Javascript Disabled Detected

Você está atualmente com o javascript desabilitado. Diversas funções não funcionarão. Habilite o javascript para ter acesso à todas as funcionalidades.

PC com virus

Criado por lilica99, Jul 08 2012 01:10 PM

virus

Faça login para responder

18 respostas neste tópico

#1 lilica99

Participante
44 mensagens

Publicado 08 July 2012 - 01:10 PM

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:00:58, on 8/7/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17110)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\vsnpstd.exe
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\Arquivos de programas\Yuna Software\Messenger Plus!\PlusService.exe
C:\Arquivos de programas\iTunes\iTunesHelper.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\WINDOWS\system32\avastw.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\jrss.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\msngr.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Alisson\Meus documentos\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo....19&affID=17159
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {79E44F87-6A0A-413A-A21E-EDBAEBD79089} - C:\WINDOWS\system32\avastw.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PlusService] C:\Arquivos de programas\Yuna Software\Messenger Plus!\PlusService.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Arquivos de programas\Arquivos comuns\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MessengerPlusForSkypeService] "C:\Arquivos de programas\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ALISSONLIMA] C:\WINDOWS\system32\avastw.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Alisson\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [jrss.exe] C:\WINDOWS\system32\jrss.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [NeroHomeFirstStart] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMFirstStart.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: msngr.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zon...S.cab109791.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail....ol/MSNPUpld.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Upgrade Service (AntiVirUpgradeService) - Unknown owner - C:\DOCUME~1\Alisson\CONFIG~1\Temp\AVSETUP_4a0e1906\basic\avupgsvc.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Gerenciador do Google Desktop 5.9.906.4286 (GoogleDesktopManager-060409-093314) - Google - C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Messenger Plus! Service (MsgPlusService) - Yuna Software - C:\Arquivos de programas\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

--

Ir para o topo

#2 XERLOUCO ROUMS

Malwares Expert

Analista
6828 mensagens

Publicado 08 July 2012 - 02:04 PM

Olá lilica99, não entendi o que não pode acessar.

Baixe o Malwarebytes' Anti-Malware (MBAM) neste link ou neste aqui.
Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.

Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.
Se houver atualizações a serem feitas, serão baixadas e instaladas.
Ao final da atualização, com o programa aberto, marque Verificação Rápida e clique no botão Verificar.
Começará então o exame. Aguarde, pois pode demorar.
Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.
Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.
Ao final da desinfecção, abrirá o Bloco de notas com um log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do programa.
Selecione, copie e cole todo o conteúdo deste log na sua próxima resposta, juntamente com um novo log do HijackThis.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

Ir para o topo

#3 lilica99

Participante
44 mensagens

Publicado 08 July 2012 - 03:44 PM

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:42:06, on 8/7/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17110)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\vsnpstd.exe
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\Arquivos de programas\Yuna Software\Messenger Plus!\PlusService.exe
C:\Arquivos de programas\iTunes\iTunesHelper.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\WINDOWS\system32\avastw.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\jrss.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\msngr.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\iPod\bin\iPodService.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Alisson\Meus documentos\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo....19&affID=17159
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {79E44F87-6A0A-413A-A21E-EDBAEBD79089} - C:\WINDOWS\system32\avastw.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PlusService] C:\Arquivos de programas\Yuna Software\Messenger Plus!\PlusService.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Arquivos de programas\Arquivos comuns\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MessengerPlusForSkypeService] "C:\Arquivos de programas\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ALISSONLIMA] C:\WINDOWS\system32\avastw.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Alisson\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [jrss.exe] C:\WINDOWS\system32\jrss.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [NeroHomeFirstStart] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMFirstStart.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: msngr.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zon...S.cab109791.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail....ol/MSNPUpld.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Upgrade Service (AntiVirUpgradeService) - Unknown owner - C:\DOCUME~1\Alisson\CONFIG~1\Temp\AVSETUP_4a0e1906\basic\avupgsvc.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Gerenciador do Google Desktop 5.9.906.4286 (GoogleDesktopManager-060409-093314) - Google - C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Messenger Plus! Service (MsgPlusService) - Yuna Software - C:\Arquivos de programas\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 12379 bytes

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Versão da Base de Dados: v2012.07.08.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Alisson :: ALISSONLIMA [administrador]

8/7/2012 14:35:57
mbam-log-2012-07-08 (14-35-57).txt

Tipo de Verificação: Verificação Rápida
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados: 335606
Tempo decorrido: 56 minuto(s), 56 segundo(s)

Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 3
HKCR\CLSID\{79E44F87-6A0A-413A-A21E-EDBAEBD79089} (Trojan.Banker) -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{79E44F87-6A0A-413A-A21E-EDBAEBD79089} (Trojan.Banker) -> Enviado para a Quarentena e deletado com sucesso.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{79E44F87-6A0A-413A-A21E-EDBAEBD79089} (Trojan.Banker) -> Enviado para a Quarentena e deletado com sucesso.

Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)

Arquivos Detectados: 1
C:\WINDOWS\system32\avastw.dll (Trojan.Banker) -> Enviado para a Quarentena e deletado com sucesso.

(fim)

Ir para o topo

#4 lilica99

Participante
44 mensagens

Publicado 08 July 2012 - 05:57 PM

nao consigo acessar nenhuma pasta nem documentos painel de controle meu computador nada no meu PC so internet se eu clikar em qualquer outra coisa ele trava ai tenho de reiniciar

Editado por lilica99, 08 July 2012 - 05:59 PM.
''

Ir para o topo

#5 XERLOUCO ROUMS

Malwares Expert

Analista
6828 mensagens

Publicado 10 July 2012 - 11:26 PM

O log mostra que está infectada por um trojan banker e as páginas de bancos que acessar provavelmente serão falsas. Este trojan captura senhas e as envia para um cracker. Sugiro que você não acesse nenhum site de bancos ou compras online, até concluirmos a limpeza e que também entre em contato com seu banco e/ou financeiras e comunique o ocorrido.

No final de tudo, troque todas as senhas armazenadas neste computador, inclusive de e-mail, MSN, Orkut, etc. Baixe:

BankerFix

OTS.exe

Salve os dois na área de trabalho. Desative o seu anti vírus temporariamente, para não haver conflitos.

Dê dois cliques no bankerfix.exe para executá-lo.
Clique em OK na primeira e na segunda vez que aparecerem caixas de mensagem. Se você estiver executando o BankerFix pela segunda vez, ele irá pedir para verificar por uma atualização. Diga que Sim e depois clique em OK.

Quando ele executar, aparecerá uma tela preta pedindo para que aperte qualquer tecla. Tecle Enter e espere ele terminar. Pode levar algum tempo.
Ao terminar, leia a mensagem na tela e aperte Enter novamente.

Atenção: não rode o BankerFix mais de uma vez, pois isso sobrescreverá o resultado e não se saberá se a remoção foi bem-sucedida.

Depois execute o OTS.exe. Marque estas opções:

Scan All Users
Company Name / Skip Microsoft

Na seção Additional Scans:

Clique no botão "Extras".

Marque a caixa:

Reg - NetSvcs

Copie o texto em negrito abaixo e cole na sessão Custom Scans

%SYSTEMDRIVE%\*.*
%systemdrive%\drivers\*.exe
%systemroot%\system32\drivers\*.* /90
%PROGRAMFILES%\*.*
%userprofile%\configurações locais\dados de aplicativos\*.exe
%userprofile%\configurações locais\dados de aplicativos\*.txt
%userprofile%\configurações locais\dados de aplicativos\*.ini
%userprofile%\configurações locais\dados de aplicativos\*.dat /30
%userprofile%\configurações locais\dados de aplicativos\*.dll
%userprofile%\*.exe
%userprofile%\*.txt
%userprofile%\*.ini
%userprofile%\*.dat /30
%userprofile%\*.dll
%userprofile%\dados de aplicativos\*.*
%windir%\tasks\*.*
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT
HKCU\Software\sistemanet

Clique no botão Run Scan

Aguarde enquanto a ferramenta examina seu PC. Quando terminar, o bloco de notas será aberto, com algumas informações.
Feche o bloco de notas e também o OTS.exe
O log ficou salvo na mesma pasta onde está o OTS.exe (ou seja, na sua área de trabalho), com o nome OTS.txt.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta + o conteúdo do relatorio.txt do BankerFix que encontrará em C:\LinhaDefensiva\

Ir para o topo

#6 lilica99

Participante
44 mensagens

Publicado 11 July 2012 - 07:18 PM

xerlouco roums consegui fazer tudo como pedido mas agora nao consigo acessar relatorio.txt do banker.fix quando tento trava meu PC dai tenho que reiniciar e quando tento de novo nao consigo sera que tem
alguns jeito de acessar ou nao.nem icone meu computador nao consigo acessar.
agora ots.txt ta aki salvo o que faço obrigado aguardo resposta....

Editado por lilica99, 11 July 2012 - 07:20 PM.
''

Ir para o topo

#7 lilica99

Participante
44 mensagens

Publicado 11 July 2012 - 10:36 PM


OTS logfile created on: 11/7/2012 00:28:06 - Run 1

OTS by OldTimer - Version 3.1.47.2	 Folder = C:\Documents and Settings\Alisson\Meus documentos\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

 

735,00 Mb Total Physical Memory | 194,00 Mb Available Physical Memory | 26,00% Memory free

2,00 Gb Paging File | 1,00 Gb Available in Paging File | 68,00% Paging File free

Paging file location(s): C:\pagefile.sys 850 1440 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 74,50 Gb Total Space | 7,44 Gb Free Space | 9,98% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: ALISSONLIMA

Current User Name: Alisson

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: On

File Age = 30 Days

 

[Processes - Safe List]

ots.exe -> C:\Documents and Settings\Alisson\Meus documentos\Downloads\OTS.exe -> [2012/07/11 00:17:07 | 000,646,656 | ---- | M] (OldTimer Tools)

avastui.exe -> C:\Arquivos de programas\AVAST Software\Avast\AvastUI.exe -> [2012/07/03 13:21:30 | 004,273,976 | ---- | M] (AVAST Software)

avastsvc.exe -> C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe -> [2012/07/03 13:21:29 | 000,044,808 | ---- | M] (AVAST Software)

firefox.exe -> C:\Arquivos de programas\Mozilla Firefox\firefox.exe -> [2012/06/19 18:30:48 | 000,913,888 | ---- | M] (Mozilla Corporation)

plusservice.exe -> C:\Arquivos de programas\Yuna Software\Messenger Plus!\PlusService.exe -> [2012/02/07 11:21:25 | 000,801,792 | ---- | M] (Yuna Software)

msgplusforskypeservice.exe -> C:\Arquivos de programas\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe -> [2012/01/22 15:39:49 | 000,124,832 | ---- | M] (Yuna Software)

jusched.exe -> C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe -> [2012/01/18 13:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.)

