Logo Hardware.com.br
xpodrex
xpodrex Novo Membro Registrado
74 Mensagens 0 Curtidas

log hijackthis para analizar.

#1 Por xpodrex 19/03/2010 - 08:45
e ae galera blz...
passei o hijackthis no pc e gostaria q alguem olha-se o log do prog. para me dizer se tem alguma coisa ou não no pc...
tenho notado o micro um poko lento e algumas vezes travando aqui em casa, muita oscilação na net (as vezes a velocidade de download oscila entre
250kb/s e 15kb/s) e as vezes nem entra.

obrigado pela atenção.

fico no aguardo.

segue o log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:30:01, on 19/3/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Arquivos de programas\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\Jonathan\CONFIG~1\Temp\msseces.exe
C:\Arquivos de programas\Panda USB Vaccine\USBVaccine.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\32788R22FWJFW\cmd.cfxxe
C:\32788R22FWJFW\NirCmd.cfxxe
C:\Arquivos de programas\Opera\opera.exe
C:\WINDOWS\explorer.exe
D:\Programas\H\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: 199.238.129.95 netcerto.com.br
O1 - Hosts: 199.238.129.95 www.netcerto.com.br
O1 - Hosts: 199.238.129.95 visanet.com.br
O1 - Hosts: 199.238.129.95 www.visanet.com.br
O1 - Hosts: 199.238.129.95 www.bancoreal.com.br
O1 - Hosts: 199.238.129.95 real.com.br
O1 - Hosts: 199.238.129.95 www.real.com.br
O1 - Hosts: 199.238.129.95 www.itau.com.br
O1 - Hosts: 199.238.129.95 itau.com.br
O1 - Hosts: 199.238.129.95 www.itaupersonnalite.com.br
O1 - Hosts: 199.238.129.95 itaupersonnalite.com.br
O1 - Hosts: 199.238.129.95 www.itauprivatebank.com.br
O1 - Hosts: 199.238.129.95 itauprivatebank.com.br
O1 - Hosts: 199.238.129.95 www.bb.com.br
O1 - Hosts: 199.238.129.95 bb.com.br
O1 - Hosts: 199.238.129.95 www.bb.gov.br
O1 - Hosts: 199.238.129.95 bb.gov.br
O1 - Hosts: 199.238.129.95 bradesco.com.br
O1 - Hosts: 199.238.129.95 www.bradesco.com.br
O1 - Hosts: 199.238.129.95 www.bradescoprime.com.br
O1 - Hosts: 199.238.129.95 bradescoprime.com.br
O1 - Hosts: 199.238.129.95 bradescojuridico.com.br
O1 - Hosts: 199.238.129.95 www.checktudo.com.br
O1 - Hosts: 199.238.129.95 checktudo.com.br
O1 - Hosts: 199.238.129.95 www.infoseg.gov.br
O1 - Hosts: 199.238.129.95 infoseg.gov.br
O1 - Hosts: 199.238.129.95 www.bradescojuridico.com.br
O1 - Hosts: 199.238.129.95 santander.com.br
O1 - Hosts: 199.238.129.95 www.santander.com.br
O1 - Hosts: 199.238.129.95 banespa.com.br
O1 - Hosts: 199.238.129.95 www.nossacaixa.com.br
O1 - Hosts: 199.238.129.95 nossacaixa.com.br
O1 - Hosts: 199.238.129.95 www.unibanco.com.br
O1 - Hosts: 199.238.129.95 unibanco.com.br
O1 - Hosts: 199.238.129.95 www.banespa.com.br
O1 - Hosts: 199.238.129.95 www.itauprivatebank.com.br
O1 - Hosts: 199.238.129.95 itauprivatebank.com.br
O1 - Hosts: 199.238.129.95 cetelem.com.br
O1 - Hosts: 199.238.129.95 www.cetelem.com.br
O1 - Hosts: 199.238.129.95 citibank.com.br
O1 - Hosts: 199.238.129.95 www.citibank.com.br
O1 - Hosts: 199.238.129.95 www.lacaixa.es
O1 - Hosts: 199.238.129.95 lacaixa.es
O1 - Hosts: 199.238.129.95 portal.lacaixa.es
O1 - Hosts: 199.238.129.95 caixacatalunya.es
O1 - Hosts: 199.238.129.95 www.caixacatalunya.es
O1 - Hosts: 199.238.129.95 www.banesto.es
O1 - Hosts: 199.238.129.95 banesto.es
O1 - Hosts: 199.238.129.95 cajamadrid.es
O1 - Hosts: 199.238.129.95www.cajamadrid.es
O1 - Hosts: 199.238.129.95 www.bbva.es
O1 - Hosts: 199.238.129.95 bbva.es
O1 - Hosts: 199.238.129.95 www.cam.es
O1 - Hosts: 199.238.129.95 cam.es
O1 - Hosts: 199.238.129.95 www.openbank.es
O1 - Hosts: 199.238.129.95 openbank.es
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [MSSE] "C:\Arquivos de programas\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Windows Defender] "C:\DOCUME~1\Jonathan\CONFIG~1\Temp\msseces.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Publicar em Blogue - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Publicar no Blogue no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265812971578
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{03A6E565-EC38-4C0D-BD16-08C0857FA9DC}: NameServer = 200.204.0.10 200.204.0.138
O17 - HKLM\System\CS2\Services\Tcpip\..\{03A6E565-EC38-4C0D-BD16-08C0857FA9DC}: NameServer = 200.204.0.10 200.204.0.138
O17 - HKLM\System\CS3\Services\Tcpip\..\{03A6E565-EC38-4C0D-BD16-08C0857FA9DC}: NameServer = 200.204.0.10 200.204.0.138
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

--
End of file - 9090 bytes
micro pc log prog analizar oscilacao hijackthis passei olhase
brando lee
brando lee Zerinho Registrado
2.4K Mensagens 97 Curtidas
#2 Por brando lee
19/03/2010 - 10:01
Primeiro:

1) Copia os comando abaixo no Código
Taskkill /f /im cmd.cfxxe /im NirCmd.cfxxe /t

RD /s/q C:\32788R22FWJFW


2) vá em ((Iniciar))>((Executar))> e digite (cmd) e clique em (ok) Abrirá uma janela cole os comandos com o botão direito do mause e clique em (colar) e depois tecle (Enter).

********************************************

Depois....


1: Baixe o programa HostsXpert, no link abaixo,salve-o no desktop
http://www.funkytoad.com/download/HostsXpert.zip

Extraia o seu conteúdo para o desktop e execute-o. Clique em ((Restore Microsoft's Hosts File)).

Terminado, cole um novo log do hijackthis.
Ficarei um tempo ausente no Fórum, muito Ocupado, coisas mais importante pra fazer "Trabalho".


Removendo vírus pelo bloco de notas!


xpodrex
xpodrex Novo Membro Registrado
74 Mensagens 0 Curtidas
#3 Por xpodrex
19/03/2010 - 10:15
obrigado pela prontidão brando lee

estou passando o bit defender online, imaginei q fosse acabar logo... mas... hehehe... já achou 8 virus diferentes ( generic banker vb 8609f705; virtool 3241, 4104, 20332; trojan zapchas f, generic 3113173, is 596608; application findkeyxp f) assim q termina-lo farei o orientado pelo amigo ae...

obrigado...

ae fera segue ae o log do hijack this e do combofix, ambos feito agora...

hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:49:35, on 19/3/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Arquivos de programas\Panda USB Vaccine\USBVaccine.exe
C:\Arquivos de programas\Microsoft Security Essentials\msseces.exe
C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Jonathan\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [MSSE] "C:\Arquivos de programas\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Publicar em Blogue - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Publicar no Blogue no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265812971578
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{03A6E565-EC38-4C0D-BD16-08C0857FA9DC}: NameServer = 200.204.0.10 200.204.0.138
O17 - HKLM\System\CS2\Services\Tcpip\..\{03A6E565-EC38-4C0D-BD16-08C0857FA9DC}: NameServer = 200.204.0.10 200.204.0.138
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

--
End of file - 5704 bytes

combofix:

ComboFix 10-03-18.02 - Jonathan 19/03/2010 11:39:15.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2551.1923 [GMT -3:00]
Executando de: c:\documents and settings\Jonathan\Meus documentos\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\windows\system32\AutoRun.inf
c:\windows\system32\calc.exe
c:\windows\system32\RCXF3.tmp

A cópia de c:\windows\system32\midimap.dll foi encontrada e desinfectada
Cópia restaurada de - c:\windows\VistaMizer\old\midimap.dll

.
(((((((((((((((( Arquivos/Ficheiros criados de 2010-02-19 to 2010-03-19 ))))))))))))))))))))))))))))
.

