Flux 
Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14810 usuários registradosO último membro registrado é Josevinil
Os nossos membros postaram um total de 36047 mensagens em 3685 assuntos
Quem está conectado?
Há 20 usuários online :: 0 registrados, 0 invisíveis e 20 visitantes Nenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
| Power Max |
| |||
| joram |
| |||
| Wings [In Memoriam] |
| |||
| caedurodrigues |
| |||
| Amigo Brasileiro |
| |||
| luizvilarinho |
| |||
| Danii |
| |||
| Admin |
| |||
| Danilo Marsaro |
| |||
| Andreata |
|
Worm Conficker detectado pelo Avira em pendrive
3 participantes
Página 1 de 1
Worm Conficker detectado pelo Avira em pendrive
por Mr. Micro Qua 01 Jan 2014, 12:14
Olá amigos! Ontem fui conectar meu pendrive de um parente aqui no notebook para gravar uns arquivos e aí o Avira detectou o Conficker na hora e o bloqueou, graças a Deus! Mas gostaria de fazer uma análise para ter certeza de que está tudo certo. Aqui está o relatório gerado pelo Avira:
Avira Free Antivirus
Data do arquivo de relatório: terça-feira, 31 de dezembro de 2013 20:58
O programa está sendo executado como versão completa sem limitações.
Os serviços online estão disponíveis.
Licenciado : Avira Free Antivirus
Plataforma : Windows 7 Home Premium
Versão do Windows : (Service Pack 1) [6.1.7601]
Modo de inicialização : Normalmente inicializado
Nome de usuário : Márcio
Nome do computador : SWPTC21-PC
Informações da versão:
BUILD.DAT : 14.0.2.286 Bytes 13/12/2013 15:11:00
AVSCAN.EXE : 14.0.2.254 1032760 Bytes 20/12/2013 10:50:22
AVSCANRC.DLL : 14.0.2.180 58936 Bytes 20/12/2013 10:50:22
LUKE.DLL : 14.0.2.234 65592 Bytes 20/12/2013 10:51:37
AVSCPLR.DLL : 14.0.2.254 124472 Bytes 20/12/2013 10:50:23
AVREG.DLL : 14.0.2.212 250424 Bytes 20/12/2013 10:50:19
avlode.dll : 14.0.2.254 540216 Bytes 20/12/2013 10:50:13
avlode.rdf : 13.0.1.62 56973 Bytes 09/12/2013 16:26:16
VBASE000.VDF : 7.11.70.0 66736640 Bytes 04/04/2013 12:41:58
VBASE001.VDF : 7.11.74.226 2201600 Bytes 30/04/2013 12:42:09
VBASE002.VDF : 7.11.80.60 2751488 Bytes 28/05/2013 12:42:24
VBASE003.VDF : 7.11.85.214 2162688 Bytes 21/06/2013 12:42:36
VBASE004.VDF : 7.11.91.176 3903488 Bytes 23/07/2013 12:42:56
VBASE005.VDF : 7.11.98.186 6822912 Bytes 29/08/2013 12:43:26
VBASE006.VDF : 7.11.103.230 2293248 Bytes 24/09/2013 10:26:04
VBASE007.VDF : 7.11.116.38 5485568 Bytes 28/11/2013 13:25:58
VBASE008.VDF : 7.11.120.140 1154560 Bytes 19/12/2013 10:49:32
VBASE009.VDF : 7.11.120.141 2048 Bytes 19/12/2013 10:49:32
VBASE010.VDF : 7.11.120.142 2048 Bytes 19/12/2013 10:49:32
VBASE011.VDF : 7.11.120.143 2048 Bytes 19/12/2013 10:49:33
VBASE012.VDF : 7.11.120.144 2048 Bytes 19/12/2013 10:49:33
VBASE013.VDF : 7.11.120.145 2048 Bytes 19/12/2013 10:49:33
VBASE014.VDF : 7.11.121.19 126976 Bytes 21/12/2013 12:21:07
VBASE015.VDF : 7.11.121.147 122880 Bytes 24/12/2013 12:44:36
VBASE016.VDF : 7.11.121.233 115712 Bytes 25/12/2013 19:27:39
VBASE017.VDF : 7.11.122.57 325120 Bytes 27/12/2013 11:37:38
VBASE018.VDF : 7.11.122.123 199680 Bytes 28/12/2013 13:11:34
VBASE019.VDF : 7.11.122.124 2048 Bytes 28/12/2013 13:11:35
VBASE020.VDF : 7.11.122.125 2048 Bytes 28/12/2013 13:11:35
VBASE021.VDF : 7.11.122.126 2048 Bytes 28/12/2013 13:11:35
VBASE022.VDF : 7.11.122.127 2048 Bytes 28/12/2013 13:11:36
VBASE023.VDF : 7.11.122.128 2048 Bytes 28/12/2013 13:11:36
VBASE024.VDF : 7.11.122.129 2048 Bytes 28/12/2013 13:11:37
VBASE025.VDF : 7.11.122.130 2048 Bytes 28/12/2013 13:11:37
VBASE026.VDF : 7.11.122.131 2048 Bytes 28/12/2013 13:11:37
VBASE027.VDF : 7.11.122.132 2048 Bytes 28/12/2013 13:11:37
VBASE028.VDF : 7.11.122.133 2048 Bytes 28/12/2013 13:11:38
VBASE029.VDF : 7.11.122.134 2048 Bytes 28/12/2013 13:11:38
VBASE030.VDF : 7.11.122.135 2048 Bytes 28/12/2013 13:11:38
VBASE031.VDF : 7.11.122.216 416256 Bytes 31/12/2013 17:28:46
Versão do mecanismo : 8.2.12.166
AEVDF.DLL : 8.1.3.4 102774 Bytes 15/09/2013 12:44:19
AESCRIPT.DLL : 8.1.4.176 520574 Bytes 20/12/2013 10:49:56
AESCN.DLL : 8.1.10.6 131447 Bytes 11/12/2013 16:40:26
AESBX.DLL : 8.2.16.26 1245560 Bytes 15/09/2013 12:44:22
AERDL.DLL : 8.2.0.138 704888 Bytes 02/12/2013 19:18:46
AEPACK.DLL : 8.3.3.8 762232 Bytes 20/12/2013 10:49:54
AEOFFICE.DLL : 8.1.2.76 205181 Bytes 15/09/2013 12:44:09
AEHEUR.DLL : 8.1.4.830 6386042 Bytes 20/12/2013 10:49:52
AEHELP.DLL : 8.1.27.10 266618 Bytes 22/11/2013 11:42:37
AEGEN.DLL : 8.1.7.20 446839 Bytes 13/11/2013 16:46:12
AEEXP.DLL : 8.4.1.138 418168 Bytes 13/12/2013 10:17:38
AEEMU.DLL : 8.1.3.2 393587 Bytes 15/09/2013 12:43:54
AECORE.DLL : 8.1.33.0 225657 Bytes 11/12/2013 16:39:54
AEBB.DLL : 8.1.1.4 53619 Bytes 15/09/2013 12:43:52
AVWINLL.DLL : 14.0.2.180 23608 Bytes 20/12/2013 10:49:19
AVPREF.DLL : 14.0.2.180 48696 Bytes 20/12/2013 10:50:18
AVREP.DLL : 14.0.2.180 175672 Bytes 20/12/2013 10:50:20
AVARKT.DLL : 14.0.2.254 256056 Bytes 20/12/2013 10:49:58
AVEVTLOG.DLL : 14.0.2.180 165944 Bytes 20/12/2013 10:50:06
SQLITE3.DLL : 3.7.0.1 394824 Bytes 15/09/2013 12:48:01
AVSMTP.DLL : 14.0.2.180 60472 Bytes 20/12/2013 10:50:25
NETNT.DLL : 14.0.2.180 13368 Bytes 20/12/2013 10:51:38
RCIMAGE.DLL : 14.0.2.180 4788792 Bytes 20/12/2013 10:49:19
RCTEXT.DLL : 14.0.2.264 74296 Bytes 20/12/2013 10:49:19
Opções de configuração para a varredura:
Nome da tarefa......................................: ShlExt
Arquivo de configuração.............................: C:\Users\Marcio\AppData\Local\Temp\89d015b3.avp
Relatório...........................................: padrão
Ação primária.......................................: Reparar
Ação secundária.....................................: Excluir
Fazer a varredura do setor mestre de inicialização..: ativado
Fazer a varredura do setor de inicialização.........: ativado
Setores de inicialização............................: E:,
Varredura do processo...............................: desativado
Fazer a varredura do registro.......................: desativado
Procurar rootkits...................................: desativado
Varredura da integridade dos arquivos de sistema....: desativado
Fazer a varredura de todos arquivos.................: Todos os arquivos
Fazer a varredura dos arquivamentos.................: ativado
Profundidade de recursão............................: 20
Extensões inteligentes..............................: ativado
Desviando tipos de arquivamento.....................: +, +, +, +, +, +, +, +,
Heurística para vírus de macro......................: ativado
Heurística do arquivo...............................: estendido
Desviando categorias de risco.......................: +APPL,+GAME,+JOKE,+PCK,+SPR,
Início da varredura: terça-feira, 31 de dezembro de 2013 20:58
Iniciando a varredura do arquivo:
Iniciar varredura em 'E:\'
E:\autorun.inf
[DETECÇÃO] Contém o padrão de reconhecimento do worm WORM/Conficker.Autorun.Gen
[NOTA] Um backup foi criado como '5d59deae.qua' ( QUARENTENA )
[NOTA] O arquivo foi excluído.
E:\- Yes - Owner Of A Lonely Heart.mp3
[DETECÇÃO] É o cavalo de Troia TR/Dldr.WMA.GetC.AK
[NOTA] Um backup foi criado como '45e5f1da.qua' ( QUARENTENA )
[NOTA] O arquivo foi excluído.
E:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
[DETECÇÃO] Contém o padrão de reconhecimento do worm WORM/Conficker.gen
[NOTA] Um backup foi criado como '178ca5b9.qua' ( QUARENTENA )
[NOTA] O arquivo foi excluído.
Término da varredura: terça-feira, 31 de dezembro de 2013 20:58
Tempo decorrido: 00:06 Minuto(s)
A varredura foi concluída.
3 Diretórios verificados
63 Foi feita a varredura nos arquivos
3 Vírus e/ou programas indesejados foram encontrados
0 Os arquivos foram classificados como suspeitos
3 Arquivos excluídos
0 Vírus e programas indesejados foram reparados
3 Os arquivos foram movidos para a quarentena
0 Os arquivos foram renomeados
0 Não é possível fazer a varredura dos arquivos
60 Arquivos não envolvidos
0 Varredura dos arquivamentos terminada
0 Avisos
3 Notas
Mr. Micro- Membro
- Mensagens : 56
Reputação : 2
Data de inscrição : 31/08/2013
Re: Worm Conficker detectado pelo Avira em pendrive
por Power Max Qua 01 Jan 2014, 12:14
Olá Márcio!:isso_ai:Três problemas foram identificados e removidos pelo Avira Free Antivirus.
______________________________
:veja:Siga, por gentileza, as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Poste o log do Usbfix que estará em C:\UsbFix.txt em sua próxima resposta e nos diga como está o PC após este procedimento.
Ficamos no aguardo.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Worm Conficker detectado pelo Avira em pendrive
por Mr. Micro Qua 01 Jan 2014, 12:21
Aqui está o relatório do USBFIX:############################## | UsbFix V 7.157 | [Pesquisa]
Usuário: Marcio (Administrador) # SWPTC21-PC
Atualizado em 30/12/2014 por El Desaparecido - Team SosVirus
Começou em 12:16:44 | 01/01/2014
Site : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Changelog : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Support : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Upload Malware : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Contato : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
PC: Houter (Oro PC )
CPU: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz
RAM -> [Total : 8119 Mo| Free : 5441 Mo]
Bios: American Megatrends Inc.
Boot: Normal boot
OS: Microsoft Windows 7 Home Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16476
WB: Mozilla Firefox : 25.0.1
WB: Safari : 534.57.2
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Avira Desktop [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
AS: Malwarebytes' Anti-Malware : 1.75.0001
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Disco fixo # 466 Gb (380 Mb livre - 82%) [Win7] # NTFS
D:\ -> CD-ROM
E:\ -> Disco removível # 7 Gb (7 Mb livre - 96%) [] # FAT32
################## | Processos Ativos |
C:\Windows\system32\csrss.exe (ID: 380 |ParentID: 372)
C:\Windows\system32\wininit.exe (ID: 432 |ParentID: 372)
C:\Windows\system32\csrss.exe (ID: 456 |ParentID: 440)
C:\Windows\system32\services.exe (ID: 488 |ParentID: 432)
C:\Windows\system32\lsass.exe (ID: 516 |ParentID: 432)
C:\Windows\system32\lsm.exe (ID: 524 |ParentID: 432)
C:\Windows\system32\winlogon.exe (ID: 620 |ParentID: 440)
C:\Windows\system32\svchost.exe (ID: 660 |ParentID: 488)
C:\PROGRA~2\GbPlugin\GbpSv.exe (ID: 736 |ParentID: 488)
C:\Windows\system32\svchost.exe (ID: 832 |ParentID: 488)
C:\Windows\System32\svchost.exe (ID: 904 |ParentID: 488)
C:\Windows\System32\svchost.exe (ID: 992 |ParentID: 488)
C:\Windows\system32\svchost.exe (ID: 128 |ParentID: 488)
C:\Windows\system32\svchost.exe (ID: 320 |ParentID: 488)
C:\Program Files\IDT\WDM\STacSV64.exe (ID: 376 |ParentID: 488)
C:\Windows\system32\svchost.exe (ID: 1224 |ParentID: 488)
C:\Windows\system32\WLANExt.exe (ID: 1388 |ParentID: 992)
C:\Windows\system32\conhost.exe (ID: 1396 |ParentID: 380)
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (ID: 1508 |ParentID: 488)
C:\Windows\system32\svchost.exe (ID: 1540 |ParentID: 488)
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (ID: 1688 |ParentID: 488)
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe (ID: 1752 |ParentID: 488)
C:\Windows\SysWOW64\svchost.exe (ID: 1792 |ParentID: 488)
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (ID: 116 |ParentID: 488)
C:\Windows\system32\svchost.exe (ID: 1480 |ParentID: 488)
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (ID: 1152 |ParentID: 488)
C:\Windows\system32\taskhost.exe (ID: 2364 |ParentID: 488)
C:\Windows\system32\Dwm.exe (ID: 2468 |ParentID: 992)
C:\Windows\Explorer.EXE (ID: 2492 |ParentID: 2456)
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (ID: 2724 |ParentID: 488)
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (ID: 2800 |ParentID: 2764)
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (ID: 2344 |ParentID: 1688)
C:\Windows\system32\SearchIndexer.exe (ID: 2876 |ParentID: 488)
C:\Windows\system32\svchost.exe (ID: 3080 |ParentID: 488)
C:\Windows\system32\svchost.exe (ID: 3320 |ParentID: 488)
C:\Users\carolino\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 3468 |ParentID: 2492)
C:\Users\carolino\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 3720 |ParentID: 3468)
C:\Users\carolino\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 3816 |ParentID: 3468)
C:\Users\carolino\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 3948 |ParentID: 3468)
C:\Users\carolino\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 4044 |ParentID: 3468)
C:\Windows\system32\svchost.exe (ID: 1188 |ParentID: 488)
C:\Windows\system32\svchost.exe (ID: 1080 |ParentID: 488)
C:\Users\carolino\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 2220 |ParentID: 3468)
C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE (ID: 4824 |ParentID: 2492)
C:\Users\carolino\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 4564 |ParentID: 3468)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 4020 |ParentID: 488)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 4500 |ParentID: 4020)
C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe (ID: 4520 |ParentID: 488)
C:\Users\carolino\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 4732 |ParentID: 3468)
C:\Users\carolino\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 6516 |ParentID: 3468)
C:\Users\carolino\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 4756 |ParentID: 3468)
C:\Windows\System32\WUDFHost.exe (ID: 7420 |ParentID: 992)
\\?\C:\Windows\system32\wbem\WMIADAP.EXE (ID: 8140 |ParentID: 320)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 3568 |ParentID: 660)
C:\Users\carolino\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 1124 |ParentID: 3468)
C:\Windows\system32\SearchProtocolHost.exe (ID: 7472 |ParentID: 2876)
C:\Windows\system32\SearchFilterHost.exe (ID: 7856 |ParentID: 2876)
C:\UsbFix\Go.exe (ID: 8460 |ParentID: 8424)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 8656 |ParentID: 660)
################## | Regedit Run |
04 - HKLM\..\Run : []
04 - HKLM\..\Run : [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
04 - HKLM\..\RunOnce : []
04 - HKLM64\..\Run : [fssui] "C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe" -autorun
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
################## | Procura genérica |
Presente ! C:\Users\carolino\AppData\Local\Temp\avgnt.exe
Presente ! E:\Recycler\S-5-3-42-2819952290-8240758988-879315005-3665
################## | Registro |
################## | Vaccin |
E:\Autorun.inf -> Vacina criada por UsbFix (El Desaparecido)
################## | E.O.F | [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] |
Mr. Micro- Membro
- Mensagens : 56
Reputação : 2
Data de inscrição : 31/08/2013
Re: Worm Conficker detectado pelo Avira em pendrive
por Power Max Qua 01 Jan 2014, 12:23
Abra o Usbfix > clique no botão Supressão > e aí é só ir seguindo os passos que ele vai te mostrando e depois poste o novo log que ele irá gerar aqui em seu tópico para análise.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Worm Conficker detectado pelo Avira em pendrive
por Mr. Micro Qua 01 Jan 2014, 12:25
Foi mal, eu tinha este outro relatório da limpeza também e esqueci de postar. Aqui está ele:Marcos Felipe escreveu:
############################## | UsbFix V 7.157 | [Supressão]
Usuário: Marcio (Administrador) # SWPTC21-PC
Atualizado em 30/12/2013 por El Desaparecido - Team SosVirus
Começou em 12:17:30 | 01/01/2014
Site : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Changelog : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Support : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Upload Malware : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Contato : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
PC: Houter (Oro PC )
CPU: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz
RAM -> [Total : 8119 Mo| Free : 6583 Mo]
Bios: American Megatrends Inc.
Boot: Normal boot
OS: Microsoft Windows 7 Home Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16476
WB: Mozilla Firefox : 25.0.1
WB: Safari : 534.57.2
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Avira Desktop [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
AS: Malwarebytes' Anti-Malware : 1.75.0001
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Disco fixo # 466 Gb (380 Mb livre - 82%) [Win7] # NTFS
D:\ -> CD-ROM
E:\ -> Disco removível # 7 Gb (7 Mb livre - 96%) [] # FAT32
################## | Processos parados |
Parado! C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (ID: 1508 |ParentID: 488)
Parado! C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (ID: 1688 |ParentID: 488)
Parado! C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (ID: 2800 |ParentID: 2764)
Parado! C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (ID: 2344 |ParentID: 1688)
Parado! C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe (ID: 8920 |ParentID: 488)
Parado! C:\Windows\System32\WUDFHost.exe (ID: 9056 |ParentID: 992)
Parado! C:\Windows\System32\rundll32.exe (ID: 9076 |ParentID: 660)
Parado! C:\PROGRA~2\GbPlugin\GbpSv.exe (ID: 9184 |ParentID: 488)
Parado! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 8452 |ParentID: 488)
Parado! C:\Windows\system32\SearchIndexer.exe (ID: 3056 |ParentID: 488)
Parado! C:\Windows\system32\SearchProtocolHost.exe (ID: 584 |ParentID: 3056)
Parado! C:\Windows\system32\SearchFilterHost.exe (ID: 372 |ParentID: 3056)
################## | Regedit Run |
04 - HKLM\..\Run : []
04 - HKLM\..\Run : [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
04 - HKLM\..\RunOnce : []
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
################## | Procura genérica |
Supprimido ! C:\Users\carolino\AppData\Local\Temp\avgnt.exe
Supprimido ! E:\Recycler\S-5-3-42-2819952290-8240758988-879315005-3665
(!) Ficheiros temporários suprimido.