applemobiledeviceservice.exe -> C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe -> [2011/10/24 20:32:00 | 000,055,144 | ---- | M] (Apple Inc.)

realsched.exe -> C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe -> [2010/02/17 14:05:40 | 000,198,160 | ---- | M] (RealNetworks, Inc.)

explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:21:00 | 001,035,776 | ---- | M] (Microsoft Corporation)

nmbgmonitor.exe -> C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe -> [2006/11/16 19:04:20 | 000,139,264 | ---- | M] (Nero AG)

nmindexstoresvr.exe -> C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe -> [2006/11/16 18:58:32 | 000,884,736 | ---- | M] (Nero AG)

soundman.exe -> C:\WINDOWS\soundman.exe -> [2006/03/01 05:22:04 | 000,577,536 | R--- | M] (Realtek Semiconductor Corp.)

vttimer.exe -> C:\WINDOWS\system32\VTTimer.exe -> [2005/03/07 16:33:28 | 000,053,248 | R--- | M] (S3 Graphics, Inc.)

slserv.exe -> C:\WINDOWS\system32\slserv.exe -> [2004/08/25 01:12:14 | 000,057,344 | ---- | M] ( )

vsnpstd.exe -> C:\WINDOWS\vsnpstd.exe -> [2004/06/10 13:48:04 | 000,286,720 | ---- | M] ()

 

[Modules - No Company Name]

algo.dll -> C:\Arquivos de programas\AVAST Software\Avast\defs\12071001\algo.dll -> [2012/07/10 16:07:45 | 001,781,760 | ---- | M] ()

npswf32_11_3_300_262.dll -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll -> [2012/06/22 23:36:22 | 009,459,912 | ---- | M] ()

mozjs.dll -> C:\Arquivos de programas\Mozilla Firefox\mozjs.dll -> [2012/06/19 18:30:47 | 002,042,848 | ---- | M] ()

system.web.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll -> [2012/06/13 23:21:56 | 011,817,472 | ---- | M] ()

system.windows.forms.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll -> [2012/06/13 23:19:46 | 012,433,920 | ---- | M] ()

system.drawing.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll -> [2012/06/13 23:19:18 | 001,592,320 | ---- | M] ()

system.web.services.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\e70343406253e43964f9fe1f42cfbd7c\System.Web.Services.ni.dll -> [2012/06/13 23:11:04 | 001,840,640 | ---- | M] ()

system.configuration.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll -> [2012/05/09 20:32:06 | 000,971,264 | ---- | M] ()

system.xml.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll -> [2012/05/09 20:05:21 | 005,450,752 | ---- | M] ()

system.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll -> [2012/05/09 19:58:55 | 007,953,408 | ---- | M] ()

mscorlib.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll -> [2012/05/09 19:58:00 | 011,492,352 | ---- | M] ()

zlib1.dll -> C:\Arquivos de programas\Arquivos comuns\Apple\Apple Application Support\zlib1.dll -> [2011/09/27 06:23:00 | 000,087,912 | ---- | M] ()

libxml2.dll -> C:\Arquivos de programas\Arquivos comuns\Apple\Apple Application Support\libxml2.dll -> [2011/09/27 06:22:40 | 001,242,472 | ---- | M] ()

messengerdiscovery3.xmlserializers.dll -> C:\Arquivos de programas\Windows Live\Messenger\MessengerDiscovery3.XmlSerializers.dll -> [2011/08/20 00:58:54 | 000,081,920 | ---- | M] ()

messengerdiscovery3core.dll -> C:\Arquivos de programas\Windows Live\Messenger\MessengerDiscovery3Core.dll -> [2011/08/07 21:41:58 | 000,587,264 | ---- | M] ()

winmm.dll -> C:\Arquivos de programas\Windows Live\Messenger\winmm.dll -> [2011/08/07 21:41:10 | 000,082,944 | ---- | M] ()

detour32.dll -> C:\Arquivos de programas\Yuna Software\Messenger Plus!\Detour32.dll -> [2011/08/07 13:54:16 | 000,004,096 | ---- | M] ()

msdmo.dll -> C:\WINDOWS\system32\msdmo.dll -> [2008/04/13 19:20:34 | 000,014,336 | ---- | M] ()

vsnpstd.exe -> C:\WINDOWS\vsnpstd.exe -> [2004/06/10 13:48:04 | 000,286,720 | ---- | M] ()

lxbkpp5c.dll -> C:\WINDOWS\system32\spool\prtprocs\w32x86\LXBKPP5C.DLL -> [2003/07/29 06:27:40 | 000,078,336 | ---- | M] ()

 

[Win32 Services - Safe List]

(AppMgmt) Gerenciamento de aplicativo [On_Demand | Stopped] ->  -> File not found

(AntiVirUpgradeService) Avira Upgrade Service [Auto | Stopped] ->  -> File not found

(avast! antivírus) avast! antivírus [Auto | Running] -> C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe -> [2012/07/03 13:21:29 | 000,044,808 | ---- | M] (AVAST Software)

(AdobeFlashPlayerUpdateSvc) Adobe Flash Player Update Service [On_Demand | Stopped] -> C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -> [2012/06/22 23:36:29 | 000,250,056 | ---- | M] (Adobe Systems Incorporated)

(MozillaMaintenance) Mozilla Maintenance Service [On_Demand | Stopped] -> C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe -> [2012/06/19 18:30:48 | 000,113,120 | ---- | M] (Mozilla Foundation)

(MsgPlusService) Messenger Plus! Service [Auto | Running] -> C:\Arquivos de programas\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe -> [2012/01/22 15:39:49 | 000,124,832 | ---- | M] (Yuna Software)

(Apple Mobile Device) Apple Mobile Device [Auto | Running] -> C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe -> [2011/10/24 20:32:00 | 000,055,144 | ---- | M] (Apple Inc.)

(odserv) Microsoft Office Diagnostics Service [On_Demand | Stopped] -> C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE -> [2011/07/20 04:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation)

(FLEXnet Licensing Service) FLEXnet Licensing Service [On_Demand | Stopped] -> C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2008/08/30 17:14:15 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.)

(AresChatServer) Ares Chatroom server [On_Demand | Stopped] -> C:\Arquivos de programas\Ares\chatServer.exe -> [2007/03/19 22:19:14 | 000,263,168 | ---- | M] (Ares Development Group)

(WinDefend) Windows Defender [Auto | Stopped] -> C:\Arquivos de programas\Windows Defender\MsMpEng.exe -> [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation)

(ose) Office Source Engine [On_Demand | Stopped] -> C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -> [2006/10/26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation)

(SLService) SmartLinkService [Auto | Running] -> C:\WINDOWS\System32\slserv.exe -> [2004/08/25 01:12:14 | 000,057,344 | ---- | M] ( )

 

[Driver Services - Safe List]

(aswTdi) avast! Network Shield Support [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\aswTdi.sys -> [2012/07/03 13:21:54 | 000,054,232 | ---- | M] (AVAST Software)

(aswSnx) aswSnx [File_System | System | Running] -> C:\WINDOWS\System32\drivers\aswSnx.sys -> [2012/07/03 13:21:53 | 000,721,000 | ---- | M] (AVAST Software)

(aswSP) aswSP [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\aswSP.sys -> [2012/07/03 13:21:53 | 000,353,688 | ---- | M] (AVAST Software)

(aswMon2) aswMon2 [File_System | Auto | Running] -> C:\WINDOWS\System32\drivers\aswmon2.sys -> [2012/07/03 13:21:53 | 000,097,608 | ---- | M] (AVAST Software)

(AswRdr) AswRdr [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\aswRdr.sys -> [2012/07/03 13:21:53 | 000,035,928 | ---- | M] (AVAST Software)

(aswFsBlk) aswFsBlk [File_System | Auto | Running] -> C:\WINDOWS\System32\drivers\aswFsBlk.sys -> [2012/07/03 13:21:53 | 000,021,256 | ---- | M] (AVAST Software)

(Aavmker4) avast! Asynchronous Virus Monitor [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\aavmker4.sys -> [2012/07/03 13:21:52 | 000,025,256 | ---- | M] (AVAST Software)

(usbsermpt) Motorola USB Modem Driver for MPT [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\usbsermpt.sys -> [2009/11/02 19:39:25 | 000,022,768 | ---- | M] (Microsoft Corporation)

(motmodem) Motorola USB CDC ACM Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\motmodem.sys -> [2007/02/27 14:31:28 | 000,021,504 | ---- | M] (Motorola)

(speedfan) speedfan [Kernel | Boot | Running] -> C:\WINDOWS\system32\speedfan.sys -> [2006/09/24 10:28:47 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider)

(ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\alcxwdm.sys -> [2006/03/31 03:38:48 | 003,960,896 | R--- | M] (Realtek Semiconductor Corp.)

(xfilt) VIA SATA IDE Hot-plug Driver [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\xfilt.sys -> [2006/02/23 00:39:06 | 000,011,264 | R--- | M] (VIA Technologies,Inc)

(videX32) videX32 [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\videX32.sys -> [2006/02/23 00:38:32 | 000,009,728 | R--- | M] (VIA Technologies, Inc.)