2010-03-19 11:17 . 2010-03-19 14:33 -------- d-----w- c:\documents and settings\Jonathan\Dados de aplicativos\GetRightToGo
2010-03-19 11:09 . 2010-03-19 11:26 -------- d-----w- c:\windows\BDOSCAN8
2010-03-17 16:45 . 2010-03-17 16:45 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin
2010-03-17 16:42 . 2008-12-23 18:49 113640 ----a-w- c:\documents and settings\Jonathan\Dados de aplicativos\Mozilla\Firefox\Profiles\qivtl1x4.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886D}\components\GbMzhCef.dll
2010-03-09 18:49 . 2010-03-09 18:49 -------- d-----w- C:\Intel
2010-03-06 03:29 . 2010-03-06 03:29 -------- d-----w- c:\arquivos de programas\Microsoft Calculator Plus
2010-03-05 23:47 . 2010-03-05 23:48 -------- d-----w- c:\arquivos de programas\PowerISO
2010-03-05 18:47 . 2010-03-05 18:48 -------- d-----w- c:\arquivos de programas\DVD Decrypter
2010-03-05 18:35 . 2010-03-05 18:39 -------- d-----w- c:\documents and settings\Jonathan\Dados de aplicativos\Vso
2010-03-05 18:34 . 2010-03-05 18:34 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Panda Security
2010-03-05 18:33 . 2010-03-05 18:33 -------- d-----w- c:\arquivos de programas\Panda USB Vaccine
2010-03-05 13:18 . 2010-02-12 23:34 31824 ----a-w- c:\windows\system32\drivers\VBoxUSB.sys
2010-03-05 13:18 . 2010-03-05 13:18 -------- d-----w- c:\arquivos de programas\Sun
2010-03-05 13:17 . 2010-03-05 18:32 -------- d-----w- c:\documents and settings\Jonathan\Dados de aplicativos\Winamp
2010-03-05 13:17 . 2010-03-05 13:18 -------- d-----w- c:\arquivos de programas\Winamp
2010-03-05 13:04 . 2010-03-05 13:06 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack
2010-03-05 13:00 . 2010-03-05 13:00 -------- d-----w- c:\arquivos de programas\AskBarDis
2010-03-05 12:56 . 2010-03-05 12:56 -------- d-----w- c:\arquivos de programas\Ashampoo
2010-03-04 20:15 . 2010-03-04 20:25 -------- d-----w- c:\windows\VistaMizer
2010-03-04 20:04 . 2010-03-04 20:04 64849 ----a-w- c:\windows\BricoPackUninst.cmd
2010-03-04 20:02 . 2010-03-04 20:04 6138 ----a-w- c:\windows\BricoPackFoldersDelete.cmd
2010-03-04 20:01 . 2010-03-04 20:01 -------- d-----w- c:\windows\BricoPacks
2010-03-01 22:08 . 2010-03-01 22:08 -------- d-----w- c:\windows\Sun
2010-02-28 13:36 . 2010-02-28 13:42 -------- d-----w- c:\documents and settings\Jonathan\.VirtualBox
2010-02-28 13:28 . 2010-02-12 23:34 123280 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2010-02-28 13:28 . 2010-02-12 23:34 41680 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2010-02-26 19:44 . 2010-03-05 13:08 -------- d-----w- c:\arquivos de programas\Google
2010-02-26 17:47 . 2010-03-02 11:58 -------- d-----w- c:\arquivos de programas\Cobian Backup 10
2010-02-25 20:43 . 2010-02-25 20:43 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\IObit
2010-02-25 20:41 . 2010-02-25 20:46 -------- d-----w- c:\documents and settings\Jonathan\Dados de aplicativos\IObit
2010-02-25 20:41 . 2010-02-25 20:41 -------- d-----w- c:\arquivos de programas\IObit
2010-02-25 12:33 . 2010-02-25 12:33 -------- d--h--w- c:\windows\PIF
2010-02-23 14:55 . 2010-02-23 14:55 -------- d-----w- c:\documents and settings\Jonathan\Dados de aplicativos\Polynomial
2010-02-22 21:15 . 2010-02-22 21:15 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-11 19:51 . 2010-02-10 17:07 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help
2010-03-10 17:37 . 2010-02-10 14:51 -------- d-----w- c:\arquivos de programas\Microsoft Security Essentials
2010-03-05 18:18 . 2010-02-10 15:57 -------- d-----w- c:\arquivos de programas\Unlocker
2010-03-05 13:17 . 2010-02-10 14:32 -------- d-----w- c:\arquivos de programas\Winamp Detect
2010-03-05 13:06 . 2010-02-10 14:28 -------- d-----w- c:\arquivos de programas\Opera
2010-03-05 13:00 . 2010-02-10 12:44 -------- d-----w- c:\arquivos de programas\Foxit Software
2010-03-05 12:49 . 2010-02-13 17:34 -------- d-----w- c:\arquivos de programas\Opera 10.50 Beta
2010-03-04 20:25 . 2008-04-13 20:20 219648 ----a-w- c:\windows\system32\uxtheme.dll
2010-03-04 02:23 . 2010-02-16 15:25 -------- d-----w- c:\arquivos de programas\FreeTime
2010-02-24 13:16 . 2010-02-10 15:02 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 14:08 . 2010-02-11 10:39 -------- d-----w- c:\arquivos de programas\Anolis
2010-02-17 20:27 . 2001-10-28 16:07 91386 ----a-w- c:\windows\system32\perfc016.dat
2010-02-17 20:27 . 2001-10-28 16:07 517082 ----a-w- c:\windows\system32\perfh016.dat
2010-02-17 17:27 . 2010-02-11 14:55 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Soulseek
2010-02-17 17:27 . 2010-02-17 10:13 -------- d-----w- c:\documents and settings\Jonathan\Dados de aplicativos\uTorrent
2010-02-17 10:14 . 2010-02-17 10:14 -------- d-----w- c:\arquivos de programas\uTorrent
2010-02-16 20:54 . 2010-02-16 20:45 -------- d-----w- c:\arquivos de programas\Microsoft Works
2010-02-16 20:45 . 2010-02-16 20:45 -------- d-----w- c:\arquivos de programas\Microsoft.NET
2010-02-15 15:14 . 2010-02-15 15:14 0 ----a-w- c:\windows\nsreg.dat
2010-02-15 13:45 . 2010-02-15 13:15 -------- d-----w- c:\documents and settings\Jonathan\Dados de aplicativos\Ashampoo
2010-02-15 13:09 . 2010-02-15 13:09 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\ashampoo
2010-02-12 23:34 . 2010-02-12 23:34 110096 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2010-02-12 23:34 . 2009-12-17 18:02 99152 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2010-02-12 23:34 . 2010-02-12 23:34 133648 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
2010-02-12 22:01 . 2010-02-12 22:01 -------- d-----w- c:\documents and settings\Jonathan\Dados de aplicativos\Watchtower
2010-02-12 21:56 . 2010-02-12 21:56 -------- d-----w- c:\arquivos de programas\Watchtower
2010-02-12 18:48 . 2010-02-12 18:48 -------- d-----w- c:\documents and settings\Jonathan\Dados de aplicativos\Media Player Classic
2010-02-12 00:22 . 2010-02-10 14:35 -------- d-----w- c:\arquivos de programas\Microsoft Silverlight
2010-02-12 00:17 . 2010-02-12 00:17 -------- d-----w- c:\arquivos de programas\MSXML 4.0
2010-02-11 19:37 . 2010-02-11 19:37 -------- d-----w- c:\arquivos de programas\MSBuild
2010-02-11 16:28 . 2010-02-11 14:55 -------- d-----w- c:\documents and settings\Jonathan\Dados de aplicativos\LimeWire
2010-02-11 14:52 . 2010-02-11 14:52 503808 ----a-w- c:\documents and settings\Jonathan\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5a8bbfd8-n\msvcp71.dll
2010-02-11 14:52 . 2010-02-11 14:52 499712 ----a-w- c:\documents and settings\Jonathan\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5a8bbfd8-n\jmc.dll
2010-02-11 14:52 . 2010-02-11 14:52 348160 ----a-w- c:\documents and settings\Jonathan\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5a8bbfd8-n\msvcr71.dll
2010-02-11 14:52 . 2010-02-11 14:52 61440 ----a-w- c:\documents and settings\Jonathan\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5e50762f-n\decora-sse.dll
2010-02-11 14:52 . 2010-02-11 14:52 12800 ----a-w- c:\documents and settings\Jonathan\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5e50762f-n\decora-d3d.dll
2010-02-11 14:52 . 2010-02-11 14:52 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java
2010-02-11 14:51 . 2010-02-11 14:51 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-11 14:51 . 2010-02-11 14:51 -------- d-----w- c:\arquivos de programas\Java
2010-02-11 14:39 . 2010-02-10 14:36 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live
2010-02-11 13:32 . 2010-02-11 13:32 -------- d-----w- c:\arquivos de programas\Elaborate Bytes
2010-02-11 12:37 . 2010-02-10 12:18 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-11 11:36 . 2010-02-11 11:36 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!
2010-02-10 14:34 . 2010-02-10 14:30 -------- d-----w- c:\arquivos de programas\Windows Live
2010-02-10 14:31 . 2010-02-10 14:31 -------- d-----w- c:\arquivos de programas\Microsoft
2010-02-10 14:31 . 2010-02-10 14:31 -------- d-----w- c:\arquivos de programas\Windows Live SkyDrive
2010-02-10 14:15 . 2010-02-10 14:15 -------- d-----w- c:\arquivos de programas\Reference Assemblies
2010-02-10 14:12 . 2010-02-10 14:12 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Windows Live
2010-02-10 13:15 . 2010-02-10 13:12 123801 ----a-w- c:\windows\hpoins15.dat
2010-02-10 13:15 . 2010-02-10 13:15 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Hewlett-Packard
2010-02-10 13:13 . 2010-02-10 13:13 -------- d-----w- c:\arquivos de programas\Hewlett-Packard
2010-02-10 13:13 . 2010-02-10 13:13 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Hewlett-Packard
2010-02-10 13:13 . 2010-02-10 13:13 -------- d-----w- c:\arquivos de programas\HP
2010-02-10 13:06 . 2010-02-10 13:06 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information
2010-02-10 13:06 . 2010-02-10 13:06 -------- d-----w- c:\arquivos de programas\Realtek
2010-02-10 13:06 . 2010-02-10 13:06 315392 ----a-w- c:\windows\HideWin.exe
2010-02-10 13:06 . 2010-02-10 13:06 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield
2010-02-10 13:04 . 2010-02-10 13:04 -------- d-----w- c:\arquivos de programas\Intel
2010-02-10 12:44 . 2010-02-10 12:44 -------- d-----w- c:\documents and settings\Jonathan\Dados de aplicativos\Foxit
2010-02-10 12:19 . 2010-02-10 12:19 -------- d-----w- c:\arquivos de programas\microsoft frontpage
2010-02-10 12:17 . 2010-02-10 12:17 -------- d-----w- c:\arquivos de programas\Serviços on-line
2010-02-10 12:17 . 2010-02-10 12:17 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Serviços
2010-02-10 12:15 . 2010-02-10 12:15 21844 ----a-w- c:\windows\system32\emptyregdb.dat
2010-02-02 18:00 . 2010-03-05 13:05 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-12-31 16:50 . 2008-04-13 13:15 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-22 18:39 . 2009-12-22 18:39 922112 ------w- c:\windows\system32\imapi2fs.dll
2009-12-22 18:39 . 2009-12-22 18:39 426496 ------w- c:\windows\system32\imapi2.dll
2009-12-21 19:08 . 2008-04-13 20:20 1017856 ----a-w- c:\windows\system32\wininet.dll
.