################## | Registro |
################## | Listing |
[09/11/2013 - 16:09:25 | D] - C:\!KillBox
[09/12/2013 - 20:07:10 | SHD] - C:\$RECYCLE.BIN
[21/12/2013 - 17:20:51 | D] - C:\AdwCleaner
[25/09/2011 - 12:22:50 | D] - C:\Arquivos de Programas
[24/03/2012 - 17:44:59 | D] - C:\Arquivos de Programas RFB
[28/09/2011 - 10:17:28 | SHD] - C:\Boot
[20/11/2010 - 10:40:07 | RASH | 375 Ko] - C:\bootmgr
[25/09/2011 - 12:00:31 | N | 8 Ko] - C:\BOOTSECT.BAK
[29/08/2013 - 16:55:43 | D] - C:\CAT-Logs
[21/12/2013 - 15:53:49 | D] - C:\Config.Msi
[14/07/2009 - 03:08:56 | SHD] - C:\Documents and Settings
[12/05/2013 - 12:27:55 | D] - C:\FFOutput
[16/05/2012 - 16:46:23 | N | 21 Ko] - C:\FixitRegBackup.reg
[31/12/2013 - 09:22:59 | ASH | 6235148 Ko] - C:\hiberfil.sys
[25/09/2011 - 13:12:28 | D] - C:\Intel
[31/12/2013 - 09:23:03 | ASH | 8313532 Ko] - C:\pagefile.sys
[16/12/2011 - 12:46:36 | D] - C:\Palm
[14/07/2009 - 01:20:08 | D] - C:\PerfLogs
[25/09/2011 - 15:14:15 | D] - C:\PFiles
[30/12/2013 - 19:18:11 | D] - C:\Program Files
[21/12/2013 - 15:53:39 | D] - C:\Program Files (x86)
[30/12/2013 - 10:30:46 | HD] - C:\ProgramData
[24/11/2013 - 16:25:48 | N | 2 Ko | 546F277ED7942F2B9C86B7B2AF00A4F8] - C:\PureRa.txt
[25/09/2011 - 12:22:50 | SHD] - C:\Recovery
[28/07/2013 - 18:31:38 | D] - C:\RegBackup
[13/05/2012 - 11:29:19 | D] - C:\Reg_Backup
[24/09/2013 - 18:16:52 | D] - C:\RRTVAULT
[30/12/2013 - 18:54:03 | SHD] - C:\System Volume Information
[13/05/2012 - 11:24:50 | D] - C:\Tweaking.com_Windows_Repair_Logs
[31/12/2013 - 21:02:20 | D] - C:\UsbFix
[31/12/2013 - 21:02:55 | A | 5 Ko | 47E223C1284A167EE31B861F9C869797] - C:\UsbFix [Clean 1] SWPTC21-PC.txt
[31/12/2013 - 21:01:02 | N | 6 Ko | 24FA58B5788E72F6AE921A56D7503C76] - C:\UsbFix [Scan 1] SWPTC21-PC.txt
[25/09/2011 - 12:22:54 | D] - C:\Users
[05/12/2013 - 16:18:09 | D] - C:\Windows
[05/12/2013 - 13:57:43 | D] - C:\zoek_backup
[21/07/2013 - 16:03:04 | RSHD] - E:\RECYCLER
[04/02/2012 - 16:08:58 | N | 5210 Ko] - E:\Extreme - More Than Words(01).mp3
[01/04/2013 - 12:34:06 | N | 4368 Ko] - E:\The Outfield - I Don'T Want To Lose Your Love Tonight(01).mp3
[20/12/2012 - 18:58:48 | N | 4563 Ko] - E:\Goo Goo Dolls - Iris.mp3
[13/06/2013 - 16:03:10 | N | 5427 Ko] - E:\04 - Wasting Love - Cópia (2).mp3
[20/12/2012 - 18:58:44 | N | 2756 Ko] - E:\_Laura_Branigan__Self_Control.mp3
[14/06/2006 - 20:51:52 | N | 3010 Ko] - E:\01 - YOU AND I.mp3
[09/05/2009 - 22:02:58 | N | 4126 Ko] - E:\01 soube que me amava.mp3
[14/12/2012 - 14:46:20 | N | 4475 Ko] - E:\18 ritchie - menina veneno.mp3
[29/03/2013 - 14:54:14 | N | 7187 Ko] - E:\100 - Van Halen - I Can't Stop Lovin' You.mp3
[20/12/2012 - 18:59:12 | N | 3596 Ko] - E:\Aha - Take On Me.mp3
[21/05/2009 - 11:33:04 | N | 4587 Ko] - E:\Air Supply - Making Love Out of Nothing At All.mp3
[14/10/2012 - 20:54:36 | N | 4786 Ko] - E:\bon jovi - this aint a love song.mp3
[01/04/2013 - 12:22:50 | N | 5789 Ko] - E:\Dirty Dancing - CD1 04 Eric Carmen - Hungry Eyes.mp3
[05/12/2008 - 20:40:02 | N | 2630 Ko] - E:\elvis presley - love me tender.mp3
[28/03/2013 - 18:37:26 | N | 8359 Ko] - E:\Guns N' Roses - November Rain.mp3
[20/12/2012 - 18:58:46 | N | 3787 Ko] - E:\Lionel Ritchie - Say You Say Me.mp3
[27/06/2009 - 20:28:42 | N | 3449 Ko] - E:\michael jackson - michael jackson - rock with you(2).mp3
[01/04/2013 - 12:23:32 | N | 3755 Ko] - E:\michael jackson - remember the time378.mp3
[06/01/2009 - 16:36:24 | N | 3586 Ko] - E:\nunca me dejes(2).mp3
[17/09/2012 - 17:50:40 | N | 3346 Ko] - E:\Queen_-_Love_Of_My_Life.mp3
[13/07/2007 - 12:25:04 | N | 4080 Ko] - E:\Smokie - Love Hurts.mp3
[18/02/2011 - 20:22:50 | N | 3969 Ko] - E:\Paula Fernandes-Pra voce.mp3
[05/12/2008 - 20:42:50 | N | 3461 Ko] - E:\elvis presley - the 50 greatest love songs - you were always on my mind.mp3
[05/12/2008 - 20:53:50 | N | 5442 Ko] - E:\elvis presley - the 50 greatest love songs - you've lost that loving feeling.mp3
[20/12/2012 - 18:57:48 | N | 6216 Ko] - E:\- bryan adans - everything i do i do it for you - Cópia.mp3
[09/05/2009 - 20:49:20 | N | 3808 Ko] - E:\01 Noite Fria - Cópia (2).mp3
[25/10/2008 - 20:23:58 | N | 4145 Ko] - E:\02 No Meu Coração - Cópia (2).mp3
[26/01/2010 - 09:49:18 | N | 11101 Ko] - E:\0008Whitesnake - 06 - Is This Love - Cópia.mp3
[19/11/2012 - 21:06:04 | N | 4913 Ko] - E:\10 - Skid Row - I Remember You - Cópia.mp3
[19/06/2013 - 12:12:06 | N | 4998 Ko] - E:\10 Terence Trent Darby - Wishing Well - Cópia.mp3
[19/06/2013 - 12:13:32 | N | 3219 Ko] - E:\16. Números.mp3
[19/06/2013 - 12:17:28 | N | 7187 Ko] - E:\100 - Van Halen - I Can't Stop Lovin' You - Cópia.mp3
[19/06/2013 - 12:18:40 | N | 5451 Ko] - E:\113 - Crowded House - Don´t Dream Is Over - Cópia.mp3
[20/06/2013 - 21:06:38 | N | 8368 Ko] - E:\Aerosmith - 03. Dream On - Cópia.mp3
[20/06/2013 - 21:06:38 | N | 9673 Ko] - E:\Aerosmith - 09. Angel - Cópia.mp3
[20/06/2013 - 21:06:42 | N | 9646 Ko] - E:\Aerosmith - 09. Cryin' - Cópia.mp3
[20/12/2012 - 18:58:54 | N | 3681 Ko] - E:\Air Supply - Lost In Love - Cópia.mp3
[20/12/2012 - 18:58:54 | N | 4322 Ko] - E:\Amedeo Minghi - Cantare è D'Amore.mp3
[20/06/2013 - 21:07:00 | N | 4935 Ko] - E:\Annie Lennox - A whiter shade of pale.mp3
[20/06/2013 - 21:07:02 | N | 5816 Ko] - E:\Avril Lavigne - Im With You.mp3
[16/01/2010 - 11:41:24 | N | 4200 Ko] - E:\Barbra Streisand & Ritchie Lionel - Endless Love.mp3
[20/06/2013 - 21:07:08 | N | 5385 Ko] - E:\Chicago - If You Leave Me Now.mp3
[23/06/2013 - 19:12:56 | N | 5325 Ko] - E:\Do You Remember - Phil Collins .mp3
[20/12/2012 - 18:58:44 | N | 3678 Ko] - E:\Nazareth - Love Hurts.mp3
[22/09/2011 - 10:47:34 | N | 6158 Ko] - E:\Pink Floid- Wish you were here.mp3
[04/02/2008 - 00:12:30 | N | 3825 Ko] - E:\Quando Eu Te Encontrar.mp3
[26/08/2007 - 16:37:48 | N | 2880 Ko] - E:\Quanto Tempo Demora um Mês.mp3
[01/04/2009 - 21:33:34 | N | 6079 Ko] - E:\richie sambora - undiscovered soul - 05 all that really matters.mp3
[20/12/2012 - 18:58:42 | N | 6000 Ko] - E:\Scorpions - Still Loving You.mp3
[20/12/2012 - 18:58:42 | N | 4075 Ko] - E:\Scorpions - You And I.mp3
[21/07/2011 - 13:11:34 | N | 4202 Ko] - E:\marlon e maicon- por te amar assim(2).mp3
[23/06/2013 - 19:47:12 | N | 2847 Ko] - E:\U2 - The Sweetest Thing.mp3
[24/01/2010 - 13:25:22 | N | 4630 Ko] - E:\U2 - With or Without You.mp3
[20/12/2012 - 18:59:06 | N | 3969 Ko] - E:\Impossível.mp3
[20/12/2012 - 18:58:16 | N | 8235 Ko] - E:\0002- Steppenwolf - Born To Be Wild - 1968 - Cópia (2).mp3
[15/11/2011 - 15:34:52 | N | 4749 Ko] - E:\Djavan-Se.mp3
[09/06/2013 - 13:28:56 | N | 3827 Ko] - E:\Paula Fernandes-Passaro de fogo.mp3
[10/12/2011 - 22:30:26 | N | 5408 Ko] - E:\joao bosco e vinicius - chuva.mp3
[09/06/2013 - 13:35:58 | N | 3917 Ko] - E:\Vanessa da Mata-Amado.mp3
[25/01/2010 - 11:42:50 | N | 6752 Ko] - E:\047) Mr. Mister - Broken Wings [December 1985].mp3
[31/12/2013 - 21:01:04 | RASHD] - E:\Autorun.inf
################## | Vaccin |
E:\Autorun.inf -> Vacina criada por UsbFix (El Desaparecido)
################## | E.O.F | [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] |
Mr. Micro- Membro
- Mensagens : 56
Reputação : 2
Data de inscrição : 31/08/2013
Re: Worm Conficker detectado pelo Avira em pendrive
por Power Max Qua 01 Jan 2014, 12:30
Outros problemas foram removidos pelo Usbfix.____________________________
clique com o botão direito do mouse sobre o ícone do Avira (ao lado do relógio do Windows) e escolha a opção Iniciar o Avira Free Antivirus > Clique em System Scanner > Clique em Varredura Completa > Clique no botão no formato de uma lupa logo acima para iniciar o escaneamento e aguarde a conclusão do escaneamento. _____________________________________________
* Quando você tiver removido os virus que o Avira encontrar, clique com no botão Relatório > Depois será aberta uma tela com o log, então é só selecionar este Log (Clique no menu: Editar » Selecionar Tudo), depois disso volte novamente no menu: Editar » e clique na opção: Copiar) > Depois disso é só voltar aqui no fórum e postar este log do Avira para que ele possa ser analisado.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Worm Conficker detectado pelo Avira em pendrive
por Mr. Micro Qua 01 Jan 2014, 12:46
Valeu, Marcos. Já estou fazendo o scan completo com o Avira. E enquanto isto posto também o relatório do Hijackthis para dar uma olhada:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:43:45, on 01/01/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Users\carolino\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\carolino\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\carolino\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\carolino\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\carolino\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\carolino\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\carolino\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Users\carolino\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\carolino\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\carolino\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE
C:\Users\carolino\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\carolino\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\notepad.exe
C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
C:\Users\carolino\AppData\Local\Google\Chrome\Application\chrome.exe
C:\program files (x86)\avira\antivir desktop\avcenter.exe
C:\Users\carolino\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\carolino\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=Userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRA~2\GbPlugin\gbiehuni.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: imagem.caixa.gov.br
O15 - Trusted Zone: internetbanking.caixa.gov.br
O15 - Trusted Zone: internetbankingpf.caixa.gov.br
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O17 - HKLM\System\CCS\Services\Tcpip\..\{6067F239-5AFB-47B8-86EC-249DCB9065C2}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E701662-ABA8-4060-843E-9E774E95973A}: NameServer = 8.8.4.4,8.8.8.8
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll
O20 - Winlogon Notify: GbPluginUni - C:\PROGRA~2\GbPlugin\gbiehUni.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Agendamento (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Blue Coat K9 Web Protection (bckwfs) - Blue Coat Systems, Inc. - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Spooler de Impressão (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10102 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Serviço de Compartilhamento de Rede do Windows Media Player (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 13057 bytes
Mr. Micro- Membro
- Mensagens : 56
Reputação : 2
Data de inscrição : 31/08/2013
Re: Worm Conficker detectado pelo Avira em pendrive
por Power Max Qua 01 Jan 2014, 12:49
Quanto ao log do Hijackthis, está limpo. Nada de perigoso foi detectado.
Fico na espera do relatório do Avira.
Fico na espera do relatório do Avira.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Worm Conficker detectado pelo Avira em pendrive
por Mr. Micro Qua 01 Jan 2014, 18:23
Finalmente o escaneamento com o Avira terminou. Aqui está o log:
Avira Free Antivirus
Data do arquivo de relatório: quarta-feira, 1 de janeiro de 2014 12:31
O programa está sendo executado como versão completa sem limitações.
Os serviços online estão disponíveis.
Licenciado : Avira Free Antivirus
Plataforma : Windows 7 Home Premium
Versão do Windows : (Service Pack 1) [6.1.7601]
Modo de inicialização : Normalmente inicializado
Nome de usuário : Marcio
Nome do computador : SWPTC21-PC
Informações da versão:
BUILD.DAT : 14.0.2.286 55547 Bytes 13/12/2013 15:11:00
AVSCAN.EXE : 14.0.2.254 1032760 Bytes 20/12/2013 10:50:22
AVSCANRC.DLL : 14.0.2.180 58936 Bytes 20/12/2013 10:50:22
LUKE.DLL : 14.0.2.234 65592 Bytes 20/12/2013 10:51:37
AVSCPLR.DLL : 14.0.2.254 124472 Bytes 20/12/2013 10:50:23
AVREG.DLL : 14.0.2.212 250424 Bytes 20/12/2013 10:50:19
avlode.dll : 14.0.2.254 540216 Bytes 20/12/2013 10:50:13
avlode.rdf : 13.0.1.62 56973 Bytes 09/12/2013 16:26:16
VBASE000.VDF : 7.11.70.0 66736640 Bytes 04/04/2013 12:41:58
VBASE001.VDF : 7.11.74.226 2201600 Bytes 30/04/2013 12:42:09
VBASE002.VDF : 7.11.80.60 2751488 Bytes 28/05/2013 12:42:24
VBASE003.VDF : 7.11.85.214 2162688 Bytes 21/06/2013 12:42:36
VBASE004.VDF : 7.11.91.176 3903488 Bytes 23/07/2013 12:42:56
VBASE005.VDF : 7.11.98.186 6822912 Bytes 29/08/2013 12:43:26
VBASE006.VDF : 7.11.103.230 2293248 Bytes 24/09/2013 10:26:04
VBASE007.VDF : 7.11.116.38 5485568 Bytes 28/11/2013 13:25:58
VBASE008.VDF : 7.11.120.140 1154560 Bytes 19/12/2013 10:49:32
VBASE009.VDF : 7.11.120.141 2048 Bytes 19/12/2013 10:49:32
VBASE010.VDF : 7.11.120.142 2048 Bytes 19/12/2013 10:49:32
VBASE011.VDF : 7.11.120.143 2048 Bytes 19/12/2013 10:49:33
VBASE012.VDF : 7.11.120.144 2048 Bytes 19/12/2013 10:49:33
VBASE013.VDF : 7.11.120.145 2048 Bytes 19/12/2013 10:49:33
VBASE014.VDF : 7.11.121.19 126976 Bytes 21/12/2013 12:21:07
VBASE015.VDF : 7.11.121.147 122880 Bytes 24/12/2013 12:44:36
VBASE016.VDF : 7.11.121.233 115712 Bytes 25/12/2013 19:27:39
VBASE017.VDF : 7.11.122.57 325120 Bytes 27/12/2013 11:37:38
VBASE018.VDF : 7.11.122.123 199680 Bytes 28/12/2013 13:11:34
VBASE019.VDF : 7.11.122.219 368640 Bytes 01/01/2014 12:05:38
VBASE020.VDF : 7.11.122.220 2048 Bytes 01/01/2014 12:05:38
VBASE021.VDF : 7.11.122.221 2048 Bytes 01/01/2014 12:05:39
VBASE022.VDF : 7.11.122.222 2048 Bytes 01/01/2014 12:05:39
VBASE023.VDF : 7.11.122.223 2048 Bytes 01/01/2014 12:05:39
VBASE024.VDF : 7.11.122.224 2048 Bytes 01/01/2014 12:05:39
VBASE025.VDF : 7.11.122.225 2048 Bytes 01/01/2014 12:05:40
VBASE026.VDF : 7.11.122.226 2048 Bytes 01/01/2014 12:05:40
VBASE027.VDF : 7.11.122.227 2048 Bytes 01/01/2014 12:05:40
VBASE028.VDF : 7.11.122.228 2048 Bytes 01/01/2014 12:05:40
VBASE029.VDF : 7.11.122.229 2048 Bytes 01/01/2014 12:05:41
VBASE030.VDF : 7.11.122.230 2048 Bytes 01/01/2014 12:05:41
VBASE031.VDF : 7.11.122.232 102400 Bytes 01/01/2014 12:05:42
Versão do mecanismo : 8.2.12.166
AEVDF.DLL : 8.1.3.4 102774 Bytes 15/09/2013 12:44:19
AESCRIPT.DLL : 8.1.4.176 520574 Bytes 20/12/2013 10:49:56
AESCN.DLL : 8.1.10.6 131447 Bytes 11/12/2013 16:40:26
AESBX.DLL : 8.2.16.26 1245560 Bytes 15/09/2013 12:44:22
AERDL.DLL : 8.2.0.138 704888 Bytes 02/12/2013 19:18:46
AEPACK.DLL : 8.3.3.8 762232 Bytes 20/12/2013 10:49:54
AEOFFICE.DLL : 8.1.2.76 205181 Bytes 15/09/2013 12:44:09
AEHEUR.DLL : 8.1.4.830 6386042 Bytes 20/12/2013 10:49:52
AEHELP.DLL : 8.1.27.10 266618 Bytes 22/11/2013 11:42:37
AEGEN.DLL : 8.1.7.20 446839 Bytes 13/11/2013 16:46:12
AEEXP.DLL : 8.4.1.138 418168 Bytes 13/12/2013 10:17:38
AEEMU.DLL : 8.1.3.2 393587 Bytes 15/09/2013 12:43:54
AECORE.DLL : 8.1.33.0 225657 Bytes 11/12/2013 16:39:54
AEBB.DLL : 8.1.1.4 53619 Bytes 15/09/2013 12:43:52
AVWINLL.DLL : 14.0.2.180 23608 Bytes 20/12/2013 10:49:19
AVPREF.DLL : 14.0.2.180 48696 Bytes 20/12/2013 10:50:18
AVREP.DLL : 14.0.2.180 175672 Bytes 20/12/2013 10:50:20
AVARKT.DLL : 14.0.2.254 256056 Bytes 20/12/2013 10:49:58
AVEVTLOG.DLL : 14.0.2.180 165944 Bytes 20/12/2013 10:50:06
SQLITE3.DLL : 3.7.0.1 394824 Bytes 15/09/2013 12:48:01
AVSMTP.DLL : 14.0.2.180 60472 Bytes 20/12/2013 10:50:25
NETNT.DLL : 14.0.2.180 13368 Bytes 20/12/2013 10:51:38
RCIMAGE.DLL : 14.0.2.180 4788792 Bytes 20/12/2013 10:49:19
RCTEXT.DLL : 14.0.2.264 74296 Bytes 20/12/2013 10:49:19
Opções de configuração para a varredura:
Nome da tarefa......................................: Varredura completa
Arquivo de configuração.............................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Relatório...........................................: padrão
Ação primária.......................................: Reparar
Ação secundária.....................................: Excluir
Fazer a varredura do setor mestre de inicialização..: ativado
Fazer a varredura do setor de inicialização.........: ativado
Setores de inicialização............................: C:, Q:,
Varredura do processo...............................: ativado
Varredura do processo estendida.....................: ativado
Fazer a varredura do registro.......................: ativado
Procurar rootkits...................................: ativado
Varredura da integridade dos arquivos de sistema....: desativado
Fazer a varredura de todos arquivos.................: Todos os arquivos
Fazer a varredura dos arquivamentos.................: ativado
Profundidade de recursão............................: 20
Extensões inteligentes..............................: ativado
Heurística para vírus de macro......................: ativado
Heurística do arquivo...............................: estendido
Desviando categorias de risco.......................: +APPL,+GAME,+JOKE,+PCK,+SPR,
Início da varredura: quarta-feira, 1 de janeiro de 2014 12:31
Iniciar a varredura dos setores de inicialização:
Setor de inicialização 'HDD0(C:, Q:)'
[INFO] Nenhum vírus foi encontrado!
