()
PRC - C:\Windows\SysWOW64\ntkrnlp.exe ()
PRC - C:\Users\Eduardo\AppData\MsnSys.exe ()
SRV - (srvwinupd) -- C:\Windows\SysWOW64\ntkrnlp.exe ()
DRV - (ACPI) -- C:\Windows\SysWOW64\acpi.vxd ()
O2 - BHO: (no name) - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {D4650B8A-9428-4430-82DC-81DEE3AA2198}82DC-81DEE3AA2198} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-3166456774-1947370463-365579536-1001\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [msnmsgrs] C:\Users\Eduardo\AppData\utilitários (Microsoft Corporation)
O4 - HKU\S-1-5-21-3166456774-1947370463-365579536-1001..\Run: [msnmsgrs] C:\Users\Eduardo\AppData\utilitários (Microsoft Corporation)
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O33 - MountPoints2\{55ace14c-ef2f-11de-a5f7-0026188878f3}\Shell\AutoRun\command - "" = E:\setup\rsrc\Autorun.exe -- File not found
O33 - MountPoints2\{55ace14c-ef2f-11de-a5f7-0026188878f3}\Shell\dinstall\command - "" = E:\Directx\dxsetup.exe -- File not found
O33 - MountPoints2\{676d6dd1-fa3c-11de-8e23-0026188878f3}\Shell\AutoRun\command - "" = SETUP.EXE
O33 - MountPoints2\{676d6ddd-fa3c-11de-8e23-0026188878f3}\Shell\AutoRun\command - "" = SETUP.EXE

:Files
C:\Users\Eduardo\AppData\YinthkilU.exe
C:\Windows\SysWOW64\ntkrnlp.exe
C:\Users\Eduardo\AppData\MsnSys.exe
C:\Windows\SysWOW64\acpi.vxd
C:\Windows\EA45.Reg
C:\script.html
C:\Windows\infosapi.dll
C:\Windows\qeqp8289.dll
C:\Windows\1C4551A64743409391E41477CD655043.TMP
C:\MSNCleaner



:Reg



:Services



:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot]

● Clique no botão

. Se aparecer uma mensagem perguntando se deseja reiniciar o PC, clique em

e aguarde o reinicio.

Um novo relatório será aberto. Copie e cole-o em sua próxima resposta.

Faça e poste também um novo scan do OTL, instruído neste post, mas desta vez poste apenas o OTL.Txt.


2ª Etapa

● Baixe o SystemLook e salve no desktop.

● Feche todos os programas abertos e execute o SystemLook.exe
● No espaço em branco, cole este comando abaixo:

:dir
C:\Users\Eduardo\AppData\utilitários /s /md5

Clique no botão Look e aguarde.
Ao término da análise, um log abrirá automaticamente. Ele também estará no desktop com o nome SystemLook.txt.

Cole-o em sua próxima resposta, juntamente com os dois do OTL.

__________________________________________________________

Valeu pelo retorno e pela atenção que tem dado ao meu caso!
Vamos lá, segui suas instruções mas não tenho certeza se deu certo.
Tudo correu conforme você disse até a parte de reiniciar o Micro, porém, após aparecer o logo do Windows 7 o PC foi para uma tela azul com uma mensagem de erro e rapidamente reiniciando (não foi possível ver o conteúdo da mensagem)
Dessa vez me apareceu uma tela do windows me dando como opção reparar o windows ou iniciar normalmente, ao tentar iniciar normalmente o mesmo ocorreu, na nova tentativa decidi reparar o Windows e deu certo, o Windows voltou a funcionar. O que mais estranhei é que o OTL simplesmente sumiu do meu desktop e não havia o log da operação que fiz.

Bom, voltei à sua primeira mensagem e peguei os dois logs novamente, irei postá-los abaixo junto com o SystemLook.

OLT Report

Spoiler

OTL logfile created on: 29/03/2010 17:45:38 - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Eduardo\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

6,00 Gb Total Physical Memory | 5,00 Gb Available Physical Memory | 77,00% Memory free
12,00 Gb Paging File | 10,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,50 Gb Total Space | 633,44 Gb Free Space | 68,00% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: EDUARDO-PC
Current User Name: Eduardo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 90 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Eduardo\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Microsoft Office\MSTORDB.EXE (©Microsoft Corporation. All rights reserved)
PRC - C:\Windows\SysWOW64\ntkrnlp.exe ()
PRC - C:\Users\Eduardo\AppData\Cyberlink.exe ()
PRC - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
PRC - C:\Program Files (x86)\Ray Adams\ATI Tray Tools\atitray.exe (Ray Adams)
PRC - C:\Program Files (x86)\ASUS\TurboV\TurboV.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\Scpad\scpVista.exe (Scopus Tecnologia Ltda)
PRC - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)


========== Modules (SafeList) ==========

MOD - C:\Users\Eduardo\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files (x86)\Ray Adams\ATI Tray Tools\raphook.dll ()
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\msvcr90.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation)
SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation)
SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation)
SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation)
SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation)
SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation)
SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation)
SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation)
SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)
SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation)
SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation)
SRV - (srvwinupd) -- C:\Windows\SysWOW64\ntkrnlp.exe ()
SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (DAUpdaterSvc) -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (VSS) -- C:\Windows\Vss [2009/07/14 00:20:14 | 000,000,000 | ---D | M]
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009/07/14 00:20:14 | 000,000,000 | ---D | M]
SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation)
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (scpVista) -- C:\Program Files (x86)\Scpad\scpVista.exe (Scopus Tecnologia Ltda)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)


========== Driver Services (SafeList) ==========

DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys (Nokia)
DRV:64bit: - (nmwcdcx64) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdx64) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation)
DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation)
DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation)
DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation)
DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation)
DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation)
DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation)
DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation)
DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation)
DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation)
DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation)
DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation)
DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation)
DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation)
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (WinUsb) -- C:\Windows\SysNative\drivers\winusb.sys (Microsoft Corporation)
DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation)
DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation)
DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation)
DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation)
DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation)
DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation)
DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation)
DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation)
DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation)
DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (ENTECH64) -- C:\Windows\SysNative\drivers\Entech64.sys (EnTech Taiwan)
DRV - (ACPI) -- C:\Windows\SysWOW64\acpi.vxd ()
DRV - (CSC) -- C:\Windows\CSC [2009/12/19 23:35:03 | 000,000,000 | ---D | M]
DRV - (ElbyCDIO) -- C:\Windows\SysWOW64\ElbyCDIO.dll (Elaborate Bytes AG)
DRV - (AsIO) -- C:\Windows\SysWOW64\drivers\AsIO.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\SysWOW64\winusb.dll (Microsoft Corporation)
DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation)
DRV - (AsUpIO) -- C:\Windows\SysWOW64\drivers\AsUpIO.sys ()
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
DRV - (ISODrive) -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys (EZB Systems, Inc.)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3166456774-1947370463-365579536-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/
IE - HKU\S-1-5-21-3166456774-1947370463-365579536-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3166456774-1947370463-365579536-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br
IE - HKU\S-1-5-21-3166456774-1947370463-365579536-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 58 11 4E DC 1E 81 CA 01 [binary data]
IE - HKU\S-1-5-21-3166456774-1947370463-365579536-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com.br/"
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.723

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/01/28 20:43:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/03/02 13:44:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/03/18 15:37:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

[2009/12/20 21:26:56 | 000,000,000 | ---D | M] -- C:\Users\Eduardo\AppData\Roaming\mozilla\Extensions
[2010/03/28 11:40:39 | 000,000,000 | ---D | M] -- C:\Users\Eduardo\AppData\Roaming\mozilla\Firefox\Profiles\wzqnyqv5.default\extensions
[2010/03/29 22:22:05 | 000,000,000 | ---D | M] (Messenger Plus Live Brazil Toolbar) -- C:\Users\Eduardo\AppData\Roaming\mozilla\Firefox\Profiles\wzqnyqv5.default\extensions\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}
[2010/01/05 17:43:49 | 000,002,055 | ---- | M] () -- C:\Users\Eduardo\AppData\Roaming\Mozilla\FireFox\Profiles\wzqnyqv5.default\searchplugins\daemon-search.xml
[2010/03/21 23:24:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/03/18 15:37:18 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll
[2009/12/02 05:33:45 | 000,001,027 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\buscape.xml
[2010/03/02 13:44:04 | 000,001,212 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\mercadolivre.xml
[2009/12/02 05:33:45 | 000,001,168 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-br.xml
[2009/12/02 05:33:45 | 000,000,648 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-br.xml