------- Sigcheck -------

[-] 2008-04-13 . B0C0BF2504B830BFC1E93CA39F3C75FE . 549376 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-04-13 . B0C0BF2504B830BFC1E93CA39F3C75FE . 549376 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\winlogon.exe
[7] 2008-04-13 . 71D440F79B711627B12B567FB2EADB42 . 509952 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\winlogon.exe

[-] 2009-08-06 . 3106544FA5F88A788A9BD993BA767B6C . 79072 . . [7.4.7600.226] . . c:\windows\system32\wuauclt.exe
[-] 2009-08-06 . 3106544FA5F88A788A9BD993BA767B6C . 79072 . . [7.4.7600.226] . . c:\windows\system32\dllcache\wuauclt.exe
[-] 2009-08-06 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . . c:\windows\VistaMizer\old\wuauclt.exe

[-] 2008-04-13 . 4A82CD98D559D958523E9CAD9FDA399E . 724992 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2008-04-13 . 4A82CD98D559D958523E9CAD9FDA399E . 724992 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[7] 2008-04-13 . 085C5892D9C1E19B3CEFD1B79F5BBF13 . 617472 . . [5.82] . . c:\windows\VistaMizer\old\comctl32.dll

[-] 2010-02-11 . BC87E1DD515E87F9DF076EA1B11AE700 . 6027264 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB978207-IE8\mshtml.dll
[-] 2009-12-21 . 16948158B4B7C79A53831A7D22893B1F . 6167040 . . [8.00.6001.18876] . . c:\windows\system32\mshtml.dll
[-] 2009-12-21 . 16948158B4B7C79A53831A7D22893B1F . 6167040 . . [8.00.6001.18876] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2009-12-21 . 730E736C781C366E3C0E8EC5C74C5F64 . 6216704 . . [8.00.6001.18876] . . c:\windows\VistaMizer\old\mshtml.dll
[7] 2009-12-21 . AAD700DEA94EE6E56E591C351111941A . 5945856 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\mshtml.dll
[7] 2008-04-13 . 64C5EB55D74A90AB4DC89F9A6C2E797F . 3066880 . . [6.00.2900.5512] . . c:\windows\ie8\mshtml.dll

[7] 2009-12-09 . C25035B93BDF12E2CB89C6F5BF8B99F1 . 2193536 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[7] 2009-12-09 . EB331E36934D9016B66CDF694954A8AF . 2193408 . . [5.1.2600.5913] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2009-12-09 . B1BF548ECFD14828726972B19D6FA435 . 2450176 . . [5.1.2600.5913] . . c:\windows\system32\ntoskrnl.exe
[-] 2009-12-09 . B1BF548ECFD14828726972B19D6FA435 . 2450176 . . [5.1.2600.5913] . . c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2009-12-09 . EB331E36934D9016B66CDF694954A8AF . 2193408 . . [5.1.2600.5913] . . c:\windows\VistaMizer\old\ntoskrnl.exe
[7] 2009-08-05 . 5478469B21B53EFCA944412D2DE6ABCA . 2193408 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntoskrnl.exe
[7] 2009-08-04 . 3B75E61D1546C05A959EDFE11F1510D1 . 2193536 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[7] 2009-02-10 . B0BF079AF000D97D8C043D1DFF08086D . 2193408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2008-04-13 . 185F6C64734019E7E9F626E53CC37FB4 . 2193280 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe

[-] 2008-04-13 . 7C0E5D593730414B5994A15A6D10C201 . 588288 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2008-04-13 . 7C0E5D593730414B5994A15A6D10C201 . 588288 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll
[7] 2008-04-13 . 54907DB28872A7A6D3EE2B4747A23828 . 579072 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\user32.dll

[-] 2010-02-11 . 8A5FF1DE97B94A6D7EC5924CF5C82FA5 . 928256 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB978207-IE8\wininet.dll
[-] 2009-12-21 . C6A354A36971296B2E70A1A106079CE9 . 1017856 . . [8.00.6001.18876] . . c:\windows\system32\wininet.dll
[-] 2009-12-21 . C6A354A36971296B2E70A1A106079CE9 . 1017856 . . [8.00.6001.18876] . . c:\windows\system32\dllcache\wininet.dll
[-] 2009-12-21 . 3A39442EB6F1EED196A4E76374CBBBBE . 907264 . . [8.00.6001.18876] . . c:\windows\VistaMizer\old\wininet.dll
[7] 2009-12-21 . 11162780821A0531D39E675A662D766F . 916480 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\wininet.dll
[7] 2008-04-13 . DF6D0F37A71883BE3505DD517EB8AD83 . 668160 . . [6.00.2900.5512] . . c:\windows\ie8\wininet.dll

[-] 2008-04-13 . 60FA16CC77EC81FCE18FE8C33DEEEC42 . 1554432 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-13 . 60FA16CC77EC81FCE18FE8C33DEEEC42 . 1554432 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe
[-] 2008-04-13 . 732946EEAA1D8EE2A4FC24370827617B . 977920 . . [6.00.2900.5512] . . c:\windows\VistaMizer\old\explorer.exe

[-] 2008-04-13 . D67945A2290E98BB54D7792F09E7504E . 25088 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2008-04-13 . D67945A2290E98BB54D7792F09E7504E . 25088 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe
[7] 2008-04-13 . 4E486ADFE3A0B9ED0EB0639902E9F64F . 15360 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\ctfmon.exe

[7] 2009-12-09 . 7D45AF0A376A7EEE59B2A4BCDC304C9C . 2070400 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
[7] 2009-12-09 . FA72BE44F0715BD88A37C77559ACB3B7 . 2070272 . . [5.1.2600.5913] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2009-12-09 . AF416B3117DE4C38881D679406C04022 . 2327040 . . [5.1.2600.5913] . . c:\windows\system32\ntkrnlpa.exe
[-] 2009-12-09 . AF416B3117DE4C38881D679406C04022 . 2327040 . . [5.1.2600.5913] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2009-12-09 . FA72BE44F0715BD88A37C77559ACB3B7 . 2070272 . . [5.1.2600.5913] . . c:\windows\VistaMizer\old\ntkrnlpa.exe
[7] 2009-08-05 . 6FEC1B436323CC29B3008D7C5BF2A10F . 2070400 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[7] 2009-08-04 . B7A8A8A3B9C2E259689140F5F8E46842 . 2070272 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntkrnlpa.exe
[7] 2009-02-09 . FF7FE874B6DA494303EE3DD9B97AB007 . 2070400 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-04-13 . F84054BFD1D688B901AD907499879BBD . 2070144 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 15:58 333192 ----a-w- c:\arquivos de programas\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\arquivos de programas\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 630784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSSE"="c:\arquivos de programas\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"UnlockerAssistant"="c:\arquivos de programas\Unlocker\UnlockerAssistant.exe" [2009-10-26 15872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 25088]

c:\documents and settings\Jonathan\Menu Iniciar\Programas\Inicializar\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-18 630784]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Jonathan^Menu Iniciar^Programas^Inicializar^Recorte de tela e Iniciador do OneNote 2007.lnk]
path=c:\documents and settings\Jonathan\Menu Iniciar\Programas\Inicializar\Recorte de tela e Iniciador do OneNote 2007.lnk
backup=c:\windows\pss\Recorte de tela e Iniciador do OneNote 2007.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Jonathan^Menu Iniciar^Programas^Inicializar^TransBar.lnk]
path=c:\documents and settings\Jonathan\Menu Iniciar\Programas\Inicializar\TransBar.lnk
backup=c:\windows\pss\TransBar.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Jonathan^Menu Iniciar^Programas^Inicializar^UberIcon.lnk]
path=c:\documents and settings\Jonathan\Menu Iniciar\Programas\Inicializar\UberIcon.lnk
backup=c:\windows\pss\UberIcon.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Jonathan^Menu Iniciar^Programas^Inicializar^Y'z Shadow.lnk]
path=c:\documents and settings\Jonathan\Menu Iniciar\Programas\Inicializar\Y'z Shadow.lnk
backup=c:\windows\pss\Y'z Shadow.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 20:43 69632 ----a-r- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-13 20:20 25088 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2006-10-05 23:13 114688 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2006-10-05 23:11 98304 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 18:44 3883856 ----a-w- c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2006-10-05 23:10 94208 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-04-10 17:28 16126464 ----a-r- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2007-04-04 19:22 1822720 ----a-r- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 17:21 246504 ----a-w- c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2009-06-17 11:44 85160 ----a-w- c:\arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-01-13 22:44 37888 ----a-w- c:\arquivos de programas\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Opera\\opera.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=
"c:\\Arquivos de programas\\Sun\\VirtualBox\\VirtualBox.exe"=
"d:\\Programas\\J\\JDownloader_portable\\CommonFiles\\Java\\bin\\javaw.exe"=

R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [28/2/2010 10:28 123280]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [28/2/2010 10:28 41680]
S3 clr_optimization_v4.0.20506_32;.NET Runtime Optimization Service v4.0.20506_X86;c:\windows\Microsoft.NET\Framework\v4.0.20506\mscorsvw.exe [6/5/2009 08:08 104272]
S3 FXDrv32;FXDrv32;\??\i:\fxdrv32.sys --> i:\FXDrv32.sys [?]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [17/12/2009 15:02 99152]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [12/2/2010 20:34 110096]
S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [5/3/2010 10:18 31824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Conteúdo da pasta 'Tarefas Agendadas'