(snpstd) LG Webpro_Camera [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\snpstd.sys -> [2004/11/19 18:46:46 | 000,367,488 | ---- | M] ()

(Slntamr) NetoDragon AMR_PCI Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\slntamr.sys -> [2004/08/25 00:51:26 | 000,650,632 | ---- | M] ( )

(RecAgent) RecAgent [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\RecAgent.sys -> [2004/08/25 00:43:18 | 000,014,520 | ---- | M] ( )

(Mtlmnt5) Mtlmnt5 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\mtlmnt5.sys -> [2004/08/25 00:40:28 | 000,229,720 | ---- | M] ( )

(SlNtHal) SlNtHal [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\slnthal.sys -> [2004/08/25 00:35:14 | 000,100,240 | ---- | M] ( )

(Mtlstrm) Mtlstrm [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\mtlstrm.sys -> [2004/08/25 00:33:32 | 001,395,376 | ---- | M] ( )

(SlWdmSup) SlWdmSup [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\slwdmsup.sys -> [2004/08/25 00:24:14 | 000,013,216 | ---- | M] ( )

(giveio) giveio [Kernel | Boot | Running] -> C:\WINDOWS\system32\giveio.sys -> [1996/04/03 16:33:26 | 000,005,248 | ---- | M] ()

 

[Registry - Safe List]

< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->

HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->

< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->

HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->

< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->

HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->

< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->

HKEY_USERS\S-1-5-19\: "ProxyEnable" -> 0 ->

< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->

HKEY_USERS\S-1-5-20\: "ProxyEnable" -> 0 ->

< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1220945662-838170752-682003330-1006\] > -> ->

HKEY_USERS\S-1-5-21-1220945662-838170752-682003330-1006\: Main\\"Default_Search_URL" -> http://www.google.com/ie ->

HKEY_USERS\S-1-5-21-1220945662-838170752-682003330-1006\: Main\\"Start Page" -> http://search.babylon.com/?babsrc=HP_ss&mntrId=881228e80000000000000016eccd3b24&tlver=1.4.19.19&affID=17159 ->

HKEY_USERS\S-1-5-21-1220945662-838170752-682003330-1006\: SearchURL\\"" -> http://www.google.com/search?q=%s ->

HKEY_USERS\S-1-5-21-1220945662-838170752-682003330-1006\: "ProxyEnable" -> 0 ->

HKEY_USERS\S-1-5-21-1220945662-838170752-682003330-1006\: "ProxyOverride" -> *.local ->

< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Alisson\Dados de aplicativos\Mozilla\FireFox\Profiles\3935z4lk.default\prefs.js ->

browser.search.suggest.enabled -> false ->

browser.startup.homepage -> "http://www.google.com.br/" ->

extensions.enabledItems -> jqs@sun.com:1.0 ->

extensions.enabledItems -> {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 ->

extensions.enabledItems -> {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 ->

extensions.enabledItems -> {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 ->

extensions.enabledItems -> {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 ->

extensions.enabledItems -> {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 ->

extensions.enabledItems -> {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27 ->

extensions.enabledItems -> {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 ->

keyword.URL -> "http://search.babylon.com/?babsrc=SP_ss&mntrId=881228e80000000000000016eccd3b24&tlver=1.4.19.19&instlRef=sst&affID=17159&q=" ->

< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla

HKLM\software\mozilla\Firefox\extensions ->  ->

HKLM\software\mozilla\Firefox\extensions\\wrc@avast.com -> C:\Arquivos de programas\AVAST Software\Avast\WebRep\FF [C:\ARQUIVOS DE PROGRAMAS\AVAST SOFTWARE\AVAST\WEBREP\FF] -> [2012/07/10 19:48:26 | 000,000,000 | ---D | M]

HKLM\software\mozilla\Mozilla Firefox 13.0.1\extensions ->  ->

HKLM\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components -> C:\Arquivos de programas\Mozilla Firefox\components [C:\ARQUIVOS DE PROGRAMAS\MOZILLA FIREFOX\COMPONENTS] -> [2012/06/19 18:30:49 | 000,000,000 | ---D | M]

HKLM\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins -> C:\Arquivos de programas\Mozilla Firefox\plugins [C:\ARQUIVOS DE PROGRAMAS\MOZILLA FIREFOX\PLUGINS] -> [2012/06/23 17:55:48 | 000,000,000 | ---D | M]

< FireFox Extensions [User Folders] > ->

  -> C:\Documents and Settings\Alisson\Dados de aplicativos\Mozilla\Extensions -> [2008/08/06 23:59:55 | 000,000,000 | ---D | M]

  -> C:\Documents and Settings\Alisson\Dados de aplicativos\Mozilla\Firefox\Profiles\3935z4lk.default\extensions -> [2012/05/05 17:22:49 | 000,000,000 | ---D | M]

< FireFox SearchPlugins [User Folders] > ->

< FireFox Extensions [Program Folders] > ->

  -> C:\Arquivos de programas\Mozilla Firefox\extensions -> [2012/06/23 17:55:51 | 000,000,000 | ---D | M]

Java Console   -> C:\Arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} -> [2012/06/23 17:55:52 | 000,000,000 | ---D | M]

Java Quick Starter -> C:\ARQUIVOS DE PROGRAMAS\JAVA\JRE6\LIB\DEPLOY\JQS\FF -> [2012/06/23 17:55:24 | 000,000,000 | ---D | M]

< HOSTS File > ([2012/07/11 00:20:29 | 000,000,027 | ---- | M] - 2 lines) -> C:\WINDOWS\system32\drivers\etc\hosts ->

Reset Hosts

127.0.0.1	   localhost

< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->

{3049C3E9-B461-4BC5-8870-4C09146192CA} [HKLM] -> C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] -> [2010/02/17 14:07:25 | 000,329,312 | ---- | M] (RealPlayer)

{5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Arquivos de programas\Java\jre6\bin\ssv.dll [Java™ Plug-In SSV Helper] -> [2012/06/23 17:55:22 | 000,329,480 | ---- | M] (Sun Microsystems, Inc.)

{79E44F87-6A0A-413A-A21E-EDBAEBD79089} [HKLM] -> C:\WINDOWS\system32\avastw.dll [] -> [2012/07/09 21:16:25 | 001,256,764 | ---- | M] ()

{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} [HKLM] -> C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll [avast! WebRep] -> [2012/07/03 13:21:25 | 001,160,792 | ---- | M] (AVAST Software)

{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Auxiliar de Conexão do Windows Live] -> [2009/02/17 16:11:04 | 000,408,440 | ---- | M] (Microsoft Corporation)

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll [Google Toolbar Notifier BHO] -> [2012/01/11 20:48:02 | 001,003,576 | ---- | M] (Google Inc.)

< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->

"{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}" [HKLM] -> C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll [avast! WebRep] -> [2012/07/03 13:21:25 | 001,160,792 | ---- | M] (AVAST Software)

< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1220945662-838170752-682003330-1006\] > -> HKEY_USERS\S-1-5-21-1220945662-838170752-682003330-1006\Software\Microsoft\Internet Explorer\Toolbar\ ->

WebBrowser\\"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->

"APSDaemon" -> C:\Arquivos de programas\Arquivos comuns\Apple\Apple Application Support\APSDaemon.exe ["C:\Arquivos de programas\Arquivos comuns\Apple\Apple Application Support\APSDaemon.exe"] -> [2011/11/01 22:25:58 | 000,059,240 | ---- | M] (Apple Inc.)

"avast" -> C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe ["C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe" /nogui] -> [2012/07/03 13:21:30 | 004,273,976 | ---- | M] (AVAST Software)

"LanguageShortcut" -> C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe ["C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"] -> [2006/12/05 22:55:32 | 000,054,832 | ---- | M] ()

"MessengerPlusForSkypeService" -> C:\Arquivos de programas\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe ["C:\Arquivos de programas\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe"] -> [2012/01/22 15:39:49 | 000,124,832 | ---- | M] (Yuna Software)

"PlusService" -> C:\Arquivos de programas\Yuna Software\Messenger Plus!\PlusService.exe [C:\Arquivos de programas\Yuna Software\Messenger Plus!\PlusService.exe] -> [2012/02/07 11:21:25 | 000,801,792 | ---- | M] (Yuna Software)

"snpstd" -> C:\WINDOWS\vsnpstd.exe [C:\WINDOWS\vsnpstd.exe] -> [2004/06/10 13:48:04 | 000,286,720 | ---- | M] ()

"SoundMan" -> C:\WINDOWS\soundman.exe [SOUNDMAN.EXE] -> [2006/03/01 05:22:04 | 000,577,536 | R--- | M] (Realtek Semiconductor Corp.)

"SunJavaUpdateSched" -> C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe ["C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"] -> [2012/01/18 13:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.)

"TkBellExe" -> C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe ["C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe"  -osboot] -> [2010/02/17 14:05:40 | 000,198,160 | ---- | M] (RealNetworks, Inc.)

"VTTimer" -> C:\WINDOWS\System32\VTTimer.exe [VTTimer.exe] -> [2005/03/07 16:33:28 | 000,053,248 | R--- | M] (S3 Graphics, Inc.)

< RunOnce [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->

"NeroHomeFirstStart" -> C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMFirstStart.exe [C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMFirstStart.exe] -> [2006/11/16 18:43:16 | 000,010,752 | ---- | M] (Nero AG)

< Run [HKEY_USERS\S-1-5-21-1220945662-838170752-682003330-1006\] > -> HKEY_USERS\S-1-5-21-1220945662-838170752-682003330-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" -> C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe ["C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"] -> [2006/11/16 19:04:20 | 000,139,264 | ---- | M] (Nero AG)

"jrss.exe" -> C:\WINDOWS\system32\jrss.exe [C:\WINDOWS\system32\jrss.exe] -> [2012/07/06 08:48:42 | 000,591,310 | ---- | M] ()

< Alisson Startup Folder > -> C:\Documents and Settings\Alisson\Menu Iniciar\Programas\Inicializar ->

< All Users Startup Folder > -> C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar ->

< Allexialima Startup Folder > -> C:\Documents and Settings\Allexialima\Menu Iniciar\Programas\Inicializar ->

< Alline Startup Folder > -> C:\Documents and Settings\Alline\Menu Iniciar\Programas\Inicializar ->

< Default User Startup Folder > -> C:\Documents and Settings\Default User\Menu Iniciar\Programas\Inicializar ->

< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer ->

< Software Policy Settings [HKEY_USERS\S-1-5-21-1220945662-838170752-682003330-1006] > -> HKEY_USERS\S-1-5-21-1220945662-838170752-682003330-1006\SOFTWARE\Policies\Microsoft\Internet Explorer ->

< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

\\"NoDriveAutoRun" ->  [67108863] -> File not found

\\"NoDriveTypeAutoRun" ->  [323] -> File not found

\\"HonorAutoRunSetting" ->  [1] -> File not found

< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System

\\"EnableLUA" ->  [0] -> File not found

< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

\\"NoDriveTypeAutoRun" ->  [323] -> File not found

\\"NoDriveAutoRun" ->  [67108863] -> File not found

< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->

< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

\\"NoDriveTypeAutoRun" ->  [323] -> File not found

\\"NoDriveAutoRun" ->  [67108863] -> File not found

< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->

< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->

HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

\\"NoDriveTypeAutoRun" ->  [145] -> File not found

< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->

HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

\\"NoDriveTypeAutoRun" ->  [145] -> File not found

< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1220945662-838170752-682003330-1006] > -> HKEY_USERS\S-1-5-21-1220945662-838170752-682003330-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->

HKEY_USERS\S-1-5-21-1220945662-838170752-682003330-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

\\"NoDriveTypeAutoRun" ->  [323] -> File not found

\\"NoDriveAutoRun" ->  [67108863] -> File not found

< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1220945662-838170752-682003330-1006] > -> HKEY_USERS\S-1-5-21-1220945662-838170752-682003330-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->

< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\ ->

Add to Google Photos Screensa&ver -> C:\WINDOWS\System32\GPhotos.scr [res://C:\WINDOWS\system32\GPhotos.scr/200] -> [2011/04/13 19:40:10 | 004,284,416 | ---- | M] (Google Inc.)

< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\ ->

Add to Google Photos Screensa&ver -> C:\WINDOWS\System32\GPhotos.scr [res://C:\WINDOWS\system32\GPhotos.scr/200] -> [2011/04/13 19:40:10 | 004,284,416 | ---- | M] (Google Inc.)

< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-1220945662-838170752-682003330-1006\] > -> HKEY_USERS\S-1-5-21-1220945662-838170752-682003330-1006\Software\Microsoft\Internet Explorer\MenuExt\ ->

Add to Google Photos Screensa&ver -> C:\WINDOWS\System32\GPhotos.scr [res://C:\WINDOWS\system32\GPhotos.scr/200] -> [2011/04/13 19:40:10 | 004,284,416 | ---- | M] (Google Inc.)

< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->

{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] ->  [Button: Messenger] -> File not found

{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] ->  [Menu: Windows Messenger] -> File not found

< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ ->

CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] ->  [Messenger] -> File not found

< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ ->

CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] ->  [Messenger] -> File not found

< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1220945662-838170752-682003330-1006\] > -> HKEY_USERS\S-1-5-21-1220945662-838170752-682003330-1006\Software\Microsoft\Internet Explorer\Extensions\ ->

CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] ->  [Messenger] -> File not found

< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->

< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix

"" -> http://

< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->

< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->

< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->

< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->

< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->

< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->

< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->

HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->

< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->

HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->

< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->

HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->

< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->

HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->

< Trusted Sites Domains [HKEY_USERS\S-1-5-21-1220945662-838170752-682003330-1006\] > -> HKEY_USERS\S-1-5-21-1220945662-838170752-682003330-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->

HKEY_USERS\S-1-5-21-1220945662-838170752-682003330-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->

  .[msn] -> My Computer ->

< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1220945662-838170752-682003330-1006\] > -> HKEY_USERS\S-1-5-21-1220945662-838170752-682003330-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->

HKEY_USERS\S-1-5-21-1220945662-838170752-682003330-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->

< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->

{17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab [Windows Genuine Advantage Validation Tool] ->

{20A60F0D-9AFA-4515-A0FD-83BD84642501} [HKLM] -> http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab [Checkers Class] ->

{4A85DBE0-BFB2-4119-8401-186A7C6EB653} [HKLM] -> http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/mjss/MJSS.cab109791.cab [] ->

{4F1E5B1A-2A80-42CA-8532-2D05CB959537} [HKLM] -> http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab [MSN Photo Upload Tool] ->

{5C051655-FCD5-4969-9182-770EA5AA5565} [HKLM] -> http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab [Solitaire Showdown Class] ->

{5D6F45B3-9043-443D-A792-115447494D24} [HKLM] -> http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab [UnoCtrl Class] ->

{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab [Java Plug-in 1.6.0_33] ->

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab [Reg Error: Key error.] ->

{B8BE5E93-A60C-4D26-A2DC-220313175592} [HKLM] -> http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab [MSN Games - Installer] ->

{C3F79A2B-B9B4-4A66-B012-3EE46475B072} [HKLM] -> http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab [MessengerStatsClient Class] ->

{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab [Reg Error: Key error.] ->

{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Reg Error: Key error.] ->

{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab [Java Plug-in 1.6.0_20] ->

{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab [Java Plug-in 1.6.0_33] ->

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab [Java Plug-in 1.6.0_33] ->

{E77F23EB-E7AB-4502-8F37-247DBAF1A147} [HKLM] -> http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab [Windows Live Hotmail Photo Upload Tool] ->

{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} [HKLM] -> http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab [Minesweeper Flags Class] ->

DirectAnimation Java Classes [HKLM] -> file://C:\WINDOWS\Java\classes\dajava.cab [Reg Error: Key error.] ->

Microsoft XML Parser for Java [HKLM] -> file://C:\WINDOWS\Java\classes\xmldso.cab [Reg Error: Key error.] ->

< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->

DhcpNameServer -> 189.7.24.15 189.7.24.16 ->

< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->

{20577700-194C-4F2A-A44B-57B7F9F92C90}\\DhcpNameServer -> 189.7.24.15 189.7.24.16   (VIA Rhine II Fast Ethernet Adapter) ->

< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->

*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->

Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:21:00 | 001,035,776 | ---- | M] (Microsoft Corporation)

*MultiFile Done* -> ->

*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->

C:\WINDOWS\system32\userinit.exe -> C:\WINDOWS\system32\userinit.exe -> [2008/04/13 19:21:22 | 000,026,112 | ---- | M] (Microsoft Corporation)

*MultiFile Done* -> ->

< Winlogon settings [HKEY_USERS\S-1-5-21-1220945662-838170752-682003330-1006] > -> HKEY_USERS\S-1-5-21-1220945662-838170752-682003330-1006\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->

*Shell* -> HKEY_USERS\S-1-5-21-1220945662-838170752-682003330-1006\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->

Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:21:00 | 001,035,776 | ---- | M] (Microsoft Corporation)

*MultiFile Done* -> ->

< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->

"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" [HKLM] -> C:\Arquivos de programas\Windows Defender\MpShHook.dll [Microsoft AntiMalware ShellExecuteHook] -> [2006/11/03 19:20:00 | 000,083,224 | ---- | M] (Microsoft Corporation)

< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->

< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->

"C:\Arquivos de programas\Ares\Ares.exe" -> C:\Arquivos de programas\Ares\Ares.exe [C:\Arquivos de programas\Ares\Ares.exe:*:Disabled:Ares p2p for windows] -> [2008/02/20 11:33:48 | 000,963,072 | ---- | M] (Ares Development Group)

"C:\Arquivos de programas\Arquivos comuns\Apple\Apple Application Support\WebKit2WebProcess.exe" -> C:\Arquivos de programas\Arquivos comuns\Apple\Apple Application Support\WebKit2WebProcess.exe [C:\Arquivos de programas\Arquivos comuns\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit] -> [2011/11/01 22:26:24 | 000,014,184 | ---- | M] (Apple Inc.)

"C:\Arquivos de programas\LimeWire\LimeWire.exe" ->  [C:\Arquivos de programas\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> File not found

< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->

< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->

"AutoRun" -> 1 ->

"DisplayName" -> Driver de CD-ROM ->

"ImagePath" ->  [System32\DRIVERS\cdrom.sys] -> File not found

< Drives with AutoRun files > ->  ->

C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2008/08/05 12:00:02 | 000,000,000 | ---- | M] ()

< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->

< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->

comfile [open] -> "%1" %* ->

exefile [open] -> "%1" %* ->

< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->

.com [@ = ComFile] -> "%1" %* ->

.exe [@ = exefile] -> "%1" %* ->

 

[Registry - Additional Scans - Safe List]

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->

*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->

6to4 ->  -> File not found

AppMgmt ->  -> File not found

Ias ->  -> File not found

Iprip ->  -> File not found

Irmon ->  -> File not found

NWCWorkstation ->  -> File not found

Nwsapagent ->  -> File not found

WmdmPmSp ->  -> File not found

*MultiFile Done* -> ->

 

[Files/Folders - Created Within 30 Days]

 LastGood -> C:\WINDOWS\LastGood -> [2012/07/11 00:26:15 | 000,000,000 | ---D | C]

 LinhaDefensiva -> C:\LinhaDefensiva -> [2012/07/11 00:17:28 | 000,000,000 | ---D | C]

 avast! Free antivírus -> C:\Documents and Settings\All Users\Menu Iniciar\Programas\avast! Free antivírus -> [2012/07/10 19:50:25 | 000,000,000 | ---D | C]

 aswFsBlk.sys -> C:\WINDOWS\System32\drivers\aswFsBlk.sys -> [2012/07/10 19:50:24 | 000,021,256 | ---- | C] (AVAST Software)

 aswSP.sys -> C:\WINDOWS\System32\drivers\aswSP.sys -> [2012/07/10 19:50:23 | 000,353,688 | ---- | C] (AVAST Software)

 aswRdr.sys -> C:\WINDOWS\System32\drivers\aswRdr.sys -> [2012/07/10 19:50:18 | 000,035,928 | ---- | C] (AVAST Software)

 aswTdi.sys -> C:\WINDOWS\System32\drivers\aswTdi.sys -> [2012/07/10 19:50:17 | 000,054,232 | ---- | C] (AVAST Software)

 aswSnx.sys -> C:\WINDOWS\System32\drivers\aswSnx.sys -> [2012/07/10 19:50:11 | 000,721,000 | ---- | C] (AVAST Software)

 aswmon2.sys -> C:\WINDOWS\System32\drivers\aswmon2.sys -> [2012/07/10 19:50:04 | 000,097,608 | ---- | C] (AVAST Software)

 aswmon.sys -> C:\WINDOWS\System32\drivers\aswmon.sys -> [2012/07/10 19:50:04 | 000,089,624 | ---- | C] (AVAST Software)

 aavmker4.sys -> C:\WINDOWS\System32\drivers\aavmker4.sys -> [2012/07/10 19:50:02 | 000,025,256 | ---- | C] (AVAST Software)

 avastSS.scr -> C:\WINDOWS\avastSS.scr -> [2012/07/10 19:48:08 | 000,041,224 | ---- | C] (AVAST Software)

 aswBoot.exe -> C:\WINDOWS\System32\aswBoot.exe -> [2012/07/10 19:48:06 | 000,227,648 | ---- | C] (AVAST Software)

 AVAST Software -> C:\Documents and Settings\All Users\Dados de aplicativos\AVAST Software -> [2012/07/10 19:45:48 | 000,000,000 | ---D | C]

 AVAST Software -> C:\Arquivos de programas\AVAST Software -> [2012/07/10 19:45:48 | 000,000,000 | ---D | C]

 Recent -> C:\Documents and Settings\Alisson\Recent -> [2012/07/06 23:14:56 | 000,000,000 | RH-D | C]

 Help -> C:\Documents and Settings\Alisson\Dados de aplicativos\Help -> [2012/06/24 20:22:36 | 000,000,000 | ---D | C]

 Help -> C:\Documents and Settings\Alisson\Configurações locais\Dados de aplicativos\Help -> [2012/06/24 20:22:36 | 000,000,000 | ---D | C]

 npdeployJava1.dll -> C:\WINDOWS\System32\npdeployJava1.dll -> [2012/06/23 17:55:48 | 000,476,936 | ---- | C] (Sun Microsystems, Inc.)

 javaws.exe -> C:\WINDOWS\System32\javaws.exe -> [2012/06/23 17:55:48 | 000,157,448 | ---- | C] (Sun Microsystems, Inc.)

 javaw.exe -> C:\WINDOWS\System32\javaw.exe -> [2012/06/23 17:55:48 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.)

 java.exe -> C:\WINDOWS\System32\java.exe -> [2012/06/23 17:55:48 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.)