Iniciando a pesquisa de objetos ocultos.
A varredura dos processos em execução será iniciada:
Processo de varredura 'svchost.exe' – foi feita a varredura em '52' módulo(s)
Processo de varredura 'GbpSv.exe' – foi feita a varredura em '53' módulo(s)
Processo de varredura 'svchost.exe' – foi feita a varredura em '39' módulo(s)
Processo de varredura 'svchost.exe' – foi feita a varredura em '75' módulo(s)
Processo de varredura 'svchost.exe' – foi feita a varredura em '98' módulo(s)
Processo de varredura 'svchost.exe' – foi feita a varredura em '59' módulo(s)
Processo de varredura 'svchost.exe' – foi feita a varredura em '155' módulo(s)
Processo de varredura 'STacSV64.exe' – foi feita a varredura em '36' módulo(s)
Processo de varredura 'svchost.exe' – foi feita a varredura em '76' módulo(s)
Processo de varredura 'WLANExt.exe' – foi feita a varredura em '36' módulo(s)
Processo de varredura 'conhost.exe' – foi feita a varredura em '14' módulo(s)
Processo de varredura 'sched.exe' – foi feita a varredura em '59' módulo(s)
Processo de varredura 'svchost.exe' – foi feita a varredura em '61' módulo(s)
Processo de varredura 'avguard.exe' – foi feita a varredura em '99' módulo(s)
Processo de varredura 'k9filter.exe' – foi feita a varredura em '39' módulo(s)
Processo de varredura 'fsssvc.exe' – foi feita a varredura em '88' módulo(s)
Processo de varredura 'taskhost.exe' – foi feita a varredura em '70' módulo(s)
Processo de varredura 'svchost.exe' – foi feita a varredura em '37' módulo(s)
Processo de varredura 'Dwm.exe' – foi feita a varredura em '31' módulo(s)
Processo de varredura 'Explorer.EXE' – foi feita a varredura em '188' módulo(s)
Processo de varredura 'sftvsa.exe' – foi feita a varredura em '32' módulo(s)
Processo de varredura 'svchost.exe' – foi feita a varredura em '32' módulo(s)
Processo de varredura 'sftlist.exe' – foi feita a varredura em '100' módulo(s)
Processo de varredura 'avgnt.exe' – foi feita a varredura em '97' módulo(s)
Processo de varredura 'CVHSVC.EXE' – foi feita a varredura em '90' módulo(s)
Processo de varredura 'avshadow.exe' – foi feita a varredura em '29' módulo(s)
Processo de varredura 'SearchIndexer.exe' – foi feita a varredura em '57' módulo(s)
Processo de varredura 'svchost.exe' – foi feita a varredura em '33' módulo(s)
Processo de varredura 'svchost.exe' – foi feita a varredura em '37' módulo(s)
Processo de varredura 'chrome.exe' – foi feita a varredura em '131' módulo(s)
Processo de varredura 'chrome.exe' – foi feita a varredura em '64' módulo(s)
Processo de varredura 'chrome.exe' – foi feita a varredura em '44' módulo(s)
Processo de varredura 'chrome.exe' – foi feita a varredura em '44' módulo(s)
Processo de varredura 'chrome.exe' – foi feita a varredura em '44' módulo(s)
Processo de varredura 'chrome.exe' – foi feita a varredura em '44' módulo(s)
Processo de varredura 'svchost.exe' – foi feita a varredura em '34' módulo(s)
Processo de varredura 'svchost.exe' – foi feita a varredura em '59' módulo(s)
Processo de varredura 'chrome.exe' – foi feita a varredura em '44' módulo(s)
Processo de varredura 'opera.exe' – foi feita a varredura em '98' módulo(s)
Processo de varredura 'chrome.exe' – foi feita a varredura em '44' módulo(s)
Processo de varredura 'chrome.exe' – foi feita a varredura em '46' módulo(s)
Processo de varredura 'WINWORD.EXE' – foi feita a varredura em '74' módulo(s)
Processo de varredura 'chrome.exe' – foi feita a varredura em '44' módulo(s)
Processo de varredura 'prevhost.exe' – foi feita a varredura em '29' módulo(s)
Processo de varredura 'NOTEPAD.EXE' – foi feita a varredura em '96' módulo(s)
Processo de varredura 'NOTEPAD.EXE' – foi feita a varredura em '25' módulo(s)
Processo de varredura 'notepad.exe' – foi feita a varredura em '30' módulo(s)
Processo de varredura 'Maxthon.exe' – foi feita a varredura em '104' módulo(s)
Processo de varredura 'Maxthon.exe' – foi feita a varredura em '89' módulo(s)
Processo de varredura 'Maxthon.exe' – foi feita a varredura em '91' módulo(s)
Processo de varredura 'Maxthon.exe' – foi feita a varredura em '131' módulo(s)
Processo de varredura 'avcenter.exe' – foi feita a varredura em '127' módulo(s)
Processo de varredura 'avscan.exe' – foi feita a varredura em '116' módulo(s)
Processo de varredura 'vssvc.exe' – foi feita a varredura em '47' módulo(s)
Processo de varredura 'svchost.exe' – foi feita a varredura em '28' módulo(s)
Processo de varredura 'chrome.exe' – foi feita a varredura em '44' módulo(s)
Processo de varredura 'SearchProtocolHost.exe' – foi feita a varredura em '29' módulo(s)
Processo de varredura 'SearchFilterHost.exe' – foi feita a varredura em '27' módulo(s)
Processo de varredura 'smss.exe' – foi feita a varredura em '2' módulo(s)
Processo de varredura 'csrss.exe' – foi feita a varredura em '18' módulo(s)
Processo de varredura 'wininit.exe' – foi feita a varredura em '26' módulo(s)
Processo de varredura 'csrss.exe' – foi feita a varredura em '16' módulo(s)
Processo de varredura 'services.exe' – foi feita a varredura em '33' módulo(s)
Processo de varredura 'lsass.exe' – foi feita a varredura em '65' módulo(s)
Processo de varredura 'lsm.exe' – foi feita a varredura em '16' módulo(s)
Processo de varredura 'winlogon.exe' – foi feita a varredura em '31' módulo(s)
Iniciando a varredura dos arquivos executáveis (registro):
Foi feita a varredura no registro ( '5808' arquivos ).
Iniciando a varredura do arquivo:
Iniciar varredura em 'C:\'
Iniciar varredura em 'Q:\'
Não foi possível abrir o caminho de pesquisa Q:\!
Erro do sistema [5]: Acesso negado.
Término da varredura: quarta-feira, 1 de janeiro de 2014 17:18
Tempo decorrido: 4:46:34 Hora(s)
A varredura foi concluída.
70119 Diretórios verificados
1384936 Foi feita a varredura nos arquivos
0 Vírus e/ou programas indesejados foram encontrados
0 Os arquivos foram classificados como suspeitos
0 Arquivos excluídos
0 Vírus e programas indesejados foram reparados
0 Os arquivos foram movidos para a quarentena
0 Os arquivos foram renomeados
0 Não é possível fazer a varredura dos arquivos
1384936 Arquivos não envolvidos
15941 Varredura dos arquivamentos terminada
0 Avisos
0 Notas
921943 Os objetos foram verificados com a varredura de rootkit
0 Objetos ocultos foram encontrados
Mr. Micro- Membro
- Mensagens : 56
Reputação : 2
Data de inscrição : 31/08/2013
Re: Worm Conficker detectado pelo Avira em pendrive
por Power Max Qua 01 Jan 2014, 18:30
1) Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (..de Eric lee e Mopao) extraia o arquivo Scanlist.bat para o Desktop (Área de trabalho).
2) Dê um duplo clique em Scanlist.bat.
Para Windows Vista, Windows 7/8, clique com o botão direito do mouse sobre o Scanlist.bat e clique em (Executar como Administrador)
3)Tecle o numero (1) e (Enter), aguarde o escaneamento, ao término apresentará um relatório no "Bloco de Notas" copie todo o conteúdo e cole-o aqui em seu tópico para ser analisado.
2) Dê um duplo clique em Scanlist.bat.
Para Windows Vista, Windows 7/8, clique com o botão direito do mouse sobre o Scanlist.bat e clique em (Executar como Administrador)
3)Tecle o numero (1) e (Enter), aguarde o escaneamento, ao término apresentará um relatório no "Bloco de Notas" copie todo o conteúdo e cole-o aqui em seu tópico para ser analisado.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Worm Conficker detectado pelo Avira em pendrive
por Mr. Micro Qua 01 Jan 2014, 18:41
Dividi o relatório em duas partes pois não coube em uma resposta só:
Parte 1:
Parte 1:
- Spoiler:
- $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$ $
Supplementary Scanlist BETA
$ $
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
© Eric Lee Mopao ©
Microsoft Windows [versÆo 6.1.7601] 64 Bit
Gewaehlter Scan: Standard
----------------------------------------
C:\$Recycle.BIN\
C:\$Recycle.BIN\S-1-5-21-3824751855-59665496-4174140042-1000
C:\$Recycle.BIN\S-1-5-18
C:\$Recycle.BIN\S-1-5-18\desktop.ini
C:\$Recycle.BIN\S-1-5-21-3824751855-59665496-4174140042-1000\desktop.ini
----------------------------------------
C:\ (Startlaufwerk)
01/01/2014 17:45 C:\System Volume Information --d--hs------ 28672
01/01/2014 15:06 C:\Windows --d---------- 24576
01/01/2014 12:20 C:\UsbFix --d---------- 4096
C:\pagefile.sys ----
C:\hiberfil.sys ----
31/12/2013 21:02 C:\UsbFix [Clean 1] SWPTC21-PC.txt ----a-------- 10152
31/12/2013 21:01 C:\UsbFix [Scan 1] SWPTC21-PC.txt ------------- 6606
30/12/2013 19:18 C:\Program Files --d---------- 8192
30/12/2013 10:30 C:\ProgramData --d--h------- 20480
21/12/2013 17:20 C:\AdwCleaner --d---------- 4096
21/12/2013 15:53 C:\Config.Msi --d---------- 0
21/12/2013 15:53 C:\Program Files (x86) --d---------- 28672
09/12/2013 20:07 C:\$RECYCLE.BIN --d--hs------ 0
05/12/2013 13:57 C:\zoek_backup --d---------- 4096
24/11/2013 16:25 C:\PureRa.txt ------------- 1628
09/11/2013 16:09 C:\KillBox --d---------- 0
24/09/2013 18:16 C:\RRTVAULT --d---------- 0
29/08/2013 16:55 C:\CAT-Logs --d---------- 4096
28/07/2013 18:31 C:\RegBackup --d---------- 0
12/05/2013 12:27 C:\FFOutput --d---------- 0
16/05/2012 16:46 C:\FixitRegBackup.reg ------------- 21734
13/05/2012 11:29 C:\Reg_Backup --d---------- 0
13/05/2012 11:24 C:\Tweaking.com_Windows_Repair_Logs --d---------- 0
24/03/2012 17:44 C:\Arquivos de Programas RFB --d---------- 0
16/12/2011 12:46 C:\Palm --d---------- 20480
28/09/2011 10:17 C:\Boot --d--hs------ 4096
25/09/2011 15:14 C:\PFiles --d---------- 0
25/09/2011 13:12 C:\Intel --d---------- 0
25/09/2011 12:22 C:\Users --d---------- 4096
25/09/2011 12:22 C:\Recovery --d--hs------ 0
25/09/2011 12:22 C:\Arquivos de Programas --d-------l-- 0
25/09/2011 12:00 C:\BOOTSECT.BAK ------------- 8192
20/11/2010 10:40 C:\bootmgr ---rahs------ 383786
14/07/2009 03:08 C:\Documents and Settings --d--hs---l-- 0
14/07/2009 01:20 C:\PerfLogs --d---------- 0
C:\*:ADS
2 .:8F9B0701_Bb.gbp:$DATA
2 .:8F9B0701_Cef.gbp:$DATA
2 .:8F9B0701_Uni.gbp:$DATA
----------------------------------------
C:\Windows\
16/03/2013 17:51 C:\Windows\ODBC.INI ----a-------- 418
13/05/2012 11:29 C:\Windows\PSEXESVC.EXE ----a-------- 181064
11/02/2012 04:36 C:\Windows\splwow64.exe ----a-------- 67072
16/12/2011 12:41 C:\Windows\trace.txt ----a-------- 0
25/02/2011 04:19 C:\Windows\explorer.exe ----a-------- 2871808
20/11/2010 11:24 C:\Windows\bfsvc.exe ----a-------- 71168
20/11/2010 10:21 C:\Windows\twain_32.dll ----a-------- 51200
14/07/2009 03:09 C:\Windows\win.ini ----a-------- 403
13/07/2009 23:39 C:\Windows\write.exe ----a-------- 10240
13/07/2009 23:39 C:\Windows\regedit.exe ----a-------- 427008
13/07/2009 23:39 C:\Windows\notepad.exe ----a-------- 193536
13/07/2009 23:39 C:\Windows\HelpPane.exe ----a-------- 733696
13/07/2009 23:39 C:\Windows\hh.exe ----a-------- 16896
13/07/2009 23:39 C:\Windows\fveupdate.exe ----a-------- 15360
13/07/2009 23:14 C:\Windows\winhlp32.exe ----a-------- 9728
13/07/2009 23:14 C:\Windows\twunk_32.exe ----a-------- 31232
10/06/2009 19:41 C:\Windows\twunk_16.exe ----a-------- 49680
10/06/2009 19:41 C:\Windows\twain.dll ----a-------- 94784
10/06/2009 19:08 C:\Windows\system.ini ----a-------- 219
10/06/2009 18:36 C:\Windows\msdfmap.ini ----a-------- 1405
29/03/2004 16:23 C:\Windows\unvise32.exe ----a-------- 90112
C:\Windows\*:ADS
2 System32:8F9B0701_Bb.gbp:$DATA
2 System32:8F9B0701_Cef.gbp:$DATA
2 System32:8F9B0701_Uni.gbp:$DATA
----------------------------------------
C:\Windows\Temp
C:\Windows\Temp Directories
C:\Windows\Temp\*:ADS
----------------------------------------
C:\Windows\Prefetch
01/01/2014 18:33 C:\Windows\Prefetch\FIND.EXE-162DFE58.pf ----a-------- 12372
01/01/2014 18:33 C:\Windows\Prefetch\CMD.EXE-89305D47.pf ----a-------- 12766
01/01/2014 18:32 C:\Windows\Prefetch\CONHOST.EXE-3218E401.pf ----a-------- 16036
01/01/2014 18:32 C:\Windows\Prefetch\DLLHOST.EXE-893DDF55.pf ----a-------- 17954
01/01/2014 18:32 C:\Windows\Prefetch\REG.EXE-26976709.pf ----a-------- 10752
01/01/2014 18:32 C:\Windows\Prefetch\CONSENT.EXE-65F6206D.pf ----a-------- 76402
01/01/2014 18:32 C:\Windows\Prefetch\WINRAR.EXE-6F42D4E7.pf ----a-------- 32756
01/01/2014 18:32 C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-AA7A1FDD.pf ----a-------- 16970
01/01/2014 18:32 C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-AFAD3EF9.pf ----a-------- 14920
01/01/2014 18:31 C:\Windows\Prefetch\MAXTHON.EXE-C544E792.pf ----a-------- 267766
01/01/2014 18:26 C:\Windows\Prefetch\AVWSC.EXE-3F986FB6.pf ----a-------- 62986
01/01/2014 18:25 C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-3824751855-59665496-4174140042-1000.db ----a-------- 951036
01/01/2014 18:25 C:\Windows\Prefetch\AgGlUAD_S-1-5-21-3824751855-59665496-4174140042-1000.db ----a-------- 1653188
01/01/2014 18:24 C:\Windows\Prefetch\MXUP.EXE-0B4FDEC1.pf ----a-------- 82200
01/01/2014 18:24 C:\Windows\Prefetch\AUDIODG.EXE-D0D776AC.pf ----a-------- 529888
01/01/2014 18:21 C:\Windows\Prefetch\NOTEPAD.EXE-28E040DE.pf ----a-------- 23494
01/01/2014 18:08 C:\Windows\Prefetch\layout.ini ----a-------- 897786
01/01/2014 18:06 C:\Windows\Prefetch\TASKHOST.EXE-437C05A8.pf ----a-------- 88166
01/01/2014 18:01 C:\Windows\Prefetch\IPMGUI.EXE-AA5C66C9.pf ----a-------- 167552
01/01/2014 18:00 C:\Windows\Prefetch\WSQMCONS.EXE-E2CE6542.pf ----a-------- 2820
01/01/2014 17:49 C:\Windows\Prefetch\TASKENG.EXE-5BAF290C.pf ----a-------- 280056
01/01/2014 17:49 C:\Windows\Prefetch\FLASHPLAYERUPDATESERVICE.EXE-41B177B8.pf ----a-------- 14660
01/01/2014 17:47 C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-031B6478.pf ----a-------- 144612
01/01/2014 17:45 C:\Windows\Prefetch\PING.EXE-B29F6629.pf ----a-------- 16316
01/01/2014 17:45 C:\Windows\Prefetch\WMIPRVSE.EXE-43972D0F.pf ----a-------- 51784
01/01/2014 17:45 C:\Windows\Prefetch\W32TM.EXE-5D2265F4.pf ----a-------- 15612
01/01/2014 17:45 C:\Windows\Prefetch\CSC.EXE-6F2C7122.pf ----a-------- 50064
01/01/2014 17:45 C:\Windows\Prefetch\CVTRES.EXE-6280F3A8.pf ----a-------- 12858
01/01/2014 17:45 C:\Windows\Prefetch\SVCHOST.EXE-8FD92526.pf ----a-------- 18234
01/01/2014 17:45 C:\Windows\Prefetch\SDIAGNHOST.EXE-67CD1457.pf ----a-------- 98982
01/01/2014 17:45 C:\Windows\Prefetch\VSSVC.EXE-04D079CC.pf ----a-------- 316220
01/01/2014 17:45 C:\Windows\Prefetch\RUNDLL32.EXE-F452D79D.pf ----a-------- 13172
01/01/2014 17:38 C:\Windows\Prefetch\RUNDLL32.EXE-125D4518.pf ----a-------- 111670
01/01/2014 17:37 C:\Windows\Prefetch\DEFRAG.EXE-738093E8.pf ----a-------- 18632
01/01/2014 17:35 C:\Windows\Prefetch\SVCHOST.EXE-8DA0BAAD.pf ----a-------- 16942
01/01/2014 16:12 C:\Windows\Prefetch\CHROME.EXE-B7E92C6A.pf ----a-------- 596716
01/01/2014 16:05 C:\Windows\Prefetch\UPDATE.EXE-BE1C11C1.pf ----a-------- 274150
01/01/2014 16:05 C:\Windows\Prefetch\UPDRGUI.EXE-0C08E3E2.pf ----a-------- 52814
01/01/2014 15:57 C:\Windows\Prefetch\AgGlFgAppHistory.db ----a-------- 2022649
01/01/2014 15:57 C:\Windows\Prefetch\AgGlFaultHistory.db ----a-------- 507644
01/01/2014 15:57 C:\Windows\Prefetch\AgGlGlobalHistory.db ----a-------- 3315578