2010-03-19 c:\windows\Tasks\MP Scheduled Scan.job
- c:\arquivos de programas\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 21:02]

2010-03-19 c:\windows\Tasks\PandaUSBVaccine.job
- c:\arquivos de programas\Panda USB Vaccine\RunInteractiveWin.exe [2010-03-05 19:45]
.
.
------- Scan Suplementar -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MI1933~1\Office12\EXCEL.EXE/3000
TCP: {03A6E565-EC38-4C0D-BD16-08C0857FA9DC} = 200.204.0.10 200.204.0.138
FF - ProfilePath - c:\documents and settings\Jonathan\Dados de aplicativos\Mozilla\Firefox\Profiles\qivtl1x4.default\
FF - prefs.js: browser.startup.homepage - hxxps://minhaclaro.claro.com.br/portal/site/MinhaClaro/cliente/claro_cartao/movel/
FF - component: c:\documents and settings\Jonathan\Dados de aplicativos\Mozilla\Firefox\Profiles\qivtl1x4.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886D}\components\GbMzhCef.dll
FF - plugin: c:\arquivos de programas\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\arquivos de programas\Opera 10.50 Beta\program\plugins\NPOFF12.DLL
FF - plugin: c:\arquivos de programas\Opera 10.50 Beta\program\plugins\NPSWF32.dll
FF - plugin: c:\windows\Microsoft.NET\Framework\v4.0.20506\WPF\NPWPF.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORFÃOS REMOVIDOS - - - -

MSConfigStartUp-ares - c:\arquivos de programas\Ares\Ares.exe
MSConfigStartUp-TaskSwitchXP - c:\arquivos de programas\TaskSwitchXP\TaskSwitchXP.exe
MSConfigStartUp-XPize Darkside Reloader - c:\windows\XPize Darkside\XPize Darkside Reloader.exe
AddRemove-HijackThis - d:\programas\H\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-19 11:44
Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(860)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(916)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\psbase.dll

- - - - - - - > 'explorer.exe'(1432)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\WININET.dll
c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
c:\arquivos de programas\Unlocker\UnlockerHook.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
c:\windows\system32\LINKINFO.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\msi.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\webcheck.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\arquivos de programas\Microsoft Security Essentials\MsMpEng.exe
c:\arquivos de programas\Java\jre6\bin\jqs.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\arquivos de programas\Panda USB Vaccine\USBVaccine.exe
.
**************************************************************************
.
Tempo para conclusão: 2010-03-19 11:48:21 - Máquina reiniciou
ComboFix-quarantined-files.txt 2010-03-19 14:48

Pré-execução: 5 pasta(s) 12.136.124.416 bytes disponíveis
Pós execução: 8 pasta(s) 12.162.142.208 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
[Boot Loader]
Timeout=2
Default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[Operating Systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows" /noexecute=optin /fastdetect

- - End Of File - - 0A32AF5F21CD20AD881EED02979855AA

blz fico no aguardo... obrigado...
brando lee
brando lee Zerinho Registrado
2.4K Mensagens 97 Curtidas
#4 Por brando lee
19/03/2010 - 14:49
Eu não solicitei á vc a utilizar o Combofix., mais tudo bem..
Delete a ferramenta HostsXpert.exe e HostsXpert.zip

Faça os procedimentos abaixo.

*******************************

1)*Baixe o ((AD-Remover)) e salve-o no desktop
http://forum-aide-contre-virus.be/download/C_XX/AD-R.exe

*Duplo clique em AD-R.exe

*Clique em (Clean)
*Aguarde o término, quando terminar abrirá um relatório automatico.
*Copia e Cole aqui no Fórum, o relatório criado em C:\Ad-Report-SCAN.log

***************************************

E depois.....


1) Baixe a Ferramenta ((USBScanlist)) no link abaixo.
http://download.mandeibem.com.br/storage2/20100307-232033-2830/Programas/usbscanlist.exe

2) Conecte seu Pendriver ou MP3 na entrada USB.
* E Dublo clique no arquivo (USBScanlist.exe)
* Tecla (X) -> (Enter)
* Tecla (1) -> (Enter) Iniciar o Scan.

*Aguarde o scan, quando termina abrirá um relatório automatico, copia ele todo e cole aqui.
Ficarei um tempo ausente no Fórum, muito Ocupado, coisas mais importante pra fazer "Trabalho".


Removendo vírus pelo bloco de notas!


xpodrex
xpodrex Novo Membro Registrado
74 Mensagens 0 Curtidas
#5 Por xpodrex
19/03/2010 - 20:56
meu pendrive eh reconhecido na letra "w" soh por via das dúvidas...

o log do AD-Remover:

.
======= AD-REMOVER 2.0.0.0,BREPORT | ONLY XP/VISTA/7 =======
.
Updated by C_XX on 19/03/10 à 20:40
Contact: [email]AdRemover.contact@gmail.com[/email]
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Started: 20:41:52 le 19/03/2010 | Normal boot | Option: CLEAN
Executed from: C:\Ad-Remover\ADR.exe
OS: Microsoft® Windows XP™ Service Pack 3 - X86
Computer name: PC-FAMILIA | Current user: Jonathan (Administrator)
.
============== FIXED ELEMENTS ==============
.
.
C:\Arquivos de programas\AskBarDis
C:\Arquivos de programas\Mozilla FireFox\Components\AskSearch.js
C:\Documents and Settings\Jonathan\Dados de aplicativos\Mozilla\FireFox\Profiles\qivtl1x4.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

(!) -- Deleted temporary files.
.
HKCU\Software\AppDataLow\AskBarDis
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201f27d4-3704-41d6-89c1-aa35e39143ed}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201f27d4-3704-41d6-89c1-aa35e39143ed}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
HKLM\Software\AskBarDis
HKLM\Software\Classes\AskIBar.PopSwatterBarButton
HKLM\Software\Classes\AskIBar.PopSwatterBarButton.1
HKLM\Software\Classes\AskIBar.PopSwatterSettingsControl
HKLM\Software\Classes\AskIBar.PopSwatterSettingsControl.1
HKLM\Software\Classes\AskToolBar.SettingsPlugin
HKLM\Software\Classes\AskToolBar.SettingsPlugin.1
HKLM\Software\Classes\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}
HKLM\Software\Classes\CLSID\{08993A7C-E764-4172-9627-BFB5EA6897B2}
HKLM\Software\Classes\CLSID\{128A6C66-AC6A-4617-8268-AB7F47B7215E}
HKLM\Software\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}
HKLM\Software\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
HKLM\Software\Classes\CLSID\{571715D7-3395-4DF0-B43C-784836209E60}
HKLM\Software\Classes\CLSID\{622fd888-4e91-4d68-84d4-7262fd0811bf}
HKLM\Software\Classes\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
HKLM\Software\Classes\Interface\{4634804A-F0B0-4A74-A550-FC0EEF8A4362}
HKLM\Software\Classes\Interface\{4C07EA4F-5F52-4222-B170-4CD9ED33BAEA}
HKLM\Software\Classes\Interface\{C44FEFF4-EF0C-4CF7-83D0-92B4266A32B9}
HKLM\Software\Classes\Interface\{F131923C-381D-4E4C-A472-4A17118FD742}
HKLM\Software\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
HKLM\Software\Classes\TypeLib\{D2E5FA06-DCC7-46F9-BEFF-BFD06F69B9B2}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ask Toolbar_is1
HKLM\Software\Microsoft\Internet Explorer\Toolbar|{3041D03E-FD4B-44E0-B742-2D9B88305F98}
.
============== ADDITIONNAL SCAN ==============
.
* Mozilla FireFox Version 3.6 (pt-BR) *
.
C:\Documents and Settings\Jonathan\Dados de aplicativos\mozilla\firefox\profiles\qivtl1x4.default\prefs.js - browser.startup.homepage: hxxps://minhaclaro.claro.com.br/portal/site/MinhaClaro/cliente/claro_cartao/movel/
C:\Documents and Settings\Jonathan\Dados de aplicativos\mozilla\firefox\profiles\qivtl1x4.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.2
.
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKCU\Software\Microsoft\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
.
[HKLM\Software\Microsoft\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
.
[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm
.
========================================
.
C:\DOCUME~1\Jonathan\CONFIG~1\Temp: 2 Files, 0 Folders
C:\WINDOWS\temp: 2 Files, 2 Folders
Temporary Internet Files: 2 Files, 9 Folders
.
C:\Ad-Remover\Quarantine: 1 Files
C:\Ad-Remover\Backup: 14 Files
.
C:\Ad-Report-CLEAN[1].txt - 4706 Byte(s)
.
End at:20:44:20, 19/03/2010
.
============== E.O.F - CLEAN[1] ==============
xpodrex
xpodrex Novo Membro Registrado
74 Mensagens 0 Curtidas
#6 Por xpodrex
19/03/2010 - 20:57
o log do USBScanlist:

 

                        ###################################### 

                        º                                    º 

                                    USBScanlist v3.0              

                        º                                    º 

                        ###################################### 



Microsoft Windows XP [versão 5.1.2600]

sex 19/03/2010 

20:52

=============================

Access  Availability  BlockSize  Caption  Compressed  ConfigManagerErrorCode  ConfigManagerUserConfig  Description                             DeviceID  DriveType  ErrorCleared  ErrorDescription  ErrorMethodology  FileSystem  FreeSpace    InstallDate  LastErrorCode  MaximumComponentLength  MediaType  Name  NumberOfBlocks  PNPDeviceID  PowerManagementCapabilities  PowerManagementSupported  ProviderName  Purpose  QuotasDisabled  QuotasIncomplete  QuotasRebuilding  Size         Status  StatusInfo  SupportsDiskQuotas  SupportsFileBasedCompression  VolumeName  VolumeSerialNumber  