 5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->

 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->

 1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp ->

 

[Files/Folders - Modified Within 30 Days]

 GoogleUpdateTaskUserS-1-5-21-1220945662-838170752-682003330-1005UA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-838170752-682003330-1005UA.job -> [2012/07/11 00:31:00 | 000,001,192 | ---- | M] ()

 GoogleUpdateTaskMachineUA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job -> [2012/07/11 00:18:01 | 000,001,072 | ---- | M] ()

 avast! Emergency Update.job -> C:\WINDOWS\tasks\avast! Emergency Update.job -> [2012/07/11 00:07:30 | 000,000,334 | -H-- | M] ()

 GoogleUpdateTaskMachineCore.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job -> [2012/07/11 00:06:56 | 000,001,068 | ---- | M] ()

 bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2012/07/11 00:06:43 | 000,002,048 | --S- | M] ()

 Adobe Flash Player Updater.job -> C:\WINDOWS\tasks\Adobe Flash Player Updater.job -> [2012/07/10 21:36:00 | 000,000,902 | ---- | M] ()

 GoogleUpdateTaskUserS-1-5-21-1220945662-838170752-682003330-1006Core.job -> C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-838170752-682003330-1006Core.job -> [2012/07/10 21:33:03 | 000,001,124 | ---- | M] ()

 GoogleUpdateTaskUserS-1-5-21-1220945662-838170752-682003330-1006UA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-838170752-682003330-1006UA.job -> [2012/07/10 21:33:00 | 000,001,176 | ---- | M] ()

 MP Scheduled Scan.job -> C:\WINDOWS\tasks\MP Scheduled Scan.job -> [2012/07/10 21:00:07 | 000,000,346 | -H-- | M] ()

 avast! Free antivírus.lnk -> C:\Documents and Settings\All Users\Desktop\avast! Free antivírus.lnk -> [2012/07/10 19:50:25 | 000,001,767 | ---- | M] ()

 CONFIG.NT -> C:\WINDOWS\System32\CONFIG.NT -> [2012/07/10 19:50:06 | 000,003,017 | ---- | M] ()

 avastw.dll -> C:\WINDOWS\System32\avastw.dll -> [2012/07/09 21:16:25 | 001,256,764 | ---- | M] ()

 AppleSoftwareUpdate.job -> C:\WINDOWS\tasks\AppleSoftwareUpdate.job -> [2012/07/09 20:30:43 | 000,000,300 | ---- | M] ()

 wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2012/07/09 18:55:35 | 000,013,646 | ---- | M] ()

 GoogleUpdateTaskUserS-1-5-21-1220945662-838170752-682003330-1005Core.job -> C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-838170752-682003330-1005Core.job -> [2012/07/08 22:31:00 | 000,001,140 | ---- | M] ()

 Google Software Updater.job -> C:\WINDOWS\tasks\Google Software Updater.job -> [2012/07/08 14:48:03 | 000,000,932 | ---- | M] ()

 log -> C:\WINDOWS\log -> [2012/07/06 08:49:22 | 000,000,033 | ---- | M] ()

 jrss.exe -> C:\WINDOWS\System32\jrss.exe -> [2012/07/06 08:48:42 | 000,591,310 | ---- | M] ()

 aswTdi.sys -> C:\WINDOWS\System32\drivers\aswTdi.sys -> [2012/07/03 13:21:54 | 000,054,232 | ---- | M] (AVAST Software)

 aswSnx.sys -> C:\WINDOWS\System32\drivers\aswSnx.sys -> [2012/07/03 13:21:53 | 000,721,000 | ---- | M] (AVAST Software)

 aswSP.sys -> C:\WINDOWS\System32\drivers\aswSP.sys -> [2012/07/03 13:21:53 | 000,353,688 | ---- | M] (AVAST Software)

 aswmon2.sys -> C:\WINDOWS\System32\drivers\aswmon2.sys -> [2012/07/03 13:21:53 | 000,097,608 | ---- | M] (AVAST Software)

 aswmon.sys -> C:\WINDOWS\System32\drivers\aswmon.sys -> [2012/07/03 13:21:53 | 000,089,624 | ---- | M] (AVAST Software)

 aswRdr.sys -> C:\WINDOWS\System32\drivers\aswRdr.sys -> [2012/07/03 13:21:53 | 000,035,928 | ---- | M] (AVAST Software)

 aswFsBlk.sys -> C:\WINDOWS\System32\drivers\aswFsBlk.sys -> [2012/07/03 13:21:53 | 000,021,256 | ---- | M] (AVAST Software)

 aavmker4.sys -> C:\WINDOWS\System32\drivers\aavmker4.sys -> [2012/07/03 13:21:52 | 000,025,256 | ---- | M] (AVAST Software)

 avastSS.scr -> C:\WINDOWS\avastSS.scr -> [2012/07/03 13:21:32 | 000,041,224 | ---- | M] (AVAST Software)

 aswBoot.exe -> C:\WINDOWS\System32\aswBoot.exe -> [2012/07/03 13:21:28 | 000,227,648 | ---- | M] (AVAST Software)

 Programa da Multifuncional Lexmark X1100 Series.lnk -> C:\Documents and Settings\All Users\Desktop\Programa da Multifuncional Lexmark X1100 Series.lnk -> [2012/06/24 20:25:05 | 000,000,832 | ---- | M] ()

 Image 100.jpg -> C:\Documents and Settings\Alisson\Desktop\Image 100.jpg -> [2012/06/23 19:05:47 | 000,004,275 | ---- | M] ()

 javaws.exe -> C:\WINDOWS\System32\javaws.exe -> [2012/06/23 17:55:22 | 000,157,448 | ---- | M] (Sun Microsystems, Inc.)

 javaw.exe -> C:\WINDOWS\System32\javaw.exe -> [2012/06/23 17:55:22 | 000,149,256 | ---- | M] (Sun Microsystems, Inc.)

 npdeployJava1.dll -> C:\WINDOWS\System32\npdeployJava1.dll -> [2012/06/23 17:55:21 | 000,476,936 | ---- | M] (Sun Microsystems, Inc.)

 deployJava1.dll -> C:\WINDOWS\System32\deployJava1.dll -> [2012/06/23 17:55:21 | 000,472,840 | ---- | M] (Sun Microsystems, Inc.)

 java.exe -> C:\WINDOWS\System32\java.exe -> [2012/06/23 17:55:21 | 000,149,256 | ---- | M] (Sun Microsystems, Inc.)

 javacpl.cpl -> C:\WINDOWS\System32\javacpl.cpl -> [2012/06/23 17:55:21 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.)

 FlashPlayerApp.exe -> C:\WINDOWS\System32\FlashPlayerApp.exe -> [2012/06/22 23:36:24 | 000,426,184 | ---- | M] (Adobe Systems Incorporated)

 FlashPlayerCPLApp.cpl -> C:\WINDOWS\System32\FlashPlayerCPLApp.cpl -> [2012/06/22 23:36:23 | 000,070,344 | ---- | M] (Adobe Systems Incorporated)

 FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2012/06/14 00:05:37 | 001,565,744 | ---- | M] ()

 perfh016.dat -> C:\WINDOWS\System32\perfh016.dat -> [2012/06/13 23:15:55 | 000,471,450 | ---- | M] ()

 perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2012/06/13 23:15:55 | 000,435,688 | ---- | M] ()

 perfc016.dat -> C:\WINDOWS\System32\perfc016.dat -> [2012/06/13 23:15:55 | 000,080,408 | ---- | M] ()

 perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2012/06/13 23:15:55 | 000,068,584 | ---- | M] ()

 5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->

 32 C:\Documents and Settings\Alisson\Configurações locais\temp\*.tmp files -> C:\Documents and Settings\Alisson\Configurações locais\temp\*.tmp ->

 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->

 1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp ->

 

[Files - No Company Name]

 avast! Free antivírus.lnk -> C:\Documents and Settings\All Users\Desktop\avast! Free antivírus.lnk -> [2012/07/10 19:50:25 | 000,001,767 | ---- | C] ()

 avast! Emergency Update.job -> C:\WINDOWS\tasks\avast! Emergency Update.job -> [2012/07/10 19:50:08 | 000,000,334 | -H-- | C] ()

 avastw.dll -> C:\WINDOWS\System32\avastw.dll -> [2012/07/09 21:16:17 | 001,256,764 | ---- | C] ()

 log -> C:\WINDOWS\log -> [2012/07/06 08:49:22 | 000,000,033 | ---- | C] ()

 jrss.exe -> C:\WINDOWS\System32\jrss.exe -> [2012/07/06 00:16:52 | 000,591,310 | ---- | C] ()

 Programa da Multifuncional Lexmark X1100 Series.lnk -> C:\Documents and Settings\All Users\Desktop\Programa da Multifuncional Lexmark X1100 Series.lnk -> [2012/06/24 20:25:05 | 000,000,832 | ---- | C] ()