01/01/2014 15:57 C:\Windows\Prefetch\AgRobust.db ----a-------- 384856
01/01/2014 15:06 C:\Windows\Prefetch\CCLEANER64.EXE-AACDD30D.pf ----a-------- 44502
01/01/2014 15:06 C:\Windows\Prefetch\PING.EXE-6B29C0CD.pf ----a-------- 1732
01/01/2014 15:06 C:\Windows\Prefetch\CCSETUP409.EXE-0DD5C809.pf ----a-------- 2806
01/01/2014 14:10 C:\Windows\Prefetch\SNDVOL.EXE-783DCB11.pf ----a-------- 166324
01/01/2014 13:53 C:\Windows\Prefetch\SVCHOST.EXE-93CEEE07.pf ----a-------- 79206
01/01/2014 13:51 C:\Windows\Prefetch\AVSCAN.EXE-9E3814CE.pf ----a-------- 218744
01/01/2014 12:39 C:\Windows\Prefetch\HIJACKTHIS.EXE-F314ADFF.pf ----a-------- 37314
01/01/2014 12:28 C:\Windows\Prefetch\AVCENTER.EXE-C557A7BA.pf ----a-------- 136224
01/01/2014 12:20 C:\Windows\Prefetch\GO.EXE-759C3391.pf ----a-------- 40318
01/01/2014 12:20 C:\Windows\Prefetch\USBFIX.EXE-8514946A.pf ----a-------- 42190
01/01/2014 12:17 C:\Windows\Prefetch\NOTEPAD.EXE-EB1B961A.pf ----a-------- 21088
01/01/2014 12:05 C:\Windows\Prefetch\AVNOTIFY.EXE-FF6BC992.pf ----a-------- 204350
01/01/2014 12:04 C:\Windows\Prefetch\PREVHOST.EXE-205F609A.pf ----a-------- 24662
01/01/2014 12:00 C:\Windows\Prefetch\WINWORD.EXE-61504AD5.pf ----a-------- 48058
01/01/2014 11:31 C:\Windows\Prefetch\WEBKIT2WEBPROCESS.EXE-0AD0315E.pf ----a-------- 140556
01/01/2014 11:31 C:\Windows\Prefetch\SAFARI.EXE-C6855950.pf ----a-------- 159800
01/01/2014 11:30 C:\Windows\Prefetch\OPERA.EXE-4D32234A.pf ----a-------- 189988
01/01/2014 10:39 C:\Windows\Prefetch\SCRIPT-FU.EXE-755935DE.pf ----a-------- 44826
01/01/2014 10:39 C:\Windows\Prefetch\LCMS.EXE-33B722F8.pf ----a-------- 45460
01/01/2014 10:39 C:\Windows\Prefetch\FILE-JPEG.EXE-32349A64.pf ----a-------- 52732
01/01/2014 10:39 C:\Windows\Prefetch\GIMP-2.6.EXE-C0405BCF.pf ----a-------- 123188
01/01/2014 10:15 C:\Windows\Prefetch\DLLHOST.EXE-FA51C347.pf ----a-------- 27308
01/01/2014 10:13 C:\Windows\Prefetch\WERMGR.EXE-2A1BCBC7.pf ----a-------- 12346
01/01/2014 10:05 C:\Windows\Prefetch\WUAUCLT.EXE-830BCC14.pf ----a-------- 32026
01/01/2014 10:04 C:\Windows\Prefetch\WMIADAP.EXE-369DF1CD.pf ----a-------- 31166
01/01/2014 10:03 C:\Windows\Prefetch\SPPSVC.EXE-CBE91656.pf ----a-------- 12270
01/01/2014 10:03 C:\Windows\Prefetch\SVCHOST.EXE-F03E4D6B.pf ----a-------- 10594
01/01/2014 10:03 C:\Windows\Prefetch\SVCHOST.EXE-135A30D8.pf ----a-------- 20194
01/01/2014 10:03 C:\Windows\Prefetch\MSCORSVW.EXE-98F0699A.pf ----a-------- 11976
01/01/2014 10:03 C:\Windows\Prefetch\MSCORSVW.EXE-FAA88858.pf ----a-------- 14844
01/01/2014 10:03 C:\Windows\Prefetch\SDCLT.EXE-2D2C4DDD.pf ----a-------- 23492
01/01/2014 10:01 C:\Windows\Prefetch\ReadyBoot --d---------- 4096
01/01/2014 10:01 C:\Windows\Prefetch\SVCHOST.EXE-4D8DA32A.pf ----a-------- 19622
01/01/2014 10:01 C:\Windows\Prefetch\SVCHOST.EXE-B1D6DE75.pf ----a-------- 18724
01/01/2014 10:01 C:\Windows\Prefetch\SEARCHINDEXER.EXE-77D27BAC.pf ----a-------- 95022
01/01/2014 10:01 C:\Windows\Prefetch\AVSHADOW.EXE-CCCDFA5B.pf ----a-------- 16614
01/01/2014 10:01 C:\Windows\Prefetch\NTOSBOOT-B00DFAAD.pf ----a-------- 1197044
01/01/2014 10:01 C:\Windows\Prefetch\OFFICEVIRT.EXE-B35C91F5.pf ----a-------- 23594
31/12/2013 21:37 C:\Windows\Prefetch\PfSvPerfStats.bin ----a-------- 584
31/12/2013 16:01 C:\Windows\Prefetch\AgCx_SC1.db ----a-------- 717268
31/12/2013 16:00 C:\Windows\Prefetch\AgCx_SC1.db.trx ----a-------- 75346
30/12/2013 10:29 C:\Windows\Prefetch\AgCx_SC4.db ----a-------- 345774
24/11/2013 16:29 C:\Windows\Prefetch\AgAppLaunch.db ----a-------- 334168
----------------------------------------
C:\Windows\Tasks
01/01/2014 17:49 C:\Windows\Tasks\Adobe Flash Player Updater.job ----a-------- 902
01/01/2014 10:00 C:\Windows\Tasks\SA.DAT ----ah------- 6
04/11/2013 18:35 C:\Windows\Tasks\SCHEDLGU.TXT ----a-------- 32608
31/08/2013 11:46 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3824751855-59665496-4174140042-1000UA.job ----a-------- 1090
31/08/2013 11:46 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3824751855-59665496-4174140042-1000Core.job ----a-------- 1038
30/03/2013 21:47 C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3824751855-59665496-4174140042-1000UA.job ----a-------- 940
30/03/2013 21:47 C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3824751855-59665496-4174140042-1000Core.job ----a-------- 918
----------------------------------------
C:\Windows\System32
01/01/2014 17:57 C:\Windows\System32\config --d---------- 40960
01/01/2014 10:08 C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 ----ah------- 23392
01/01/2014 10:08 C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 ----ah------- 23392
01/01/2014 10:07 C:\Windows\System32\prfh0416.dat ----a-------- 664800
01/01/2014 10:07 C:\Windows\System32\prfc0416.dat ----a-------- 128832
01/01/2014 10:07 C:\Windows\System32\perfh009.dat ----a-------- 617004
01/01/2014 10:07 C:\Windows\System32\perfc009.dat ----a-------- 107126
01/01/2014 10:07 C:\Windows\System32\PerfStringBackup.INI ----a-------- 1518818
31/12/2013 11:36 C:\Windows\System32\GroupPolicyUsers --d--h------- 0
26/12/2013 08:02 C:\Windows\System32\NDF --d---------- 4096
20/12/2013 08:52 C:\Windows\System32\catroot --d---------- 4096
20/12/2013 08:52 C:\Windows\System32\drivers --d---------- 65536
12/12/2013 10:47 C:\Windows\System32\FNTCACHE.DAT ----a-------- 4963568
11/12/2013 17:44 C:\Windows\System32\pt-BR --d---------- 327680
11/12/2013 17:44 C:\Windows\System32\DriverStore --d---------- 4096
11/12/2013 11:03 C:\Windows\System32\catroot2 --d---------- 40960
11/12/2013 11:00 C:\Windows\System32\MRT --d---------- 0
11/12/2013 10:58 C:\Windows\System32\MRT.exe ----a-------- 90708896
08/12/2013 23:14 C:\Windows\System32\Tasks --d---------- 8192
26/11/2013 09:54 C:\Windows\System32\mshtml.dll ----a-------- 23183360
26/11/2013 08:19 C:\Windows\System32\mshtml.tlb ----a-------- 2724864
26/11/2013 08:18 C:\Windows\System32\ieetwcollectorres.dll ----a-------- 4096
26/11/2013 07:48 C:\Windows\System32\iesetup.dll ----a-------- 66048
26/11/2013 07:46 C:\Windows\System32\ieetwproxystub.dll ----a-------- 48640
26/11/2013 07:41 C:\Windows\System32\iertutil.dll ----a-------- 2764288
26/11/2013 07:29 C:\Windows\System32\jsproxy.dll ----a-------- 53760
26/11/2013 07:27 C:\Windows\System32\iernonce.dll ----a-------- 33792
26/11/2013 07:21 C:\Windows\System32\ieui.dll ----a-------- 574976
26/11/2013 07:18 C:\Windows\System32\ieUnatt.exe ----a-------- 139264
26/11/2013 07:18 C:\Windows\System32\ieetwcollector.exe ----a-------- 111616
26/11/2013 07:16 C:\Windows\System32\jscript9diag.dll ----a-------- 708608
26/11/2013 06:57 C:\Windows\System32\ie4uinit.exe ----a-------- 218624
26/11/2013 06:35 C:\Windows\System32\jscript9.dll ----a-------- 5769216
26/11/2013 06:02 C:\Windows\System32\inetcpl.cpl ----a-------- 1995264
26/11/2013 05:48 C:\Windows\System32\ieframe.dll ----a-------- 12996608
26/11/2013 05:07 C:\Windows\System32\wininet.dll ----a-------- 2334208
26/11/2013 04:40 C:\Windows\System32\urlmon.dll ----a-------- 1395200
26/11/2013 04:34 C:\Windows\System32\ieapfltr.dll ----a-------- 817664
23/11/2013 15:47 C:\Windows\System32\WMPhoto.dll ----a-------- 465920
19/11/2013 16:59 C:\Windows\System32\migration --d---------- 4096
19/11/2013 16:59 C:\Windows\System32\en-US --d---------- 24576
19/11/2013 11:41 C:\Windows\System32\MsSpellCheckingFacility.exe ----a-------- 940032
19/11/2013 11:41 C:\Windows\System32\elshyph.dll ----a-------- 235008
19/11/2013 11:41 C:\Windows\System32\jsIntl.dll ----a-------- 942592
19/11/2013 11:41 C:\Windows\System32\RegisterIEPKEYs.exe ----a-------- 86016
19/11/2013 11:41 C:\Windows\System32\msls31.dll ----a-------- 247808
19/11/2013 11:41 C:\Windows\System32\msrating.dll ----a-------- 195584
19/11/2013 11:41 C:\Windows\System32\msfeedsbs.dll ----a-------- 52224
19/11/2013 11:41 C:\Windows\System32\msfeedssync.exe ----a-------- 13312
19/11/2013 11:41 C:\Windows\System32\IEAdvpack.dll ----a-------- 131072
19/11/2013 11:41 C:\Windows\System32\SetIEInstalledDate.exe ----a-------- 90112
19/11/2013 11:41 C:\Windows\System32\mshtmler.dll ----a-------- 48640
19/11/2013 11:41 C:\Windows\System32\iesysprep.dll ----a-------- 105984
19/11/2013 11:41 C:\Windows\System32\tdc.ocx ----a-------- 77312
19/11/2013 11:41 C:\Windows\System32\JavaScriptCollectionAgent.dll ----a-------- 40448
19/11/2013 11:41 C:\Windows\System32\html.iec ----a-------- 413696
19/11/2013 11:41 C:\Windows\System32\dxtrans.dll ----a-------- 296960
19/11/2013 11:41 C:\Windows\System32\dxtmsft.dll ----a-------- 453120
19/11/2013 11:41 C:\Windows\System32\ieapfltr.dat ----a-------- 616104
19/11/2013 11:41 C:\Windows\System32\icardie.dll ----a-------- 81408
19/11/2013 11:41 C:\Windows\System32\ieuinit.inf ----a-------- 16284
19/11/2013 11:41 C:\Windows\System32\url.dll ----a-------- 235520
19/11/2013 11:41 C:\Windows\System32\mshtmlmedia.dll ----a-------- 1228800
19/11/2013 11:41 C:\Windows\System32\iedkcs32.dll ----a-------- 263376
19/11/2013 11:41 C:\Windows\System32\webcheck.dll ----a-------- 243200
19/11/2013 11:41 C:\Windows\System32\licmgr10.dll ----a-------- 30208
19/11/2013 11:41 C:\Windows\System32\inseng.dll ----a-------- 101376
19/11/2013 11:41 C:\Windows\System32\mshtmled.dll ----a-------- 84992
19/11/2013 11:41 C:\Windows\System32\wextract.exe ----a-------- 143872
19/11/2013 11:41 C:\Windows\System32\iexpress.exe ----a-------- 167424
19/11/2013 11:41 C:\Windows\System32\msfeeds.dll ----a-------- 626176
19/11/2013 11:41 C:\Windows\System32\vbscript.dll ----a-------- 548352
19/11/2013 11:41 C:\Windows\System32\occache.dll ----a-------- 147968
19/11/2013 11:41 C:\Windows\System32\pngfilt.dll ----a-------- 62464
19/11/2013 11:41 C:\Windows\System32\mshta.exe ----a-------- 13824
19/11/2013 11:41 C:\Windows\System32\jscript.dll ----a-------- 774144
19/11/2013 11:41 C:\Windows\System32\MshtmlDac.dll ----a-------- 83968
19/11/2013 11:41 C:\Windows\System32\imgutil.dll ----a-------- 48128
19/11/2013 11:41 C:\Windows\System32\iepeers.dll ----a-------- 135680
12/11/2013 00:23 C:\Windows\System32\tzres.dll ----a-------- 2048
30/10/2013 00:32 C:\Windows\System32\msieftp.dll ----a-------- 335360
29/10/2013 23:24 C:\Windows\System32\win32k.sys ----a-------- 3155968
19/10/2013 00:18 C:\Windows\System32\imagehlp.dll ----a-------- 81408
14/10/2013 18:00 C:\Windows\System32\IEUDINIT.EXE ----a-------- 28368
12/10/2013 00:32 C:\Windows\System32\wshom.ocx ----a-------- 150016
12/10/2013 00:31 C:\Windows\System32\scrrun.dll ----a-------- 202752
12/10/2013 00:30 C:\Windows\System32\nshwfp.dll ----a-------- 830464
12/10/2013 00:29 C:\Windows\System32\IKEEXT.DLL ----a-------- 859648
12/10/2013 00:29 C:\Windows\System32\FWPUCLNT.DLL ----a-------- 324096
11/10/2013 23:33 C:\Windows\System32\cscript.exe ----a-------- 156160
11/10/2013 23:33 C:\Windows\System32\wscript.exe ----a-------- 168960
05/10/2013 18:25 C:\Windows\System32\crypt32.dll ----a-------- 1474048
04/10/2013 00:28 C:\Windows\System32\SmartcardCredentialProvider.dll ----a-------- 190464
04/10/2013 00:25 C:\Windows\System32\credui.dll ----a-------- 197120
04/10/2013 00:24 C:\Windows\System32\authui.dll ----a-------- 1930752
03/10/2013 00:23 C:\Windows\System32\gdi32.dll ----a-------- 404480
25/09/2013 00:23 C:\Windows\System32\sspicli.dll ----a-------- 135680
25/09/2013 00:23 C:\Windows\System32\sspisrv.dll ----a-------- 28672
25/09/2013 00:23 C:\Windows\System32\secur32.dll ----a-------- 28160
25/09/2013 00:22 C:\Windows\System32\schannel.dll ----a-------- 340992
25/09/2013 00:21 C:\Windows\System32\ncrypt.dll ----a-------- 307200
25/09/2013 00:21 C:\Windows\System32\lsasrv.dll ----a-------- 1447936
24/09/2013 23:03 C:\Windows\System32\lsass.exe ----a-------- 30720
08/09/2013 00:27 C:\Windows\System32\mswsock.dll ----a-------- 327168
----------------------------------------
C:\Windows\System32\Drivers
20/12/2013 08:51 C:\Windows\System32\Drivers\avnetflt.sys ----a-------- 84720
20/12/2013 08:51 C:\Windows\System32\Drivers\avipbb.sys ----a-------- 131576
20/12/2013 08:51 C:\Windows\System32\Drivers\avgntflt.sys ----a-------- 108440
27/11/2013 12:49 C:\Windows\System32\Drivers\avkmgr.sys ----a-------- 28600
04/10/2013 00:16 C:\Windows\System32\Drivers\drmk.sys ----a-------- 116736
03/10/2013 23:36 C:\Windows\System32\Drivers\portcls.sys ----a-------- 230400
27/09/2013 23:09 C:\Windows\System32\Drivers\afd.sys ----a-------- 497152
25/09/2013 00:26 C:\Windows\System32\Drivers\ksecdd.sys ----a-------- 95680
25/09/2013 00:26 C:\Windows\System32\Drivers\ksecpkg.sys ----a-------- 154560
08/09/2013 00:30 C:\Windows\System32\Drivers\tcpip.sys ----a-------- 1903552
04/09/2013 10:12 C:\Windows\System32\Drivers\usbhub.sys ----a-------- 343040
04/09/2013 10:11 C:\Windows\System32\Drivers\usbport.sys ----a-------- 325120
04/09/2013 10:11 C:\Windows\System32\Drivers\usbccgp.sys ----a-------- 99840
04/09/2013 10:11 C:\Windows\System32\Drivers\usbehci.sys ----a-------- 52736
04/09/2013 10:11 C:\Windows\System32\Drivers\usbuhci.sys ----a-------- 30720
04/09/2013 10:11 C:\Windows\System32\Drivers\usbohci.sys ----a-------- 25600
04/09/2013 10:11 C:\Windows\System32\Drivers\usbd.sys ----a-------- 7808
----------------------------------------
C:\Windows\SysWOW64
01/01/2014 10:01 C:\Windows\SysWOW64\drivers --d-a-------- 4096
14/12/2013 10:10 C:\Windows\SysWOW64\FlashPlayerApp.exe ----a-------- 692616
14/12/2013 10:10 C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl ----a-------- 71048
11/12/2013 17:44 C:\Windows\SysWOW64\pt-BR --d---------- 262144
26/11/2013 08:11 C:\Windows\SysWOW64\mshtml.dll ----a-------- 17112576
26/11/2013 07:23 C:\Windows\SysWOW64\mshtml.tlb ----a-------- 2724864
26/11/2013 06:38 C:\Windows\SysWOW64\iertutil.dll ----a-------- 2166784
26/11/2013 06:38 C:\Windows\SysWOW64\jsproxy.dll ----a-------- 43008
26/11/2013 06:32 C:\Windows\SysWOW64\ieui.dll ----a-------- 440832
26/11/2013 06:28 C:\Windows\SysWOW64\jscript9diag.dll ----a-------- 553472
26/11/2013 06:16 C:\Windows\SysWOW64\jscript9.dll ----a-------- 4243968
26/11/2013 05:32 C:\Windows\SysWOW64\inetcpl.cpl ----a-------- 1928192
26/11/2013 05:26 C:\Windows\SysWOW64\ieframe.dll ----a-------- 11221504
26/11/2013 04:34 C:\Windows\SysWOW64\ieapfltr.dll ----a-------- 703488
26/11/2013 04:33 C:\Windows\SysWOW64\wininet.dll ----a-------- 1820160
26/11/2013 04:27 C:\Windows\SysWOW64\urlmon.dll ----a-------- 1157632
23/11/2013 16:26 C:\Windows\SysWOW64\WMPhoto.dll ----a-------- 417792
19/11/2013 16:59 C:\Windows\SysWOW64\migration --d---------- 4096
19/11/2013 16:59 C:\Windows\SysWOW64\en-US --d---------- 16384
19/11/2013 11:41 C:\Windows\SysWOW64\elshyph.dll ----a-------- 194048
19/11/2013 11:41 C:\Windows\SysWOW64\jsIntl.dll ----a-------- 645120
19/11/2013 11:41 C:\Windows\SysWOW64\RegisterIEPKEYs.exe ----a-------- 71680
19/11/2013 11:41 C:\Windows\SysWOW64\msls31.dll ----a-------- 182272
19/11/2013 11:41 C:\Windows\SysWOW64\msrating.dll ----a-------- 164864
19/11/2013 11:41 C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll ----a-------- 34816