O1 HOSTS File: ([2010/03/17 04:44:07 | 000,000,988 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 www.alcohol-soft.com
O1 - Hosts: 127.0.0.1 images.alcohol-soft.com
O1 - Hosts: 127.0.0.1 trial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 alcohol-soft.com
O2 - BHO: (no name) - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Choice Guard) - {8098B15F-6C80-4894-A75E-362000383E7F} - C:\Program Files (x86)\Microsoft Office\MSTORES.DLL (© Microsoft Corporation. All rights reserved.)
O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {D4650B8A-9428-4430-82DC-81DEE3AA2198}82DC-81DEE3AA2198} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-3166456774-1947370463-365579536-1001\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [Ai Nap] C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe ()
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [msnmsgrs] File not found
O4 - HKLM..\Run: [QFan Help] C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TurboV] C:\Program Files (x86)\ASUS\TurboV\TurboV.exe (ASUSTeK Computer Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3166456774-1947370463-365579536-1001..\Run: [AtiTrayTools] C:\Program Files (x86)\Ray Adams\ATI Tray Tools\atitray.exe (Ray Adams)
O4 - HKU\S-1-5-21-3166456774-1947370463-365579536-1001..\Run: [Cyberlink.exe] C:\Users\Eduardo\AppData\Cyberlink.exe ()
O4 - HKU\S-1-5-21-3166456774-1947370463-365579536-1001..\Run: [msnmsgrs] File not found
O4 - HKU\S-1-5-21-3166456774-1947370463-365579536-1001..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.6.0.184 201.6.0.112
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files (x86)\Scpad\scpLIB.dll (Scopus Tecnologia Ltda)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/18 20:22:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{55ace14c-ef2f-11de-a5f7-0026188878f3}\Shell - "" = AutoRun
O33 - MountPoints2\{55ace14c-ef2f-11de-a5f7-0026188878f3}\Shell\AutoRun\command - "" = E:\setup\rsrc\Autorun.exe -- File not found
O33 - MountPoints2\{55ace14c-ef2f-11de-a5f7-0026188878f3}\Shell\dinstall\command - "" = E:\Directx\dxsetup.exe -- File not found
O33 - MountPoints2\{676d6dd1-fa3c-11de-8e23-0026188878f3}\Shell - "" = AutoRun
O33 - MountPoints2\{676d6dd1-fa3c-11de-8e23-0026188878f3}\Shell\AutoRun\command - "" = SETUP.EXE
O33 - MountPoints2\{676d6ddd-fa3c-11de-8e23-0026188878f3}\Shell - "" = AutoRun
O33 - MountPoints2\{676d6ddd-fa3c-11de-8e23-0026188878f3}\Shell\AutoRun\command - "" = SETUP.EXE
O33 - MountPoints2\{676d6df2-fa3c-11de-8e23-0026188878f3}\Shell - "" = AutoRun
O33 - MountPoints2\{676d6df2-fa3c-11de-8e23-0026188878f3}\Shell\AutoRun\command - "" = 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/03/29 17:44:20 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Users\Eduardo\Desktop\OTL.exe
[2010/03/29 17:15:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/03/28 11:40:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Messenger_Plus_Live_Brazil
[2010/03/28 11:40:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Messenger Plus!
[2010/03/28 11:37:03 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/03/25 00:13:05 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2010/03/22 15:40:45 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Roaming\Malwarebytes
[2010/03/22 15:40:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/03/22 15:40:41 | 000,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/03/22 15:40:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/03/22 15:40:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/03/22 15:36:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/03/22 00:03:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2010/03/21 23:50:43 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\Documents\Remote Assistance Logs
[2010/03/21 23:38:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live Safety Center
[2010/03/21 15:51:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/03/21 15:51:33 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/03/21 15:51:33 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/03/21 15:51:33 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/03/21 15:51:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010/03/21 15:51:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010/03/21 15:48:58 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Roaming\ESET
[2010/03/21 15:48:58 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Local\ESET
[2010/03/20 02:40:08 | 000,195,072 | ---- | C] (MAX) -- C:\Windows\qeqp8289.dll
[2010/03/19 15:11:57 | 003,449,068 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\GameMon.des
[2010/03/19 15:11:39 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\npptNT2.sys
[2010/03/19 15:11:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared
[2010/03/19 15:05:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gpotato
[2010/03/18 15:37:25 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Local\PMB Files
[2010/03/18 15:37:24 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2010/03/18 15:37:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2010/03/17 06:39:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2010/03/17 06:37:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2010/03/17 05:06:12 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\Documents\4A Games
[2010/03/17 04:58:37 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Local\4A Games
[2010/03/17 04:54:46 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2010/03/17 04:54:46 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2010/03/17 04:54:46 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2010/03/17 04:54:46 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2010/03/17 04:54:45 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2010/03/17 04:54:45 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2010/03/17 04:54:45 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2010/03/17 04:54:45 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2010/03/17 04:54:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2010/03/17 04:44:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\METRO 2033
[2010/03/08 04:47:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
[2010/03/07 04:07:42 | 000,000,000 | ---D | C] -- C:\ProgramData\BioWare
[2010/03/07 04:00:12 | 000,000,000 | ---D | C] -- C:\Windows\1C4551A64743409391E41477CD655043.TMP
[2010/03/07 03:50:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dragon Age
[2010/03/06 15:34:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2010/03/06 12:56:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2010/03/06 12:55:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2010/03/06 12:55:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2010/03/06 12:55:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010/03/06 12:54:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/03/06 12:54:07 | 000,000,000 | ---D | C] -- C:\IDE
[2010/03/06 12:54:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2010/03/06 12:53:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2010/03/06 12:53:47 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Local\Microsoft Help
[2010/03/06 12:53:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010/03/06 12:51:55 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/03/05 01:14:17 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\Documents\Square Enix
[2010/03/03 01:23:10 | 006,402,560 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\atipmdag.sys
[2010/03/03 01:23:10 | 006,402,560 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\atikmdag.sys
[2010/03/03 01:16:38 | 000,143,360 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiapfxx.exe
[2010/03/03 01:16:26 | 000,446,464 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\aticfx32.dll
[2010/03/03 01:13:04 | 000,446,464 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\ATIDEMGX.dll
[2010/03/03 01:12:52 | 000,450,560 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2010/03/03 01:12:12 | 000,202,752 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2010/03/03 01:10:34 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2010/03/03 01:10:12 | 000,420,864 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atipdl64.dll
[2010/03/03 01:09:48 | 000,274,432 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\Oemdspif.dll
[2010/03/03 01:09:40 | 000,012,288 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2010/03/03 01:09:34 | 000,059,392 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atiedu64.dll
[2010/03/03 01:09:28 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll
[2010/03/03 01:06:18 | 003,131,392 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\atidxx32.dll
[2010/03/03 01:04:46 | 018,798,080 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atio6axx.dll
[2010/03/03 00:45:02 | 014,226,944 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atioglxx.dll
[2010/03/03 00:20:22 | 000,043,008 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalrt64.dll
[2010/03/03 00:20:20 | 000,053,248 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalrt.dll
[2010/03/03 00:20:10 | 000,039,936 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalcl64.dll
[2010/03/03 00:20:08 | 000,053,248 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalcl.dll
[2010/03/03 00:19:56 | 004,781,568 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticaldd64.dll
[2010/03/03 00:18:56 | 003,657,728 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticaldd.dll
[2010/03/03 00:08:50 | 000,053,248 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atimpc64.dll
[2010/03/03 00:08:50 | 000,053,248 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\amdpcom64.dll
[2010/03/03 00:08:44 | 000,052,224 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atimpc32.dll
[2010/03/03 00:08:44 | 000,052,224 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\amdpcom32.dll
[2010/03/03 00:08:14 | 000,330,752 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiadlxx.dll
[2010/03/03 00:08:06 | 000,237,568 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atiadlxy.dll
[2010/03/03 00:07:54 | 000,014,848 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6pxx.dll
[2010/03/03 00:07:48 | 000,012,800 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiglpxx.dll
[2010/03/03 00:07:48 | 000,012,800 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiglpxx.dll
[2010/03/03 00:07:44 | 000,016,896 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6txx.dll
[2010/03/03 00:07:38 | 000,015,360 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atigktxx.dll
[2010/03/03 00:07:32 | 000,188,928 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\atikmpag.sys
[2010/03/03 00:05:42 | 000,053,248 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\ati2erec.dll
[2010/02/27 20:33:09 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\Documents\BFBC2
[2010/02/27 20:11:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2010/02/27 20:11:27 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
[2010/02/27 20:11:27 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2010/02/27 20:11:27 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2010/02/27 20:11:27 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2010/02/27 20:11:26 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2010/02/27 20:11:26 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2010/02/27 20:11:25 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2010/02/27 20:11:25 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2010/02/27 20:11:24 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2010/02/27 20:11:24 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2010/02/27 20:11:24 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2010/02/27 20:11:24 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2010/02/27 20:11:23 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2010/02/27 20:11:23 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2010/02/27 20:11:22 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2010/02/27 20:11:22 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2010/02/27 20:11:21 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2010/02/27 20:11:21 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2010/02/27 20:11:21 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2010/02/27 20:11:21 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2010/02/27 20:11:20 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2010/02/27 20:11:20 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2010/02/27 20:11:20 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2010/02/27 20:11:20 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2010/02/27 20:11:20 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2010/02/27 20:11:20 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2010/02/27 20:11:20 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2010/02/27 20:11:20 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2010/02/27 20:11:19 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2010/02/27 20:11:19 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2010/02/26 01:18:19 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
[2010/02/26 01:18:19 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll
[2010/02/26 01:18:19 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
[2010/02/26 01:18:19 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll
[2010/02/26 01:18:18 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2010/02/26 01:18:18 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2010/02/26 01:18:17 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
[2010/02/26 01:18:17 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2010/02/26 01:18:17 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2010/02/26 01:18:17 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
[2010/02/26 01:18:17 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
[2010/02/26 01:18:17 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2010/02/26 01:18:16 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2010/02/26 01:18:16 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2010/02/26 01:18:16 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2010/02/26 01:18:16 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2010/02/26 01:18:15 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2010/02/26 01:18:15 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2010/02/26 01:18:13 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2010/02/26 01:18:13 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2010/02/26 01:18:12 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2010/02/26 01:18:12 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2010/02/26 01:18:12 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2010/02/26 01:18:12 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2010/02/26 01:18:12 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2010/02/26 01:18:12 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2010/02/26 01:18:12 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2010/02/26 01:18:11 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2010/02/26 01:18:11 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2010/02/26 01:18:11 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2010/02/26 01:18:11 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2010/02/26 01:18:11 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2010/02/26 01:18:11 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2010/02/26 01:18:10 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2010/02/26 01:18:10 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2010/02/26 01:18:10 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2010/02/26 01:18:10 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2010/02/26 01:18:10 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2010/02/26 01:18:10 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2010/02/26 01:18:09 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2010/02/26 01:18:09 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2010/02/26 01:18:09 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2010/02/26 01:18:09 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2010/02/26 01:18:09 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2010/02/26 01:18:09 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2010/02/26 01:18:07 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2010/02/26 01:18:07 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2010/02/26 01:18:07 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll
[2010/02/26 01:18:07 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2010/02/26 01:18:06 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll
[2010/02/26 01:18:06 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2010/02/26 01:18:06 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll
[2010/02/26 01:18:06 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2010/02/26 01:18:05 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll
[2010/02/26 01:18:05 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2010/02/26 01:18:04 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
[2010/02/26 01:18:04 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2010/02/26 01:18:04 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
[2010/02/26 01:18:04 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2010/02/26 01:18:04 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll
[2010/02/26 01:18:04 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2010/02/26 01:18:03 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
[2010/02/26 01:18:03 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2010/02/26 01:18:02 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2010/02/26 01:18:02 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2010/02/26 01:18:02 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll
[2010/02/26 01:18:02 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2010/02/26 01:18:01 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2010/02/26 01:18:01 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2010/02/26 01:18:01 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2010/02/26 01:18:01 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2010/02/26 01:18:00 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2010/02/26 01:18:00 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2010/02/26 01:18:00 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2010/02/26 01:18:00 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2010/02/26 01:18:00 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2010/02/26 01:18:00 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2010/02/26 01:17:59 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2010/02/26 01:17:59 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2010/02/26 01:17:59 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2010/02/26 01:17:59 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2010/02/26 01:17:58 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2010/02/26 01:17:58 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2010/02/26 01:17:58 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2010/02/26 01:17:58 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2010/02/26 01:17:58 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2010/02/26 01:17:58 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2010/02/26 01:17:58 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2010/02/26 01:17:58 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2010/02/26 01:17:57 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2010/02/26 01:17:57 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2010/02/26 01:17:57 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2010/02/26 01:17:57 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2010/02/26 01:17:57 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2010/02/26 01:17:57 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2010/02/26 01:17:56 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2010/02/26 01:17:56 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2010/02/26 01:17:55 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2010/02/26 01:17:55 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2010/02/26 01:17:55 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2010/02/26 01:17:55 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2010/02/26 01:17:54 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2010/02/26 01:17:54 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2010/02/26 01:17:54 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2010/02/26 01:17:54 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2010/02/26 01:17:53 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2010/02/26 01:17:53 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2010/02/26 01:17:48 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2010/02/26 01:17:48 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2010/02/26 01:17:48 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2010/02/26 01:17:48 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2010/02/26 01:17:48 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2010/02/26 01:17:48 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2010/02/26 01:17:47 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2010/02/26 01:17:47 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2010/02/26 01:17:46 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2010/02/26 01:17:46 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2010/02/26 01:17:45 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2010/02/26 01:17:45 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2010/02/26 01:17:45 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2010/02/26 01:17:45 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2010/02/26 01:17:44 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2010/02/26 01:17:44 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2010/02/26 01:17:43 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2010/02/26 01:17:43 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2010/02/25 23:43:06 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/02/25 23:42:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/02/25 23:42:25 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deploytk.dll
[2010/02/24 07:27:36 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2010/02/24 07:27:36 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2010/02/24 07:27:36 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2010/02/24 07:27:36 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2010/02/24 07:27:36 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2010/02/24 07:27:36 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2010/02/24 07:27:34 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2010/02/24 07:27:34 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2010/02/24 07:27:33 | 000,960,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010/02/24 07:27:33 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010/02/24 07:27:33 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2010/02/24 07:27:33 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010/02/24 07:27:33 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2010/02/24 07:27:33 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010/02/24 07:27:33 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010/02/21 21:57:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2010/02/21 21:40:49 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Local\wanted
[2010/02/21 21:40:49 | 000,000,000 | ---D | C] -- C:\ProgramData\wanted
[2010/02/18 16:52:03 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Local\AliensVsPredator
[2010/02/16 21:20:20 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\Documents\Eidos
[2010/02/16 21:04:25 | 000,000,000 | ---D | C] -- C:\Windows\6833245EDD86479A882A8360D62C8194.TMP
[2010/02/16 17:48:49 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Roaming\vlc
[2010/02/15 17:30:28 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Local\Electronic Arts
[2010/02/15 16:58:12 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\Documents\Electronic Arts
[2010/02/15 14:31:18 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Local\Downloaded Installations
[2010/02/14 01:10:06 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Roaming\atitray
[2010/02/14 01:10:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ray Adams
[2010/02/10 10:09:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2010/02/10 10:01:06 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2010/02/10 10:01:06 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2010/02/10 10:01:06 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2010/02/10 10:01:06 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2010/02/10 10:01:06 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2010/02/10 10:01:06 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2010/02/10 10:01:06 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2010/02/10 10:01:06 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2010/02/10 10:01:06 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010/02/10 10:01:06 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010/02/10 10:01:06 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2010/02/10 10:01:06 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2010/02/10 10:01:06 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010/02/10 10:01:06 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2010/02/10 10:01:06 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2010/02/10 10:01:06 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2010/02/10 10:01:05 | 001,572,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2010/02/10 10:01:05 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2010/02/10 10:01:05 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2010/02/10 10:01:05 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll
[2010/02/10 10:01:05 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iyuv_32.dll
[2010/02/10 10:01:05 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvidc32.dll