 Image 100.jpg -> C:\Documents and Settings\Alisson\Desktop\Image 100.jpg -> [2012/06/23 19:05:46 | 000,004,275 | ---- | C] ()

 iacenc.dll -> C:\WINDOWS\System32\iacenc.dll -> [2012/02/16 12:13:55 | 000,003,072 | ---- | C] ()

 gb_catchme.exe -> C:\WINDOWS\System32\gb_catchme.exe -> [2012/01/15 19:50:55 | 000,147,456 | ---- | C] ()

 fundomsn.jpg -> C:\Arquivos de programas\fundomsn.jpg -> [2011/11/11 21:03:43 | 000,040,020 | ---- | C] ()

 fundolog.jpg -> C:\Arquivos de programas\fundolog.jpg -> [2011/11/11 21:03:43 | 000,021,516 | ---- | C] ()

 fundobar.jpg -> C:\Arquivos de programas\fundobar.jpg -> [2011/11/11 21:03:43 | 000,010,942 | ---- | C] ()

 fundocor.jpg -> C:\Arquivos de programas\fundocor.jpg -> [2011/11/11 21:03:43 | 000,010,858 | ---- | C] ()

 picUser.gif -> C:\Arquivos de programas\picUser.gif -> [2011/11/11 21:03:43 | 000,006,796 | ---- | C] ()

 espaco.gif -> C:\Arquivos de programas\espaco.gif -> [2011/11/11 21:03:43 | 000,000,052 | ---- | C] ()

 mlfcache.dat -> C:\WINDOWS\System32\mlfcache.dat -> [2011/09/03 17:37:24 | 000,056,432 | -H-- | C] ()

[Custom Scans]

< %SYSTEMDRIVE%\*.* >

 AUTOEXEC.BAT -> C:\AUTOEXEC.BAT -> [2008/08/05 12:00:02 | 000,000,000 | ---- | M] ()

 Boot.bak -> C:\Boot.bak -> [2010/01/31 09:59:01 | 000,000,211 | ---- | M] ()

 boot.ini -> C:\boot.ini -> [2006/08/30 01:25:32 | 000,000,327 | RHS- | M] ()

 Bootfont.bin -> C:\Bootfont.bin -> [2002/09/11 09:00:00 | 000,004,952 | RHS- | M] ()

 cmldr -> C:\cmldr -> [2004/08/03 23:00:02 | 000,261,920 | RHS- | M] ()

 ComboFix.txt -> C:\ComboFix.txt -> [2006/08/30 02:50:19 | 000,025,065 | ---- | M] ()

 CONFIG.SYS -> C:\CONFIG.SYS -> [2008/08/05 12:00:02 | 000,000,000 | ---- | M] ()

 DBS.TXT -> C:\DBS.TXT -> [2009/05/05 18:47:39 | 000,000,000 | ---- | M] ()

 debug.log -> C:\debug.log -> [2009/10/16 23:41:06 | 000,071,128 | ---- | M] ()

 img1-001.raw -> C:\img1-001.raw -> [2010/08/29 23:27:00 | 000,230,424 | ---- | M] ()

 img1-002.raw -> C:\img1-002.raw -> [2010/06/29 19:55:50 | 000,152,088 | ---- | M] ()

 img1-011.raw -> C:\img1-011.raw -> [2009/10/07 20:54:46 | 000,230,424 | ---- | M] ()

 IO.SYS -> C:\IO.SYS -> [2008/08/05 12:00:02 | 000,000,000 | RHS- | M] ()

 MSDOS.SYS -> C:\MSDOS.SYS -> [2008/08/05 12:00:02 | 000,000,000 | RHS- | M] ()

 NTDETECT.COM -> C:\NTDETECT.COM -> [2008/08/05 13:58:36 | 000,047,564 | RHS- | M] ()

 ntldr -> C:\ntldr -> [2008/08/05 13:58:36 | 000,251,696 | RHS- | M] ()

 pagefile.sys -> C:\pagefile.sys -> [2012/07/11 00:06:41 | 891,289,600 | -HS- | M] ()

 SDFix.exe -> C:\SDFix.exe -> [2009/02/13 22:00:39 | 001,529,241 | ---- | M] ()

 sqmdata00.sqm -> C:\sqmdata00.sqm -> [2008/08/05 14:51:06 | 000,000,268 | -H-- | M] ()

 sqmdata01.sqm -> C:\sqmdata01.sqm -> [2008/10/19 00:07:42 | 000,000,268 | -H-- | M] ()

 sqmdata02.sqm -> C:\sqmdata02.sqm -> [2008/11/16 22:27:01 | 000,000,268 | -H-- | M] ()

 sqmdata03.sqm -> C:\sqmdata03.sqm -> [2009/02/09 18:47:11 | 000,000,268 | -H-- | M] ()

 sqmdata04.sqm -> C:\sqmdata04.sqm -> [2009/02/13 09:38:31 | 000,000,268 | -H-- | M] ()

 sqmdata05.sqm -> C:\sqmdata05.sqm -> [2009/02/13 10:40:04 | 000,000,280 | -H-- | M] ()

 sqmdata06.sqm -> C:\sqmdata06.sqm -> [2009/02/13 12:28:05 | 000,000,268 | -H-- | M] ()

 sqmdata07.sqm -> C:\sqmdata07.sqm -> [2009/02/22 18:20:32 | 000,000,268 | -H-- | M] ()

 sqmdata08.sqm -> C:\sqmdata08.sqm -> [2009/04/26 02:00:18 | 000,000,268 | -H-- | M] ()

 sqmdata09.sqm -> C:\sqmdata09.sqm -> [2009/06/07 10:45:13 | 000,000,268 | -H-- | M] ()

 sqmdata10.sqm -> C:\sqmdata10.sqm -> [2009/06/09 13:43:09 | 000,000,268 | -H-- | M] ()

 sqmdata13.sqm -> C:\sqmdata13.sqm -> [2008/11/17 23:18:38 | 000,000,268 | -H-- | M] ()

 sqmdata14.sqm -> C:\sqmdata14.sqm -> [2008/12/02 23:33:15 | 000,000,268 | -H-- | M] ()

 sqmnoopt00.sqm -> C:\sqmnoopt00.sqm -> [2008/08/05 14:51:06 | 000,000,244 | -H-- | M] ()

 sqmnoopt01.sqm -> C:\sqmnoopt01.sqm -> [2008/10/19 00:07:42 | 000,000,244 | -H-- | M] ()

 sqmnoopt02.sqm -> C:\sqmnoopt02.sqm -> [2008/11/16 22:27:00 | 000,000,244 | -H-- | M] ()

 sqmnoopt03.sqm -> C:\sqmnoopt03.sqm -> [2009/02/09 18:47:11 | 000,000,244 | -H-- | M] ()

 sqmnoopt04.sqm -> C:\sqmnoopt04.sqm -> [2009/02/13 09:38:31 | 000,000,244 | -H-- | M] ()

 sqmnoopt05.sqm -> C:\sqmnoopt05.sqm -> [2009/02/13 10:40:04 | 000,000,244 | -H-- | M] ()

 sqmnoopt06.sqm -> C:\sqmnoopt06.sqm -> [2009/02/13 12:28:05 | 000,000,244 | -H-- | M] ()

 sqmnoopt07.sqm -> C:\sqmnoopt07.sqm -> [2009/02/22 18:20:32 | 000,000,244 | -H-- | M] ()

 sqmnoopt08.sqm -> C:\sqmnoopt08.sqm -> [2009/04/26 02:00:18 | 000,000,172 | -H-- | M] ()

 sqmnoopt09.sqm -> C:\sqmnoopt09.sqm -> [2009/06/07 10:45:11 | 000,000,244 | -H-- | M] ()

 sqmnoopt10.sqm -> C:\sqmnoopt10.sqm -> [2009/06/09 13:43:09 | 000,000,244 | -H-- | M] ()

 sqmnoopt13.sqm -> C:\sqmnoopt13.sqm -> [2008/11/17 23:18:38 | 000,000,244 | -H-- | M] ()

 sqmnoopt14.sqm -> C:\sqmnoopt14.sqm -> [2008/12/02 23:33:15 | 000,000,244 | -H-- | M] ()

< %systemdrive%\drivers\*.exe >

< %systemroot%\system32\drivers\*.* /90 >

 aavmker4.sys -> C:\WINDOWS\system32\drivers\aavmker4.sys -> [2012/07/03 13:21:52 | 000,025,256 | ---- | M] (AVAST Software)

 aswFsBlk.sys -> C:\WINDOWS\system32\drivers\aswFsBlk.sys -> [2012/07/03 13:21:53 | 000,021,256 | ---- | M] (AVAST Software)

 aswmon.sys -> C:\WINDOWS\system32\drivers\aswmon.sys -> [2012/07/03 13:21:53 | 000,089,624 | ---- | M] (AVAST Software)

 aswmon2.sys -> C:\WINDOWS\system32\drivers\aswmon2.sys -> [2012/07/03 13:21:53 | 000,097,608 | ---- | M] (AVAST Software)

 aswRdr.sys -> C:\WINDOWS\system32\drivers\aswRdr.sys -> [2012/07/03 13:21:53 | 000,035,928 | ---- | M] (AVAST Software)

 aswSnx.sys -> C:\WINDOWS\system32\drivers\aswSnx.sys -> [2012/07/03 13:21:53 | 000,721,000 | ---- | M] (AVAST Software)

 aswSP.sys -> C:\WINDOWS\system32\drivers\aswSP.sys -> [2012/07/03 13:21:53 | 000,353,688 | ---- | M] (AVAST Software)

 aswTdi.sys -> C:\WINDOWS\system32\drivers\aswTdi.sys -> [2012/07/03 13:21:54 | 000,054,232 | ---- | M] (AVAST Software)

 rdpwd.sys -> C:\WINDOWS\system32\drivers\rdpwd.sys -> [2012/05/02 10:46:35 | 000,139,656 | ---- | M] (Microsoft Corporation)

 1 C:\WINDOWS\system32\drivers\*.tmp files -> C:\WINDOWS\system32\drivers\*.tmp ->

< %PROGRAMFILES%\*.* >

 espaco.gif -> C:\Arquivos de programas\espaco.gif -> [2007/01/12 11:50:28 | 000,000,052 | ---- | M] ()

 fundobar.jpg -> C:\Arquivos de programas\fundobar.jpg -> [2008/10/01 14:05:44 | 000,010,942 | ---- | M] ()

 fundocor.jpg -> C:\Arquivos de programas\fundocor.jpg -> [2008/10/01 14:02:36 | 000,010,858 | ---- | M] ()

 fundolog.jpg -> C:\Arquivos de programas\fundolog.jpg -> [2007/01/11 11:42:18 | 000,021,516 | ---- | M] ()

 fundomsn.jpg -> C:\Arquivos de programas\fundomsn.jpg -> [2007/01/11 11:41:46 | 000,040,020 | ---- | M] ()

 picUser.gif -> C:\Arquivos de programas\picUser.gif -> [2007/02/08 21:20:40 | 000,006,796 | ---- | M] ()