19/11/2013 11:41 C:\Windows\SysWOW64\tdc.ocx ----a-------- 62464
19/11/2013 11:41 C:\Windows\SysWOW64\html.iec ----a-------- 337408
19/11/2013 11:41 C:\Windows\SysWOW64\dxtrans.dll ----a-------- 244736
19/11/2013 11:41 C:\Windows\SysWOW64\dxtmsft.dll ----a-------- 367104
19/11/2013 11:41 C:\Windows\SysWOW64\ieapfltr.dat ----a-------- 616104
19/11/2013 11:41 C:\Windows\SysWOW64\url.dll ----a-------- 233472
19/11/2013 11:41 C:\Windows\SysWOW64\iedkcs32.dll ----a-------- 238288
19/11/2013 11:41 C:\Windows\SysWOW64\icardie.dll ----a-------- 69120
19/11/2013 11:41 C:\Windows\SysWOW64\licmgr10.dll ----a-------- 24576
19/11/2013 11:41 C:\Windows\SysWOW64\iernonce.dll ----a-------- 32768
19/11/2013 11:41 C:\Windows\SysWOW64\ieuinit.inf ----a-------- 16284
19/11/2013 11:41 C:\Windows\SysWOW64\iesetup.dll ----a-------- 61952
19/11/2013 11:41 C:\Windows\SysWOW64\inseng.dll ----a-------- 83456
19/11/2013 11:41 C:\Windows\SysWOW64\mshtmlmedia.dll ----a-------- 1051136
19/11/2013 11:41 C:\Windows\SysWOW64\wextract.exe ----a-------- 139264
19/11/2013 11:41 C:\Windows\SysWOW64\iexpress.exe ----a-------- 151552
19/11/2013 11:41 C:\Windows\SysWOW64\webcheck.dll ----a-------- 208384
19/11/2013 11:41 C:\Windows\SysWOW64\mshtmled.dll ----a-------- 69632
19/11/2013 11:41 C:\Windows\SysWOW64\msfeeds.dll ----a-------- 523776
19/11/2013 11:41 C:\Windows\SysWOW64\vbscript.dll ----a-------- 454656
19/11/2013 11:41 C:\Windows\SysWOW64\pngfilt.dll ----a-------- 56832
19/11/2013 11:41 C:\Windows\SysWOW64\ieUnatt.exe ----a-------- 112128
19/11/2013 11:41 C:\Windows\SysWOW64\occache.dll ----a-------- 127488
19/11/2013 11:41 C:\Windows\SysWOW64\MshtmlDac.dll ----a-------- 61952
19/11/2013 11:41 C:\Windows\SysWOW64\mshta.exe ----a-------- 13312
19/11/2013 11:41 C:\Windows\SysWOW64\imgutil.dll ----a-------- 36352
19/11/2013 11:41 C:\Windows\SysWOW64\ieetwproxystub.dll ----a-------- 51200
19/11/2013 11:41 C:\Windows\SysWOW64\jscript.dll ----a-------- 610304
19/11/2013 11:41 C:\Windows\SysWOW64\iepeers.dll ----a-------- 116736
19/11/2013 11:41 C:\Windows\SysWOW64\msfeedsbs.dll ----a-------- 43008
19/11/2013 11:41 C:\Windows\SysWOW64\msfeedssync.exe ----a-------- 12800
19/11/2013 11:41 C:\Windows\SysWOW64\IEAdvpack.dll ----a-------- 111616
19/11/2013 11:41 C:\Windows\SysWOW64\SetIEInstalledDate.exe ----a-------- 74240
19/11/2013 11:41 C:\Windows\SysWOW64\mshtmler.dll ----a-------- 48640
19/11/2013 11:41 C:\Windows\SysWOW64\iesysprep.dll ----a-------- 86016
12/11/2013 15:57 C:\Windows\SysWOW64\???X ----a-------- 103974937
12/11/2013 00:07 C:\Windows\SysWOW64\tzres.dll ----a-------- 2048
30/10/2013 00:19 C:\Windows\SysWOW64\msieftp.dll ----a-------- 301568
22/10/2013 10:28 C:\Windows\SysWOW64\WindowsAccessBridge-32.dll ----a-------- 96168
22/10/2013 10:28 C:\Windows\SysWOW64\javaws.exe ----a-------- 264616
22/10/2013 10:28 C:\Windows\SysWOW64\javaw.exe ----a-------- 175016
22/10/2013 10:28 C:\Windows\SysWOW64\java.exe ----a-------- 174504
18/10/2013 23:36 C:\Windows\SysWOW64\imagehlp.dll ----a-------- 159232
12/10/2013 00:04 C:\Windows\SysWOW64\wshom.ocx ----a-------- 121856
12/10/2013 00:03 C:\Windows\SysWOW64\scrrun.dll ----a-------- 163840
12/10/2013 00:03 C:\Windows\SysWOW64\nshwfp.dll ----a-------- 656896
12/10/2013 00:01 C:\Windows\SysWOW64\FWPUCLNT.DLL ----a-------- 216576
11/10/2013 23:15 C:\Windows\SysWOW64\wscript.exe ----a-------- 141824
11/10/2013 23:15 C:\Windows\SysWOW64\cscript.exe ----a-------- 126976
05/10/2013 17:57 C:\Windows\SysWOW64\crypt32.dll ----a-------- 1168384
03/10/2013 23:58 C:\Windows\SysWOW64\SmartcardCredentialProvider.dll ----a-------- 152576
03/10/2013 23:56 C:\Windows\SysWOW64\credui.dll ----a-------- 168960
03/10/2013 23:56 C:\Windows\SysWOW64\authui.dll ----a-------- 1796096
03/10/2013 00:00 C:\Windows\SysWOW64\gdi32.dll ----a-------- 311808
17/12/2013 09:05 C:\Windows\SysWOW64\???? --d---------- 524288
26/09/2013 12:02 C:\Windows\SysWOW64\Adobe --d---------- 0
24/09/2013 23:58 C:\Windows\SysWOW64\sspicli.dll ----a-------- 96768
24/09/2013 23:57 C:\Windows\SysWOW64\secur32.dll ----a-------- 22016
24/09/2013 23:57 C:\Windows\SysWOW64\schannel.dll ----a-------- 247808
24/09/2013 23:56 C:\Windows\SysWOW64\ncrypt.dll ----a-------- 220160
15/09/2013 09:00 C:\Windows\SysWOW64\Microsoft --d---s------ 0
14/09/2013 23:08 C:\Windows\SysWOW64\config.nt ----a-------- 0
11/09/2013 18:34 C:\Windows\SysWOW64\PerfStringBackup.INI ----a-------- 1535640
08/09/2013 00:03 C:\Windows\SysWOW64\mswsock.dll ----a-------- 231424
----------------------------------------
C:\Windows\SysWOW64\Drivers
01/01/2014 10:00 C:\Windows\SysWOW64\Drivers\ndisrd_m.inf ----a-------- 1814
01/01/2014 10:00 C:\Windows\SysWOW64\Drivers\gas.cer ----a-------- 1402
01/01/2014 10:00 C:\Windows\SysWOW64\Drivers\ndisrd.cat ----a-------- 10266
01/01/2014 10:00 C:\Windows\SysWOW64\Drivers\ndisrd.inf ----a-------- 3641
01/01/2014 10:00 C:\Windows\SysWOW64\Drivers\gbpndisrd.sys ----a-------- 31088
----------------------------------------
C:\Users
01/01/2014 10:39 C:\Users\Marcio --d---------- 24576
21/03/2013 21:52 C:\Users\Public --dr--------- 4096
25/09/2011 12:22 C:\Users\Usu rio PadrÆo --d--hs---l-- 0
25/09/2011 12:22 C:\Users\Default --dr-h------- 8192
25/09/2011 12:22 C:\Users\Todos os Usu rios --d--hs---l-- 0
14/07/2009 03:08 C:\Users\All Users --d--hs---l-- 0
14/07/2009 03:08 C:\Users\Default User --d--hs---l-- 0
14/07/2009 02:54 C:\Users\desktop.ini ----ahs------ 174
C:\Users\*:ADS
----------------------------------------
C:\Users\Marcio
01/01/2014 18:36 C:\Users\Marcio\ntuser.dat ----ahs------ 3932160
01/01/2014 18:36 C:\Users\Marcio\ntuser.dat.LOG1 ----ahs------ 262144
01/01/2014 18:33 C:\Users\Marcio\Desktop --dr--------- 98304
01/01/2014 10:39 C:\Users\Marcio\.gimp-2.6 --d---------- 8192
01/01/2014 10:39 C:\Users\Marcio\.recently-used.xbel ----a-------- 58886
31/12/2013 21:01 C:\Users\Marcio\ntuser.pol ---rahs------ 660
03/12/2013 10:18 C:\Users\Marcio\Downloads --dr--------- 32768
09/11/2013 18:46 C:\Users\Marcio\Pictures --dr--------- 4096
07/10/2013 21:00 C:\Users\Marcio\Documents --dr--------- 8192
11/09/2013 20:48 C:\Users\carolino\Links --dr--------- 4096
11/09/2013 20:48 C:\Users\carolino\Saved Games --dr--------- 0
11/09/2013 20:48 C:\Users\carolino\Searches --dr--------- 4096
11/09/2013 20:48 C:\Users\carolino\Music --dr--------- 0
11/09/2013 20:48 C:\Users\carolino\Favorites --dr--------- 4096
11/09/2013 20:48 C:\Users\carolino\Contacts --dr--------- 0
11/09/2013 20:48 C:\Users\carolino\Videos --dr--------- 4096
05/08/2013 13:07 C:\Users\carolino\Tracing --d---------- 4096
26/07/2013 13:27 C:\Users\carolino\ntuser.dat{d5136e96-f5f1-11e2-9bff-0002721fd297}.TMContainer00000000000000000001.regtrans-ms ----ahs------ 524288
26/07/2013 13:27 C:\Users\carolino\ntuser.dat{d5136e96-f5f1-11e2-9bff-0002721fd297}.TMContainer00000000000000000002.regtrans-ms ----ahs------ 524288
26/07/2013 13:27 C:\Users\carolino\ntuser.dat{d5136e96-f5f1-11e2-9bff-0002721fd297}.TM.blf ----ahs------ 65536
08/07/2013 00:14 C:\Users\carolino\ntuser.dat{3a254c21-e70a-11e2-95c8-0002721fd297}.TMContainer00000000000000000002.regtrans-ms ----ahs------ 524288
08/07/2013 00:14 C:\Users\carolino\ntuser.dat{3a254c21-e70a-11e2-95c8-0002721fd297}.TM.blf ----ahs------ 65536
08/07/2013 00:14 C:\Users\carolino\ntuser.dat{3a254c21-e70a-11e2-95c8-0002721fd297}.TMContainer00000000000000000001.regtrans-ms ----ahs------ 524288
01/07/2013 13:34 C:\Users\carolino\ntuser.dat{591d451d-e244-11e2-9aa9-0002721fd297}.TM.blf ----ahs------ 65536
01/07/2013 13:34 C:\Users\carolino\ntuser.dat{591d451d-e244-11e2-9aa9-0002721fd297}.TMContainer00000000000000000002.regtrans-ms ----ahs------ 524288
01/07/2013 13:34 C:\Users\carolino\ntuser.dat{591d451d-e244-11e2-9aa9-0002721fd297}.TMContainer00000000000000000001.regtrans-ms ----ahs------ 524288
30/06/2013 12:04 C:\Users\carolino\photothumb.db ----ah------- 5120
24/04/2013 18:43 C:\Users\carolino\ntuser.dat{73cdbd92-acd9-11e2-8224-0002721fd297}.TM.blf ----ahs------ 65536
24/04/2013 18:43 C:\Users\carolino\ntuser.dat{73cdbd92-acd9-11e2-8224-0002721fd297}.TMContainer00000000000000000001.regtrans-ms ----ahs------ 524288
24/04/2013 18:43 C:\Users\carolino\ntuser.dat{73cdbd92-acd9-11e2-8224-0002721fd297}.TMContainer00000000000000000002.regtrans-ms ----ahs------ 524288
14/04/2013 14:50 C:\Users\carolino\ntuser.dat{c3ab65b3-a518-11e2-9be5-0002721fd297}.TMContainer00000000000000000002.regtrans-ms ----ahs------ 524288
14/04/2013 14:50 C:\Users\carolino\ntuser.dat{c3ab65b3-a518-11e2-9be5-0002721fd297}.TM.blf ----ahs------ 65536
14/04/2013 14:50 C:\Users\carolino\ntuser.dat{c3ab65b3-a518-11e2-9be5-0002721fd297}.TMContainer00000000000000000001.regtrans-ms ----ahs------ 524288
21/03/2013 20:05 C:\Users\carolino\AppData --d--h------- 4096
21/03/2013 12:48 C:\Users\carolino\dlink.cnf ----a-------- 23
09/12/2012 19:04 C:\Users\carolino\painel-agregador.jpg ----a-------- 171172
04/05/2012 12:52 C:\Users\carolino\ntuser.dat{049cd42c-95ed-11e1-b3c6-0002721fd297}.TMContainer00000000000000000002.regtrans-ms ----ahs------ 524288
04/05/2012 12:52 C:\Users\carolino\ntuser.dat{049cd42c-95ed-11e1-b3c6-0002721fd297}.TM.blf ----ahs------ 65536
04/05/2012 12:52 C:\Users\carolino\ntuser.dat{049cd42c-95ed-11e1-b3c6-0002721fd297}.TMContainer00000000000000000001.regtrans-ms ----ahs------ 524288
04/05/2012 11:23 C:\Users\carolino\ntuser.dat{52640ce0-95ea-11e1-b44c-0002721fd297}.TMContainer00000000000000000002.regtrans-ms ----ahs------ 524288
04/05/2012 11:23 C:\Users\carolino\ntuser.dat{52640ce0-95ea-11e1-b44c-0002721fd297}.TMContainer00000000000000000001.regtrans-ms ----ahs------ 524288
04/05/2012 11:23 C:\Users\carolino\ntuser.dat{52640ce0-95ea-11e1-b44c-0002721fd297}.TM.blf ----ahs------ 65536
23/10/2011 16:17 C:\Users\carolino\ntuser.dat{8259ed3c-fd96-11e0-bf41-0002721fd297}.TMContainer00000000000000000001.regtrans-ms ----ahs------ 524288
23/10/2011 16:17 C:\Users\carolino\ntuser.dat{8259ed3c-fd96-11e0-bf41-0002721fd297}.TMContainer00000000000000000002.regtrans-ms ----ahs------ 524288
23/10/2011 16:17 C:\Users\carolino\ntuser.dat{8259ed3c-fd96-11e0-bf41-0002721fd297}.TM.blf ----ahs------ 65536
25/09/2011 15:54 C:\Users\carolino\.thumbnails --d---------- 0
25/09/2011 12:49 C:\Users\carolino\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms ----ahs------ 524288
25/09/2011 12:49 C:\Users\carolino\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf ----ahs------ 65536
25/09/2011 12:49 C:\Users\carolino\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms ----ahs------ 524288
25/09/2011 12:22 C:\Users\carolino\ntuser.ini -----hs------ 20
25/09/2011 12:22 C:\Users\carolino\SendTo --d--hs---l-- 0
25/09/2011 12:22 C:\Users\carolino\Cookies --d--hs---l-- 0
25/09/2011 12:22 C:\Users\carolino\Configura‡äes locais --d--hs---l-- 0
25/09/2011 12:22 C:\Users\carolino\Modelos --d--hs---l-- 0
25/09/2011 12:22 C:\Users\carolino\Ambiente de rede --d--hs---l-- 0
25/09/2011 12:22 C:\Users\carolino\Recent --d--hs---l-- 0
25/09/2011 12:22 C:\Users\carolino\Ambiente de impressÆo --d--hs---l-- 0
25/09/2011 12:22 C:\Users\carolino\Menu Iniciar --d--hs---l-- 0
25/09/2011 12:22 C:\Users\carolino\Meus documentos --d--hs---l-- 0
25/09/2011 12:22 C:\Users\carolino\Dados de aplicativos --d--hs---l-- 0
25/09/2011 12:22 C:\Users\carolino\ntuser.dat.LOG2 ----ahs------ 0
C:\Users\carolino\*:ADS
----------------------------------------
C:\Users\carolino\Desktop
01/01/2014 18:36 C:\Users\carolino\Desktop\SupplScanList.txt ----a-------- 37878
31/12/2013 15:29 C:\Users\carolino\Desktop\AdwCleaner[S1].txt ----a-------- 880
29/12/2013 11:05 C:\Users\carolino\Desktop\ScanList (beta).bat ----a-------- 66713
11/09/2013 20:48 C:\Users\carolino\Desktop\desktop.ini ----ahs------ 282
04/05/2013 15:14 C:\Users\carolino\Desktop\V¡deos da Milena - Atalho.lnk ----a-------- 895
04/04/2013 13:01 C:\Users\carolino\Desktop\Windows Mobile Device Center.lnk ----a-------- 916
C:\Users\carolino\Desktop\*:ADS
26 AdwCleaner[S1].txt:Zone.Identifier:$DATA
26 diariodoestrategista_17122013.pdf:Zone.Identifier:$DATA
26 Decreto Progressao Horizontal 2011 (1).pdf:Zone.Identifier:$DATA
26 PORTARIA_DENATRAN_59_07 (1).pdf:Zone.Identifier:$DATA
26 504x386 e 400 x 304 foto facebook.png:Zone.Identifier:$DATA
26 504x386 e 400 x 304 foto facebook - C¢pia.png:Zone.Identifier:$DATA
26 filme - o segredo [the secret] (dublado).avi:Zone.Identifier:$DATA
26 FICHAS PARA ENQUADRAMENTO VOLUME II.rar:Zone.Identifier:$DATA
26 Notas T‚cnicas e Parecer AGU.pdf:Zone.Identifier:$DATA
26 Convˆnio-detran-smt-amt.PDF:Zone.Identifier:$DATA
26 medicina alternativa.PDF:Zone.Identifier:$DATA
26 magic.mp3:Zone.Identifier:$DATA
----------------------------------------
C:\Users\carolino\AppData\Roaming
01/01/2014 15:07 C:\Users\carolino\AppData\Roaming\Media Player Classic --d---------- 0
31/12/2013 21:36 C:\Users\carolino\AppData\Roaming\vlc --d---------- 4096
30/12/2013 22:16 C:\Users\carolino\AppData\Roaming\gtk-2.0 --d---------- 0
21/12/2013 18:20 C:\Users\carolino\AppData\Roaming\Skype --d---------- 4096
07/12/2013 22:17 C:\Users\carolino\AppData\Roaming\ANE --d---------- 0
29/11/2013 17:41 C:\Users\carolino\AppData\Roaming\SoftGrid Client --d---------- 4096
17/11/2013 16:46 C:\Users\carolino\AppData\Roaming\TeamViewer --d---------- 4096
30/09/2013 12:16 C:\Users\carolino\AppData\Roaming\uTorrent --d---------- 4096
23/09/2013 17:38 C:\Users\carolino\AppData\Roaming\GDIPFONTCACHEV1.DAT ----a-------- 65048
15/09/2013 11:03 C:\Users\carolino\AppData\Roaming\Avira --d---------- 0
08/09/2013 14:49 C:\Users\carolino\AppData\Roaming\dvdcss --d---------- 0
06/08/2013 11:30 C:\Users\carolino\AppData\Roaming\Mozilla --d---------- 0
19/07/2013 16:31 C:\Users\carolino\AppData\Roaming\Malwarebytes --d---------- 0
03/07/2013 14:12 C:\Users\carolino\AppData\Roaming\Adobe --d---------- 4096
30/06/2013 15:30 C:\Users\carolino\AppData\Roaming\PhotoFiltre Studio X --d---------- 0
30/06/2013 15:22 C:\Users\carolino\AppData\Roaming\Identities --d---------- 0
30/06/2013 13:30 C:\Users\carolino\AppData\Roaming\PhotoFiltre 7 --d---------- 0
30/06/2013 12:01 C:\Users\carolino\AppData\Roaming\PhotoScape --d---------- 0
12/06/2013 11:34 C:\Users\carolino\AppData\Roaming\unins000.dat ----a-------- 12724
19/05/2013 17:20 C:\Users\carolino\AppData\Roaming\Microsoft --d---s------ 8192
30/03/2013 19:40 C:\Users\carolino\AppData\Roaming\PSafe --d---------- 0
27/03/2013 10:19 C:\Users\carolino\AppData\Roaming\QuickScan --d---------- 0
18/03/2013 11:44 C:\Users\carolino\AppData\Roaming\HP --d---------- 0
07/03/2013 13:10 C:\Users\carolino\AppData\Roaming\DVDVideoSoft --d---------- 0
12/01/2013 11:27 C:\Users\carolino\AppData\Roaming\{90140011-0066-0416-0000-0000000FF1CE} --d---------- 0
24/11/2012 15:14 C:\Users\carolino\AppData\Roaming\Ashampoo --d---------- 0
17/11/2012 12:31 C:\Users\carolino\AppData\Roaming\Photo 3D Album --d---------- 0
11/11/2012 17:11 C:\Users\carolino\AppData\Roaming\.minecraft --d---------- 0