                                 A:                                                                    Unidade de disquete de 3 1/2 polegadas  A:        2                                                                                                                                         5          A:                                                                                                                                                                                                                                                                                      

                                 C:       FALSE                                                        Disco fixo local                        C:        3                                                            NTFS        12100268032                              255                     12         C:                                                                                                               TRUE            FALSE             FALSE             40007729152                      TRUE                TRUE                                      BCD186F6            

                                 D:       FALSE                                                        Disco fixo local                        D:        3                                                            NTFS        25257893888                              255                     12         D:                                                                                                               TRUE            FALSE             FALSE             80025243648                      TRUE                TRUE                          Sata        5CE29853            

                                 E:                                                                    Disco removível                         E:        2                                                                                                                                                    E:                                                                                                                                                                                                                                                                                      

                                 F:                                                                    Disco removível                         F:        2                                                                                                                                                    F:                                                                                                                                                                                                                                                                                      

                                 G:                                                                    Disco removível                         G:        2                                                                                                                                                    G:                                                                                                                                                                                                                                                                                      

                                 H:                                                                    Disco removível                         H:        2                                                                                                                                                    H:                                                                                                                                                                                                                                                                                      

                                 I:                                                                    Disco CD-ROM                            I:        5                                                                                                                                         11         I:                                                                                                                                                                                                                                                                                      

                                 J:                                                                    Disco CD-ROM                            J:        5                                                                                                                                         11         J:                                                                                                                                                                                                                                                                                      

                                 K:                                                                    Disco CD-ROM                            K:        5                                                                                                                                         11         K:                                                                                                                                                                                                                                                                                      

                                 W:       FALSE                                                        Disco removível                         W:        2                                                            FAT32       2886651904                               255                                W:                                                                                                                                                                   8016384000                       FALSE               FALSE                         JONATHAN    52157ED4            

=============================



C:



  19/03/2010 20:44      C:\Ad-Report-CLEAN[1].txt --------- 4831 

  19/03/2010 20:44      C:\Ad-Remover --------- 0 

  19/03/2010 20:44      C:\RECYCLER --------- 0 

  19/03/2010 20:44      C:\Arquivos de programas --------- 0 

        C:\pagefile.sys ---------  

  19/03/2010 11:48      C:\Qoobox --------- 0 

  19/03/2010 11:48      C:\ComboFix.txt --------- 32355 

  19/03/2010 11:43      C:\WINDOWS --------- 0 

  19/03/2010 11:38      C:\boot.ini --------- 265 

  19/03/2010 11:38      C:\cmdcons --------- 0 

  11/03/2010 16:51      C:\Config.Msi --------- 0 

  09/03/2010 15:49      C:\Intel --------- 0 

  05/03/2010 10:29      C:\Boot.bak --------- 195 

  16/02/2010 17:41      C:\MSOCache --------- 0 

  10/02/2010 16:15      C:\Documents and Settings --------- 0 

  10/02/2010 09:34      C:\System Volume Information --------- 0 

  10/02/2010 09:19      C:\IO.SYS --------- 0 

  10/02/2010 09:19      C:\MSDOS.SYS --------- 0 

  10/02/2010 09:19      C:\AUTOEXEC.BAT --------- 0 

  10/02/2010 09:19      C:\CONFIG.SYS --------- 0 

  13/04/2008 09:31      C:\ntldr --------- 251696 

  13/04/2008 07:43      C:\NTDETECT.COM --------- 47564 

  15/04/2007 07:57      C:\vista.ico --------- 25214 

  03/08/2004 23:00      C:\cmldr --------- 261856 

  28/10/2001 13:06      C:\Bootfont.bin --------- 4952 

  19/03/2010 20:44      C:\Recycler\S-1-5-21-1078081533-861567501-1177238915-1003 --------- 0 

  19/03/2010 20:44      C:\Recycler\S-1-5-21-1078081533-861567501-1177238915-1003\desktop.ini --------- 65 

  19/03/2010 20:44      C:\Recycler\S-1-5-21-1078081533-861567501-1177238915-1003\INFO2 --------- 20 



###################################



 

D:



  19/03/2010 09:13      D:\backup opera --------- 0 

  12/03/2010 11:42      D:\1cf74f98bf7261084e201bca7f --------- 0 

  03/03/2010 23:20      D:\Atalho para JDownloaderPortable.lnk --------- 1005 

  11/03/2010 20:56      D:\Friends --------- 0 

  24/02/2010 17:13      D:\Atalho para Project64.lnk --------- 961 

  17/03/2010 23:18      D:\Downloads --------- 0 

  01/03/2010 08:24      D:\Thumbs.db --------- 14848 

  11/02/2010 16:36      D:\8f235cc3fdcaa7544b4ee83820f779e3 --------- 0 

  11/02/2010 10:39      D:\RECYCLER --------- 0 

  07/03/2010 11:42      D:\Filmes --------- 0 

  17/03/2010 18:16      D:\backup pendrive --------- 0 

  05/03/2010 10:23      D:\Musicas --------- 0 

  05/03/2010 09:22      D:\blingee --------- 0 

  05/03/2010 09:23      D:\Cassia Eller --------- 0 

  17/03/2010 13:20      D:\Comprovantes --------- 0 

  05/03/2010 09:27      D:\Drivers XP --------- 0 

  05/03/2010 09:27      D:\Engenheiros do Havaí --------- 0 

  05/03/2010 09:29      D:\Meus arquivos recebidos --------- 0 

  18/03/2010 16:24      D:\Minhas imagens --------- 0 

  19/03/2010 10:56      D:\Programas --------- 0 

  18/03/2010 18:39      D:\TXT --------- 0 

  24/08/2009 21:08      D:\Parte.docx --------- 12548 

  19/07/2009 14:35      D:\Maneira de demonstrar Lealdade a Jeová.docx --------- 10886 

  29/06/2009 10:09      D:\JONATHAN FELIPE DE BARROS SILVA.doc --------- 64512 

  15/06/2009 08:46      D:\JONATHAN FELIPE DE BARROS SILVA jdí.doc --------- 64512 

  08/06/2009 11:01      D:\Fonte de matéria.docx --------- 18529 

  11/01/2010 10:57      D:\curri pri.doc --------- 563200 

  08/03/2010 11:30      D:\Contas.xls --------- 47616 

  16/01/2009 14:58      D:\chefia casamento.doc --------- 29184 

  31/05/2009 18:47      D:\001.AVI --------- 32522138 

  10/02/2010 14:31      D:\System Volume Information --------- 0 



###################################





E:





###################################





F:





###################################





G:





###################################





H:





###################################





I:





###################################





J:





###################################



 

K:





###################################





L:





###################################









###################################





###################################





###################################





###################################





###################################





#######(Arquivos Ocultos)#######



       ((Encontrado))C:\Arquivos de programas\Google\Picasa3\setup.exe ---------  

       ((Encontrado))C:\IO.SYS ---------  

       ((Encontrado))C:\MSDOS.SYS ---------  

       ((Encontrado))C:\pagefile.sys ---------  



###################################



 

#######((Processos Ativos))#######



CommandLine                                                                                                                                                                                                                                                                   CSName      Description            ExecutablePath                                                      ExecutionState  Handle  HandleCount  InstallDate  KernelModeTime  MaximumWorkingSetSize  MinimumWorkingSetSize  Name                   OSName                                                                     OtherOperationCount  OtherTransferCount  PageFaults  PageFileUsage  ParentProcessId  PeakPageFileUsage  PeakVirtualSize  PeakWorkingSetSize  Priority  PrivatePageCount  ProcessId  QuotaNonPagedPoolUsage  QuotaPagedPoolUsage  QuotaPeakNonPagedPoolUsage  QuotaPeakPagedPoolUsage  ReadOperationCount  ReadTransferCount  SessionId  Status  TerminationDate  ThreadCount  UserModeTime  VirtualSize  WindowsVersion  WorkingSetSize  WriteOperationCount  WriteTransferCount  

PC-FAMILIA  System Idle Process                                                                                        0       0                         7565468750                                                    System Idle Process    Microsoft Windows XP Professional|C:\WINDOWS|\Device\Harddisk0\Partition1  0                    0                   0           0              0                0                  0                0                   0         0                 0          0                       0                    0                           0                        0                   0                  0                                   1            0             0            5.1.2600        16384           0                    0                   

PC-FAMILIA  System                                                                                                     4       503                       51250000        1413120                0                      System                 Microsoft Windows XP Professional|C:\WINDOWS|\Device\Harddisk0\Partition1  4231                 562603              7969        0              0                0                  5435392          4739072             8         28672             4          0                       0                    0                           0                        171                 1758296            0                                   113          0             1945600      5.1.2600        225280          823                  4463954             

\SystemRoot\System32\smss.exe                                                                                                                                                                                                                                                 PC-FAMILIA  smss.exe               C:\WINDOWS\System32\smss.exe                                                        768     19                        156250          1413120                204800                 smss.exe               Microsoft Windows XP Professional|C:\WINDOWS|\Device\Harddisk0\Partition1  124                  750                 190         172032         4                1712128            20701184         430080              11        172032            768        640                     5272                 1160                        21488                    9                   4122               0                                   3            156250        3915776      5.1.2600        417792          4                    4                   

C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16  PC-FAMILIA  csrss.exe              C:\WINDOWS\system32\csrss.exe                                                       832     460                       11718750        1413120                204800                 csrss.exe              Microsoft Windows XP Professional|C:\WINDOWS|\Device\Harddisk0\Partition1  17162                222671              4107        1757184        768              2408448            41906176         3862528             13        1757184           832        5472                    51448                6416                        52904                    8907                1164169            0                                   12           13593750      25010176     5.1.2600        3846144         0                    0                   

winlogon.exe                                                                                                                                                                                                                                                                  PC-FAMILIA  winlogon.exe           C:\WINDOWS\system32\winlogon.exe                                                    856     454                       7187500         1413120                204800                 winlogon.exe           Microsoft Windows XP Professional|C:\WINDOWS|\Device\Harddisk0\Partition1  4272                 132088              11782       8282112        768              14778368           84115456         21540864            13        8282112           856        49856                   83032                53568                       88872                    255                 2764033            0                                   21           5625000       75575296     5.1.2600        4993024         133                  41983               