[2010/02/10 10:01:05 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msyuv.dll
[2010/02/10 10:01:05 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrle32.dll
[2010/02/10 10:01:05 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsbyuv.dll
[2010/02/05 12:18:55 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Local\IsolatedStorage
[2010/02/05 12:16:59 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Local\Nokia
[2010/02/05 12:16:53 | 000,000,000 | ---D | C] -- C:\ProgramData\NokiaMusic
[2010/02/02 19:22:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2010/02/02 00:13:18 | 000,356,352 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\atipdlxx.dll
[2010/02/01 23:52:52 | 003,703,808 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\atiumdag.dll
[2010/02/01 23:34:40 | 002,993,152 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdva.dll
[2010/02/01 23:20:42 | 000,027,648 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiuxpag.dll
[2010/02/01 23:20:26 | 000,020,480 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiu9pag.dll
[2010/01/31 15:00:22 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Roaming\Unity
[2010/01/30 11:08:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI
[2010/01/28 20:44:48 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Roaming\PC Suite
[2010/01/28 20:44:48 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite
[2010/01/28 20:44:48 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Roaming\Nokia
[2010/01/28 20:43:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PCSuite
[2010/01/28 20:43:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nokia
[2010/01/28 20:43:50 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/01/28 20:43:49 | 000,025,600 | ---- | C] (Nokia) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys
[2010/01/28 20:43:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010/01/28 20:43:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution
[2010/01/28 20:43:39 | 000,067,584 | ---- | C] (Nokia) -- C:\Windows\SysNative\nmwcdclsx64.dll
[2010/01/28 20:43:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nokia
[2010/01/28 20:42:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Installations
[2010/01/28 11:33:38 | 000,116,736 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\drivers\AtiHdmi.sys
[2010/01/26 17:45:11 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010/01/26 17:45:10 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2010/01/26 17:45:10 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2010/01/25 05:14:45 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\Documents\BioWare
[2010/01/25 05:12:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs
[2010/01/25 05:12:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
[2010/01/24 02:28:32 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Local\Unity
[2010/01/22 02:13:41 | 001,192,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2010/01/22 02:13:41 | 000,977,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010/01/22 02:13:41 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2010/01/22 02:13:41 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2010/01/22 02:13:41 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2010/01/22 02:13:41 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2010/01/19 07:41:36 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Local\My Games
[2010/01/18 05:52:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Microsoft Games
[2010/01/18 05:32:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
[2010/01/17 11:28:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2010/01/17 11:14:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010/01/17 04:26:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2010/01/17 04:25:33 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Roaming\uTorrent
[2010/01/16 03:28:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Garena
[2010/01/14 02:26:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Team JPN
[2010/01/14 02:25:12 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Local\GameSpy
[2010/01/14 02:25:09 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Local\ApplicationHistory
[2010/01/14 02:23:52 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP
[2010/01/13 22:00:53 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Local\ElevatedDiagnostics
[2010/01/13 05:44:14 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010/01/13 05:44:14 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/01/13 05:44:14 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2010/01/13 05:44:14 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2010/01/12 13:30:12 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Roaming\dvdcss
[2010/01/11 07:21:08 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\Documents\Rockstar Games
[2010/01/11 07:07:53 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Local\Rockstar Games
[2010/01/11 07:03:45 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2010/01/10 19:33:54 | 000,000,000 | R--D | C] -- C:\Users\Eduardo\Desktop\Eduardo
[2010/01/07 13:55:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Satsuki Decoder Pack
[2010/01/07 13:51:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2010/01/07 12:40:41 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Roaming\BSplayer
[2010/01/06 14:10:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Activision
[2010/01/06 11:46:34 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Local\Adobe
[2010/01/06 11:46:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010/01/06 11:46:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010/01/06 02:26:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EZB Systems
[2010/01/05 19:31:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UltraISO
[2010/01/05 19:18:19 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Roaming\BitTorrent
[2010/01/05 18:46:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes
[2010/01/05 18:35:35 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Roaming\DAEMON Tools Pro
[2010/01/05 18:35:35 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro
[2010/01/05 18:02:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alcohol Soft
[2010/01/05 17:43:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Toolbar
[2010/01/05 17:41:38 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Roaming\DAEMON Tools Lite
[2010/01/05 17:41:17 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2010/01/03 17:31:43 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2010/01/02 22:44:30 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Local\PassMark
[2010/01/02 22:44:22 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2010/01/02 22:44:22 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2010/01/02 22:44:21 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2010/01/02 22:44:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Passmark
[2010/01/02 16:59:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Scpad
[2010/01/02 16:44:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2010/01/02 16:44:02 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Roaming\InstallShield
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/03/29 22:22:11 | 002,359,296 | -HS- | M] () -- C:\Users\Eduardo\ntuser.dat
[2010/03/29 17:45:53 | 000,100,908 | ---- | M] () -- C:\Users\Eduardo\Desktop\SystemLook.exe
[2010/03/29 17:45:16 | 001,544,282 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/03/29 17:45:16 | 000,672,092 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat
[2010/03/29 17:45:16 | 000,624,086 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/03/29 17:45:16 | 000,133,154 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat
[2010/03/29 17:45:16 | 000,110,786 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/03/29 17:44:23 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Eduardo\Desktop\OTL.exe
[2010/03/29 17:42:58 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/29 17:42:58 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/29 17:40:51 | 000,524,288 | -HS- | M] () -- C:\Users\Eduardo\ntuser.dat{5333d600-3b73-11df-917d-0026188878f3}.TMContainer00000000000000000002.regtrans-ms
[2010/03/29 17:40:51 | 000,524,288 | -HS- | M] () -- C:\Users\Eduardo\ntuser.dat{5333d600-3b73-11df-917d-0026188878f3}.TMContainer00000000000000000001.regtrans-ms
[2010/03/29 17:40:51 | 000,065,536 | -HS- | M] () -- C:\Users\Eduardo\ntuser.dat{5333d600-3b73-11df-917d-0026188878f3}.TM.blf
[2010/03/29 17:40:51 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/29 17:40:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/29 17:40:41 | 529,883,135 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/29 17:16:52 | 002,787,809 | -H-- | M] () -- C:\Users\Eduardo\AppData\Local\IconCache.db
[2010/03/25 23:01:48 | 000,002,128 | ---- | M] () -- C:\Windows\SysWow64\acpi.vxd
[2010/03/25 23:01:19 | 000,000,108 | ---- | M] () -- C:\Windows\EA45.Reg
[2010/03/25 23:01:10 | 000,559,104 | ---- | M] () -- C:\Windows\SysWow64\ntkrnlp.exe
[2010/03/25 23:01:04 | 000,020,480 | ---- | M] () -- C:\Users\Eduardo\count.exe
[2010/03/25 23:01:04 | 000,000,007 | ---- | M] () -- C:\Windows\infosapi.dll
[2010/03/25 23:01:03 | 000,097,792 | ---- | M] () -- C:\Users\Eduardo\winmsng.exe
[2010/03/22 15:40:45 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/22 15:36:19 | 000,002,053 | ---- | M] () -- C:\Users\Eduardo\Desktop\HijackThis.lnk
[2010/03/21 15:51:34 | 000,000,741 | ---- | M] () -- C:\Atualizador de licenças ESET.lnk
[2010/03/21 15:51:24 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deploytk.dll
[2010/03/21 15:51:24 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/03/21 15:51:24 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/03/21 15:51:24 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/03/20 02:40:11 | 000,195,072 | ---- | M] (MAX) -- C:\Windows\qeqp8289.dll
[2010/03/19 15:08:45 | 000,001,045 | ---- | M] () -- C:\Users\Eduardo\Desktop\Flyff.lnk
[2010/03/17 04:51:21 | 000,001,421 | ---- | M] () -- C:\Users\Eduardo\Desktop\Metro 2033.lnk
[2010/03/17 04:44:07 | 000,000,988 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/03/08 15:46:11 | 000,109,144 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/03/08 15:45:46 | 000,413,568 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/03/08 04:44:39 | 000,000,478 | ---- | M] () -- C:\Windows\win.ini
[2010/03/07 04:13:08 | 000,001,592 | ---- | M] () -- C:\Users\Eduardo\Desktop\Dragon Age Origins.lnk
[2010/03/06 15:34:35 | 000,000,983 | ---- | M] () -- C:\Users\Eduardo\Desktop\JDownloader.lnk
[2010/03/03 01:23:10 | 006,402,560 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\atipmdag.sys
[2010/03/03 01:23:10 | 006,402,560 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\atikmdag.sys
[2010/03/03 01:16:42 | 000,033,616 | ---- | M] () -- C:\Windows\SysNative\atiapfxx.blb
[2010/03/03 01:16:38 | 000,143,360 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiapfxx.exe
[2010/03/03 01:16:26 | 000,446,464 | ---- | M] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\aticfx32.dll
[2010/03/03 01:15:30 | 000,497,152 | ---- | M] (ATI Technologies Inc. ) -- C:\Windows\SysNative\aticfx64.dll
[2010/03/03 01:13:04 | 000,446,464 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\ATIDEMGX.dll
[2010/03/03 01:12:52 | 000,450,560 | ---- | M] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2010/03/03 01:12:12 | 000,202,752 | ---- | M] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2010/03/03 01:10:34 | 000,120,320 | ---- | M] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2010/03/03 01:10:12 | 000,420,864 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atipdl64.dll
[2010/03/03 01:10:04 | 000,356,352 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\atipdlxx.dll
[2010/03/03 01:09:48 | 000,274,432 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\Oemdspif.dll
[2010/03/03 01:09:40 | 000,012,288 | ---- | M] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2010/03/03 01:09:34 | 000,059,392 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atiedu64.dll
[2010/03/03 01:09:28 | 000,043,520 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll
[2010/03/03 01:06:18 | 003,131,392 | ---- | M] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\atidxx32.dll
[2010/03/03 01:04:46 | 018,798,080 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atio6axx.dll
[2010/03/03 00:57:00 | 003,800,576 | ---- | M] (ATI Technologies Inc. ) -- C:\Windows\SysNative\atidxx64.dll
[2010/03/03 00:46:42 | 003,703,808 | ---- | M] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\atiumdag.dll
[2010/03/03 00:45:02 | 014,226,944 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atioglxx.dll
[2010/03/03 00:39:46 | 004,801,536 | ---- | M] (ATI Technologies Inc. ) -- C:\Windows\SysNative\atiumd64.dll
[2010/03/03 00:32:06 | 002,716,160 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6a.dll
[2010/03/03 00:29:44 | 000,511,072 | ---- | M] () -- C:\Windows\SysNative\atiumd6a.cap
[2010/03/03 00:24:24 | 002,993,152 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdva.dll
[2010/03/03 00:24:00 | 000,511,072 | ---- | M] () -- C:\Windows\SysWow64\atiumdva.cap
[2010/03/03 00:23:52 | 000,055,296 | ---- | M] (AMD) -- C:\Windows\SysNative\coinst.dll
[2010/03/03 00:20:22 | 000,043,008 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalrt64.dll
[2010/03/03 00:20:20 | 000,053,248 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalrt.dll
[2010/03/03 00:20:10 | 000,039,936 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalcl64.dll
[2010/03/03 00:20:08 | 000,053,248 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalcl.dll
[2010/03/03 00:19:56 | 004,781,568 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticaldd64.dll
[2010/03/03 00:18:56 | 003,657,728 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticaldd.dll
[2010/03/03 00:08:50 | 000,053,248 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atimpc64.dll
[2010/03/03 00:08:50 | 000,053,248 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\amdpcom64.dll
[2010/03/03 00:08:44 | 000,052,224 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atimpc32.dll
[2010/03/03 00:08:44 | 000,052,224 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\amdpcom32.dll
[2010/03/03 00:08:14 | 000,330,752 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiadlxx.dll
[2010/03/03 00:08:06 | 000,237,568 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atiadlxy.dll
[2010/03/03 00:07:54 | 000,014,848 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6pxx.dll
[2010/03/03 00:07:48 | 000,012,800 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiglpxx.dll
[2010/03/03 00:07:48 | 000,012,800 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiglpxx.dll
[2010/03/03 00:07:44 | 000,016,896 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6txx.dll
[2010/03/03 00:07:38 | 000,015,360 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atigktxx.dll
[2010/03/03 00:07:32 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\atikmpag.sys
[2010/03/03 00:06:50 | 000,036,352 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiuxp64.dll
[2010/03/03 00:06:42 | 000,027,648 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiuxpag.dll
[2010/03/03 00:06:34 | 000,028,160 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiu9p64.dll
[2010/03/03 00:06:26 | 000,020,480 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiu9pag.dll
[2010/03/03 00:05:42 | 000,053,248 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\ati2erec.dll
[2010/03/02 17:57:10 | 000,020,692 | ---- | M] () -- C:\Windows\atiogl.xml
[2010/02/27 20:47:57 | 000,001,834 | ---- | M] () -- C:\Users\Eduardo\Desktop\Battlefield Bad Company 2.lnk
[2010/02/26 00:41:11 | 000,000,988 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.msn
[2010/02/25 16:55:46 | 000,201,875 | ---- | M] () -- C:\Windows\SysNative\atiicdxx.dat
[2010/02/23 13:15:02 | 000,001,105 | ---- | M] () -- C:\Windows\SysWow64\atipblag.dat
[2010/02/23 13:15:02 | 000,001,105 | ---- | M] () -- C:\Windows\SysNative\atipblag.dat
[2010/02/21 21:09:06 | 000,001,885 | ---- | M] () -- C:\Users\Eduardo\Desktop\CCleaner.lnk
[2010/02/17 18:37:00 | 003,449,068 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\GameMon.des
[2010/02/16 23:06:32 | 000,002,106 | ---- | M] () -- C:\Users\Eduardo\Desktop\ATI Tray Tools.lnk
[2010/02/16 17:48:18 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/02/05 12:33:24 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/02/05 12:17:04 | 001,537,038 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/02/05 12:16:56 | 000,002,657 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Ovi Player.lnk
[2010/02/05 12:09:08 | 000,003,584 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/04 10:01:14 | 000,530,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2010/02/04 10:01:14 | 000,528,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2010/02/04 10:01:14 | 000,238,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2010/02/04 10:01:14 | 000,176,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2010/02/04 10:01:14 | 000,078,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2010/02/04 10:01:14 | 000,074,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2010/02/04 10:01:14 | 000,024,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2010/02/04 10:01:14 | 000,022,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2010/01/28 20:45:49 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
[2010/01/28 20:45:41 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01007.Wdf
[2010/01/28 20:43:53 | 000,002,038 | ---- | M] () -- C:\Users\Public\Desktop\Nokia PC Suite.lnk
[2010/01/28 11:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysNative\drivers\AtiHdmi.sys
[2010/01/19 06:05:57 | 000,424,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2010/01/19 06:05:57 | 000,422,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2010/01/19 06:05:57 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010/01/19 06:05:57 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2010/01/19 06:00:44 | 000,305,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010/01/19 06:00:43 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2010/01/19 06:00:37 | 000,356,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2010/01/19 06:00:37 | 000,306,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010/01/18 20:29:31 | 000,365,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2010/01/18 20:29:31 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2010/01/18 20:29:31 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2010/01/18 20:29:30 | 000,369,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2010/01/18 20:28:33 | 000,324,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2010/01/18 20:28:33 | 000,277,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2010/01/18 20:28:30 | 000,320,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2010/01/18 20:28:30 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2010/01/17 11:28:23 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/01/17 04:26:39 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010/01/16 03:28:14 | 000,000,979 | ---- | M] () -- C:\Users\Eduardo\Desktop\Garena.lnk
[2010/01/14 02:25:09 | 000,000,095 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\fusioncache.dat
[2010/01/13 02:48:43 | 000,926,544 | ---- | M] () -- C:\Windows\P6T-ASUS-DELUXE-V2-0704.zip
[2010/01/11 07:03:45 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2010/01/11 04:44:17 | 000,445,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2010/01/11 04:12:38 | 000,381,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2010/01/07 16:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/01/07 16:07:06 | 000,022,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/01/07 09:31:16 | 000,001,189 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty Modern Warfare 2 SP.lnk
[2010/01/07 03:43:46 | 000,524,288 | -HS- | M] () -- C:\Users\Eduardo\ntuser.dat{96dba509-fa53-11de-9fe2-0026188878f3}.TMContainer00000000000000000002.regtrans-ms
[2010/01/07 03:43:46 | 000,524,288 | -HS- | M] () -- C:\Users\Eduardo\ntuser.dat{96dba509-fa53-11de-9fe2-0026188878f3}.TMContainer00000000000000000001.regtrans-ms
[2010/01/07 03:43:46 | 000,065,536 | -HS- | M] () -- C:\Users\Eduardo\ntuser.dat{96dba509-fa53-11de-9fe2-0026188878f3}.TM.blf
[2010/01/06 14:13:08 | 000,000,331 | ---- | M] () -- C:\Windows\game.ini
[2010/01/06 02:26:42 | 000,001,885 | ---- | M] () -- C:\Users\Eduardo\Desktop\UltraISO.lnk
[2010/01/06 02:24:38 | 000,001,180 | ---- | M] () -- C:\Users\Public\Desktop\Alcohol 120%.lnk
[2010/01/05 17:41:52 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/29 17:45:52 | 000,100,908 | ---- | C] () -- C:\Users\Eduardo\Desktop\SystemLook.exe
[2010/03/29 17:40:51 | 000,524,288 | -HS- | C] () -- C:\Users\Eduardo\ntuser.dat{5333d600-3b73-11df-917d-0026188878f3}.TMContainer00000000000000000002.regtrans-ms
[2010/03/29 17:40:51 | 000,524,288 | -HS- | C] () -- C:\Users\Eduardo\ntuser.dat{5333d600-3b73-11df-917d-0026188878f3}.TMContainer00000000000000000001.regtrans-ms
[2010/03/29 17:40:51 | 000,065,536 | -HS- | C] () -- C:\Users\Eduardo\ntuser.dat{5333d600-3b73-11df-917d-0026188878f3}.TM.blf
[2010/03/25 23:01:19 | 000,000,108 | ---- | C] () -- C:\Windows\EA45.Reg
[2010/03/25 23:01:17 | 000,002,128 | ---- | C] () -- C:\Windows\SysWow64\acpi.vxd
[2010/03/25 23:01:08 | 000,559,104 | ---- | C] () -- C:\Windows\SysWow64\ntkrnlp.exe
[2010/03/25 23:01:04 | 000,000,007 | ---- | C] () -- C:\Windows\infosapi.dll
[2010/03/25 23:01:02 | 000,097,792 | ---- | C] () -- C:\Users\Eduardo\winmsng.exe
[2010/03/22 15:40:45 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/22 15:36:19 | 000,002,053 | ---- | C] () -- C:\Users\Eduardo\Desktop\HijackThis.lnk
[2010/03/21 15:51:34 | 000,000,741 | ---- | C] () -- C:\Atualizador de licenças ESET.lnk
[2010/03/20 02:40:03 | 000,020,480 | ---- | C] () -- C:\Users\Eduardo\count.exe
[2010/03/19 15:11:39 | 000,005,174 | ---- | C] () -- C:\Windows\SysWow64\nppt9x.vxd
[2010/03/19 15:08:45 | 000,001,045 | ---- | C] () -- C:\Users\Eduardo\Desktop\Flyff.lnk
[2010/03/17 04:51:21 | 000,001,421 | ---- | C] () -- C:\Users\Eduardo\Desktop\Metro 2033.lnk
[2010/03/07 04:13:08 | 000,001,592 | ---- | C] () -- C:\Users\Eduardo\Desktop\Dragon Age Origins.lnk
[2010/03/06 15:34:35 | 000,000,983 | ---- | C] () -- C:\Users\Eduardo\Desktop\JDownloader.lnk
[2010/03/03 01:16:42 | 000,033,616 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
[2010/03/03 00:29:44 | 000,511,072 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2010/03/03 00:24:00 | 000,511,072 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2010/03/02 17:57:10 | 000,020,692 | ---- | C] () -- C:\Windows\atiogl.xml
[2010/02/27 20:47:57 | 000,001,834 | ---- | C] () -- C:\Users\Eduardo\Desktop\Battlefield Bad Company 2.lnk
[2010/02/25 16:55:46 | 000,201,875 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat
[2010/02/23 13:15:02 | 000,001,105 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/02/23 13:15:02 | 000,001,105 | ---- | C] () -- C:\Windows\SysNative\atipblag.dat
[2010/02/16 23:06:32 | 000,002,106 | ---- | C] () -- C:\Users\Eduardo\Desktop\ATI Tray Tools.lnk
[2010/02/16 17:48:18 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/02/05 12:33:24 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/02/05 12:16:56 | 000,002,657 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Ovi Player.lnk
[2010/02/05 12:09:07 | 000,003,584 | ---- | C] () -- C:\Users\Eduardo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/28 20:45:49 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
[2010/01/28 20:45:41 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01007.Wdf
[2010/01/28 20:43:53 | 000,002,038 | ---- | C] () -- C:\Users\Public\Desktop\Nokia PC Suite.lnk
[2010/01/17 11:28:23 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/01/17 11:14:18 | 000,001,885 | ---- | C] () -- C:\Users\Eduardo\Desktop\CCleaner.lnk
[2010/01/17 04:26:39 | 000,000,943 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010/01/16 03:28:14 | 000,000,979 | ---- | C] () -- C:\Users\Eduardo\Desktop\Garena.lnk
[2010/01/14 02:25:09 | 000,000,095 | ---- | C] () -- C:\Users\Eduardo\AppData\Local\fusioncache.dat
[2010/01/14 02:24:10 | 001,537,038 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/01/13 02:48:43 | 002,097,152 | ---- | C] () -- C:\Windows\P6T-ASUS-DELUXE-V2-0704.ROM
[2010/01/13 02:43:33 | 000,926,544 | ---- | C] () -- C:\Windows\P6T-ASUS-DELUXE-V2-0704.zip
[2010/01/07 09:31:16 | 000,001,189 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty Modern Warfare 2 SP.lnk
[2010/01/06 02:26:42 | 000,001,885 | ---- | C] () -- C:\Users\Eduardo\Desktop\UltraISO.lnk
[2010/01/06 02:24:38 | 000,001,180 | ---- | C] () -- C:\Users\Public\Desktop\Alcohol 120%.lnk
[2010/01/05 20:52:45 | 000,524,288 | -HS- | C] () -- C:\Users\Eduardo\ntuser.dat{96dba509-fa53-11de-9fe2-0026188878f3}.TMContainer00000000000000000002.regtrans-ms
[2010/01/05 20:52:45 | 000,524,288 | -HS- | C] () -- C:\Users\Eduardo\ntuser.dat{96dba509-fa53-11de-9fe2-0026188878f3}.TMContainer00000000000000000001.regtrans-ms
[2010/01/05 20:52:45 | 000,065,536 | -HS- | C] () -- C:\Users\Eduardo\ntuser.dat{96dba509-fa53-11de-9fe2-0026188878f3}.TM.blf
[2010/01/03 17:38:36 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2010/01/03 17:22:51 | 000,350,720 | ---- | C] () -- C:\Users\Eduardo\Desktop\hjsplit.exe
[2009/12/20 17:26:29 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/12/20 00:30:56 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2009/12/20 00:30:56 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2009/12/20 00:10:15 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2009/12/20 00:10:15 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2009/12/20 00:10:15 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2009/12/20 00:10:03 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2009/11/06 09:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/11/01 07:19:18 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/07/13 20:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007/12/28 04:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2007/07/10 13:10:12 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
< End of report >