01/08/2012 09:57 C:\Users\carolino\AppData\Roaming\Avant Profiles --d---------- 0
02/07/2012 15:41 C:\Users\carolino\AppData\Roaming\Apple Computer --d---------- 4096
02/07/2012 14:51 C:\Users\carolino\AppData\Roaming\Orca Profiles --d---------- 0
02/07/2012 14:45 C:\Users\carolino\AppData\Roaming\Maxthon3 --d---------- 0
02/07/2012 14:42 C:\Users\carolino\AppData\Roaming\Avant Downloader --d---------- 0
01/07/2012 23:02 C:\Users\carolino\AppData\Roaming\Windows Live Writer --d---------- 0
15/06/2012 14:53 C:\Users\carolino\AppData\Roaming\K-Meleon --d---------- 0
26/04/2012 15:08 C:\Users\carolino\AppData\Roaming\Netscape --d---------- 0
24/03/2012 14:01 C:\Users\carolino\AppData\Roaming\Foxit Software --d---------- 0
01/12/2011 11:06 C:\Users\carolino\AppData\Roaming\LogoMaker --d---------- 0
19/10/2011 13:29 C:\Users\carolino\AppData\Roaming\Unity --d---------- 0
12/10/2011 20:52 C:\Users\carolino\AppData\Roaming\Opera --d---------- 0
27/09/2011 13:54 C:\Users\carolino\AppData\Roaming\WinRAR --d---------- 0
25/09/2011 13:52 C:\Users\carolino\AppData\Roaming\TP --d---------- 0
25/09/2011 13:30 C:\Users\carolino\AppData\Roaming\Macromedia --d---------- 0
14/07/2009 16:11 C:\Users\carolino\AppData\Roaming\Media Center Programs --d---------- 0
C:\Users\carolino\AppData\Roaming\*:ADS
----------------------------------------
C:\Users\carolino\AppData\Local\Temp
01/01/2014 15:08 C:\Users\carolino\AppData\Local\Temp\avgnt.exe --d---------- 0
05/12/2013 14:03 C:\Users\carolino\AppData\Local\Temp\FXSAPIDebugLogFile.txt ------------- 0
C:\Users\carolino\AppData\Local\Temp\ Directories
01/01/2014 18:36 C:\Users\carolino\AppData\Local\Temp\SupplScanList --d---------- 0
01/01/2014 15:08 C:\Users\carolino\AppData\Local\Temp\avgnt.exe --d---------- 0
01/01/2014 15:06 C:\Users\carolino\AppData\Local\Temp\Low --d---------- 0
01/01/2014 10:08 C:\Users\carolino\AppData\Local\Temp\3904_1282 --d---------- 0
06/12/2013 15:59 C:\Users\carolino\AppData\Local\Temp\Maxthon3Cache --d---------- 0
C:\Users\carolino\AppData\Local\Temp\*:ADS
----------------------------------------
C:\Users\Usu rio PadrÆo
C:\Users\Usu rio PadrÆo\*:ADS
----------------------------------------
C:\Users\Usu rio PadrÆo\Desktop
C:\Users\Usu rio PadrÆo\Desktop\*:ADS
----------------------------------------
C:\Users\Usu rio PadrÆo\AppData\Roaming
14/07/2009 16:11 C:\Users\Usu rio PadrÆo\AppData\Roaming\Media Center Programs --d---------- 0
14/07/2009 01:20 C:\Users\Usu rio PadrÆo\AppData\Roaming\Microsoft --d---s------ 0
C:\Users\Usu rio PadrÆo\AppData\Roaming\*:ADS
Mr. Micro- Membro
- Mensagens : 56
Reputação : 2
Data de inscrição : 31/08/2013
Re: Worm Conficker detectado pelo Avira em pendrive
por Mr. Micro Qua 01 Jan 2014, 18:42
Parte 2:
- Spoiler:
- C:\Users\Usu rio PadrÆo\AppData\Local\Temp
C:\Users\Usu rio PadrÆo\AppData\Local\Temp\ Directories
C:\Users\Usu rio PadrÆo\AppData\Local\Temp\*:ADS
----------------------------------------
C:\Users\Todos os Usu rios
31/12/2013 21:00 C:\Users\Todos os Usu rios\GbPlugin --d---------- 0
30/12/2013 19:19 C:\Users\Todos os Usu rios\TEMP --d-a-------- 4096
30/12/2013 10:30 C:\Users\Todos os Usu rios\boost_interprocess --d---------- 0
21/12/2013 15:53 C:\Users\Todos os Usu rios\Skype --d---------- 4096
22/10/2013 10:29 C:\Users\Todos os Usu rios\Oracle --d---------- 0
13/10/2013 18:52 C:\Users\Todos os Usu rios\CheckPoint --d---------- 0
03/10/2013 13:46 C:\Users\Todos os Usu rios\GAS Tecnologia --d---------- 0
24/09/2013 18:16 C:\Users\Todos os Usu rios\ihfeumzb.qzk ----a-------- 4131
15/09/2013 10:57 C:\Users\Todos os Usu rios\Avira --d---------- 0
15/09/2013 09:02 C:\Users\Todos os Usu rios\AVAST Software --d---------- 0
24/08/2013 14:28 C:\Users\Todos os Usu rios\hpzinstall.log ----a-------- 1619
14/08/2013 17:47 C:\Users\Todos os Usu rios\HitmanPro --d---------- 4096
05/08/2013 08:49 C:\Users\Todos os Usu rios\Kaspersky Lab --d---------- 0
27/07/2013 22:30 C:\Users\Todos os Usu rios\Adobe --d---------- 4096
19/07/2013 16:31 C:\Users\Todos os Usu rios\Malwarebytes --d---------- 0
07/07/2013 19:47 C:\Users\Todos os Usu rios\BlueStacks --d---------- 4096
07/07/2013 19:46 C:\Users\Todos os Usu rios\BlueStacksSetup --d---------- 4096
01/07/2013 14:01 C:\Users\Todos os Usu rios\regid.1986-12.com.adobe --d---------- 0
30/06/2013 13:03 C:\Users\Todos os Usu rios\Microsoft --d---s------ 8192
27/06/2013 11:42 C:\Users\Todos os Usu rios\Freemake --d---------- 0
14/04/2013 14:22 C:\Users\Todos os Usu rios\Licenses --d---------- 0
18/03/2013 11:44 C:\Users\Todos os Usu rios\WEBREG --d---------- 0
18/03/2013 11:44 C:\Users\Todos os Usu rios\HP --d---------- 4096
18/03/2013 11:42 C:\Users\Todos os Usu rios\HP Product Assistant --d---------- 0
12/01/2013 11:27 C:\Users\Todos os Usu rios\Virtualized Applications --d---------- 0
30/12/2012 19:11 C:\Users\Todos os Usu rios\ANE --d---------- 0
24/11/2012 15:13 C:\Users\Todos os Usu rios\ashampoo --d---------- 0
14/07/2012 21:26 C:\Users\Todos os Usu rios\2DBoy --d---------- 0
02/07/2012 14:40 C:\Users\Todos os Usu rios\Apple --d---------- 0
24/05/2012 18:24 C:\Users\Todos os Usu rios\Microsoft Help --d---------- 4096
07/05/2012 22:08 C:\Users\Todos os Usu rios\gas --d---------- 0
26/04/2012 15:05 C:\Users\Todos os Usu rios\Apple Computer --d---------- 0
26/04/2012 13:10 C:\Users\Todos os Usu rios\Mozilla --d---------- 0
22/11/2011 09:39 C:\Users\Todos os Usu rios\TechSmith --d---------- 0
26/09/2011 13:30 C:\Users\Todos os Usu rios\Hewlett-Packard --d---------- 0
26/09/2011 00:02 C:\Users\Todos os Usu rios\Sun --d---------- 0
25/09/2011 17:27 C:\Users\Todos os Usu rios\VirtualizedApplications --d---------- 0
25/09/2011 12:22 C:\Users\Todos os Usu rios\Modelos --d--hs---l-- 0
25/09/2011 12:22 C:\Users\Todos os Usu rios\Documentos --d--hs---l-- 0
25/09/2011 12:22 C:\Users\Todos os Usu rios\Favoritos --d--hs---l-- 0
25/09/2011 12:22 C:\Users\Todos os Usu rios\Dados de aplicativos --d--hs---l-- 0
25/09/2011 12:22 C:\Users\Todos os Usu rios\Menu Iniciar --d--hs---l-- 0
14/07/2009 03:08 C:\Users\Todos os Usu rios\Templates --d--hs---l-- 0
14/07/2009 03:08 C:\Users\Todos os Usu rios\Start Menu --d--hs---l-- 0
14/07/2009 03:08 C:\Users\Todos os Usu rios\Application Data --d--hs---l-- 0
14/07/2009 03:08 C:\Users\Todos os Usu rios\Documents --d--hs---l-- 0
14/07/2009 03:08 C:\Users\Todos os Usu rios\Favorites --d--hs---l-- 0
14/07/2009 03:08 C:\Users\Todos os Usu rios\Desktop --d--hs---l-- 0
C:\Users\Todos os Usu rios\*:ADS
119 TEMP:5C321E34:$DATA
228 TEMP:F4CA4D70:$DATA
----------------------------------------
C:\Users\Todos os Usu rios\Desktop
C:\Users\Todos os Usu rios\Desktop\*:ADS
----------------------------------------
C:\Users\Todos os Usu rios\AppData\Roaming
C:\Users\Todos os Usu rios\AppData\Roaming\*:ADS
----------------------------------------
C:\Users\Todos os Usu rios\AppData\Local\Temp
C:\Users\Todos os Usu rios\AppData\Local\Temp\ Directories
C:\Users\Todos os Usu rios\AppData\Local\Temp\*:ADS
----------------------------------------
C:\ProgramData
31/12/2013 21:00 C:\ProgramData\GbPlugin --d---------- 0
30/12/2013 19:19 C:\ProgramData\TEMP --d-a-------- 4096
30/12/2013 10:30 C:\ProgramData\boost_interprocess --d---------- 0
21/12/2013 15:53 C:\ProgramData\Skype --d---------- 4096
22/10/2013 10:29 C:\ProgramData\Oracle --d---------- 0
13/10/2013 18:52 C:\ProgramData\CheckPoint --d---------- 0
03/10/2013 13:46 C:\ProgramData\GAS Tecnologia --d---------- 0
24/09/2013 18:16 C:\ProgramData\ihfeumzb.qzk ----a-------- 4131
15/09/2013 10:57 C:\ProgramData\Avira --d---------- 0
15/09/2013 09:02 C:\ProgramData\AVAST Software --d---------- 0
24/08/2013 14:28 C:\ProgramData\hpzinstall.log ----a-------- 1619
14/08/2013 17:47 C:\ProgramData\HitmanPro --d---------- 4096
05/08/2013 08:49 C:\ProgramData\Kaspersky Lab --d---------- 0
27/07/2013 22:30 C:\ProgramData\Adobe --d---------- 4096
19/07/2013 16:31 C:\ProgramData\Malwarebytes --d---------- 0
07/07/2013 19:47 C:\ProgramData\BlueStacks --d---------- 4096
07/07/2013 19:46 C:\ProgramData\BlueStacksSetup --d---------- 4096
01/07/2013 14:01 C:\ProgramData\regid.1986-12.com.adobe --d---------- 0
30/06/2013 13:03 C:\ProgramData\Microsoft --d---s------ 8192
27/06/2013 11:42 C:\ProgramData\Freemake --d---------- 0
14/04/2013 14:22 C:\ProgramData\Licenses --d---------- 0
18/03/2013 11:44 C:\ProgramData\WEBREG --d---------- 0
18/03/2013 11:44 C:\ProgramData\HP --d---------- 4096
18/03/2013 11:42 C:\ProgramData\HP Product Assistant --d---------- 0
12/01/2013 11:27 C:\ProgramData\Virtualized Applications --d---------- 0
30/12/2012 19:11 C:\ProgramData\ANE --d---------- 0
24/11/2012 15:13 C:\ProgramData\ashampoo --d---------- 0
14/07/2012 21:26 C:\ProgramData\2DBoy --d---------- 0
02/07/2012 14:40 C:\ProgramData\Apple --d---------- 0
24/05/2012 18:24 C:\ProgramData\Microsoft Help --d---------- 4096
07/05/2012 22:08 C:\ProgramData\gas --d---------- 0
26/04/2012 15:05 C:\ProgramData\Apple Computer --d---------- 0
26/04/2012 13:10 C:\ProgramData\Mozilla --d---------- 0
22/11/2011 09:39 C:\ProgramData\TechSmith --d---------- 0
26/09/2011 13:30 C:\ProgramData\Hewlett-Packard --d---------- 0
26/09/2011 00:02 C:\ProgramData\Sun --d---------- 0
25/09/2011 17:27 C:\ProgramData\VirtualizedApplications --d---------- 0
25/09/2011 12:22 C:\ProgramData\Modelos --d--hs---l-- 0
25/09/2011 12:22 C:\ProgramData\Documentos --d--hs---l-- 0
25/09/2011 12:22 C:\ProgramData\Favoritos --d--hs---l-- 0
25/09/2011 12:22 C:\ProgramData\Dados de aplicativos --d--hs---l-- 0
25/09/2011 12:22 C:\ProgramData\Menu Iniciar --d--hs---l-- 0
14/07/2009 03:08 C:\ProgramData\Templates --d--hs---l-- 0
14/07/2009 03:08 C:\ProgramData\Start Menu --d--hs---l-- 0
14/07/2009 03:08 C:\ProgramData\Application Data --d--hs---l-- 0
14/07/2009 03:08 C:\ProgramData\Documents --d--hs---l-- 0
14/07/2009 03:08 C:\ProgramData\Favorites --d--hs---l-- 0
14/07/2009 03:08 C:\ProgramData\Desktop --d--hs---l-- 0
C:\ProgramData\*:ADS
119 TEMP:5C321E34:$DATA
228 TEMP:F4CA4D70:$DATA
----------------------------------------
C:\Windows\system32\drivers\etc\
25/08/2013 14:03 84.955 hosts
127.0.0.1 [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] # hosts anti-adware / pups
127.0.0.1 dlp.totalvideoplugin.com # hosts anti-adware / pups
127.0.0.1 api.ibario.com # hosts anti-adware / pups
127.0.0.1 [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] # hosts anti-adware / pups
127.0.0.1 [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] # hosts anti-adware / pups
127.0.0.1 [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] # hosts anti-adware / pups
127.0.0.1 installs.peepsrv.com # hosts anti-adware / pups
127.0.0.1 [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] # hosts anti-adware / pups
127.0.0.1 08sr.combineads.info # hosts anti-adware / pups
127.0.0.1 08srvr.combineads.info # hosts anti-adware / pups
127.0.0.1 12srvr.combineads.info # hosts anti-adware / pups
127.0.0.1 2010-fr.com # hosts anti-adware / pups
127.0.0.1 2012-new.biz # hosts anti-adware / pups
127.0.0.1 2319825.ourtoolbar.com # hosts anti-adware / pups
127.0.0.1 24h00business.com # hosts anti-adware / pups
127.0.0.1 a.daasafterdusk.com # hosts anti-adware / pups
127.0.0.1 ad.adn360.com # hosts anti-adware / pups
127.0.0.1 adeartss.eu # hosts anti-adware / pups
127.0.0.1 adesoeasy.eu # hosts anti-adware / pups
127.0.0.1 adf.girldatesforfree.net # hosts anti-adware / pups
127.0.0.1 adm.soft365.com # hosts anti-adware / pups
127.0.0.1 adomicileavail.googlepages.com # hosts anti-adware / pups
127.0.0.1 ads7.complexadveising.com # hosts anti-adware / pups
127.0.0.1 ads.aff.co # hosts anti-adware / pups
127.0.0.1 ads.alpha00001.com # hosts anti-adware / pups
127.0.0.1 ads.cloud4ads.com # hosts anti-adware / pups
127.0.0.1 ads.eorezo.com # hosts anti-adware / pups
127.0.0.1 ads.hooqy.com # hosts anti-adware / pups
127.0.0.1 ads.icksor.com # hosts anti-adware / pups
127.0.0.1 ads.regiedepub.com # hosts anti-adware / pups
127.0.0.1 ads.sucomspot.com # hosts anti-adware / pups
127.0.0.1 ads.tersecta.com # hosts anti-adware / pups
127.0.0.1 a.dungtank.com # hosts anti-adware / pups
127.0.0.1 aff.foxtab.com # hosts anti-adware / pups
127.0.0.1 affilibot.eu # hosts anti-adware / pups
127.0.0.1 agence-exusive.com # hosts anti-adware / pups
127.0.0.1 a.juiceknowledge.com # hosts anti-adware / pups
127.0.0.1 ak.imgfa.com # hosts anti-adware / pups
127.0.0.1 ak.imgfarm.com # hosts anti-adware / pups
127.0.0.1 antivirusgratuit.vg # hosts anti-adware / pups
127.0.0.1 antivirus.nouvee-version.net # hosts anti-adware / pups
127.0.0.1 api.downloadmr.com # hosts anti-adware / pups
127.0.0.1 api.ibario.com # hosts anti-adware / pups
127.0.0.1 api.yontoo.com # hosts anti-adware / pups
127.0.0.1 apnmedia.ask.com # hosts anti-adware / pups
127.0.0.1 app.installdistribution.net # hosts anti-adware / pups
127.0.0.1 application-eor.net # hosts anti-adware / pups
127.0.0.1 application-error.net # hosts anti-adware / pups
127.0.0.1 app.media-app.com # hosts anti-adware / pups
127.0.0.1 app.offerbox.com # hosts anti-adware / pups
127.0.0.1 app.softimizer.com # hosts anti-adware / pups
127.0.0.1 app.wideseam6.com # hosts anti-adware / pups
127.0.0.1 argentastuce.com # hosts anti-adware / pups
127.0.0.1 argent-avail-domicile.fr # hosts anti-adware / pups
127.0.0.1 argent-domicile.eu # hosts anti-adware / pups
127.0.0.1 argent-vital.com # hosts anti-adware / pups
127.0.0.1 atelecharger.info # hosts anti-adware / pups
127.0.0.1 avaaffic.com # hosts anti-adware / pups
127.0.0.1 availchezsoi.onlc.fr # hosts anti-adware / pups
127.0.0.1 bfd34af056e54c8abcb9dd50862f0b9b.integration.download.conduit-services.com # hosts anti-adware / pups
127.0.0.1 b.juiceknowledge.com # hosts anti-adware / pups
127.0.0.1 blog.upoharbd.com # hosts anti-adware / pups
127.0.0.1 boolu.springjapan.info # hosts anti-adware / pups
127.0.0.1 boostersonpc.com # hosts anti-adware / pups
127.0.0.1 buzz-france.info # hosts anti-adware / pups
127.0.0.1 cache-download.real.com # hosts anti-adware / pups
127.0.0.1 caefourinternet.com # hosts anti-adware / pups
127.0.0.1 cash-avalanches.com # hosts anti-adware / pups
127.0.0.1 cash-methodes.be # hosts anti-adware / pups
127.0.0.1 cash-professor.com # hosts anti-adware / pups
127.0.0.1 casinoonlinecash.org # hosts anti-adware / pups
127.0.0.1 cdn1.outbrowse.com # hosts anti-adware / pups
127.0.0.1 cdn2.otherdownload.com # hosts anti-adware / pups
127.0.0.1 cdn2.recentdownload.com # hosts anti-adware / pups
127.0.0.1 cdn3.otherdownload.com # hosts anti-adware / pups
127.0.0.1 cdn.appround.biz # hosts anti-adware / pups
127.0.0.1 cdn.bigspeedpro.com # hosts anti-adware / pups
127.0.0.1 cdn.bispd.com # hosts anti-adware / pups
127.0.0.1 cdn.bisrv.com # hosts anti-adware / pups
127.0.0.1 cdn.cdndp.com # hosts anti-adware / pups
127.0.0.1 cdn.download.sweetpacks.com # hosts anti-adware / pups
127.0.0.1 cdneu.bestflvplayer.net # hosts anti-adware / pups