C:\WINDOWS\system32\services.exe                                                                                                                                                                                                                                              PC-FAMILIA  services.exe           C:\WINDOWS\system32\services.exe                                                    900     300                       11718750        1413120                204800                 services.exe           Microsoft Windows XP Professional|C:\WINDOWS|\Device\Harddisk0\Partition1  2056                 39960               1513        1781760        856              4833280            29044736         4149248             9         1781760           900        6960                    24640                8400                        27440                    51                  3616               0                                   16           2343750       22638592     5.1.2600        3592192         86                   10397               

C:\WINDOWS\system32\lsass.exe                                                                                                                                                                                                                                                 PC-FAMILIA  lsass.exe              C:\WINDOWS\system32\lsass.exe                                                       912     361                       3125000         1413120                204800                 lsass.exe              Microsoft Windows XP Professional|C:\WINDOWS|\Device\Harddisk0\Partition1  6921                 85996               3777        4456448        856              4780032            55197696         6852608             9         4456448           912        9048                    51660                12760                       54064                    3161                895342             0                                   22           3906250       53362688     5.1.2600        1413120         2655                 304610              

C:\WINDOWS\system32\svchost -k DcomLaunch                                                                                                                                                                                                                                     PC-FAMILIA  svchost.exe            C:\WINDOWS\system32\svchost.exe                                                     1080    194                       1093750         1413120                204800                 svchost.exe            Microsoft Windows XP Professional|C:\WINDOWS|\Device\Harddisk0\Partition1  672                  33994               1652        3710976        900              24293376           75845632         5644288             8         3710976           1080       6024                    51508                7520                        53240                    117                 439934             0                                   17           937500        74149888     5.1.2600        5591040         12                   668                 

C:\WINDOWS\system32\svchost -k rpcss                                                                                                                                                                                                                                          PC-FAMILIA  svchost.exe            C:\WINDOWS\system32\svchost.exe                                                     1148    260                       1875000         1413120                204800                 svchost.exe            Microsoft Windows XP Professional|C:\WINDOWS|\Device\Harddisk0\Partition1  445                  13254               1317        1835008        900              2994176            50597888         4337664             8         1835008           1148       14088                   48312                15792                       51736                    111                 439536             0                                   11           1562500       46043136     5.1.2600        4333568         6                    300                 

"C:\Arquivos de programas\Microsoft Security Essentials\MsMpEng.exe"                                                                                                                                                                                                          PC-FAMILIA  MsMpEng.exe            C:\Arquivos de programas\Microsoft Security Essentials\MsMpEng.exe                  1244    416                       31875000        1413120                204800                 MsMpEng.exe            Microsoft Windows XP Professional|C:\WINDOWS|\Device\Harddisk0\Partition1  30625                1938296             326915      134909952      900              206868480          351428608        201781248           8         134909952         1244       21640                   59908                25576                       93916                    40212               371792720          0                                   31           326093750     313597952    5.1.2600        60862464        965                  52553902            

C:\WINDOWS\System32\svchost.exe -k netsvcs                                                                                                                                                                                                                                    PC-FAMILIA  svchost.exe            C:\WINDOWS\System32\svchost.exe                                                     1280    1531                      9531250         1413120                204800                 svchost.exe            Microsoft Windows XP Professional|C:\WINDOWS|\Device\Harddisk0\Partition1  19569                530547              14280       18333696       900              23257088           164352000        29462528            8         18333696          1280       66792                   164632               71344                       168512                   11044               31838392           0                                   78           8437500       161189888    5.1.2600        28667904        9879                 27026329            

C:\WINDOWS\system32\svchost.exe -k NetworkService                                                                                                                                                                                                                             PC-FAMILIA  svchost.exe            C:\WINDOWS\system32\svchost.exe                                                     1340    90                        781250          1413120                204800                 svchost.exe            Microsoft Windows XP Professional|C:\WINDOWS|\Device\Harddisk0\Partition1  813                  56525               1476        1478656        900              1740800            50597888         4214784             8         1478656           1340       3960                    42880                7976                        51656                    118                 416857             0                                   6            625000        43520000     5.1.2600        3993600         8                    124                 

C:\WINDOWS\system32\svchost.exe -k LocalService                                                                                                                                                                                                                               PC-FAMILIA  svchost.exe            C:\WINDOWS\system32\svchost.exe                                                     1432    165                       625000          1413120                204800                 svchost.exe            Microsoft Windows XP Professional|C:\WINDOWS|\Device\Harddisk0\Partition1  633                  40037               1120        1527808        900              2707456            50597888         4055040             8         1527808           1432       5192                    46380                8760                        51736                    7                   23056              0                                   11           156250        45449216     5.1.2600        3952640         6                    236                 

C:\WINDOWS\system32\spoolsv.exe                                                                                                                                                                                                                                               PC-FAMILIA  spoolsv.exe            C:\WINDOWS\system32\spoolsv.exe                                                     1644    119                       781250          1413120                204800                 spoolsv.exe            Microsoft Windows XP Professional|C:\WINDOWS|\Device\Harddisk0\Partition1  370                  4344                2087        4001792        900              7045120            64356352         6451200             8         4001792           1644       5152                    56092                7728                        60956                    5                   22936              0                                   11           781250        59523072     5.1.2600        5910528         4                    156                 

C:\WINDOWS\system32\svchost.exe -k LocalService                                                                                                                                                                                                                               PC-FAMILIA  svchost.exe            C:\WINDOWS\system32\svchost.exe                                                     1840    106                       468750          1413120                204800                 svchost.exe            Microsoft Windows XP Professional|C:\WINDOWS|\Device\Harddisk0\Partition1  268                  4602                969         1298432        900              1347584            50597888         3813376             8         1298432           1840       3248                    46224                3648                        51656                    15                  782                0                                   4            156250        46231552     5.1.2600        3796992         13                   796                 

"C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf"                                                                                                                                                PC-FAMILIA  jqs.exe                C:\Arquivos de programas\Java\jre6\bin\jqs.exe                                      1896    274                       21562500        1413120                1413120                jqs.exe                Microsoft Windows XP Professional|C:\WINDOWS|\Device\Harddisk0\Partition1  46112                326846              168357      10166272       900              10756096           100544512        27189248            4         10166272          1896       38664                   56472                41872                       72896                    7719                252888310          0                                   10           5625000       82714624     5.1.2600        1429504         33                   86271               

C:\WINDOWS\System32\svchost.exe -k HPZ12                                                                                                                                                                                                                                      PC-FAMILIA  svchost.exe            C:\WINDOWS\System32\svchost.exe                                                     1920    62                        312500          1413120                204800                 svchost.exe            Microsoft Windows XP Professional|C:\WINDOWS|\Device\Harddisk0\Partition1  110                  2282                760         1032192        900              1032192            50597888         2981888             8         1032192           1920       2680                    38328                3160                        51656                    3                   126                0                                   2            156250        36581376     5.1.2600        2981888         3                    84                  

C:\WINDOWS\System32\svchost.exe -k HPZ12                                                                                                                                                                                                                                      PC-FAMILIA  svchost.exe            C:\WINDOWS\System32\svchost.exe                                                     1952    58                        468750          1413120                204800                 svchost.exe            Microsoft Windows XP Professional|C:\WINDOWS|\Device\Harddisk0\Partition1  110                  2282                753         1024000        900              1024000            50597888         2953216             8         1024000           1952       2520                    38128                3000                        51656                    3                   126                0                                   2            468750        36589568     5.1.2600        2953216         3                    84                  

C:\WINDOWS\system32\svchost.exe -k imgsvc                                                                                                                                                                                                                                     PC-FAMILIA  svchost.exe            C:\WINDOWS\system32\svchost.exe                                                     2016    130                       156250          1413120                204800                 svchost.exe            Microsoft Windows XP Professional|C:\WINDOWS|\Device\Harddisk0\Partition1  181                  2828                1293        3092480        900              3092480            50597888         4939776             8         3092480           2016       3920                    49084                5240                        51656                    8                   23202              0                                   7            625000        49070080     5.1.2600        4939776         11                   608                 

C:\WINDOWS\system32\wdfmgr.exe                                                                                                                                                                                                                                                PC-FAMILIA  wdfmgr.exe             C:\WINDOWS\system32\wdfmgr.exe                                                      184     64                        156250          1413120                204800                 wdfmgr.exe             Microsoft Windows XP Professional|C:\WINDOWS|\Device\Harddisk0\Partition1  75                   3160                588         2121728        900              2154496            17584128         2396160             8         2121728           184        1800                    17560                2160                        17680                    6                   276                0                                   4            156250        17059840     5.1.2600        2379776         6                    172                 

C:\WINDOWS\System32\alg.exe                                                                                                                                                                                                                                                   PC-FAMILIA  alg.exe                C:\WINDOWS\System32\alg.exe                                                         2124    107                       625000          1413120                204800                 alg.exe                Microsoft Windows XP Professional|C:\WINDOWS|\Device\Harddisk0\Partition1  157                  3106                929         1187840        900              2396160            51126272         3653632             8         1187840           2124       5168                    45852                5904                        52172                    5                   22940              0                                   6            468750        43606016     5.1.2600        3653632         4                    156                 