Continua...

 

[Spartacus]

Extra Report

Spoiler

OTL Extras logfile created on: 29/03/2010 17:45:38 - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Eduardo\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

6,00 Gb Total Physical Memory | 5,00 Gb Available Physical Memory | 77,00% Memory free
12,00 Gb Paging File | 10,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,50 Gb Total Space | 633,44 Gb Free Space | 68,00% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: EDUARDO-PC
Current User Name: Eduardo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 90 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MIF5BA~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MIF5BA~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{23F108F0-BD12-A639-8C6E-BB1F7AF736C1}" = ccc-utility64
"{31791DA6-7F3C-AA85-348B-59E0F434F91A}" = ATI Problem Report Wizard
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C8C2790-F773-9A42-3ACD-9117E22B8180}" = ATI AVIVO64 Codecs
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{6741B646-3DBE-AF40-75FA-959847831D9F}" = ATI Catalyst Install Manager
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0416-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Pacote de Driver do Windows - Nokia Modem (10/05/2009 4.2)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Pacote de Driver do Windows - Nokia Modem (06/01/2009 7.01.0.4)
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Pacote de Driver do Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"WinRAR archiver" = Arquivo do WinRAR

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{185AEB6C-54E1-40E6-D2AC-46342FA6DBD3}" = HydraVision
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{32BC546A-8AA3-4239-AE92-9CF3291C35A6}" = Windows Live Call
"{36D8A747-3FC1-121F-6C92-2F79A9B3172D}" = Catalyst Control Center Graphics Full New
"{3762698E-E9DF-4DD8-99F1-8192D0F8EE06}" = Nokia_Multimedia_Common_Components_2_5
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}" = Assistente de Conexão do Windows Live
"{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX
"{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.20
"{89D16846-7491-A3C3-89D9-006906602FA2}" = Catalyst Control Center Graphics Previews Common
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8CDCDD72-388E-0A2A-4847-873C448033EA}" = Catalyst Control Center Graphics Previews Vista
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{90120000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2007
"{90120000-0015-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007
"{90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007
"{90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007
"{90120000-0019-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007
"{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007
"{90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0416-0000-0000000FF1CE}_ENTERPRISE_{75EBE365-7FC5-4720-A7D3-804BF550D1BC}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0416-1000-0000000FF1CE}_ENTERPRISE_{9A141B2B-7C5E-47D2-8E9E-9AC6018F3C42}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007
"{90120000-0044-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007
"{90120000-006E-0416-0000-0000000FF1CE}_ENTERPRISE_{9A141B2B-7C5E-47D2-8E9E-9AC6018F3C42}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007
"{90120000-00A1-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2007
"{90120000-00BA-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9312191B-30A5-44E1-8D8D-6936FE06CDE8}" = Wanted: Weapons of Fate
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A31951C5-DCD8-4DFE-A525-CFC701F54792}" = TurboV
"{A528306A-C5EC-481C-A619-6106334E6800}" = Nokia Ovi Player
"{AC76BA86-7AD7-1046-7B44-A93000000001}" = Adobe Reader 9.3 - Português
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B5ED7AB0-3838-4389-8549-7C8E22DD48F4}" = Windows Live Messenger
"{C50EF365-2898-489A-B6C7-30DAA466E9A2}" = Nokia Connectivity Cable Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.26 Game
"{DC3F66CA-9DFD-41EA-9D9E-FD86F1446A3D}" = Catalyst Control Center Core Implementation
"{E25BEA72-89F8-121D-5481-0347B9446673}" = ccc-core-static
"{E288FAEB-D102-0ACA-DF6A-9BD3C90FA08B}" = Catalyst Control Center HydraVision Full
"{E4D35928-2C24-A87E-8240-CC7E25548F52}" = Catalyst Control Center Graphics Full Existing
"{E76CDA48-6FB1-49C5-0769-7B9444664056}" = Catalyst Control Center Graphics Light
"{EB3B36B9-E1F4-81BA-BEB5-4FB07D4CEE39}" = Catalyst Control Center InstallProxy
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2CD4651-F948-467C-B014-71FD981B7F59}" = Windows Live Essentials
"{F5E0B89C-AABA-639D-B6F5-C3FB085FB120}" = CCC Help English
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"CCleaner" = CCleaner
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30
"Garena" = Garena
"HijackThis" = HijackThis 2.0.2
"Host OpenAL (ADI)" = Host OpenAL (ADI)
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Messenger Plus! Live" = Messenger Plus! Live
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"Nokia PC Suite" = Nokia PC Suite
"OpenAL" = OpenAL
"rayatitray" = Ray Adams ATI Tray Tools
"Satsuki Decoder Pack" = Satsuki Decoder Pack 4302
"Steam App 12840" = DiRT 2
"UltraISO_is1" = UltraISO Premium V9.35
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.5
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3166456774-1947370463-365579536-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

SystemLook

Spoiler

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 17:51 on 29/03/2010 by Eduardo (Administrator - Elevation successful)

========== dir ==========

C:\Users\Eduardo\AppData\utilitários - Unable to find folder.

-=End Of File=-

PS: A organização de mensagens desse fórum tá bem loca, mandei primeira mensagem agora e aqui ela está aparecendo acima da sua, dizendo que eu mandei às 14:58. Se por algum motivo não achar a primeira mensagem me avise...

Obrigado!

 

[Mr.Wolf]

Olá pessoal, boa tarde a todos!


Amigo Eduardo Macedo, trata-se realmente do InfoStealer, como eu havia conjeturado.

Vamos lá, siga abaixo:

Spoiler

1ª Etapa

● Dê um duplo clique no OTL.exe para executá-lo novamente.

● Copie este texto abaixo (começando por :OTL), exatamente como está aí, sem pular nenhum dos caracteres, e cole no campo

da janela do OTL.

:OTL
PRC - C:\Users\Eduardo\AppData\YinthkilU.exe ()
PRC - C:\Windows\SysWOW64\ntkrnlp.exe ()
PRC - C:\Users\Eduardo\AppData\MsnSys.exe ()
SRV - (srvwinupd) -- C:\Windows\SysWOW64\ntkrnlp.exe ()
DRV - (ACPI) -- C:\Windows\SysWOW64\acpi.vxd ()
O2 - BHO: (no name) - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {D4650B8A-9428-4430-82DC-81DEE3AA2198}82DC-81DEE3AA2198} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-3166456774-1947370463-365579536-1001\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [msnmsgrs] C:\Users\Eduardo\AppData\utilitários (Microsoft Corporation)
O4 - HKU\S-1-5-21-3166456774-1947370463-365579536-1001..\Run: [msnmsgrs] C:\Users\Eduardo\AppData\utilitários (Microsoft Corporation)
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O33 - MountPoints2\{55ace14c-ef2f-11de-a5f7-0026188878f3}\Shell\AutoRun\command - "" = E:\setup\rsrc\Autorun.exe -- File not found
O33 - MountPoints2\{55ace14c-ef2f-11de-a5f7-0026188878f3}\Shell\dinstall\command - "" = E:\Directx\dxsetup.exe -- File not found
O33 - MountPoints2\{676d6dd1-fa3c-11de-8e23-0026188878f3}\Shell\AutoRun\command - "" = SETUP.EXE
O33 - MountPoints2\{676d6ddd-fa3c-11de-8e23-0026188878f3}\Shell\AutoRun\command - "" = SETUP.EXE

:Files
C:\Users\Eduardo\AppData\YinthkilU.exe
C:\Windows\SysWOW64\ntkrnlp.exe
C:\Users\Eduardo\AppData\MsnSys.exe
C:\Windows\SysWOW64\acpi.vxd
C:\Windows\EA45.Reg
C:\script.html
C:\Windows\infosapi.dll
C:\Windows\qeqp8289.dll
C:\Windows\1C4551A64743409391E41477CD655043.TMP
C:\MSNCleaner



:Reg



:Services



:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot]

● Clique no botão

. Se aparecer uma mensagem perguntando se deseja reiniciar o PC, clique em

e aguarde o reinicio.

Um novo relatório será aberto. Copie e cole-o em sua próxima resposta.

Faça e poste também um novo scan do OTL, instruído neste post, mas desta vez poste apenas o OTL.Txt.


2ª Etapa

● Baixe o SystemLook e salve no desktop.

● Feche todos os programas abertos e execute o SystemLook.exe
● No espaço em branco, cole este comando abaixo:

:dir
C:\Users\Eduardo\AppData\utilitários /s /md5

Clique no botão Look e aguarde.
Ao término da análise, um log abrirá automaticamente. Ele também estará no desktop com o nome SystemLook.txt.

Cole-o em sua próxima resposta, juntamente com os dois do OTL.

__________________________________________________________


Opa Tello, já existe a versão PT-BR do Avira sim. Porém, o idioma está disponível apenas na versão 9, por enquanto. A versão 10 lançada recentemente é Inglês. Somente em maio que sairá o Avira 10 PT-BR, como pode ser confirmado aqui.

Links para download da versão PT-BR:

http://www.free-av.com/pt-br/download/download_servers.php (aqui tem todos os idiomas)
http://www.avira.com.br/downloads/beta/avira_antivir_personal_ptbr.exe (versão beta PT-BR)

Abraços amigo

__________________________________________________________


thi@go, o programa Trojan Remover foi comprometido pelos malwares. Aconselho você a desinstalá-lo e, se quiser, volte a instalá-lo novamente depois.

Siga abaixo:

Spoiler

Estranho o seu driver de áudio da Realtek estar localizado na pasta do Windows Media Player. Vamos averiguar isso.

Acesse o site VirusTotal. Copie este caminho em destaque abaixo e cole ao lado do botão

. Clique em Enviar Arquivo e aguarde.

C:\Arquivos de programas\Windows Media Player\RtHDVCpl.exe

Ao término, clique em "Mostrar último relatório".

Copie a URL da página com o resultado e poste aqui.



Selecione e copie este texto abaixo (a partir de Snapshot). Cole no Bloco de Notas e salve no desktop como CFScript.txt

Snapshot::
File::
C:\WINDOWS\system32\Ms000002.exe

SysRst::

Quit::

Arraste o CFScript para o ComboFix como na imagem aqui abaixo e aguarde a execução automática da ferramenta:

● Se for solicitado à você, pressione Enter para iniciar o processo de remoção;
● Não use o mouse nem o teclado quando o ComboFix estiver rodando;
● Quando terminar, será gerado um novo log que estará em C:\ComboFix.txt;
● Talvez seu computador seja reiniciado automaticamente. Caso não ocorra, reinicie-o manualmente.

Na sua próxima resposta, cole o ComboFix.txt, o resultado do VirusTotal e um novo log do HijackThis.

 

[XDyuXD]

Ninguem?Preciso de um antivirus bem leve para o pc2 da assinatua,alguem me ajuda pf!

 

[LuiZz``]

Mr Wolf,

Conforme vc pediu, fiz o scan com o Karspersky online e ai esta o Log

Spoiler

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, March 29, 2010
Operating system: Microsoft Windows Vista Ultimate Edition, 64-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, March 29, 2010 10:25:42
Records in database: 3895780
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Objects scanned: 270881
Threats found: 3
Infected objects found: 4
Suspicious objects found: 0
Scan duration: 03:36:03


File name / Threat / Threats count
C:\Users\Public\cognlz.exe Infected: Worm.Win32.AutoIt.tc 1
C:\Users\Public\qdjvfi.exe Infected: Packed.Win32.Klone.bj 1
C:\Users\Public\svhtlj.exe Infected: Worm.Win32.AutoIt.re 1
C:\Users\Public\wxwidn.exe Infected: Packed.Win32.Klone.bj 1

Selected area has been scanned.

 

[thi@go]

Mr Wolf, o virustotal fez a varredura e achou umas coisinhas:

Spoiler

http://www.virustotal.com/pt/analisis/8ab4761b6b705d58996e02fbbb87c0b6832293f007a77adafd6c91b96d8bd81b-1269890090

já aquele procedimento do combofix acho que não deu certo, fiz do jeitinho que vc me pediu, o micro reinicia normalmente, carrega o sistema mas o combo fix não faz o relatório, o micro parou com aqueles sintomas que te passei no começo, usando o micro não se percebe problema algum, mas fiquei encucado com o combofix, nem em modo de segurança ele gera o relatório.

O procedimento que vc me passar agora eu vou poder fazer amanhã de manhã porque o expediente já está se encerrando hj.

Obrigado Mr.

 

[didifpg]

Olá Mr. Wolf.

você pediu para eu didifpg, compacte com senha o arquivo vermelho em destaque abaixo: C:\Arquivos de programas\masterdir\services.exe..

Porém não consigo achar este arquivo.. Já procurei como oculto, mais ele também nao aparece...