127.0.0.1 cdneu.coolflvplayer.com # hosts anti-adware / pups
127.0.0.1 cdneu.coolvideoconveer.com # hosts anti-adware / pups
127.0.0.1 cdneu.coolvideoconverter.com # hosts anti-adware / pups
127.0.0.1 cdneu.driverpackcdn.com # hosts anti-adware / pups
127.0.0.1 cdneu.friedcookiescdn.com # hosts anti-adware / pups
127.0.0.1 cdneu.onedownloadspot.com # hosts anti-adware / pups
127.0.0.1 cdneu.telechargercdn.com # hosts anti-adware / pups
127.0.0.1 cdn.goateastcach.us # hosts anti-adware / pups
127.0.0.1 cdn.guttastatdk.us # hosts anti-adware / pups
127.0.0.1 cdn.inskinmedia.com # hosts anti-adware / pups
127.0.0.1 cdn.insta.oibundles2.com # hosts anti-adware / pups
127.0.0.1 cdn.insta.playbryte.com # hosts anti-adware / pups
127.0.0.1 cdn.llogetfastcach.us # hosts anti-adware / pups
127.0.0.1 cdn.montiera.com # hosts anti-adware / pups
127.0.0.1 cdn.msdwnld.com # hosts anti-adware / pups
127.0.0.1 cdn.ppdownload.com # hosts anti-adware / pups
127.0.0.1 cdn.riceateastcach.us # hosts anti-adware / pups
127.0.0.1 cdn.shyapotato.us # hosts anti-adware / pups
----------------------------------------
Firewall Konfiguration
Gobal
Remote Port
{0442B5B8-4953-4305-82F0-4A848CEAB0D3} REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Public|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-28550|Desc=@FirewallAPI.dll,-28551|EmbedCtxt=@FirewallAPI.dll,-28502|
{26A21E7E-CD41-43BC-A678-1FB1A658AE24} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28531|Desc=@FirewallAPI.dll,-28534|EmbedCtxt=@FirewallAPI.dll,-28502|
{2A4AD175-08C5-418B-9131-EF1F637AD54F} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Public|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-32805|Desc=@FirewallAPI.dll,-32808|EmbedCtxt=@FirewallAPI.dll,-32752|
{39FFB5BE-EC5C-44FD-A4C8-15AEB13813FD} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=5679|RA4=LocalSubnet|RA6=LocalSubnet|IF={18F5F927-456D-4D17-B2D5-649EAC882154}|App=%SystemRoot%\system32\svchost.exe|Svc=RapiMgr|Name=@%systemroot%\WindowsMobile\wmdcBase.exe,-4015|Desc=@%systemroot%\WindowsMobile\wmdcBase.exe,-14015|EmbedCtxt=@%systemroot%\WindowsMobile\wmdcBase.exe,-4014|
{430DEFEF-59D9-49A7-8735-BB30C09577D6} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-28550|Desc=@FirewallAPI.dll,-28551|EmbedCtxt=@FirewallAPI.dll,-28502|
{43525C0D-C7D1-4940-8B8D-DF3A1514ADD2} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31257|Desc=@FirewallAPI.dll,-31260|EmbedCtxt=@FirewallAPI.dll,-31252|
{52AEA956-EE41-468C-B019-3F31C5880E6F} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Public|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdrespub|Name=@FirewallAPI.dll,-32811|Desc=@FirewallAPI.dll,-32812|EmbedCtxt=@FirewallAPI.dll,-32752|
{A27BCB2C-85A1-4F8C-9414-8EDC0EE549D6} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28523|Desc=@FirewallAPI.dll,-28526|EmbedCtxt=@FirewallAPI.dll,-28502|
{AD64DD4C-4FF8-4839-AA85-370FAE61B05B} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31265|Desc=@FirewallAPI.dll,-31268|EmbedCtxt=@FirewallAPI.dll,-31252|
{B0987734-DF02-4A12-8A51-4F416F94E71B} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv|Name=@FirewallAPI.dll,-31273|Desc=@FirewallAPI.dll,-31276|EmbedCtxt=@FirewallAPI.dll,-31252|
{B8819672-FD82-4ECD-B528-465D60B26A37} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Public|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|Name=@FirewallAPI.dll,-32789|Desc=@FirewallAPI.dll,-32792|EmbedCtxt=@FirewallAPI.dll,-32752|
{C3E50C79-8230-41D3-9AE4-DFB585351640} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32757|Desc=@FirewallAPI.dll,-32760|EmbedCtxt=@FirewallAPI.dll,-32752|
{CF9298A9-52B7-4B42-9EA9-9BAA1A16E3E3} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28515|Desc=@FirewallAPI.dll,-28518|EmbedCtxt=@FirewallAPI.dll,-28502|
{D938FC78-BE24-44D5-8DA8-96511B3E9D5C} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RPort=10243|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-31289|Desc=@FirewallAPI.dll,-31292|EmbedCtxt=@FirewallAPI.dll,-31252|
{F4D3C903-FDF8-460A-8EDA-EE82D5B2B6BF} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=5679|RA4=LocalSubnet|RA6=LocalSubnet|IF={E4E4FB5F-1042-42A0-9B54-A2CD6AB55D7D}|App=%SystemRoot%\system32\svchost.exe|Svc=RapiMgr|Name=@%systemroot%\WindowsMobile\wmdcBase.exe,-4015|Desc=@%systemroot%\WindowsMobile\wmdcBase.exe,-14015|EmbedCtxt=@%systemroot%\WindowsMobile\wmdcBase.exe,-4014|
{FD24B558-FEE7-4D59-B7B9-C505CB056765} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RPort=139|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28507|Desc=@FirewallAPI.dll,-28510|EmbedCtxt=@FirewallAPI.dll,-28502|
Local Port
{0A82B4AA-5BD8-4BE5-8EC2-F3194EA7A6D4} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32753|Desc=@FirewallAPI.dll,-32756|EmbedCtxt=@FirewallAPI.dll,-32752|
{14971DF9-84AA-4526-A9B3-E2146E5CB391} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-31277|Desc=@FirewallAPI.dll,-31280|EmbedCtxt=@FirewallAPI.dll,-31252|
{1AB2094E-BE31-4750-B69E-57C51312E402} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28511|Desc=@FirewallAPI.dll,-28514|EmbedCtxt=@FirewallAPI.dll,-28502|
{26178CEE-46D3-46B9-9DC1-87DAE27F49E4} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28527|Desc=@FirewallAPI.dll,-28530|EmbedCtxt=@FirewallAPI.dll,-28502|
{3416AD87-B355-4A3F-8046-2BAADC6658DB} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-28548|Desc=@FirewallAPI.dll,-28549|EmbedCtxt=@FirewallAPI.dll,-28502|
{3683C0B6-FFF6-4075-AC9F-CD9335CB61DB} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdrespub|Name=@FirewallAPI.dll,-32809|Desc=@FirewallAPI.dll,-32810|EmbedCtxt=@FirewallAPI.dll,-32752|
{383761B6-0725-4275-9045-3B5E20476D86} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31261|Desc=@FirewallAPI.dll,-31264|EmbedCtxt=@FirewallAPI.dll,-31252|
{39334231-C401-471D-A7C8-CF3D826E3E9E} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|Name=@FirewallAPI.dll,-28535|Desc=@FirewallAPI.dll,-28538|EmbedCtxt=@FirewallAPI.dll,-28502|
{3E84F31D-2485-45B1-9394-10392EEB0E02} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=26675|RA4=LocalSubnet|RA6=LocalSubnet|IF={18F5F927-456D-4D17-B2D5-649EAC882154}|Name=@%systemroot%\WindowsMobile\wmdcBase.exe,-4006|Desc=@%systemroot%\WindowsMobile\wmdcBase.exe,-14006|EmbedCtxt=@%systemroot%\WindowsMobile\wmdcBase.exe,-4014|
{42602136-7B29-4C32-933D-A3837DFA5FFD} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28519|Desc=@FirewallAPI.dll,-28522|EmbedCtxt=@FirewallAPI.dll,-28502|
{4A9661F3-EE18-4582-8B6F-92E17DEB46BA} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|Name=Windows Live Communications Platform (UPnP)|
{4E41ADF4-F34D-40A4-AE61-A475AF6C1254} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=5678|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\WindowsMobile\wmdHost.exe|Name=@%systemroot%\WindowsMobile\wmdcBase.exe,-4004|Desc=@%systemroot%\WindowsMobile\wmdcBase.exe,-14004|EmbedCtxt=@%systemroot%\WindowsMobile\wmdcBase.exe,-4014|
{4EE8BB2A-6921-4D88-B829-BDD3314C8DEB} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=5721|RA4=LocalSubnet|RA6=LocalSubnet|IF={18F5F927-456D-4D17-B2D5-649EAC882154}|App=%SystemRoot%\system32\svchost.exe|Svc=RapiMgr|Name=@%systemroot%\WindowsMobile\wmdcBase.exe,-4002|Desc=@%systemroot%\WindowsMobile\wmdcBase.exe,-14002|EmbedCtxt=@%systemroot%\WindowsMobile\wmdcBase.exe,-4014|
{59F13B47-181B-44E5-8AD2-1CBC6CB7E9F1} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=999|RA4=LocalSubnet|RA6=LocalSubnet|IF={18F5F927-456D-4D17-B2D5-649EAC882154}|App=%systemroot%\WindowsMobile\wmdHost.exe|Name=@%systemroot%\WindowsMobile\wmdcBase.exe,-4005|Desc=@%systemroot%\WindowsMobile\wmdcBase.exe,-14005|EmbedCtxt=@%systemroot%\WindowsMobile\wmdcBase.exe,-4014|
{6285E3E9-7610-496A-A573-1BF4A83463E9} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv|Name=@FirewallAPI.dll,-31269|Desc=@FirewallAPI.dll,-31272|EmbedCtxt=@FirewallAPI.dll,-31252|
{741E4129-CEB9-407F-9C2D-23BB6592ED54} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31253|Desc=@FirewallAPI.dll,-31256|EmbedCtxt=@FirewallAPI.dll,-31252|
{77657D9E-1D9A-451E-B91C-61E63281F2AA} REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Public|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-28548|Desc=@FirewallAPI.dll,-28549|EmbedCtxt=@FirewallAPI.dll,-28502|
{7EB4D4C0-82B8-4F2E-A4D9-0B16412F90C4} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-32801|Desc=@FirewallAPI.dll,-32804|EmbedCtxt=@FirewallAPI.dll,-32752|
{8558E1A9-7527-4772-8B22-74A8EF679E4E} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=5678|RA4=LocalSubnet|RA6=LocalSubnet|IF={18F5F927-456D-4D17-B2D5-649EAC882154}|App=%systemroot%\WindowsMobile\wmdHost.exe|Name=@%systemroot%\WindowsMobile\wmdcBase.exe,-4004|Desc=@%systemroot%\WindowsMobile\wmdcBase.exe,-14004|EmbedCtxt=@%systemroot%\WindowsMobile\wmdcBase.exe,-4014|
{9878DD32-162D-41CB-9330-CF90FE424B70} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=990|RA4=LocalSubnet|RA6=LocalSubnet|IF={18F5F927-456D-4D17-B2D5-649EAC882154}|App=%SystemRoot%\system32\svchost.exe|Svc=RapiMgr|Name=@%systemroot%\WindowsMobile\wmdcBase.exe,-4001|Desc=@%systemroot%\WindowsMobile\wmdcBase.exe,-14001|EmbedCtxt=@%systemroot%\WindowsMobile\wmdcBase.exe,-4014|
{AE47BDF8-2A6B-402C-8761-EC0CF25A96F9} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=10243|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-31285|Desc=@FirewallAPI.dll,-31288|EmbedCtxt=@FirewallAPI.dll,-31252|
{B72E531C-0758-497C-98C3-7BD0D4F6C681} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=990|RA4=LocalSubnet|RA6=LocalSubnet|IF={E4E4FB5F-1042-42A0-9B54-A2CD6AB55D7D}|App=%SystemRoot%\system32\svchost.exe|Svc=RapiMgr|Name=@%systemroot%\WindowsMobile\wmdcBase.exe,-4001|Desc=@%systemroot%\WindowsMobile\wmdcBase.exe,-14001|EmbedCtxt=@%systemroot%\WindowsMobile\wmdcBase.exe,-4014|
{BFA01D3A-3BA2-4CCE-9F08-4A73BE3E2ABD} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=5721|RA4=LocalSubnet|RA6=LocalSubnet|IF={E4E4FB5F-1042-42A0-9B54-A2CD6AB55D7D}|App=%SystemRoot%\system32\svchost.exe|Svc=RapiMgr|Name=@%systemroot%\WindowsMobile\wmdcBase.exe,-4002|Desc=@%systemroot%\WindowsMobile\wmdcBase.exe,-14002|EmbedCtxt=@%systemroot%\WindowsMobile\wmdcBase.exe,-4014|
{C8F5A50F-A0A4-433E-8A69-A9ECECD6D4CE} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=139|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28503|Desc=@FirewallAPI.dll,-28506|EmbedCtxt=@FirewallAPI.dll,-28502|
{CD2F0754-AC04-443F-8984-22410A7BCEE1} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=svchost.exe|Svc=ssdpsrv|Name=Windows Live Messenger (SSDP-In)|EmbedCtxt=@C:\Program Files (x86)\Windows Live\Messenger\msgsres.dll,-4200|
{E2A12A1B-8964-447B-B590-1D670BA08B58} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|Svc=Rpcss|Name=@FirewallAPI.dll,-28539|Desc=@FirewallAPI.dll,-28542|EmbedCtxt=@FirewallAPI.dll,-28502|
{E4526A2A-02FA-46A9-A8DB-58CE97F4FDC8} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=Windows Live Messenger (UPnP-In)|EmbedCtxt=@C:\Program Files (x86)\Windows Live\Messenger\msgsres.dll,-4200|
{EBF387D3-D98F-4EF0-BAB3-B4C5E393909B} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|Name=@FirewallAPI.dll,-32785|Desc=@FirewallAPI.dll,-32788|EmbedCtxt=@FirewallAPI.dll,-32752|
{EDBB9659-933C-4E3F-A0B1-3DC8F4E8FEE2} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=26675|RA4=LocalSubnet|RA6=LocalSubnet|IF={E4E4FB5F-1042-42A0-9B54-A2CD6AB55D7D}|Name=@%systemroot%\WindowsMobile\wmdcBase.exe,-4006|Desc=@%systemroot%\WindowsMobile\wmdcBase.exe,-14006|EmbedCtxt=@%systemroot%\WindowsMobile\wmdcBase.exe,-4014|
{F244EC62-45E3-4F09-8CC6-B081079F6312} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|Name=Windows Live Communications Platform (SSDP)|
{F70E2691-3AFF-4433-9DF2-8282BC5B6637} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=999|RA4=LocalSubnet|RA6=LocalSubnet|IF={E4E4FB5F-1042-42A0-9B54-A2CD6AB55D7D}|App=%systemroot%\WindowsMobile\wmdHost.exe|Name=@%systemroot%\WindowsMobile\wmdcBase.exe,-4005|Desc=@%systemroot%\WindowsMobile\wmdcBase.exe,-14005|EmbedCtxt=@%systemroot%\WindowsMobile\wmdcBase.exe,-4014|
Anwendungen
{0C777AA1-6FF8-4982-B142-182BBE7C06C4} REG_SZ v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\carolino\appdata\local\google\chrome\application\chrome.exe|Name=chrome.exe|Desc=chrome.exe|
{0D16B5FE-CF79-429E-93FD-6A103EE73605} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe|Name=Teamviewer Remote Control Application|
{14EA3762-2161-4730-8B7C-05F8861D9081} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|Profile=Private|ICMP4=8:*|RA4=LocalSubnet|Name=@FirewallAPI.dll,-28544|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|
{2109B433-6CA9-4C85-AE0A-C0BB0F44A34E} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe|Name=Teamviewer Remote Control Service|
{22DF8963-7D23-40B9-98EB-197D0C0811F1} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe|Name=Teamviewer Remote Control Service|
{2DD754EA-DBBD-4AE7-9A01-F7E21ADE8F51} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe|Name=@FirewallAPI.dll,-31305|Desc=@FirewallAPI.dll,-31308|EmbedCtxt=@FirewallAPI.dll,-31252|
{2DD7E8CC-9EA3-4C12-957E-5DC208DE4F10} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|App=%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe|Name=@FirewallAPI.dll,-31025|Desc=@FirewallAPI.dll,-31014|EmbedCtxt=@FirewallAPI.dll,-31002|
{2F39AB7B-4479-4816-A439-DAB29DF2A975} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe|Name=Maxthon|
{328465B3-4B1D-401D-AB65-083A53A90C3A} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|Name=@FirewallAPI.dll,-31011|Desc=@FirewallAPI.dll,-31014|EmbedCtxt=@FirewallAPI.dll,-31002|
{38B15E7E-4C76-4403-AB88-BCEF7258E838} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe|Name=@FirewallAPI.dll,-31309|Desc=@FirewallAPI.dll,-31312|EmbedCtxt=@FirewallAPI.dll,-31252|
{3EBCF8CE-5BCE-4A15-A84B-1D7A6A826AC8} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|Name=@FirewallAPI.dll,-31003|Desc=@FirewallAPI.dll,-31006|EmbedCtxt=@FirewallAPI.dll,-31002|
{55BC9F7A-7137-4BF6-B617-780E4D8E8D6C} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Maxthon3\Bin\MxUp.exe|Name=MxUp|
{55D18332-5A51-4B60-83D5-06AD4F0D7D52} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\Windows Media Player\wmplayer.exe|Name=@FirewallAPI.dll,-31297|Desc=@FirewallAPI.dll,-31300|EmbedCtxt=@FirewallAPI.dll,-31252|
{5ED37DA6-03D1-400D-BDFE-AA0FA1BF2718} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Private|ICMP6=128:*|RA6=LocalSubnet|Name=@FirewallAPI.dll,-28546|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|
{70563BC2-B468-4094-884A-1195905D42CA} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\Windows Media Player\wmplayer.exe|Name=@FirewallAPI.dll,-31293|Desc=@FirewallAPI.dll,-31296|EmbedCtxt=@FirewallAPI.dll,-31252|
{8369100A-E676-4E29-BF2B-A85B58B7E4A0} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Maxthon3\Bin\MxUp.exe|Name=MxUp|