"C:\Arquivos de programas\Microsoft Security Essentials\msseces.exe" -hide -runkey                                                                                                                                                                                            PC-FAMILIA  msseces.exe            C:\Arquivos de programas\Microsoft Security Essentials\msseces.exe                  2712    202                       937500          1413120                204800                 msseces.exe            Microsoft Windows XP Professional|C:\WINDOWS|\Device\Harddisk0\Partition1  981                  28244               2743        5083136        1104             5181440            65249280         8527872             8         5083136           2712       5760                    62300                7024                        64556                    195                 422576             0                                   10           1562500       61206528     5.1.2600        8527872         93                   14680               

"C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe"                                                                                                                                                                                                                     PC-FAMILIA  UnlockerAssistant.exe  C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe                             2732    27                        0              1413120                204800                 UnlockerAssistant.exe  Microsoft Windows XP Professional|C:\WINDOWS|\Device\Harddisk0\Partition1  88                   366                 613         618496         1104             618496             48672768         2379776             8         618496            2732       1920                    36944                2400                        49840                    0                   0                  0                                   1            156250        35368960     5.1.2600        2379776         0                    0                   

"C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"                                                                                                                                                                                                            PC-FAMILIA  RocketDock.exe         C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe                    2772    180                       7812500         1413120                204800                 RocketDock.exe         Microsoft Windows XP Professional|C:\WINDOWS|\Device\Harddisk0\Partition1  1712                 26948               32244       4767744        1104             5623808            101830656        10485760            8         4767744           2772       3920                    56888                6176                        95388                    237                 816144             0                                   4            11093750      63131648     5.1.2600        10153984        7                    8495                

"C:\WINDOWS\system32\ctfmon.exe"                                                                                                                                                                                                                                              PC-FAMILIA  ctfmon.exe             C:\WINDOWS\system32\ctfmon.exe                                                      2780    71                        156250          1413120                204800                 ctfmon.exe             Microsoft Windows XP Professional|C:\WINDOWS|\Device\Harddisk0\Partition1  152                  316                 944         995328         1104             995328             53800960         3411968             8         995328            2780       3720                    41852                4040                        54784                    0                   0                  0                                   1            312500        39489536     5.1.2600        3411968         0                    0                   

C:\WINDOWS\system32\wbem\wmiapsrv.exe                                                                                                                                                                                                                                         PC-FAMILIA  wmiapsrv.exe           C:\WINDOWS\system32\wbem\wmiapsrv.exe                                               2792    147                       468750          1413120                204800                 wmiapsrv.exe           Microsoft Windows XP Professional|C:\WINDOWS|\Device\Harddisk0\Partition1  1937                 167974              1172        1380352        900              3543040            52101120         4628480             8         1380352           2792       3800                    46900                4928                        52100                    8                   23206              0                                   3            625000        46882816     5.1.2600        4616192         9                    546                 

dummy.exe /resident /hidetray /autovaccinate /agreelicense                                                                                                                                                                                                                    PC-FAMILIA  USBVaccine.exe         C:\Arquivos de programas\Panda USB Vaccine\USBVaccine.exe                           3184    67                        2031250         1413120                204800                 USBVaccine.exe         Microsoft Windows XP Professional|C:\WINDOWS|\Device\Harddisk0\Partition1  544                  107404              19533       3842048        1304             3883008            56979456         4030464             8         3842048           3184       2640                    47240                5672                        57952                    31                  23809              0                                   1            312500        49086464     5.1.2600        643072          1                    72                  

"C:\Arquivos de programas\Opera\opera.exe"                                                                                                                                                                                                                                    PC-FAMILIA  opera.exe              C:\Arquivos de programas\Opera\opera.exe                                            2548    300                       50156250        1413120                204800                 opera.exe              Microsoft Windows XP Professional|C:\WINDOWS|\Device\Harddisk0\Partition1  11574                687833              63639       94699520       2772             95350784           223145984        84697088            8         94699520          2548       12112                   98692                17280                       107264                   22660               72899922           0                                   10           123437500     213573632    5.1.2600        17207296        5320                 6171431             

C:\WINDOWS\explorer.exe                                                                                                                                                                                                                                                       PC-FAMILIA  explorer.exe           C:\WINDOWS\explorer.exe                                                             3668    429                       26875000        1413120                204800                 explorer.exe           Microsoft Windows XP Professional|C:\WINDOWS|\Device\Harddisk0\Partition1  58744                23972624            15441       22683648       856              24567808           154488832        32264192            8         22683648          3668       15320                   129484               21272                       150464                   723                 8628922            0                                   15           9062500       134889472    5.1.2600        30531584        26                   2595                

cmd /c ""C:\Documents and Settings\Jonathan\Desktop\USB\USBscanlist.bat" "                                                                                                                                                                                                    PC-FAMILIA  cmd.exe                C:\WINDOWS\system32\cmd.exe                                                         3028    22                        2656250         1413120                204800                 cmd.exe                Microsoft Windows XP Professional|C:\WINDOWS|\Device\Harddisk0\Partition1  6595                 197498              1019        1613824        3004             1630208            15970304         1941504             8         1613824           3028       1480                    16420                2208                        17960                    704                 3148019            0                                   1            1093750       14393344     5.1.2600        1875968         334                  13417               

C:\WINDOWS\system32\wbem\wmiprvse.exe                                                                                                                                                                                                                                         PC-FAMILIA  wmiprvse.exe           C:\WINDOWS\system32\wbem\wmiprvse.exe                                               3240    144                       1093750         1413120                204800                 wmiprvse.exe           Microsoft Windows XP Professional|C:\WINDOWS|\Device\Harddisk0\Partition1  622                  109326              1571        2711552        1080             3788800            53927936         6180864             8         2711552           3240       4904                    51904                5352                        53884                    14                  50146              0                                   7            312500        52137984     5.1.2600        6180864         13                   1070                

WMIC Process list                                                                                                                                                                                                                                                             PC-FAMILIA  wmic.exe               C:\WINDOWS\System32\Wbem\wmic.exe                                                   2288    178                       625000          1413120                204800                 wmic.exe               Microsoft Windows XP Professional|C:\WINDOWS|\Device\Harddisk0\Partition1  724                  128203              2158        2170880        3028             3432448            63795200         7573504             8         2170880           2288       5760                    57336                5760                        57336                    10                  63328              0                                   5            468750        63795200     5.1.2600        7065600         5                    388                 





###################################



 

##########(Explorer\MountPoints2)##########

((HKEY_CURRENT_USER\SOFTWARE...\Explorer\MountPoints2))



 REG.EXE VERSION 3.0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\A

BaseClass	REG_SZ	Drive

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C

BaseClass	REG_SZ	Drive

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D

BaseClass	REG_SZ	Drive

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E

BaseClass	REG_SZ	Drive

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F

BaseClass	REG_SZ	Drive

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G

BaseClass	REG_SZ	Drive

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H

BaseClass	REG_SZ	Drive

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I

BaseClass	REG_SZ	Drive

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J

BaseClass	REG_SZ	Drive

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K

BaseClass	REG_SZ	Drive

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{988d3555-2856-11df-ba33-001d6085af4b}

BaseClass	REG_SZ	Drive

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d975813a-161c-11df-96de-806d6172696f}

BaseClass	REG_SZ	Drive

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d975813b-161c-11df-96de-806d6172696f}

BaseClass	REG_SZ	Drive

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d975813c-161c-11df-96de-806d6172696f}

BaseClass	REG_SZ	Drive

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d975813d-161c-11df-96de-806d6172696f}

BaseClass	REG_SZ	Drive

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d975813e-161c-11df-96de-806d6172696f}

BaseClass	REG_SZ	Drive

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d975813f-161c-11df-96de-806d6172696f}

BaseClass	REG_SZ	Drive

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9758140-161c-11df-96de-806d6172696f}

BaseClass	REG_SZ	Drive

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9758142-161c-11df-96de-806d6172696f}

BaseClass	REG_SZ	Drive

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9758144-161c-11df-96de-806d6172696f}

BaseClass	REG_SZ	Drive

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{988d3555-2856-11df-ba33-001d6085af4b}

Data	REG_BINARY	000000005C005C003F005C00530043005300490023004300640052006F006D002600560065006E005F0045004C00420059002600500072006F0064005F0043004C004F004E0045004400520049005600450026005200650076005F0031002E0034002300310026003200610066006400370064003600310026003100260030003000300023007B00350033006600350036003300300064002D0062003600620066002D0031003100640030002D0039003400660032002D003000300061003000630039003100650066006200380062007D0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005C005C003F005C0056006F006C0075006D0065007B00390038003800640033003500350035002D0032003800350036002D0031003100640066002D0062006100330033002D003000300031006400360030003800350061006600340062007D005C00000049006E00760061006C00690064000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000049006E00760061006C006900640000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000001000000013000000BDADDBBABDADDBBABDADDBBABDADDBBABDADDBBA0000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0000

Generation	REG_DWORD	0x2

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{d975813a-161c-11df-96de-806d6172696f}

Data	REG_BINARY	000000005C005C003F005C004600440043002300470045004E0045005200490043005F0046004C004F005000500059005F004400520049005600450023003500260032003200630032003500370039003600260030002600300023007B00350033006600350036003300300064002D0062003600620066002D0031003100640030002D0039003400660032002D003000300061003000630039003100650066006200380062007D0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005C005C003F005C0056006F006C0075006D0065007B00640039003700350038003100330061002D0031003600310063002D0031003100640066002D0039003600640065002D003800300036006400360031003700320036003900360066007D005C00000049006E00760061006C00690064000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000049006E00760061006C006900640000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000001100000BDADDBBABDADDBBABDADDBBABDADDBBABDADDBBA0000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0000

Generation	REG_DWORD	0x2

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{d975813b-161c-11df-96de-806d6172696f}