To postando um novo log para vc me dizer o que fazer...

abraços...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:08:32, on 30/3/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Arquivos de programas\Arquivos comuns\InterVideo\DeviceService\DevSvc.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe
C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [mservices] C:\Arquivos de programas\masterdir\services.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Arquivos de programas\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized
O4 - HKCU\..\Run: [mservices] C:\Arquivos de programas\masterdir\services.exe
O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {31CB2F01-72C2-4CF4-B265-450E8817B039} (Toontown IE Helper Portuguese) - http://idownload.br.toontown.com/sv1.4.14.8/ttinst-portuguese.cab
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com.br/s/v/58.10/uploader2.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img4.orkut.com/activex/10036/photouploader.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF32D210-948A-4A63-BD02-8938A15D4750}: NameServer = 200.225.197.37 200.225.197.34
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Arquivos de programas\Arquivos comuns\InterVideo\DeviceService\DevSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE

--
End of file - 11868 bytes

 

[thi@go]

Bom dia Mr. Wolf, insisti muito e consegui fazer o procedimento do combofix + txt. O log é esse:

Spoiler

ComboFix 10-03-29.04 - Administrador 30/03/10 11:18:33.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.958.562 [GMT -3:00]
Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe
Comandos utilizados :: c:\documents and settings\Administrador\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FILE ::
"c:\windows\system32\Ms000002.exe"
.
ADS - drivers: deleted 204 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\AvGbKill
c:\windows\avs.exe
c:\windows\system32\ashDip.exe
c:\windows\system32\drivers\avgbkill.sys
c:\windows\system32\drivers\avgbkill.sys.off
c:\windows\system32\GbpServer.exe
c:\windows\system32\Ms000002.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CARLHOS
-------\Service_carlhos
-------\Legacy_CARLHOS
-------\Service_carlhos


(((((((((((((((( Arquivos/Ficheiros criados de 2010-02-28 to 2010-03-30 ))))))))))))))))))))))))))))
.

2010-03-30 12:25 . 2010-03-30 12:25 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Simply Super Software
2010-03-30 12:05 . 2007-08-30 20:22 2015808 ----a-w- c:\documents and settings\Administrador.ARTHI-SERVER\Dados de aplicativos\Simply Super Software\Trojan Remover\amx6.exe
2010-03-30 11:21 . 2010-03-30 11:21 -------- d-----w- c:\windows\system32\wbem\Repository
2010-03-30 11:21 . 2010-03-30 10:13 1678086 ----a-w- c:\windows\system32\ashDip(2).exe
2010-03-30 10:13 . 2010-03-30 10:13 1678086 ----a-w- c:\windows\avs(2).exe
2010-03-29 13:23 . 2009-12-01 10:14 79488 ----a-w- c:\documents and settings\Internet-novo\Dados de aplicativos\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-29 13:23 . 2009-12-01 10:15 152576 ----a-w- c:\documents and settings\Internet-novo\Dados de aplicativos\Sun\Java\jre1.6.0_17\lzma.dll
2010-03-29 13:21 . 2010-03-29 13:21 -------- d-----w- C:\Rooter$
2010-03-26 13:35 . 2010-03-22 12:23 532480 ----a-w- c:\documents and settings\Administrador.ARTHI-SERVER\Dados de aplicativos\Notepad++\plugins\Config\plugin_install_temp\plugin1\plugins\PluginManager.dll
2010-03-26 13:35 . 2010-03-22 12:23 401408 ----a-w- c:\documents and settings\Administrador.ARTHI-SERVER\Dados de aplicativos\Notepad++\plugins\Config\plugin_install_temp\plugin1\updater\gpup.exe
2010-03-26 13:34 . 2009-10-28 18:19 152576 ----a-w- c:\documents and settings\Administrador.ARTHI-SERVER\Dados de aplicativos\Sun\Java\jre1.6.0_15\lzma.dll
2010-03-26 13:34 . 2010-03-24 10:09 -------- d-----w- c:\documents and settings\Administrador.ARTHI-SERVER\.netbeans-registration
2010-03-26 13:34 . 2010-03-24 10:09 -------- d-----w- c:\documents and settings\Administrador.ARTHI-SERVER\.netbeans
2010-03-26 13:34 . 2010-03-22 11:21 -------- d-----w- c:\documents and settings\Administrador.ARTHI-SERVER\Dados de aplicativos\Logitech
2010-03-26 13:34 . 2009-12-17 17:49 -------- d-----w- c:\documents and settings\Administrador.ARTHI-SERVER\Dados de aplicativos\IObit
2010-03-26 13:34 . 2009-10-09 16:40 -------- d-----w- c:\documents and settings\Administrador.ARTHI-SERVER\Dados de aplicativos\3M
2010-03-26 13:34 . 2008-07-22 17:40 -------- d-----w- c:\documents and settings\Administrador.ARTHI-SERVER\Dados de aplicativos\Babylon
2010-03-26 13:34 . 2010-03-22 12:23 -------- d-----w- c:\documents and settings\Administrador.ARTHI-SERVER\Dados de aplicativos\Notepad++
2010-03-26 13:34 . 2010-03-23 16:59 -------- d-sh--w- c:\documents and settings\Administrador.ARTHI-SERVER\IECompatCache
2010-03-26 13:34 . 2008-12-15 12:03 -------- d-----w- c:\documents and settings\Administrador.ARTHI-SERVER\Dados de aplicativos\Windows Desktop Search
2010-03-25 14:25 . 2010-03-25 14:25 -------- d-----w- c:\documents and settings\Administrador.ARTHI-SERVER\Dados de aplicativos\Malwarebytes
2010-03-25 14:25 . 2010-02-27 23:46 3691384 ----a-w- c:\documents and settings\Administrador.ARTHI-SERVER\Dados de aplicativos\Simply Super Software\Trojan Remover\pjy233.exe
2010-03-25 14:18 . 2010-03-23 16:59 -------- d-sh--w- c:\documents and settings\Administrador.ARTHI-SERVER\PrivacIE
2010-03-25 14:15 . 2010-03-25 14:23 -------- d-----w- c:\documents and settings\Administrador.ARTHI-SERVER\Dados de aplicativos\Simply Super Software
2010-03-25 14:13 . 2009-11-23 10:32 -------- d-sh--w- c:\documents and settings\Administrador.ARTHI-SERVER\IETldCache
2010-03-10 18:40 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-30 12:25 . 2008-06-02 19:10 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP
2010-03-30 11:22 . 2009-02-11 15:03 -------- d-----w- c:\arquivos de programas\GBPLUGIN
2010-03-29 12:35 . 2009-11-09 16:03 -------- d--h--w- c:\arquivos de programas\Scpad
2010-03-25 10:00 . 2008-10-02 14:53 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin
2010-02-18 13:20 . 2009-02-11 15:04 30752 ----a-w- c:\windows\system32\drivers\gbpkm.sys
2010-02-08 13:43 . 2010-02-08 13:43 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NVIDIA
2010-01-08 15:04 . 2010-01-08 15:04 5376 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP\hdahelper.sys
2009-12-31 16:50 . 2003-04-08 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
.

((((((((((((((((((((((((((((((((((((((( System Restore )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\32788r22fwjfw\Assoc.cmd
17/03/10 19:02 4145 \RP555\A0076079.cmd

c:\32788r22fwjfw\Auto-RC.cmd
05/12/09 08:11 3030 \RP555\A0076078.cmd

c:\32788r22fwjfw\av.cmd
22/03/10 08:07 2047 \RP555\A0076077.cmd

c:\32788r22fwjfw\av.vbs
13/05/09 18:09 1464 \RP555\A0076038.vbs

c:\32788r22fwjfw\AWF.cmd
16/11/09 01:03 659 \RP555\A0076076.cmd

c:\32788r22fwjfw\Boot-Rk.cmd
12/02/10 04:30 2917 \RP555\A0076075.cmd

c:\32788r22fwjfw\Boot.bat
01/01/10 22:00 7459 \RP555\A0076095.bat

c:\32788r22fwjfw\BootSect.dll
31/08/00 08:00 7680 \RP555\A0076048.dll

c:\32788r22fwjfw\c.bat
15/03/10 15:27 55582 \RP555\A0076094.bat

c:\32788r22fwjfw\Catch-sub.cmd
15/11/09 04:30 977 \RP555\A0076074.cmd

c:\32788r22fwjfw\CF-Script.cmd
26/03/10 02:31 27839 \RP555\A0076073.cmd

c:\32788r22fwjfw\CHCP.bat
29/03/10 16:18 16 \RP555\A0076029.bat

20/03/10 04:56 1024 \RP555\A0076044.sys

c:\32788r22fwjfw\Combobatch.bat
30/11/09 02:38 7065 \RP555\A0076093.bat

c:\32788r22fwjfw\Create.cmd
03/01/10 02:50 7473 \RP555\A0076072.cmd

c:\32788r22fwjfw\CregC.cmd
08/03/10 13:10 2946 \RP555\A0076071.cmd

c:\32788r22fwjfw\CSet.cmd
23/12/09 21:49 1686 \RP555\A0076070.cmd

c:\32788r22fwjfw\DelClsid.bat
06/12/09 04:00 1816 \RP555\A0076092.bat

c:\32788r22fwjfw\DelClsid64.bat
06/12/09 04:04 1870 \RP555\A0076091.bat

c:\32788r22fwjfw\Exe.reg
01/01/10 22:45 13800 \RP555\A0076040.reg

c:\32788r22fwjfw\FD-SV.cmd
23/11/09 05:52 3733 \RP555\A0076069.cmd

c:\32788r22fwjfw\ffdefstr.dll
14/12/09 05:22 36942 \RP555\A0076047.dll

c:\32788r22fwjfw\files.pif
29/03/10 18:10 2413 \RP555\A0076043.pif

c:\32788r22fwjfw\FIND3M.bat
22/03/10 15:49 28882 \RP555\A0076090.bat

c:\32788r22fwjfw\FIXLSP.bat
10/11/09 23:16 4759 \RP555\A0076089.bat

c:\32788r22fwjfw\FKMGen.cmd
03/01/10 20:41 1085 \RP555\A0076068.cmd

c:\32788r22fwjfw\GetHive.cmd
26/10/09 14:54 5969 \RP555\A0076067.cmd

c:\32788r22fwjfw\hidec.exe
16/08/05 01:54 1536 \RP555\A0076052.exe

c:\32788r22fwjfw\history.bat
20/10/09 17:25 954 \RP555\A0076088.bat

c:\32788r22fwjfw\iexplore.exe
20/04/09 12:56 31232 \RP555\A0076051.exe

c:\32788r22fwjfw\Install-RC.cmd
23/11/09 00:54 5658 \RP555\A0076066.cmd

c:\32788r22fwjfw\katch.cmd
12/12/09 20:07 1373 \RP555\A0076065.cmd

c:\32788r22fwjfw\Kill-All.cmd
29/11/09 07:25 1695 \RP555\A0076064.cmd

c:\32788r22fwjfw\Lang.bat

C:\Syst
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-16 7630848]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"egui"="c:\arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-11 2054360]
"DB Audio Control Panel"="c:\arquivos de programas\Windows Media Player\RtHDVCpl.exe" [2010-03-17 627200]
"ashDip.exe"="c:\windows\System32\ashDip.exe" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
108Mbps Wireless LAN Adapter Configuration Utility.lnk - c:\arquivos de programas\108Mbps Wireless LAN Adapter\WLANPRO.exe [2008-12-17 2945024]
Reg.lnk - c:\arquivos de programas\108Mbps Wireless LAN Adapter\Reg.exe [2008-12-17 24576]
USB FireWall.lnk - c:\arquivos de programas\Net Studio\USB FireWall\USB FireWall.exe [2008-12-17 1330688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2010-02-18 13:19 323360 ----a-w- c:\arquivos de programas\GBPLUGIN\gbieh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 01:16 39792 ----a-w- c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 02:20 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 18:57 153136 ----a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-08-16 07:35 7630848 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-08-16 07:35 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-08-16 07:35 1617920 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-12-19 03:12 16062464 ------r- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 10:04 2879488 ------r- c:\windows\SkyTel.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [11/02/09 12:04 30752]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [11/09/09 07:23 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [11/09/09 07:26 96408]
R2 ekrn;ESET Service;c:\arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe [11/09/09 07:24 735960]
R2 uvnc_service;uvnc_service;c:\arquivos de programas\UltraVNC\winvnc.exe [05/05/08 07:14 1148480]
S2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe --> c:\arquiv~1\GbPlugin\GbpSv.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Conteúdo da pasta 'Tarefas Agendadas'

2010-03-30 c:\windows\Tasks\User_Feed_Synchronization-{595680FE-1915-4F0F-88F7-D058F4DC45C8}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 07:31]
.
.
------- Scan Suplementar -------
.
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {7ABA396C-9CC4-4E5B-A28C-9751DED46115} = 192.168.10.10,192.168.10.2
TCP: {BB7EF997-5482-4E69-B08D-CFF0CD2EC3B3} = 192.168.10.10,192.168.10.2
DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-30 11:29
Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DB Audio Control Panel = c:\arquivos de programas\Windows Media Player\RtHDVCpl.exe??????????????

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_USERS\S-1-5-21-746137067-1383384898-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e7,67,59,72,2e,14,7b,4a,bd,8b,45,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e7,67,59,72,2e,14,7b,4a,bd,8b,45,\
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(624)
c:\arquivos de programas\GBPLUGIN\gbieh.dll
c:\windows\system32\netmsg.dll

- - - - - - - > 'explorer.exe'(3660)
c:\windows\system32\WININET.dll
c:\arquivos de programas\GBPLUGIN\gbieh.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\windows\system32\acs.exe
c:\windows\System32\nvsvc32.exe
c:\windows\AGRSMMSG.exe
c:\arquivos de programas\Internet Explorer\iexplore.exe
c:\arquivos de programas\Internet Explorer\iexplore.exe
c:\arquivos de programas\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Tempo para conclusão: 2010-03-30 11:34:32 - Máquina reiniciou
ComboFix-quarantined-files.txt 2010-03-30 14:34

Pré-execução: 13 pasta(s) 38.178.975.744 bytes disponíveis
Pós execução: 14 pasta(s) 38.224.732.160 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 60598F5F7A21A714E8DB52BC2213811F

Fiz um log do virus total hj de novo:

Spoiler

http://www.virustotal.com/pt/analisis/8ab4761b6b705d58996e02fbbb87c0b6832293f007a77adafd6c91b96d8bd81b-1269890090

Ontem depois que passei o combofix o micro funcionou normalmente, hoje ao ligar já apresentou aqueles sintomas novamente, o micro está fora da rede, preciso resolver esse problema o mais rápido possivel pq tem funcionarios precisando do micro, eles não param de me cobrar (As pessoas acham que problema de compiutador é sempre simples de resolver :s)

Obrigado Mr. Wolf

 

[Mr.Wolf]

Boa tarde pessoal! Como o fórum deu uma bugada, vou responder na ordem atual que se encontram as postagens.


thi@go, seu computador foi reinfectado. O maior problema aí não é o vírus, mas sim a rede. O ComboFix desativou esse PC da rede visando mantê-lo protegido pois, possivelmente, os outros PCs ligados na rede estão infectados também, e isto, consequentemente, está fazendo com que o computador que você está seja reinfectado sempre ao iniciar o sistema.

Aconselharia você, se puder, a manter o PC desativado da rede pelo menos até terminarmos isso. Mas, futuramente, ele poderá ser atingido se os outros PCs não forem revistados e limpos.

Siga abaixo:

Spoiler

Copie o texto abaixo no Bloco de Notas e salve como CFScript.txt

Folder::
c:\documents and settings\Administrador\Dados de aplicativos\Simply Super Software
c:\documents and settings\Administrador.ARTHI-SERVER\Dados de aplicativos\Simply Super Software
c:\arquivos de programas\GBPLUGIN
c:\documents and settings\All Users\Dados de aplicativos\GbPlugin
c:\arquivos de programas\Scpad
C:\Rooter$

File::
c:\windows\system32\ashDip(2).exe
c:\windows\avs(2).exe
c:\windows\system32\drivers\gbpkm.sys

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DB Audio Control Panel"=-
"ashDip.exe"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GbPluginBb]

Driver::
GbpKm
GbpSv

Rootkit::
c:\arquivos de programas\Windows Media Player\RtHDVCpl.exe

Arraste o CFScript para o ComboFix como na imagem aqui abaixo e aguarde a execução automática da ferramenta:

● Se for solicitado à você, pressione Enter para iniciar o processo de remoção;
● Não use o mouse nem o teclado quando o ComboFix estiver rodando;
● Quando terminar, será gerado um novo log que estará em C:\ComboFix.txt;
● Talvez seu computador seja reiniciado automaticamente. Caso não ocorra, reinicie-o manualmente.