 Thumbs.db -> C:\Arquivos de programas\Thumbs.db -> [2012/06/10 19:08:15 | 000,013,312 | -HS- | M] ()

< %userprofile%\configurações locais\dados de aplicativos\*.exe >

< %userprofile%\configurações locais\dados de aplicativos\*.txt >

< %userprofile%\configurações locais\dados de aplicativos\*.ini >

 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Alisson\configurações locais\dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2012/02/26 19:11:53 | 000,182,272 | ---- | M] ()

< %userprofile%\configurações locais\dados de aplicativos\*.dat /30 >

< %userprofile%\configurações locais\dados de aplicativos\*.dll >

< %userprofile%\*.exe >

< %userprofile%\*.txt >

< %userprofile%\*.ini >

 ntuser.ini -> C:\Documents and Settings\Alisson\ntuser.ini -> [2012/07/09 22:30:40 | 000,000,210 | -HS- | M] ()

< %userprofile%\*.dat /30 >

 NTUSER.DAT -> C:\Documents and Settings\Alisson\NTUSER.DAT -> [2012/07/09 22:30:40 | 009,699,328 | -H-- | M] ()

< %userprofile%\*.dll >

< %userprofile%\dados de aplicativos\*.* >

 desktop.ini -> C:\Documents and Settings\Alisson\dados de aplicativos\desktop.ini -> [2008/08/05 11:39:40 | 000,000,062 | -HS- | M] ()

 pcouffin.cat -> C:\Documents and Settings\Alisson\dados de aplicativos\pcouffin.cat -> [2009/06/07 15:01:00 | 000,007,887 | ---- | M] ()

 pcouffin.inf -> C:\Documents and Settings\Alisson\dados de aplicativos\pcouffin.inf -> [2009/06/07 15:01:00 | 000,001,144 | ---- | M] ()

 pcouffin.log -> C:\Documents and Settings\Alisson\dados de aplicativos\pcouffin.log -> [2009/06/07 15:01:01 | 000,000,033 | ---- | M] ()

 vso_ts_preview.xml -> C:\Documents and Settings\Alisson\dados de aplicativos\vso_ts_preview.xml -> [2009/06/07 14:59:40 | 000,000,671 | ---- | M] ()

< %windir%\tasks\*.* >

 Adobe Flash Player Updater.job -> C:\WINDOWS\tasks\Adobe Flash Player Updater.job -> [2012/07/10 21:36:00 | 000,000,902 | ---- | M] ()

 AppleSoftwareUpdate.job -> C:\WINDOWS\tasks\AppleSoftwareUpdate.job -> [2012/07/09 20:30:43 | 000,000,300 | ---- | M] ()

 avast! Emergency Update.job -> C:\WINDOWS\tasks\avast! Emergency Update.job -> [2012/07/11 00:07:30 | 000,000,334 | -H-- | M] ()

 desktop.ini -> C:\WINDOWS\tasks\desktop.ini -> [2002/09/11 09:00:00 | 000,000,065 | RH-- | M] ()

 Google Software Updater.job -> C:\WINDOWS\tasks\Google Software Updater.job -> [2012/07/08 14:48:03 | 000,000,932 | ---- | M] ()

 GoogleUpdateTaskMachineCore.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job -> [2012/07/11 00:06:56 | 000,001,068 | ---- | M] ()

 GoogleUpdateTaskMachineUA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job -> [2012/07/11 00:18:01 | 000,001,072 | ---- | M] ()

 GoogleUpdateTaskUserS-1-5-21-1220945662-838170752-682003330-1005Core.job -> C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-838170752-682003330-1005Core.job -> [2012/07/08 22:31:00 | 000,001,140 | ---- | M] ()

 GoogleUpdateTaskUserS-1-5-21-1220945662-838170752-682003330-1005UA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-838170752-682003330-1005UA.job -> [2012/07/11 00:31:00 | 000,001,192 | ---- | M] ()

 GoogleUpdateTaskUserS-1-5-21-1220945662-838170752-682003330-1006Core.job -> C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-838170752-682003330-1006Core.job -> [2012/07/10 21:33:03 | 000,001,124 | ---- | M] ()

 GoogleUpdateTaskUserS-1-5-21-1220945662-838170752-682003330-1006UA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-838170752-682003330-1006UA.job -> [2012/07/10 21:33:00 | 000,001,176 | ---- | M] ()

 MP Scheduled Scan.job -> C:\WINDOWS\tasks\MP Scheduled Scan.job -> [2012/07/10 21:00:07 | 000,000,346 | -H-- | M] ()

 SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2012/07/11 00:06:54 | 000,000,006 | -H-- | M] ()

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections >

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections

\\"SavedLegacySettings" ->  [[Binary data over 100 bytes]] -> File not found

\\"DefaultConnectionSettings" ->  [[Binary data over 100 bytes]] -> File not found

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations >

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations

\\"LowRiskFileTypes" ->  [.exe;.bat;.com;.cmd;] -> File not found

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments >

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments

\\"SaveZoneInformation" ->  [1] -> File not found

< HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT

\\"devenv.exe" ->  [1] -> File not found

\\"dexplore.exe" ->  [1] -> File not found

\\"helppane.exe" ->  [1] -> File not found

\\"PresentationHost.exe" ->  [0] -> File not found

< HKCU\Software\sistemanet >

Reg Error: Key HKEY_CURRENT_USER\Software\sistemanet\ not found. -> ->

 

[Alternate Data Streams]

@Alternate Data Stream - 186 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:FB1B13D8

< End of report >

Ir para o topo

#8 XERLOUCO ROUMS

Malwares Expert

Analista
6828 mensagens

Publicado 12 July 2012 - 10:27 PM

Tente desta forma. Tecle Windows+R e abrirá a janela Executar. Digite:

C:\LinhaDefensiva\relatorio.txt

Dê o Ok e o relatorio.txt será aberto no bloco de notas.

Execute o OTS.exe by OldTimer. Na caixa Paste Fix Here do lado direito do OTS, cole o que está dentro do CODE:

[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1220945662-838170752-682003330-1006\] > ->
YN -> HKEY_USERS\S-1-5-21-1220945662-838170752-682003330-1006\: Main\\"Start Page" -> http://search.babylon.com/?babsrc=HP_ss&mntrId=881228e80000000000000016eccd3b24&tlver=1.4.19.19&affID=17159
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Alisson\Dados de aplicativos\Mozilla\FireFox\Profiles\3935z4lk.default\prefs.js
YN -> keyword.URL -> "http://search.babylon.com/?babsrc=SP_ss&mntrId=881228e80000000000000016eccd3b24&tlver=1.4.19.19&instlRef=sst&affID=17159&q="
< Run [HKEY_USERS\S-1-5-21-1220945662-838170752-682003330-1006\] > -> HKEY_USERS\S-1-5-21-1220945662-838170752-682003330-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "jrss.exe" -> C:\WINDOWS\system32\jrss.exe [C:\WINDOWS\system32\jrss.exe]
[Files/Folders - Modified Within 30 Days]
NY ->  avastw.dll -> C:\WINDOWS\System32\avastw.dll
NY ->  log -> C:\WINDOWS\log
NY ->  jrss.exe -> C:\WINDOWS\System32\jrss.exe
[Empty Temp Folders]
[CreateRestorePoint]

Clique no botão Posted Image

. Aguarde o Fix terminar. Tenha paciência pois pode demorar um certo tempo.

Dê o OK para que o PC reinicie. Depois que reiniciar, quando começar a carregar o SO, aparecerá uma janela pedindo que autorize que seja executado o OTS.exe. Permita.

Então abrirá um log. O log é salvo em C:\_OTS\MovedFiles\
O seu nome significa o dia e a hora que foi gerado: data_hora.log
Ex: 02232010_165746.log
Selecione, copie e cole o conteúdo deste log na sua próxima resposta.

Ir para o topo

#9 lilica99

Participante
44 mensagens

Publicado 13 July 2012 - 12:18 AM

BankerFix 3.1 VALKYRIE - Removedor de Bankers
Linha Defensiva | http://www.linhadefensiva.org
http://www.linhadefe....org/bankerfix/
-------------------------------------------------------
Data: 2012-07-11 - 22:22
-------------------------------------------------------
Lista de Definição: 2012-07-05-1 | CORE: 2012-01-27-1
=======================================================

----- Fim -------------------------

All Processes Killed
[Registry - Safe List]
Registry value HKEY_USERS\S-1-5-21-1220945662-838170752-682003330-1006\Software\Microsoft\Internet Explorer\Main\\Start Page deleted successfully.
Prefs.js: "http://search.babylo...affID=17159&q=" removed from keyword.URL
Registry value HKEY_USERS\S-1-5-21-1220945662-838170752-682003330-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\jrss.exe deleted successfully.
C:\WINDOWS\system32\jrss.exe moved successfully.
[Files/Folders - Modified Within 30 Days]
C:\WINDOWS\System32\avastw.dll moved successfully.
C:\WINDOWS\log moved successfully.
File C:\WINDOWS\System32\jrss.exe not found!
[Empty Temp Folders]

User: Administrador
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Alisson
->Temp folder emptied: 185838912 bytes
->Temporary Internet Files folder emptied: 1196601 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 479277552 bytes
->Google Chrome cache emptied: 7555451 bytes
->Flash cache emptied: 1936037 bytes

User: All Users

User: Allexialima
->Temp folder emptied: 10223897188 bytes
->Temporary Internet Files folder emptied: 296231920 bytes
->Java cache emptied: 12126459 bytes
->FireFox cache emptied: 57625315 bytes
->Google Chrome cache emptied: 310420023 bytes
->Flash cache emptied: 17532 bytes

User: Alline
->Temp folder emptied: 28782577 bytes
->Temporary Internet Files folder emptied: 6159446 bytes
->Java cache emptied: 43605174 bytes
->FireFox cache emptied: 144628366 bytes
->Flash cache emptied: 8943 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 371956 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1119674 bytes
%systemroot%\System32 .tmp files removed: 558489 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 24192 bytes
Windows Temp folder emptied: 1363026 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 11.256,00 mb

Restore point Set: OTS Restore Point (0)
< End of fix log >
OTS by OldTimer - Version 3.1.47.2 fix logfile created on 07122012_225227