Data	REG_BINARY	000000005C005C003F005C0049004400450023004300640052006F006D00540053005300540063006F00720070005F0043004400230044005600440057005F00530048002D00530031003800320044005F005F005F005F005F005F005F005F005F005F005F005F005F005F005F0053004200300036005F005F005F005F002300350026003200300066003200390031003500660026003000260030002E0031002E00300023007B00350033006600350036003300300064002D0062003600620066002D0031003100640030002D0039003400660032002D003000300061003000630039003100650066006200380062007D000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005C005C003F005C0056006F006C0075006D0065007B00640039003700350038003100330062002D0031003600310063002D0031003100640066002D0039003600640065002D003800300036006400360031003700320036003900360066007D005C00000049006E00760061006C00690064000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000049006E00760061006C0069006400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000010000000FF010000BDADDBBABDADDBBABDADDBBABDADDBBABDADDBBA0000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0000

Generation	REG_DWORD	0x2

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{d975813c-161c-11df-96de-806d6172696f}

Data	REG_BINARY	000000005C005C003F005C00530054004F0052004100470045002300520065006D006F007600610062006C0065004D0065006400690061002300370026003300330033003100370064006100330026003000260052004D0023007B00350033006600350036003300300064002D0062003600620066002D0031003100640030002D0039003400660032002D003000300061003000630039003100650066006200380062007D00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005C005C003F005C0056006F006C0075006D0065007B00640039003700350038003100330063002D0031003600310063002D0031003100640066002D0039003600640065002D003800300036006400360031003700320036003900360066007D005C00000049006E00760061006C00690064000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000049006E00760061006C006900640000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000400000001900000BDADDBBABDADDBBABDADDBBABDADDBBABDADDBBA0000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0000

Generation	REG_DWORD	0x2

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{d975813d-161c-11df-96de-806d6172696f}

Data	REG_BINARY	000000005C005C003F005C00530054004F0052004100470045002300520065006D006F007600610062006C0065004D0065006400690061002300370026003200630038003800390036003700380026003000260052004D0023007B00350033006600350036003300300064002D0062003600620066002D0031003100640030002D0039003400660032002D003000300061003000630039003100650066006200380062007D00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005C005C003F005C0056006F006C0075006D0065007B00640039003700350038003100330064002D0031003600310063002D0031003100640066002D0039003600640065002D003800300036006400360031003700320036003900360066007D005C00000049006E00760061006C00690064000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000049006E00760061006C006900640000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000400000001900000BDADDBBABDADDBBABDADDBBABDADDBBABDADDBBA0000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0000

Generation	REG_DWORD	0x2

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{d975813e-161c-11df-96de-806d6172696f}

Data	REG_BINARY	000000005C005C003F005C00530054004F0052004100470045002300520065006D006F007600610062006C0065004D0065006400690061002300370026003200630034003000630038003200340026003000260052004D0023007B00350033006600350036003300300064002D0062003600620066002D0031003100640030002D0039003400660032002D003000300061003000630039003100650066006200380062007D00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005C005C003F005C0056006F006C0075006D0065007B00640039003700350038003100330065002D0031003600310063002D0031003100640066002D0039003600640065002D003800300036006400360031003700320036003900360066007D005C00000049006E00760061006C00690064000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000049006E00760061006C006900640000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000400000001900000BDADDBBABDADDBBABDADDBBABDADDBBABDADDBBA0000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0000

Generation	REG_DWORD	0x2

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{d975813f-161c-11df-96de-806d6172696f}

Data	REG_BINARY	000000005C005C003F005C00530054004F0052004100470045002300520065006D006F007600610062006C0065004D0065006400690061002300370026003200360065006200630061003800610026003000260052004D0023007B00350033006600350036003300300064002D0062003600620066002D0031003100640030002D0039003400660032002D003000300061003000630039003100650066006200380062007D00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005C005C003F005C0056006F006C0075006D0065007B00640039003700350038003100330066002D0031003600310063002D0031003100640066002D0039003600640065002D003800300036006400360031003700320036003900360066007D005C00000049006E00760061006C00690064000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000049006E00760061006C006900640000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000400000001900000BDADDBBABDADDBBABDADDBBABDADDBBABDADDBBA0000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0000

Generation	REG_DWORD	0x2

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{d9758140-161c-11df-96de-806d6172696f}

Data	REG_BINARY	360B00005C005C003F005C00530054004F0052004100470045002300520065006D006F007600610062006C0065004D0065006400690061002300370026003100330065003900370037006100340026003000260052004D0023007B00350033006600350036003300300064002D0062003600620066002D0031003100640030002D0039003400660032002D003000300061003000630039003100650066006200380062007D00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005C005C003F005C0056006F006C0075006D0065007B00640039003700350038003100340030002D0031003600310063002D0031003100640066002D0039003600640065002D003800300036006400360031003700320036003900360066007D005C0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

Generation	REG_DWORD	0x1

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{d9758142-161c-11df-96de-806d6172696f}

Data	REG_BINARY	000000005C005C003F005C00530054004F005200410047004500230056006F006C0075006D006500230031002600330030006100390036003500390038002600300026005300690067006E0061007400750072006500390030004300440039003000430044004F006600660073006500740035003800300030004C0065006E00670074006800310032004100310045003000350038003000300023007B00350033006600350036003300300064002D0062003600620066002D0031003100640030002D0039003400660032002D003000300061003000630039003100650066006200380062007D00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005C005C003F005C0056006F006C0075006D0065007B00640039003700350038003100340032002D0031003600310063002D0031003100640066002D0039003600640065002D003800300036006400360031003700320036003900360066007D005C0000005300610074006100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004E0054004600530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000800000001100000FF000700FF000000160000005398E25C000000000000003000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0000

Generation	REG_DWORD	0x2

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{d9758144-161c-11df-96de-806d6172696f}

Data	REG_BINARY	000000005C005C003F005C00530054004F005200410047004500230056006F006C0075006D006500230031002600330030006100390036003500390038002600300026005300690067006E0061007400750072006500420034003600370034004200420038004F006600660073006500740037004500300030004C0065006E0067007400680039003500300041003500380032003000300023007B00350033006600350036003300300064002D0062003600620066002D0031003100640030002D0039003400660032002D003000300061003000630039003100650066006200380062007D000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005C005C003F005C0056006F006C0075006D0065007B00640039003700350038003100340034002D0031003600310063002D0031003100640066002D0039003600640065002D003800300036006400360031003700320036003900360066007D005C0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004E0054004600530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000800000001100000FF000700FF00000016000000F686D1BC000000000000003000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0000

Generation	REG_DWORD	0x2





###################################



##########(Arquivos na Quarentena)##########

 O volume na unidade C não tem nome.

 O número de série do volume é BCD1-86F6



 Pasta de C:\Quarentena



19/03/2010  20:52    <DIR>          .

19/03/2010  20:52    <DIR>          ..

               0 arquivo(s)              0 bytes

               2 pasta(s) 12.100.415.488 bytes disponíveis



##########(Fim)##########
brando lee
brando lee Zerinho Registrado
2.4K Mensagens 97 Curtidas
#7 Por brando lee
19/03/2010 - 21:42
Desinstalar o AD-Remover:
Execute o programa.
E clique em (Uninstal)

******************************************

Desinstalar o Combofix:
1)Copia os comandos abaixo;
Combofix /uninstall
2) clique no menu (Iniciar)->(Executar) cole o comando e clique em (ok).


**********************************************
O relatório do USBScanlist, esta limpo!
E delete o USBScanlist.exe e sua pasta USB que esta no seu desktop.

E novo log do hijackthis, para finalizar..
Ficarei um tempo ausente no Fórum, muito Ocupado, coisas mais importante pra fazer "Trabalho".


Removendo vírus pelo bloco de notas!


xpodrex
xpodrex Novo Membro Registrado
74 Mensagens 0 Curtidas
#8 Por xpodrex
19/03/2010 - 21:55
apos desinstalar todos os programas...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:53:51, on 19/3/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Arquivos de programas\Panda USB Vaccine\USBVaccine.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Jonathan\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [MSSE] "C:\Arquivos de programas\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Publicar em Blogue - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Publicar no Blogue no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265812971578
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{03A6E565-EC38-4C0D-BD16-08C0857FA9DC}: NameServer = 200.204.0.10 200.204.0.138
O17 - HKLM\System\CS2\Services\Tcpip\..\{03A6E565-EC38-4C0D-BD16-08C0857FA9DC}: NameServer = 200.204.0.10 200.204.0.138
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

--
End of file - 5403 bytes
brando lee
brando lee Zerinho Registrado
2.4K Mensagens 97 Curtidas
#9 Por brando lee
19/03/2010 - 22:01
Só fixa essa entrada abaixo pelo hijack, marcando uma seta
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
E depois clique em (Fix checked).

O resto esta limpo!!

Até um abraço..
Ficarei um tempo ausente no Fórum, muito Ocupado, coisas mais importante pra fazer "Trabalho".


Removendo vírus pelo bloco de notas!


xpodrex
xpodrex Novo Membro Registrado
74 Mensagens 0 Curtidas
#10 Por xpodrex
20/03/2010 - 13:58
depois de feito tudo aqui vai o ultimo log do hijackthis...

flo fera vlw mesmo hein... abraços...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:57:34, on 20/3/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Microsoft Security Essentials\msseces.exe
C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Panda USB Vaccine\USBVaccine.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Arquivos de programas\Winamp\winamp.exe
C:\Arquivos de programas\Opera\opera.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\WinRAR\WinRAR.exe
C:\DOCUME~1\Jonathan\CONFIG~1\Temp\Rar$EX00.765\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [MSSE] "C:\Arquivos de programas\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Publicar em Blogue - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Publicar no Blogue no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265812971578
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{03A6E565-EC38-4C0D-BD16-08C0857FA9DC}: NameServer = 200.204.0.10 200.204.0.138
O17 - HKLM\System\CS2\Services\Tcpip\..\{03A6E565-EC38-4C0D-BD16-08C0857FA9DC}: NameServer = 200.204.0.10 200.204.0.138
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

--
End of file - 5554 bytes
© 1999-2024 Hardware.com.br. Todos os direitos reservados.
Imagem do Modal