Na sua próxima resposta, cole o ComboFix.txt e um novo log do HijackThis.

_________________________________________


Eduardo Macedo, o malware está impedindo a sua remoção. É por isso que deu-se a tela azul. Tanto é que o malware nem se mexeu no log, continua no mesmo lugar. O InfoStealer é triste de lidar! Por acaso foi vítima de algum golpe de phishing recentemente?

Siga abaixo:

Spoiler

1ª Etapa

Acesse o site VirusTotal. Copie este caminho em destaque abaixo e cole ao lado do botão

. Clique em Enviar Arquivo e aguarde.

C:\Windows\SysWOW64\ntkrnlp.exe

Ao término, clique em Mostrar último relatório, copie a URL e cole aqui.


2ª Etapa

Delete o OTL.exe e sua pasta em C:\_OTL. Baixe esta versão e salve no desktop.

Abra-o e cole este texto abaixo na janela

.

:OTL
O4 - HKLM..\Run: [msnmsgrs] File not found
O4 - HKU\S-1-5-21-3166456774-1947370463-365579536-1001..\Run: [msnmsgrs] File not found

:Files
C:\Windows\qeqp8289.dll
C:\Windows\SysWow64\acpi.vxd
C:\Windows\EA45.Reg
C:\Users\Eduardo\count.exe
C:\Users\Eduardo\winmsng.exe


:Services

:Reg

:Commands
[purity]
[emptytemp]

Clique no botão

.

Reinicie o computador manualmente e veja se o log do resultado foi criado. Se não estiver no desktop, veja se não está em C:\_OTL\MovedFiles\xxx.log (onde os "x" são a data e hora da remoção).

Caso não surja nenhum log com o resultado, não tem problema. Apenas poste um novo scan.


3ª Etapa

- Faça o download do AVZ4 e salve-o no desktop;

- Extraia os arquivos do WinZip para o desktop, onde será criada uma pasta chamada avz4 no mesmo local;
- Entre nesta pasta e dê um duplo clique sobre o arquivo AVZ.exe para rodar a ferramenta;
- Ao abrir a janela do programa, clique no menu File > Database Update. Ou clique no botão

no canto direito do painel da ferramenta, e clique no botão Start para atualizar a ferramenta;
- Clique no menu File > Standard scripts e marque a opção "2. Advanced System Analysis";
- Clique então no botão Execute selected scripts e clique em Yes na próxima mensagem. Aguarde a análise;
- Quando a análise terminar, clique em OK na mensagem. Voltando à janela Standard scripts, clique em Close para fechá-la. E feche também a janela do AVZ4;
- Vá até a pasta avz4 no desktop, e abra a pasta LOG que está dentro dela;
- Nesta estará os logs e uma pasta zipada denominada: virusinfo_syscheck.zip.

Anexe esta pasta em sua próxima resposta, juntamente com o resultado do VirusTotal e o log do OTL.

_________________________________________


LuiZz, siga abaixo:

Spoiler

- Faça o download do Avenger e salve-o no desktop;

● Extraia o conteúdo do zip para o desktop;
● Selecione e copie o texto aqui abaixo:

Begin copying here:
Files to delete:
C:\Users\Public\cognlz.exe 
C:\Users\Public\qdjvfi.exe 
C:\Users\Public\svhtlj.exe
C:\Users\Public\wxwidn.exe

● Execute o programa Avenger, dando dois cliques em avenger.exe;
● Clique no menu Load Script > Paste from Clipboard;
● Clique no botão Execute > Yes > OK;
● Seu computador será reiniciado;
● Será gerado um log em C:\avenger.txt

Cole este log em sua próxima resposta.

_________________________________________


didifpg, pule a parte descrita para compactar o arquivo e siga o resto das instruções.

 

[thi@go]

Olá Mr. notei que ele foi reinfectado mesmo, não consegui com que o combofix gerasse o log, arrastei o arquivo.txt para ele e ele começou à scanear normalmente mas o micro não reinicia sozinho, se eu reiniciar manualmente o log não é gerado.
segue o log somente do hijackthis então

Nome do micro - IT-01

Spoiler

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:51:51, on 30/3/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\UltraVNC\WinVNC.exe
C:\Arquivos de programas\UltraVNC\WinVNC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\108Mbps Wireless LAN Adapter\WLANPRO.exe
C:\Arquivos de programas\Net Studio\USB FireWall\USB FireWall.exe
\Srv-01\públicos\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: 108Mbps Wireless LAN Adapter Configuration Utility.lnk = ?
O4 - Global Startup: Reg.lnk = ?
O4 - Global Startup: USB FireWall.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1256820807209
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = www.arthi-server.com.br
O17 - HKLM\Software\..\Telephony: DomainName = www.arthi-server.com.br
O17 - HKLM\System\CCS\Services\Tcpip\..\{7ABA396C-9CC4-4E5B-A28C-9751DED46115}: NameServer = 192.168.10.10,192.168.10.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{BB7EF997-5482-4E69-B08D-CFF0CD2EC3B3}: NameServer = 192.168.10.10,192.168.10.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = www.arthi-server.com.br
O17 - HKLM\System\CS1\Services\Tcpip\..\{7ABA396C-9CC4-4E5B-A28C-9751DED46115}: NameServer = 192.168.10.10,192.168.10.2
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = www.arthi-server.com.br
O17 - HKLM\System\CS2\Services\Tcpip\..\{7ABA396C-9CC4-4E5B-A28C-9751DED46115}: NameServer = 192.168.10.10,192.168.10.2
O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - (no file)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: uvnc_service - UltraVNC - C:\Arquivos de programas\UltraVNC\WinVNC.exe

--
End of file - 5745 bytes

Na rede da empresa tem +/- umas 40 máquinas mas nem todas acessam à internet, no máximo umas 10 máquinas acessam, vou passar o log e nome de algumas maquinas que acessar à web

VN-01

Spoiler

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:46:50, on 30/03/10
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\acs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
C:\Arquivos de programas\UltraVNC\WinVNC.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Arquivos de programas\UltraVNC\WinVNC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\108Mbps Wireless LAN Adapter\WLANPRO.exe
C:\Arquivos de programas\3M\PSNLite\PsnLite.exe
C:\ARQUIV~1\3M\PSNLite\PSNGive.exe
N:\DynPro\Vendas.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
\Srv-01\documentos\Públicos\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ReiniciarMensageiro] C:\Windows\arthi\ReiniciarMensageiroVBS.vbs
O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\RunServices: [csrcs] C:\WINDOWS\system32\csrcs.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: 108Mbps Wireless LAN Adapter Configuration Utility.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Arquivos de programas\3M\PSNLite\PsnLite.exe
O4 - Global Startup: Reg.lnk = ?
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = www.arthi-server.com.br
O17 - HKLM\Software\..\Telephony: DomainName = www.arthi-server.com.br
O17 - HKLM\System\CCS\Services\Tcpip\..\{73ACC027-5B58-43AA-9DEC-238BD56BF55C}: NameServer = 192.168.10.10,192.168.10.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE007CDB-CAE4-410B-ACCB-087D3870FE95}: NameServer = 192.168.10.10,192.168.10.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = www.arthi-server.com.br
O17 - HKLM\System\CS1\Services\Tcpip\..\{73ACC027-5B58-43AA-9DEC-238BD56BF55C}: NameServer = 192.168.10.10,192.168.10.2
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: uvnc_service - UltraVNC - C:\Arquivos de programas\UltraVNC\WinVNC.exe

--
End of file - 5365 bytes

VN-03

Spoiler

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:45:16, on 30/03/10
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
C:\Arquivos de programas\UltraVNC\WinVNC.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\UltraVNC\WinVNC.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\108Mbps Wireless LAN Adapter\WLANPRO.exe
C:\Arquivos de programas\3M\PSNLite\PsnLite.exe
C:\ARQUIV~1\3M\PSNLite\PSNGive.exe
C:\ARQUIV~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Arquivos de programas\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Arquivos de programas\Microsoft Office\OFFICE11\EXCEL.EXE
\SRV-01\Documentos\Públicos\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Arquivos de programas\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [ReiniciarMensageiro] C:\Windows\arthi\ReiniciarMensageiroVBS.vbs
O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\RunServices: [csrcs] C:\WINDOWS\system32\csrcs.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: 108Mbps Wireless LAN Adapter Configuration Utility.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Arquivos de programas\3M\PSNLite\PsnLite.exe
O4 - Global Startup: Reg.lnk = ?
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1201779290093
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = www.arthi-server.com.br
O17 - HKLM\Software\..\Telephony: DomainName = www.arthi-server.com.br
O17 - HKLM\System\CCS\Services\Tcpip\..\{159857E7-E305-46AC-A71B-2200703094E1}: NameServer = 192.168.10.2,192.168.10.10
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = www.arthi-server.com.br
O17 - HKLM\System\CS1\Services\Tcpip\..\{656FFA6E-748D-4C08-910F-02C0330D5C32}: NameServer = 192.168.10.10,192.168.10.2
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = www.arthi-server.com.br
O17 - HKLM\System\CS2\Services\Tcpip\..\{159857E7-E305-46AC-A71B-2200703094E1}: NameServer = 192.168.10.2,192.168.10.10
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = www.arthi-server.com.br
O17 - HKLM\System\CS3\Services\Tcpip\..\{159857E7-E305-46AC-A71B-2200703094E1}: NameServer = 192.168.10.2,192.168.10.10
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - Unknown owner - C:\Arquivos de programas\McAfee\VirusScan Enterprise\EngineServer.exe (file missing)
O23 - Service: McAfee Task Manager (McTaskManager) - Unknown owner - C:\Arquivos de programas\McAfee\VirusScan Enterprise\VsTskMgr.exe (file missing)
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe
O23 - Service: uvnc_service - UltraVNC - C:\Arquivos de programas\UltraVNC\WinVNC.exe

--
End of file - 6421 bytes

FT-03

Spoiler

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:42:56, on 30/03/10
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\acs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\UltraVNC\WinVNC.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\UltraVNC\WinVNC.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\108Mbps Wireless LAN Adapter\WLANPRO.exe
C:\Arquivos de programas\3M\PSNLite\PsnLite.exe
C:\ARQUIV~1\3M\PSNLite\PSNGive.exe
C:\ARQUIV~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Arquivos de programas\Microsoft Office\OFFICE11\WINWORD.EXE
Z:\Públicos\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [ReiniciarMensageiro] C:\Windows\arthi\ReiniciarMensageiroVBS.vbs
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [krn] C:\arquivos de programas\Realteck\realteck.exe
O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: 108Mbps Wireless LAN Adapter Configuration Utility.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Arquivos de programas\3M\PSNLite\PsnLite.exe
O4 - Global Startup: Reg.lnk = ?
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = www.arthi-server.com.br
O17 - HKLM\Software\..\Telephony: DomainName = www.arthi-server.com.br
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D8D17F8-B67B-460F-8801-D339F6EF4FCD}: NameServer = 192.168.10.10,192.168.10.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{B187D4CD-146D-401B-9853-46778E0AE03D}: NameServer = 192.168.10.10,192.168.10.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = www.arthi-server.com.br
O17 - HKLM\System\CS1\Services\Tcpip\..\{3D8D17F8-B67B-460F-8801-D339F6EF4FCD}: NameServer = 192.168.10.10,192.168.10.2
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: uvnc_service - UltraVNC - C:\Arquivos de programas\UltraVNC\WinVNC.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/alex/CONFIG~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 5534 bytes

FN-01

Spoiler

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:41:16, on 30/03/10
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\UltraVNC\WinVNC.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\UltraVNC\WinVNC.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Arquivos de programas\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\108Mbps Wireless LAN Adapter\WLANPRO.exe
C:\Arquivos de programas\3M\PSNLite\PsnLite.exe
C:\ARQUIV~1\3M\PSNLite\PSNGive.exe
C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Arquivos de programas\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
N:\DynPro\DynCads.exe
C:\Arquivos de programas\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\notepad.exe
Z:\Públicos\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [StartCCC] C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Arquivos de programas\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Arquivos de programas\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: 108Mbps Wireless LAN Adapter Configuration Utility.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Arquivos de programas\3M\PSNLite\PsnLite.exe
O4 - Global Startup: Reg.lnk = ?
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} (ValidaUsuario Class) - https://cpne.bradesco.com.br/certifexp.cab
O16 - DPF: {B3D3825B-2120-4B0E-8C45-80ECC1D3E70D} (GeraCert Class) - https://cpne.bradesco.com.br/CA.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = www.arthi-server.com.br
O17 - HKLM\Software\..\Telephony: DomainName = www.arthi-server.com.br
O17 - HKLM\System\CCS\Services\Tcpip\..\{64A30088-4526-40F4-A506-A93D47D7035E}: NameServer = 192.168.10.10,192.168.10.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6731AB8-56E0-4794-831A-1CBD874FE495}: NameServer = 192.168.10.10,192.168.10.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = www.arthi-server.com.br
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: uvnc_service - UltraVNC - C:\Arquivos de programas\UltraVNC\WinVNC.exe

--
End of file - 6922 bytes

FN-06

Spoiler

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:48:20, on 30/03/10
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\arthi\SEALST\SEALST.exe
C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\108Mbps Wireless LAN Adapter\WLANPRO.exe
C:\Arquivos de programas\3M\PSNLite\PsnLite.exe
C:\Arquivos de programas\UltraVNC\winvnc.exe
C:\ARQUIV~1\3M\PSNLite\PSNGive.exe
C:\Arquivos de programas\Net Studio\USB FireWall\USB FireWall.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
\Srv-01\documentos\Públicos\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LeitorCodBarra] C:\WINDOWS\arthi\SEALST\SEALST.exe
O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: 108Mbps Wireless LAN Adapter Configuration Utility.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Arquivos de programas\3M\PSNLite\PsnLite.exe
O4 - Global Startup: Reg.lnk = ?
O4 - Global Startup: UltraVNC Server.lnk = C:\Arquivos de programas\UltraVNC\winvnc.exe
O4 - Global Startup: USB FireWall.lnk = ?
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1204038079073
O16 - DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} (ValidaUsuario Class) - https://cpne.bradesco.com.br/certifexp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = www.arthi-server.com.br
O17 - HKLM\Software\..\Telephony: DomainName = www.arthi-server.com.br
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D9A09F0-0612-4485-AAAF-0232152B7353}: NameServer = 192.168.10.10,192.168.10.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{83B8EB74-2B8B-41AE-8181-FED8EE66AB39}: NameServer = 192.168.10.10,192.168.10.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = www.arthi-server.com.br
O17 - HKLM\System\CS1\Services\Tcpip\..\{1D9A09F0-0612-4485-AAAF-0232152B7353}: NameServer = 192.168.10.10,192.168.10.2
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = www.arthi-server.com.br
O17 - HKLM\System\CS2\Services\Tcpip\..\{1D9A09F0-0612-4485-AAAF-0232152B7353}: NameServer = 192.168.10.10,192.168.10.2
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - Unknown owner - C:\Arquivos de programas\McAfee\VirusScan Enterprise\EngineServer.exe (file missing)
O23 - Service: McAfee Task Manager (McTaskManager) - Unknown owner - C:\Arquivos de programas\McAfee\VirusScan Enterprise\VsTskMgr.exe (file missing)
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

--
End of file - 6906 bytes

 

[LuiZz``]

Mr Wolf

Seguinte,

mandei o programa rodar conforme vc escreveu e nao deu mto certo... meu Firefox nao ta mais entrando na internet e nao gerou o Log no local indicado por vc..... Já rodei 2 vezes o programa.....