Files\Folders moved on Reboot...
C:\Documents and Settings\Alisson\Configurações locais\Temp\MessengerCache\5K9gqJBfINw9ZRMSoB5xHA2dQ+U= moved successfully.
C:\Documents and Settings\Alisson\Configurações locais\Temp\MessengerCache\7HWQT3RPdVd8flp7IcF+T13BfLM= moved successfully.
C:\Documents and Settings\Alisson\Configurações locais\Temp\MessengerCache\90ANjpFk0VvCtcngLvZc0kyx0tQ= moved successfully.
C:\Documents and Settings\Alisson\Configurações locais\Temp\MessengerCache\9MmpzCbHSWmOgj+lRm09MW9aLlw= moved successfully.
C:\Documents and Settings\Alisson\Configurações locais\Temp\MessengerCache\9tzKGcW7qgFrseQxIdbKct0ZLJY= moved successfully.
C:\Documents and Settings\Alisson\Configurações locais\Temp\MessengerCache\CNolQemq2PTZDJQRe23oahJ4a6k= moved successfully.
C:\Documents and Settings\Alisson\Configurações locais\Temp\MessengerCache\D+px37rk9Qmieql6feREaYO4Xss= moved successfully.
C:\Documents and Settings\Alisson\Configurações locais\Temp\MessengerCache\e6+dvCqwBoScybgAOZO+cy5sci8= moved successfully.
C:\Documents and Settings\Alisson\Configurações locais\Temp\MessengerCache\eNGnN6jFa53oCdT4sfjzvIDFRfA= moved successfully.
C:\Documents and Settings\Alisson\Configurações locais\Temp\MessengerCache\ENKxyCSjzyIg3mR2fPTfLUw5CpE= moved successfully.
C:\Documents and Settings\Alisson\Configurações locais\Temp\MessengerCache\FbtI7HZuPhPoIR5u8cAtmZB90KA= moved successfully.
C:\Documents and Settings\Alisson\Configurações locais\Temp\MessengerCache\FVMK1gnR2IHwdToiwVmQrdCPpFU= moved successfully.
C:\Documents and Settings\Alisson\Configurações locais\Temp\MessengerCache\GeWMIvcG2QtWxYflnPYsI9lezNI= moved successfully.
C:\Documents and Settings\Alisson\Configurações locais\Temp\MessengerCache\hGOtvGPz60UMZTBSaUaMtnAZum0= moved successfully.
C:\Documents and Settings\Alisson\Configurações locais\Temp\MessengerCache\hQ9rKtfslCnTzFa3VeG8cWIzItA= moved successfully.
C:\Documents and Settings\Alisson\Configurações locais\Temp\MessengerCache\igSDLI9Pg9SRZe3WK4WRlU8DbAY= moved successfully.
C:\Documents and Settings\Alisson\Configurações locais\Temp\MessengerCache\IqgzJ1jxII+7JZNiT1SD2FJhljm8= moved successfully.
C:\Documents and Settings\Alisson\Configurações locais\Temp\MessengerCache\JgpXCjEyQN9ZwJV2I2FFdkyXuMlU= moved successfully.
C:\Documents and Settings\Alisson\Configurações locais\Temp\MessengerCache\Kfk2FlPFxxnzUtWspTfLLi+PaaX8= moved successfully.
C:\Documents and Settings\Alisson\Configurações locais\Temp\MessengerCache\lMExLyKPjBA2i4vmt+Ih97Sc+bk= moved successfully.
C:\Documents and Settings\Alisson\Configurações locais\Temp\MessengerCache\LOhzUg7PnJoDbI3vYzmChZYdNQc= moved successfully.
C:\Documents and Settings\Alisson\Configurações locais\Temp\MessengerCache\luuCJxNuQTQNmN1xQOK7bEV8Xn0= moved successfully.
C:\Documents and Settings\Alisson\Configurações locais\Temp\MessengerCache\M0NWZiyDCS9C83rD5UE0bVnrTnU= moved successfully.
C:\Documents and Settings\Alisson\Configurações locais\Temp\MessengerCache\MDXntke+bPAeXcf2FXl2dFbYEOqs= moved successfully.
C:\Documents and Settings\Alisson\Configurações locais\Temp\MessengerCache\obaOjWpejcGe9iUvpeG8Z0RDigA= moved successfully.
C:\Documents and Settings\Alisson\Configurações locais\Temp\MessengerCache\OdlXfnSEXs2FwIU2F+2FzTw+b0b2rQ= moved successfully.
C:\Documents and Settings\Alisson\Configurações locais\Temp\MessengerCache\ox29icLg3tF2O72FRuclT5kl9Ulw= moved successfully.
C:\Documents and Settings\Alisson\Configurações locais\Temp\MessengerCache\PeJHLGIymKi16QsWRlhc3iaayy8= moved successfully.
C:\Documents and Settings\Alisson\Configurações locais\Temp\MessengerCache\pjh0SrL50kiPk3GcdQFMKyZbT2E= moved successfully.
C:\Documents and Settings\Alisson\Configurações locais\Temp\MessengerCache\ROW6IOc28MdaX2FuvEkGnPEsLnnU= moved successfully.
C:\Documents and Settings\Alisson\Configurações locais\Temp\MessengerCache\rx4XA2FXGIag12nu35KJkBNZnfaE= moved successfully.
C:\Documents and Settings\Alisson\Configurações locais\Temp\MessengerCache\RZW585t5UbA8LqXWQVoT8nYbOYA= moved successfully.
C:\Documents and Settings\Alisson\Configurações locais\Temp\MessengerCache\StqUe8wU55RSTkAkmaOYBLCJmRM= moved successfully.
C:\Documents and Settings\Alisson\Configurações locais\Temp\MessengerCache\SwRjvG9MAl6K2FRByTomHgKI73xo= moved successfully.
C:\Documents and Settings\Alisson\Configurações locais\Temp\MessengerCache\t2ltR2FDo8fdIUKbQ1vlryXW0Epg= moved successfully.
C:\Documents and Settings\Alisson\Configurações locais\Temp\MessengerCache\tN4V93n7wC2Fx1kcCuwKj59FabUA= moved successfully.
C:\Documents and Settings\Alisson\Configurações locais\Temp\MessengerCache\tnD4V5Ydb5dzjos47FQYcuwiiTw= moved successfully.
C:\Documents and Settings\Alisson\Configurações locais\Temp\MessengerCache\uId2VyW+0UNwzAIi02Fte5S8jLbc= moved successfully.
C:\Documents and Settings\Alisson\Configurações locais\Temp\MessengerCache\Us2FO2GVK3lmRa4ltC23v2Fw6A15c= moved successfully.
C:\Documents and Settings\Alisson\Configurações locais\Temp\MessengerCache\VEj8P+BL452Fn+kNIYeAwuGy6YnA= moved successfully.
C:\Documents and Settings\Alisson\Configurações locais\Temp\MessengerCache\VnRTsMe2FmBxR7vOYbBYr5YCdTqM= moved successfully.
C:\Documents and Settings\Alisson\Configurações locais\Temp\MessengerCache\wo08uruuXaZlqd02XbhzqrBhIHg= moved successfully.
C:\Documents and Settings\Alisson\Configurações locais\Temp\MessengerCache\wOIY8jHEtCUt1MI6KMcBIeRBlIA= moved successfully.
C:\Documents and Settings\Alisson\Configurações locais\Temp\MessengerCache\Y2FQ1E2m2WxQOlOhLImNOkx7ZlVo= moved successfully.
C:\Documents and Settings\Alisson\Configurações locais\Temp\MessengerCache\YNHwslHYoI7sTXXjDGwo8DM2KYc= moved successfully.
File\Folder C:\Documents and Settings\Alisson\Configurações locais\Temporary Internet Files\Content.IE5\1V7OY0B9\ADSAdClient31[1].htm not found!
File\Folder C:\Documents and Settings\Alisson\Configurações locais\Temporary Internet Files\Content.IE5\1V7OY0B9\direct;auc.6634045277617829103;ai.89952961.282140612;ac.1341792765-2800619;wi.234;hi.60;cp.0[1].htm not found!
File\Folder C:\Documents and Settings\Alisson\Configurações locais\Temporary Internet Files\Content.IE5\1V7OY0B9\tt[1].htm not found!

Registry entries deleted on Reboot...

Ir para o topo

#10 XERLOUCO ROUMS

Malwares Expert

Analista
6828 mensagens

Publicado 14 July 2012 - 10:17 PM

Já está conseguindo acessar os ítens que antes não podia?

Ir para o topo

Voltar para Malwares

Tópicos Relacionados

Tópico	Fórum	Criado por	Estatísticas	Última atualização
Analise de Log. Log	Malwares	douglassouza	7 respostas 54 visualizações	há 10 min. Mr.Million
problemas com o modem zte mf 190 zte, mf190, modem	Banda Larga	demondras	1 reply 55 visualizações	há 16 min. ciro-mota
Erro no de active desktop active desktop	Windows XP	w_r_neto	1 reply 16 visualizações	há 25 min. Português
Serial windows em máquinas compradas em grande quantidade serial, windows, positivo	Legalização de Software	ebotega	0 respostas 13 visualizações	há 25 min. ebotega
Meu PC está apitando! apito, apitando, barulho	Hardware e Tecnologia	Cookies	9 respostas 102 visualizações	há 30 min. ciro-mota

Tópicos com palavra-chave: virus

Segurança e Redes → Malwares → Analise de Log! rodrigol criou em Hoje, 09:15 AM analise, log, virus, malwere	8 respostas 67 visualizações	rodrigol há 58 min.
Segurança e Redes → Malwares → Instalei um vírus em meu PC, como tirá-lo? antivírus não detecta Duanees criou em 21/May/2013 vírus, malware, retirar vírus 1 2	Quente 13 respostas 248 visualizações	Mr.Million ontem, 05:58 PM
Segurança e Redes → Malwares → Análise de log - Combofix mateuspos criou em 20/May/2013 virus, analise, combofix	5 respostas 59 visualizações	Mr.Million 20/May/2013
Segurança e Redes → Malwares → Win travando e desligando sozinho, virus? CJBRUNHARA criou em 11/May/2013 Virus, Malware, worm 1 2	Quente 10 respostas 198 visualizações	CJBRUNHARA 12/May/2013
Segurança e Redes → Malwares → "O Arquivo continha um vírus e foi excluído", como posso resolver isso? Guy Santos criou em 28/Apr/2013 Internet, vírus, download, System	1 reply 452 visualizações	Mr.Million 28/Apr/2013

PC com virus

Tópicos Relacionados

Tópicos com palavra-chave: virus

Fazer login