{994835D8-B631-4A39-862B-007C5FB98CD8} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\Windows Media Player\wmplayer.exe|Name=@FirewallAPI.dll,-31301|Desc=@FirewallAPI.dll,-31304|EmbedCtxt=@FirewallAPI.dll,-31252|
{9C185B99-1B63-4EE3-8211-C2A12C8FDCA6} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Opera\opera.exe|Name=Opera Internet Browser|
{9CC48C93-A06D-4944-9C37-EF161A02D237} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Opera\opera.exe|Name=Opera Internet Browser|
{9E0654D6-2551-40C9-8ABF-DBA87F23E037} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Private|ICMP4=8:*|RA4=LocalSubnet|Name=@FirewallAPI.dll,-28543|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|
{AC43D343-C748-47D6-A0A7-DD1DE1053EEB} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe|Name=Maxthon|
{B2887F74-0F7A-4D8D-8674-D918DDDD2DF0} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|Name=@FirewallAPI.dll,-31321|Desc=@FirewallAPI.dll,-31322|EmbedCtxt=@FirewallAPI.dll,-31252|
{B39B5842-AB4C-4927-9458-874FE72D5266} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Private|ICMP6=128:*|RA6=LocalSubnet|Name=@FirewallAPI.dll,-28545|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|
{CBE61BFF-8D3B-4381-8FCB-A910F34183C5} REG_SZ v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\carolino\appdata\local\google\chrome\application\chrome.exe|Name=chrome.exe|Desc=chrome.exe|
{DCA6C1C2-412B-460C-9F92-DDEA4E508AE1} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe|Name=@FirewallAPI.dll,-31317|Desc=@FirewallAPI.dll,-31320|EmbedCtxt=@FirewallAPI.dll,-31252|
{E650DC97-9B24-4B24-8725-F307989BDA38} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe|Name=@FirewallAPI.dll,-31023|Desc=@FirewallAPI.dll,-31006|EmbedCtxt=@FirewallAPI.dll,-31002|
{EBEE4F03-8797-466B-85E0-AF7B6101F2BA} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|App=%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe|Name=@FirewallAPI.dll,-31024|Desc=@FirewallAPI.dll,-31010|EmbedCtxt=@FirewallAPI.dll,-31002|
{F2E6A40C-A892-4D81-A32E-89ABE2674355} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe|Name=Teamviewer Remote Control Application|
{F96CED4C-E129-4688-A69B-A1B8D8F825D0} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe|Name=@FirewallAPI.dll,-31313|Desc=@FirewallAPI.dll,-31316|EmbedCtxt=@FirewallAPI.dll,-31252|
{FA064262-6DC0-4639-A654-34159015BB4F} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|Name=@FirewallAPI.dll,-31007|Desc=@FirewallAPI.dll,-31010|EmbedCtxt=@FirewallAPI.dll,-31002|
{FA994DB4-E44C-474B-8688-5579223047C7} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-31281|Desc=@FirewallAPI.dll,-31284|EmbedCtxt=@FirewallAPI.dll,-31252|
{FC39D43E-1FD7-44FD-96BE-C93341A1FE29} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|Name=@FirewallAPI.dll,-32821|Desc=@FirewallAPI.dll,-32822|EmbedCtxt=@FirewallAPI.dll,-32752|
UDP und TCP
TCP Query User{AE5FE1B8-38D6-4F57-95E3-7651A0878E50}C:\users\carolino\appdata\local\google\chrome\application\chrome.exe REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\carolino\appdata\local\google\chrome\application\chrome.exe|Name=chrome.exe|Desc=chrome.exe|Defer=User|
TCP Query User{E2790FAA-041A-4B97-9417-133AF78D956F}C:\program files (x86)\opera\opera.exe REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\opera\opera.exe|Name=Opera Internet Browser|Desc=Opera Internet Browser|Defer=User|
UDP Query User{275B8FB2-BCFD-4351-93AF-B80AB23425AD}C:\users\carolino\appdata\local\google\chrome\application\chrome.exe REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\carolino\appdata\local\google\chrome\application\chrome.exe|Name=chrome.exe|Desc=chrome.exe|Defer=User|
UDP Query User{AB6A947A-AA5C-40E4-BA7D-3CE45BFEAD41}C:\program files (x86)\opera\opera.exe REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\opera\opera.exe|Name=Opera Internet Browser|Desc=Opera Internet Browser|Defer=User|
----------------------------------------
Registry:
Startup, ServiceDll und ImagePath sind ok!
Startup und ImagePath sind ok!
Startup, ServiceDll und ImagePath sind ok!
Startup, ServiceDll und ImagePath sind ok!
Start REG_DWORD 0x2
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\gpsvc.dll
ImagePath REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
Startup, ServiceDll und ImagePath sind ok!
Start REG_DWORD 0x3
ServiceDll REG_EXPAND_SZ %SystemRoot%\system32\srvsvc.dll
ImagePath REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
Startup, ServiceDll und ImagePath sind ok!
Startup, ServiceDll und ImagePath sind ok!
Startup, ServiceDll und ImagePath sind ok!
Start REG_DWORD 0x3
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\ipnathlp.dll
ImagePath REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs
Startup und ImagePath sind ok!
Startup und ImagePath sind ok!
Startup, ServiceDll und ImagePath sind ok!
Start REG_DWORD 0x3
ServiceDll REG_EXPAND_SZ %ProgramFiles%\Windows Defender\mpsvc.dll
ImagePath REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k secsvcs
Startup, ServiceDll und ImagePath sind ok!
Startup, ServiceDll und ImagePath sind ok!
Startup, ServiceDll und ImagePath sind ok!
----------------------------------------
Dateisystem:
O tipo do sistema de arquivos ‚ NTFS.
C: nÆo est sujo.
----------------------------------------
Taskliste
Nome da imagem Identifi Nome da sessÆo SessÆo# Uso de mem¢r
========================= ======== ================ =========== ============
System Idle Process 0 Services 0 24 K
System 4 Services 0 14.176 K
smss.exe 288 Services 0 1.196 K
csrss.exe 380 Services 0 5.764 K
wininit.exe 432 Services 0 4.600 K
csrss.exe 456 Console 1 60.164 K
services.exe 488 Services 0 10.256 K
lsass.exe 516 Services 0 11.928 K
lsm.exe 524 Services 0 4.536 K
svchost.exe 616 Services 0 10.068 K
winlogon.exe 688 Console 1 7.896 K
gbpsv.exe 732 Services 0 38.556 K
svchost.exe 828 Services 0 9.168 K
svchost.exe 900 Services 0 20.032 K
svchost.exe 1000 Services 0 235.976 K
svchost.exe 124 Services 0 14.256 K
svchost.exe 320 Services 0 46.432 K
stacsv64.exe 332 Services 0 8.892 K
svchost.exe 1256 Services 0 28.956 K
wlanext.exe 1344 Services 0 6.080 K
conhost.exe 1352 Services 0 2.900 K
sched.exe 1464 Services 0 2.072 K
svchost.exe 1492 Services 0 15.172 K
avguard.exe 1600 Services 0 53.432 K
k9filter.exe 1708 Services 0 13.524 K
fsssvc.exe 1760 Services 0 18.848 K
taskhost.exe 1892 Console 1 17.912 K
svchost.exe 1940 Services 0 6.136 K
dwm.exe 1196 Console 1 84.596 K
explorer.exe 1116 Console 1 70.412 K
sftvsa.exe 2144 Services 0 4.824 K
svchost.exe 2196 Services 0 5.644 K
sftlist.exe 2240 Services 0 20.268 K
avgnt.exe 2580 Console 1 3.400 K
CVHSVC.EXE 2932 Services 0 14.984 K
avshadow.exe 480 Services 0 9.636 K
SearchIndexer.exe 2060 Services 0 37.900 K
svchost.exe 2704 Services 0 4.884 K
svchost.exe 3408 Services 0 6.024 K
svchost.exe 1484 Services 0 5.628 K
svchost.exe 2208 Services 0 8.308 K
WINWORD.EXE 360 Console 1 35.644 K
notepad.exe 3168 Console 1 26.540 K
notepad.exe 5912 Console 1 6.820 K
chrome.exe 784 Console 1 183.168 K
chrome.exe 1848 Console 1 134.136 K
chrome.exe 6004 Console 1 62.956 K
chrome.exe 3736 Console 1 28.516 K
chrome.exe 1188 Console 1 20.084 K
chrome.exe 5616 Console 1 116.996 K
chrome.exe 5232 Console 1 57.324 K
chrome.exe 4372 Console 1 64.172 K
chrome.exe 4548 Console 1 53.768 K
chrome.exe 5696 Console 1 84.644 K
notepad.exe 5360 Console 1 6.740 K
Maxthon.exe 5908 Console 1 44.360 K
Maxthon.exe 4544 Console 1 16.964 K
Maxthon.exe 4244 Console 1 22.388 K
Maxthon.exe 5456 Console 1 102.948 K
audiodg.exe 4508 Services 0 17.336 K
Maxthon.exe 4040 Console 1 20.896 K
cmd.exe 2084 Console 1 4.488 K
conhost.exe 1720 Console 1 5.864 K
chrome.exe 2752 Console 1 100.892 K
SndVol.exe 3656 Console 1 8.896 K
SearchFilterHost.exe 2828 Services 0 7.012 K
SearchProtocolHost.exe 3616 Services 0 8.412 K
tasklist.exe 3316 Console 1 5.836 K
WmiPrvSE.exe 3124 Services 0 6.448 K
Nome da imagem Identifi Servi‡os
========================= ======== ============================================
svchost.exe 616 DcomLaunch, PlugPlay, Power
svchost.exe 828 RpcEptMapper, RpcSs
svchost.exe 900 AudioSrv, Dhcp, eventlog, wscsvc
svchost.exe 1000 AudioEndpointBuilder, hidserv, Netman,
PcaSvc, SysMain, TrkWks, UxSms, Wlansvc
svchost.exe 124 EventSystem, FontCache, netprofm, nsi,
WdiServiceHost
svchost.exe 320 AeLookupSvc, Appinfo, BITS, EapHost, gpsvc,
IKEEXT, iphlpsvc, LanmanServer, MMCSS,
ProfSvc, Schedule, SENS, ShellHWDetection,
Themes, Winmgmt, wuauserv
svchost.exe 1256 CryptSvc, Dnscache, LanmanWorkstation,
NlaSvc
svchost.exe 1492 BFE, DPS, MpsSvc
svchost.exe 1940 hpqddsvc
svchost.exe 2196 stisvc
svchost.exe 2704 bthserv
svchost.exe 3408 PolicyAgent
svchost.exe 1484 SSDPSRV
svchost.exe 2208 RapiMgr, WcesComm
----------------------------------------
$ $ $ $ $ Ende des Scans am 01/01/2014 um 18:36:54,16 Uhr $ $ $ $ $
Mr. Micro- Membro
- Mensagens : 56
Reputação : 2
Data de inscrição : 31/08/2013
Re: Worm Conficker detectado pelo Avira em pendrive
por Power Max Qua 01 Jan 2014, 19:19
Seus logs estão limpos. Instale só o Ccleaner (caso ainda não o tenha) e faça uma limpeza com ele.Faça também uma limpeza com estes programas abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Depois disto nos diga como está seu PC.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Worm Conficker detectado pelo Avira em pendrive
por Mr. Micro Qua 01 Jan 2014, 19:24
Quanto ao Ccleaner, logo antes de você pedir eu já tinha feito uma limpeza com ele e removeu quase um Giga de arquivos sem importância e removeu também vários erros do registro.______________________________
Quanto ao Purera, aqui está o relatório dele:RaProducts' PureRa v1.7
Log created at 19:20 on 01/01/2014 (carolino)
C:\Config.MSI emptied.
C:\Users\carolino\AppData\LocalLow\Microsoft\CryptNetURLCache\Content emptied.
C:\Users\carolino\AppData\LocalLow\Microsoft\CryptNetURLCache\MetaData emptied.
C:\Windows\system32\FNTCACHE.DAT <- O sistema não pode encontrar o arquivo especificado.
Recycle bin emptied.
C:\Windows\SoftwareDistribution\DataStore\Logs emptied.
C:\Windows\SoftwareDistribution\Download emptied.
C:\Windows\SoftwareDistribution\SelfUpdate\Default emptied.
C:\Windows\SoftwareDistribution\WuRedir emptied.
C:\Windows\SoftwareDistribution\ReportingEvents.log <- O arquivo já está sendo usado por outro processo.
C:\Users\carolino\AppData\Local\Temp emptied.
C:\Windows\TEMP emptied.
C:\UsbFix\Res\Thumbs.db <- Successfully deleted.
C:\Users\carolino\AppData\Local\IconCache.db <- Successfully deleted.
C:\Users\carolino\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db <- Successfully deleted.
C:\Users\carolino\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db <- Successfully deleted.
C:\Users\carolino\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db <- Successfully deleted.
C:\Users\carolino\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db <- Successfully deleted.
C:\Users\carolino\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db <- Successfully deleted.
C:\Users\carolino\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db <- Successfully deleted.
C:\Users\carolino\AppData\Local\Microsoft\Windows Live\SqmApi\SqmData21_00.sqm <- Successfully deleted.
C:\Users\carolino\AppData\Local\Microsoft\Windows Live Mail\sqmnoopt00.sqm <- Successfully deleted.
C:\Users\carolino\AppData\Local\Microsoft\Windows Live Movie Maker\SqmApi\SqmSessionData-NoOptIn-MovieMaker-00.sqm <- Successfully deleted.
C:\Users\carolino\AppData\Local\Microsoft\Windows Live Movie Maker\SqmApi\SqmSessionData-NoOptIn-MovieMaker-01.sqm <- Successfully deleted.
Total space cleaned: 18.38 MB
-=E.O.F=-
_________________________________________
Quanto ao ATF Cleaner, fiz a limpeza completa com ele e mais de 85 Mb de arquivos inúteis foram removidos.:rindo_atoa: O PC está ótimo, muito obrigado por tudo!
Mr. Micro- Membro
- Mensagens : 56
Reputação : 2
Data de inscrição : 31/08/2013
Re: Worm Conficker detectado pelo Avira em pendrive
por Power Max Qua 01 Jan 2014, 19:47
Pode excluir o Scanlist.bat e o Scanlist.zip._______________________
Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...de Xplode) e salve-o no Desktop (Área de Trabalho)*Execute-o, deixe selecionadas as opções Remove disinfection tools e Purge system restore
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Clique [Run] e feche o relatório apresentado
Delete o DelFix e o arquivo C:\DelFix.txtO PC está limpo.
Um abraço...
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Worm Conficker detectado pelo Avira em pendrive
por Mr. Micro Qua 01 Jan 2014, 19:50
Já fiz os procedimentos.
Aqui está o relatório do Delfix:
# DelFix v10.6 - Logfile created 01/01/2014 at 19:48:07
# Updated 11/11/2013 by Xplode
# Username : Marcio - SWPTC21-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
~ Removing disinfection tools ...
Deleted : C:\USBFix
Deleted : C:\AdwCleaner
Deleted : C:\UsbFix [Clean 1] SWPTC21-PC.txt
Deleted : C:\UsbFix [Scan 1] SWPTC21-PC.txt
Deleted : C:\Users\Marcio\Desktop\AdwCleaner[S1].txt
Deleted : HKCU\Software\USBFix
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\USBFix
~ Cleaning system restore ...
Deleted : RP #312 [End of disinfection | 12/05/2013 16]
Deleted : RP #313 [Windows Update | 12/11/2013 12]
Deleted : RP #314 [Removed Skype
6.5 | 12/21/2013 17]
Deleted : RP #315 [Ponto de Verificação Agendado | 01/01/2014 19]
New restore point created !
########## - EOF - ##########
Um feliz ano novo de muitas boas realizações a todos do Fórum que prestam um ótimo trabalho para a sociedade!
Aqui está o relatório do Delfix:# DelFix v10.6 - Logfile created 01/01/2014 at 19:48:07
# Updated 11/11/2013 by Xplode
# Username : Marcio - SWPTC21-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
~ Removing disinfection tools ...
Deleted : C:\USBFix
Deleted : C:\AdwCleaner
Deleted : C:\UsbFix [Clean 1] SWPTC21-PC.txt
Deleted : C:\UsbFix [Scan 1] SWPTC21-PC.txt
Deleted : C:\Users\Marcio\Desktop\AdwCleaner[S1].txt
Deleted : HKCU\Software\USBFix
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\USBFix
~ Cleaning system restore ...
Deleted : RP #312 [End of disinfection | 12/05/2013 16]
Deleted : RP #313 [Windows Update | 12/11/2013 12]
Deleted : RP #314 [Removed Skype
6.5 | 12/21/2013 17]Deleted : RP #315 [Ponto de Verificação Agendado | 01/01/2014 19]
New restore point created !
########## - EOF - ##########
Um feliz ano novo de muitas boas realizações a todos do Fórum que prestam um ótimo trabalho para a sociedade!
Mr. Micro- Membro
- Mensagens : 56
Reputação : 2
Data de inscrição : 31/08/2013
Re: Worm Conficker detectado pelo Avira em pendrive
por Admin Qua 01 Jan 2014, 19:51
CASO RESOLVIDO
Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Admin- Administrador Fundador
- Mensagens : 515
Reputação : 49
Data de inscrição : 26/05/2008
Idade : 46
Localização : Brasil -
Página 1 de 1
Permissões neste sub-fórum
Não podes responder a tópicos|
|
|