 

[Mr.Wolf]

thi@go, os micros VN-01, VN-03 e FT-03 estão infectados pela mesma praga, como eu já desconfiava. As demais máquinas podem estar também, mas as infecções não estão presentes nos logs do HijackThis. E este será um grande problema, pois devido a este fato, o micro que você está será sempre reinfectado se conectado a rede com os outros micros.

Só uma pergunta, amigo thi@go: Você é funcionário da área de TI da empresa?

Deixe o ComboFix para lá, siga abaixo:

Spoiler

- Faça o download do RSIT e salve no seu desktop;

● Dê dois cliques em RSIT.exe para executar o programa;
● Na janela que abrir clique no botão Continue para que a ferramenta comece a rodar;
● Quando a ferramenta terminar de rodar, abrirá um log automaticamente no bloco de notas contendo o resultado do scan. Cole o resultado desse log (log.txt) na sua próxima resposta;
● Cole também o conteúdo do arquivo info.txt que estará em C:\rsit\info.txt.

________________________________


LuiZz, o computador reiniciou?

Faça o seguinte:

Spoiler

Faça o download do SystemLook e salve-o no desktop;

• Dê um duplo clique em SystemLook.exe para executá-lo;
• Copie e cole este texto abaixo na janela da ferramenta:

:filefind
*cognlz.exe*
*qdjvfi.exe*
*svhtlj.exe*
*wxwidn.exe*

• Clique no botão Look. Abrirá um log no bloco de notas para você.
• O mesmo estará no desktop com o nome SystemLook.txt.

Cole este log em sua próxima resposta.

 

[LuiZz``]

Sim o computador reiniciou nas 2 vezes q mandei rodar o programa.... Reinstalei o Firefox e voltou a funcionar.... meu msn que nao ta funcionando, mas acho que nao tem relaçao pois nao é só eu q ta tendo problemas com o msn desde ontem a tarde....

Log abaixo

Spoiler

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 16:22 on 30/03/2010 by LUIZ (Administrator - Elevation successful)

========== filefind ==========

Searching for "*cognlz.exe*"
C:\Users\Public\cognlz.exe ------ 676756 bytes [22:14 22/12/2009] [19:56 04/08/2004] 6692A9A913AFD597673ECB2750C39D45

Searching for "*qdjvfi.exe*"
C:\Users\Public\qdjvfi.exe ------ 531458 bytes [19:51 08/12/2009] [15:58 13/04/2008] AC10CF3C0DAA63B25646AEF35C237F53

Searching for "*svhtlj.exe*"
C:\Users\Public\svhtlj.exe ------ 964590 bytes [20:19 08/12/2009] [12:10 03/08/2004] 758EFC0C25C6169DAAD1DE65672BB927

Searching for "*wxwidn.exe* "
C:\Users\Public\wxwidn.exe ------ 444138 bytes [00:41 27/01/2010] [00:25 14/04/2008] 2E0237CC88C0DD3DF3CF9139E1F31BD5

-=End Of File=-

Eu nao sei se fiz o certo mas como o programa anterior o comando era de deletar os arquivos, eu achei eles manualmente e deletei.... fiz certo?

 

[Mr.Wolf]

Eu nao sei se fiz o certo mas como o programa anterior o comando era de deletar os arquivos, eu achei eles manualmente e deletei.... fiz certo?

Você os deletou antes ou depois de rodar o SystemLook?

Porque pelo log dele, os arquivos ainda constam no sistema.

 

[LuiZz``]

Você os deletou antes ou depois de rodar o SystemLook?

Porque pelo log dele, os arquivos ainda constam no sistema.

Depois de rodar...

Log depois de deletar manualmente.

Spoiler

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 16:34 on 30/03/2010 by LUIZ (Administrator - Elevation successful)

========== filefind ==========

Searching for "*cognlz.exe*"
No files found.

Searching for "*qdjvfi.exe*"
No files found.

Searching for "*svhtlj.exe*"
No files found.

Searching for "*wxwidn.exe*"
No files found.

-=End Of File=-

 

[Mr.Wolf]

Ok LuiZz.

Pelo log, os arquivos foram removidos.

Como está o PC? Veja se agora as mensagens continuarão sendo enviadas pelo seu MSN e e-mail.

 

[LuiZz``]

O pc ta ok agora... as mensagens pararam de ser enviadas desde que troquei minha senha do Hotmail. O unico problema agora é q nao ta entrando no msn, mas acredito eu que nao seja nada alem de problema da M$ pq nao é só eu q ta tendo problemas pra entrar no msn hj....

 

[Spartacus]

Mr. Wolf, dessa vez deram certo os procedimentos que você pediu para eu executar.
Respondendo sua pergunta, para ser bem sincero eu não usava anti vírus há muito tempo, sempre tive bom senso e nunca tive problemas. Inclusive usava constantemente o Internet Banking do Bradesco e nunca tive problemas.
Há duas semanas atrás um amigo meu usou meu PC e logo depois eu usei, foi quando pessoas começaram a dizer que haviam recebido mensagens estranhas através do meu MSN, o internet explorer começou a dar vários erros, o próprio Explorer do Windows, a última foi que o MSN ficava abrindo toda hora. (até pensei na hora, "o vírus ta tentando usar meu msn pra falar com o mestre sobre meus planos de tirá-lo" huahauhua, porque só rindo mesmo, esse vírus ta bravo haha)
Bom, meu amigo não lembra de ter entrado em nenhum site estranho ou baixado nada de diferente, de repente eu mesmo acabei pegando. De qualquer jeito meu banco continua tranquilo.
Minhas contas foram hackeadas (email e talvez as que estivessem dentro do email, ou seja, de outros sites) mas nada que eu realmente precise me preocupar.

Bom, vamos lá.

Vírus Total:
http://www.virustotal.com/pt/analis...353f33a0a4f1249107758f86d59cfcade8-1269978755

OLT Report

Spoiler

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\msnmsgrs deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3166456774-1947370463-365579536-1001\Software\Microsoft\Windows\CurrentVersion\Run\\msnmsgrs deleted successfully.
========== FILES ==========
C:\Windows\qeqp8289.dll moved successfully.
C:\Windows\SysWow64\acpi.vxd moved successfully.
C:\Windows\EA45.Reg moved successfully.
C:\Users\Eduardo\count.exe moved successfully.
C:\Users\Eduardo\winmsng.exe moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Eduardo
->Temp folder emptied: 30644838 bytes
->Temporary Internet Files folder emptied: 15104345 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 5865721 bytes
->Flash cache emptied: 1203 bytes

User: Public

User: Todos os Usuários

User: Usuário Padrão
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 401408 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 608 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 213436 bytes

Total Files Cleaned = 50,00 mb


OTL by OldTimer - Version 3.1.37.3 log created on 03302010_174537

Files\Folders moved on Reboot...
C:\Users\Eduardo\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Eduardo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6L08CE0E\01[1].htm moved successfully.
C:\Users\Eduardo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6L08CE0E\207948-remocao-de-virus-316[1].html moved successfully.
C:\Users\Eduardo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3XFAN9Q8\afr[1].htm moved successfully.
C:\Users\Eduardo\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

E em anexo segue a pasta que você pediu, virusinfo_syscheck

No aguardo... Valeu! =)

 

[thi@go]

Bom dia Mr. Wolf. tenho 21 anos e desde os 17 eu trabalhei numa empresa provedora de internet via radio, sempre gostei de redes mas nunca tive oportunidade de "cuidar" de uma, estou a uma semana no meu novo emprego e sou funcionario sim na parte de TI mas meu superior (que acho que deveria ficar comigo ate eu conhecer toda a rede) saiu pra viajar e me deixou com varios problemas na mao. Seguem:

Spoiler

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrador at 2010-03-31 07:06:50
Microsoft Windows XP Professional Service Pack 3
System drive C: has 36 GB (48%) free of 76 GB
Total RAM: 958 MB (57% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:07:01, on 31/3/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\UltraVNC\WinVNC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\UltraVNC\WinVNC.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe
C:\Arquivos de programas\108Mbps Wireless LAN Adapter\WLANPRO.exe
C:\Arquivos de programas\Net Studio\USB FireWall\USB FireWall.exe
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrador.ARTHI-SERVER\Desktop\RSIT.exe
\Srv-01\públicos\Administrador.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: 108Mbps Wireless LAN Adapter Configuration Utility.lnk = ?
O4 - Global Startup: Reg.lnk = ?
O4 - Global Startup: USB FireWall.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1256820807209
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = www.arthi-server.com.br
O17 - HKLM\Software\..\Telephony: DomainName = www.arthi-server.com.br
O17 - HKLM\System\CCS\Services\Tcpip\..\{7ABA396C-9CC4-4E5B-A28C-9751DED46115}: NameServer = 192.168.10.10,192.168.10.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{BB7EF997-5482-4E69-B08D-CFF0CD2EC3B3}: NameServer = 192.168.10.10,192.168.10.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = www.arthi-server.com.br
O17 - HKLM\System\CS1\Services\Tcpip\..\{7ABA396C-9CC4-4E5B-A28C-9751DED46115}: NameServer = 192.168.10.10,192.168.10.2
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = www.arthi-server.com.br
O17 - HKLM\System\CS2\Services\Tcpip\..\{7ABA396C-9CC4-4E5B-A28C-9751DED46115}: NameServer = 192.168.10.10,192.168.10.2
O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - (no file)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: uvnc_service - UltraVNC - C:\Arquivos de programas\UltraVNC\WinVNC.exe
--
End of file - 5940 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\User_Feed_Synchronization-{595680FE-1915-4F0F-88F7-D058F4DC45C8}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Facilitador de Leitor de Link Adobe PDF - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540000}]
GbIehObj Class - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll [2010-02-18 323360]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-16 7630848]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-06-29 88363]
"egui"=C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe [2009-09-11 2054360]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2006-08-16 7630848]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\System32\NvMcTray.dll [2006-08-16 86016]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2006-12-19 16062464]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar
108Mbps Wireless LAN Adapter Configuration Utility.lnk - C:\Arquivos de programas\108Mbps Wireless LAN Adapter\WLANPRO.exe
Reg.lnk - C:\Arquivos de programas\108Mbps Wireless LAN Adapter\Reg.exe
USB FireWall.lnk - C:\Arquivos de programas\Net Studio\USB FireWall\USB FireWall.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginBb]
C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll [2010-02-18 323360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
scpLIB - {A3717295-941D-416F-9384-ED1736729F1C}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"=C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll [2010-02-18 323360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"= ARTHI COMERCIAL LTDA - SERVIDOR ARTHI-SERVER
"legalnoticetext"=

A T E N Ç Ã O ! ! ! ! ! !


Você está prestes a acessar a rede ARTHI-SERVER.

A seguir lhe será solicitado "Nome de Usuário" e "Senha".

Quaisquer dúvidas, críticas ou sugestões, contatar o suporte.

Aproveite as facilidades do Sistema e,



B O M T R A B A L H O !!!!!!!!
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\Arquivos de programas\MSN Messenger\msnmsgr.exe"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Arquivos de programas\MSN Messenger\livecall.exe"="C:\Arquivos de programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\Arquivos de programas\UltraVNC\winvnc.exe"="C:\Arquivos de programas\UltraVNC\winvnc.exe:*:Enabled:UltraVNC Server"
"C:\Arquivos de programas\UltraVNC\vncviewer.exe"="C:\Arquivos de programas\UltraVNC\vncviewer.exe:*:Enabled:UltraVNC Viewer"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\Arquivos de programas\MSN Messenger\msnmsgr.exe"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\WINDOWS\system32\msiexec.exe"="C:\WINDOWS\system32\msiexec.exe:*:Enabled:Windows® installer"
"C:\Arquivos de programas\McAfee\Common Framework\FrameworkService.exe"="C:\Arquivos de programas\McAfee\Common Framework\FrameworkService.exe:*isabled:McAfee Framework Service"
"C:\Arquivos de programas\MSN Messenger\livecall.exe"="C:\Arquivos de programas\MSN Messenger\livecall.exe:*isabled:Windows Live Messenger 8.1 (Phone)"
======List of files/folders created in the last 1 months======
2010-03-31 07:06:50 ----D---- C:\rsit
2010-03-30 16:47:38 ----D---- C:\WINDOWS\temp
2010-03-30 16:09:07 ----A---- C:\ComboFix.txt
2010-03-30 11:14:48 ----RASHD---- C:\cmdcons
2010-03-30 08:21:10 ----A---- C:\WINDOWS\system32\ashDip(2).exe
2010-03-30 07:13:12 ----A---- C:\WINDOWS\avs(2).exe
2010-03-29 10:21:58 ----D---- C:\Rooter$
2010-03-29 10:04:18 ----A---- C:\WINDOWS\ntbtlog.txt
2010-03-29 09:37:48 ----A---- C:\Boot.bak
2010-03-29 09:35:14 ----A---- C:\WINDOWS\zip.exe
2010-03-29 09:35:14 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-03-29 09:35:14 ----A---- C:\WINDOWS\SWSC.exe
2010-03-29 09:35:14 ----A---- C:\WINDOWS\SWREG.exe
2010-03-29 09:35:14 ----A---- C:\WINDOWS\sed.exe
2010-03-29 09:35:14 ----A---- C:\WINDOWS\PEV.exe
2010-03-29 09:35:14 ----A---- C:\WINDOWS\NIRCMD.exe
2010-03-29 09:35:14 ----A---- C:\WINDOWS\MBR.exe
2010-03-29 09:35:14 ----A---- C:\WINDOWS\grep.exe
2010-03-29 09:34:57 ----D---- C:\Qoobox
2010-03-26 13:04:09 ----D---- C:\Documents and Settings\Administrador.ARTHI-SERVER\Dados de aplicativos\WinRAR
2010-03-26 10:34:40 ----D---- C:\Documents and Settings\Administrador.ARTHI-SERVER\Dados de aplicativos\Logitech
2010-03-26 10:34:40 ----D---- C:\Documents and Settings\Administrador.ARTHI-SERVER\Dados de aplicativos\IObit
2010-03-26 10:34:40 ----D---- C:\Documents and Settings\Administrador.ARTHI-SERVER\Dados de aplicativos\Babylon
2010-03-26 10:34:40 ----D---- C:\Documents and Settings\Administrador.ARTHI-SERVER\Dados de aplicativos\3M
2010-03-26 10:34:38 ----D---- C:\Documents and Settings\Administrador.ARTHI-SERVER\Dados de aplicativos\Notepad++
2010-03-26 10:34:37 ----D---- C:\Documents and Settings\Administrador.ARTHI-SERVER\Dados de aplicativos\Windows Desktop Search
2010-03-25 11:25:57 ----D---- C:\Documents and Settings\Administrador.ARTHI-SERVER\Dados de aplicativos\Malwarebytes
2010-03-25 11:15:06 ----D---- C:\Documents and Settings\Administrador.ARTHI-SERVER\Dados de aplicativos\Simply Super Software
2010-03-25 11:13:52 ----A---- C:\WINDOWS\OEWABLog.txt
2010-03-11 12:01:59 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
======List of files/folders modified in the last 1 months======
2010-03-31 07:06:59 ----D---- C:\WINDOWS\Prefetch
2010-03-30 16:50:19 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-30 16:47:38 ----D---- C:\WINDOWS
2010-03-30 16:07:25 ----A---- C:\WINDOWS\system.ini
2010-03-30 16:05:57 ----D---- C:\WINDOWS\AppPatch
2010-03-30 16:05:57 ----AD---- C:\WINDOWS\system32\drivers
2010-03-30 16:05:57 ----AD---- C:\WINDOWS\system32
2010-03-30 16:05:56 ----D---- C:\Arquivos de programas\Arquivos comuns
2010-03-30 16:04:22 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-30 13:19:13 ----D---- C:\WINDOWS\security
2010-03-30 11:22:54 ----D---- C:\WINDOWS\system32\config
2010-03-30 11:22:47 ----D---- C:\WINDOWS\ERDNT
2010-03-30 11:14:52 ----RASH---- C:\boot.ini
2010-03-30 10:34:38 ----RD---- C:\Arquivos de programas
2010-03-30 09:25:38 ----AD---- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP
2010-03-30 09:19:19 ----SHD---- C:\WINDOWS\CSC
2010-03-30 08:22:51 ----D---- C:\Arquivos de programas\GBPLUGIN
2010-03-30 08:21:57 ----D---- C:\WINDOWS\system32\wbem
2010-03-30 08:21:57 ----D---- C:\WINDOWS\Registration
2010-03-30 08:21:08 ----D---- C:\WINDOWS\system32\Restore
2010-03-30 08:19:21 ----HD---- C:\WINDOWS\inf
2010-03-29 10:15:21 ----SD---- C:\WINDOWS\Tasks
2010-03-29 09:48:35 ----D---- C:\WINDOWS\Minidump
2010-03-29 09:35:38 ----HD---- C:\Arquivos de programas\Scpad
2010-03-29 09:34:11 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-03-25 11:49:26 ----D---- C:\Arquivos de programas\Windows Media Player
2010-03-25 07:00:04 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin
2010-03-22 09:10:21 ----D---- C:\Documents and Settings\Administrador.ARTHI-SERVER\Dados de aplicativos\Mozilla
2010-03-11 12:02:06 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-11 12:02:04 ----D---- C:\Arquivos de programas\Movie Maker
2010-03-11 12:01:48 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-03 09:30:33 ----D---- C:\Pimaco
2010-03-02 02:30:12 ----A---- C:\WINDOWS\system32\MRT.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-09-11 108792]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-09-11 96408]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-09-11 116008]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2008-12-17 15781]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
R3 AR5211;Wireless LAN Adapter; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2005-01-21 411680]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-12-21 4405248]
R3 MODEMCSA;Dispositivo de filtro de fluxo unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-09-05 12288]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2006-08-16 3959712]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [2006-07-11 20480]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\catchme.sys []
S3 CoachUsb;Coach Digital Camera on USB; C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-11-24 50976]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2008-03-17 101376]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [2006-07-11 57856]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ACS;Atheros Configuration Service; C:\WINDOWS\system32\acs.exe [2004-07-12 36864]
R2 ekrn;ESET Service; C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-09-11 735960]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2006-08-16 155715]
R2 uvnc_service;uvnc_service; C:\Arquivos de programas\UltraVNC\WinVNC.exe [2008-01-08 1148480]
S3 EhttpSrv;ESET HTTP Server; C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-09-11 20680]
S3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-10-22 65536]
S3 usnjsvc;Serviço de Compartilhamento de Pastas Messenger do USN Journal Reader; C:\Arquivos de programas\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Serviço de Compartilhamento de Rede do Windows Media Player; C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe [2006-11-02 914944]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NMIndexingService;NMIndexingService; C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe [2007-05-08 271920]
-----------------EOF-----------------

Spoiler

info.txt logfile of random's system information tool 1.06 2010-03-31 07:07:05
======Uninstall list======
-->C:\Arquivos de programas\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
108Mbps Wireless LAN Adapter-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{94E4FBD6-540C-4DB6-A469-B1FA248DA33E}\setup.exe" -l0x9
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 - Português-->MsiExec.exe /I{AC76BA86-7AD7-1046-7B44-A81200000003}
Agere Systems PCI Soft Modem-->agrsmdel
Arquivo do WinRAR-->C:\Arquivos de programas\WinRAR\uninstall.exe
Atualização de Segurança para o Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Atualização de Segurança para o Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Atualização de Segurança para o Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Atualização de Segurança para o Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Atualização de Segurança para o Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Atualização de Segurança para o Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Atualização de Segurança para Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Atualização de Segurança para Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Atualização de Segurança para Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe"
Atualização de Segurança para Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Atualização de Segurança para Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Atualização de Segurança para Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Atualização de Segurança para Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Atualização para Windows Internet Explorer 7 (KB976749)-->"C:\WINDOWS\ie7updates\KB976749-IE7\spuninst\spuninst.exe"
Atualização para Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Atualização para Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Atualização para Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Atualização para Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Atualização para Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Atualização para Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Atualização para Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Atualização para Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Atualização para Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
BDE Information Utility-->C:\WINDOWS\UNWISE.EXE C:\WINDOWS\INSTALL_BDEINFO.LOG
BDE-->C:\WINDOWS\uninst.exe -f"C:\Arquivos de programas\BDE\DeIsL1.isu" -c"C:\Arquivos de programas\BDE\_ISREG32.DLL"
Cliente do Windows Rights Management com Service Pack 2-->MsiExec.exe /X{85E0BA25-A5DE-4499-82C2-B4CE4F513E80}
Compatibilidade com Versões Anteriores do Cliente do Windows Rights Management SP2-->MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
Digital MultiCam II Driver-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{A4DFB437-6C9F-40AE-B91D-89980131B516}\Setup.exe" -l0x416
HijackThis 2.0.2-->"\\Srv-01\públicos\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix para o Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix para Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix para Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix para Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix para Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
HP Color LaserJet 5550-->C:\Arquivos de programas\Hewlett-Packard\hp color LaserJet 5550\Installer\hpsetup.exe /x
HP Color LaserJet 5550-->msiexec /x{EE6C5498-B7A0-44C9-86C1-E18F1CB3C262}
HP Imaging Device Functions 9.0-->C:\Arquivos de programas\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 9.0-->C:\Arquivos de programas\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Scanjet 2400 and 3600 series 9.0-->C:\Arquivos de programas\HP\Digital Imaging\{8F8FA09F-3F77-4640-8C7D-45FA1D817DE7}\setup\hpzscr01.exe -datfile hpgscr24.dat
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Kit Fornecedor Posthaus-->"C:\POSTHAUS\unins000.exe"
Korean Fonts Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5670-0000-800000000003}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Standard Edição 2003-->MsiExec.exe /I{90120416-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{DAB6053F-4CF0-4B97-8EAC-89073F4B9BC4}
Nero 7 Essentials-->MsiExec.exe /X{9B4E6CB9-E54D-47F7-A414-E2D5740E1046}
NVIDIA Drivers-->C:\WINDOWS\System32\nvunrm.exe UninstallGUI
Pacote de Compatibilidade para o sistema Office 2007-->MsiExec.exe /X{90120000-0020-0416-0000-0000000FF1CE}
Pacote de Provedor de Serviços de Criptografia para o Microsoft Base Smart Card-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Realtek High Definition Audio Driver-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x416 -removeonly
Smart Defrag 1.20-->"C:\Arquivos de programas\IObit\IObit SmartDefrag\unins000.exe"
UltraVNC 1.0.4 RC8-->"C:\Arquivos de programas\UltraVNC\unins000.exe"
USB FireWall 1.1.3-->"C:\Arquivos de programas\InstallShield Installation Information\{E12683F4-89CF-4C10-BB15-013B415AA03A}\setup.exe" -runfromtemp -l0x0416 -removeonly
Visualizador NF-e 3.5-->C:\Arquivos de programas\Programas SPED\NF-e\desinstalar\desinstalar.exe
VIVO ZAP-->C:\Arquivos de programas\VIVO ZAP\uninst.exe
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /I{37FD253D-5064-4034-8CEC-CC3995F823A4}
Windows Media Format 11 runtime-->"C:\Arquivos de programas\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Arquivos de programas\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
======Security center information======
AV: ESET NOD32 Antivirus 4.0
======System event log======
Computer Name: IT-01
Event Code: 58
Message: Erro de sintaxe no arquivo de manifesto ou de diretiva: "C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\Microsoft.VC80.MFCLOC.MANIFEST" na linha 5.
Record Number: 35269
Source Name: SideBySide
Time Written: 20100324070012.000000-180
Event Type: Erro
User:
Computer Name: IT-01
Event Code: 34
Message: Identidade do componente encontrada no manifesto não corresponde à identidade do componente solicitada
Record Number: 35268
Source Name: SideBySide
Time Written: 20100324070012.000000-180
Event Type: Erro
User:
Computer Name: IT-01
Event Code: 59
Message: Falha de Generate Activation Context para C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\MFC80U.DLL.
Mensagem de erro de referência: A operação foi concluída com êxito.
.
Record Number: 35267
Source Name: SideBySide
Time Written: 20100324070012.000000-180
Event Type: Erro
User:
Computer Name: IT-01
Event Code: 58
Message: Erro de sintaxe no arquivo de manifesto ou de diretiva: "C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\Microsoft.VC80.MFCLOC.MANIFEST" na linha 5.
Record Number: 35266
Source Name: SideBySide
Time Written: 20100324070012.000000-180
Event Type: Erro
User:
Computer Name: IT-01
Event Code: 34
Message: Identidade do componente encontrada no manifesto não corresponde à identidade do componente solicitada
Record Number: 35265
Source Name: SideBySide
Time Written: 20100324070012.000000-180
Event Type: Erro
User:
=====Application event log=====
Computer Name: IT-01
Event Code: 5000
Message:
Record Number: 4819
Source Name: McLogEvent
Time Written: 20090909065700.000000-180
Event Type: Informações
User: AUTORIDADE NT\SYSTEM
Computer Name: IT-01
Event Code: 1807
Message: O serviço da Central de Segurança foi interrompido. Sua execução foi impedida por uma diretiva de grupo do software.
Record Number: 4818
Source Name: SecurityCenter
Time Written: 20090909065645.000000-180
Event Type: Informações
User:
Computer Name: IT-01
Event Code: 1054
Message: O Windows não pode obter o nome do controlador de domínio da sua rede de computadores. (O domínio especificado não existe ou não pôde ser contatado. ). Processamento da diretiva de grupo anulado.
Record Number: 4817
Source Name: Userenv
Time Written: 20090909065643.000000-180
Event Type: Erro
User: AUTORIDADE NT\SYSTEM
Computer Name: IT-01
Event Code: 257
Message:
Record Number: 4816
Source Name: McLogEvent
Time Written: 20090908165947.000000-180
Event Type: Informações
User: AUTORIDADE NT\SYSTEM
Computer Name: IT-01
Event Code: 1054
Message: O Windows não pode obter o nome do controlador de domínio da sua rede de computadores. (O domínio especificado não existe ou não pôde ser contatado. ). Processamento da diretiva de grupo anulado.
Record Number: 4815
Source Name: Userenv
Time Written: 20090908155526.000000-180
Event Type: Erro
User: AUTORIDADE NT\SYSTEM
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 95 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=5f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
-----------------EOF-----------------

Qto aos outros micros Mr. Wolf, posso fazer o mesmo procedimento com o combofix que o Sr me pediu para fazer nesse micro aqui infectado?

Obrigado.

 

[Mr.Wolf]

Boa tarde pessoal!

Eduardo, bons resultados. Estamos quase lá

Siga abaixo:

Spoiler

1ª Etapa

- Execute o AVZ.exe.
- Clique em File > Custom scripts
- Feche todos os programas abertos e cole este texto abaixo no espaço em branco da janela do AVZ.

begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
QuarantineFile('C:\Windows\System32\Drivers\spwm.sys','');
DeleteFile('C:\Windows\System32\Drivers\spwm.sys');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

Clique no botão Run.
Nota: Ao executar o script, seu PC será reiniciado!
Se ele não for reiniciado automaticamente, reinicie-o manualmente.


2ª Etapa

- Faça o download do BankerFix e salve-o no desktop;

● Desabilite o seu antivírus temporariamente para não detectar a ferramenta como vírus;
● Dê um duplo clique em bankerfix.exe;
● Surgirá uma mensagem dizendo que o mesmo será baixado via internet;
● Clique em OK > OK. Tecle Enter e aguarde o término do scan;
● Terminado o scan, leia a mensagem na tela e tecle Enter novamente.
● Será gerado um log em C:\LinhaDefensiva\relatorio.txt.


3ª Etapa

Aproveitando que já possui o Malwarebytes no PC, abra-o e clique em Atualização > Baixar Atualizações. Aguarde-o atualizar.

Depois clique em Verificação > Verificação Completa e faça um scan.

Ao término, se for necessário, reinicie o computador. Se abrir o programa após isto, o log estará na aba Logs, contendo a data de hoje e a hora do scan.

Em sua próxima resposta, poste um novo log do OTL, o log do BankerFix e o do Malwarebytes.

_______________________________


thi@go, antes de eu cursar a pós-graduação em Segurança da Informação, já segurei sozinho vários pepinos em áreas de TI. E acredite, isso é uma aprendizagem a mais que você carregará na vida. Hoje sou chefe da área de TI em uma empresa aqui em Nova York. Cuidar da segurança de uma empresa é algo extremamente árduo e delicado. Possuímos uma rede com mais de 85 computadores interligados, qualquer deslize aqui será uma tragédia grega. Portanto, entendo e admiro, perfeitamente, sua preocupação para com os PCs infectados, principalmente que o ramo que você deseja trabalhar não é este, e sim redes (o que faz parte um pouco da área de TI, pois devemos conhecer bem de redes), porém, está levando isso tudo com a maior competência.

Lhe desejo muitíssima sorte neste novo emprego. :thumbs_up

Vamos continuar a análise então.

Spoiler

- Faça o download do OTM e salve no desktop;

● Dê um duplo clique no ícone do programa (OTM.exe) para executá-lo;
● Selecione e copie todo este conteúdo aqui abaixo:

:Files
C:\ComboFix.txt
C:\WINDOWS\system32\ashDip(2).exe
C:\WINDOWS\avs(2).exe
C:\Rooter$
C:\Qoobox
C:\Documents and Settings\Administrador.ARTHI-SERVER\Dados de aplicativos\Simply Super Software

:Reg

:Commands 
[purity]
[emptytemp]
[Reboot]

● Cole o que você copiou no programa (no espaço em branco da janela);
● Clique no botão MoveIt;
● Se aparecer uma mensagem para reiniciar o computador, reinicie-o;
● Na sua proxima resposta, copie e cole o todo o conteúdo que está em Results;
● Se o computador reiniciou, vá na pasta C:\_OTM\MovedFiles e abra o arquivo com a extensão .log presente dentro da pasta.

Copie e cole todo o conteúdo desse arquivo, juntamente com um novo log do RSIT.

Qto aos outros micros Mr. Wolf, posso fazer o mesmo procedimento com o combofix que o Sr me pediu para fazer nesse micro aqui infectado?

Apenas rodá-lo normalmente sim. Fazer os scripts (CFScript) postados anteriormente não. Porque cada máquina requer um certo script. As infecções podem ser as mesmas, mas os arquivos e as entradas associadas não.