Tutorial do OTListIt




OTListIt


Programa utilizado na listagem de arquivos do PC permitindo uma procura por arquivos maliciosos.


Link para download:
http://oldtimer.geekstogo.com/OTL.exe

*Salve o arquivo no desktop
*Duplo clique em OTListIt.exe
*Marque as opções: "Scan All Users" e "Use Whitelist"
*Em "File Age" selecione "1 day", "7 days", "14"days", "30 days", "60 days" ou "90 days"
*Clique em "Run Scan" e aguarde o término do processo
*Os resultados serão criados no desktop: OTListIt.txt e extra.txt
OBSERVAÇÃO: É SÓ CLICAR SOBRE AS IMAGENS QUE ELAS SERÃO MOSTRADAS EM TAMANHO MAIOR.


Exemplo de parte de um resultado do scan:

OTListIt logfile created on: 9/14/2008 6:38:00 AM - Run 1
OTListIt by OldTimer - Version 1.0.1.3 Folder = C:\Documents and Settings\owner\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 85.64% Memory free
3.35 Gb Paging File | 3.15 Gb Available in Paging File | 93.99% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 97.96 Gb Free Space | 65.72% Space Free | Partition Type: NTFS
Drive D: | 590.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 3.28 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-151561413
Current User Name: owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On

========== Processes - Non-Microsoft Only ==========

[10/13/2007 22:05:31 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
[07/04/2005 16:46:04 | 00,053,307 | ---- | M] (GEMTEKS) -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
[11/09/2005 01:33:42 | 05,264,384 | ---- | M] (Linksys) -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
[08/29/2003 17:13:04 | 01,436,160 | ---- | M] (Dominating Bytes Design) -- C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
[07/20/2008 03:32:42 | 00,039,936 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE
[09/14/2008 06:36:59 | 00,376,320 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\owner\Desktop\OTListIt.exe

========== Win32 Services - Non-Microsoft Only ==========

[08/15/2008 04:16:34 | 00,380,536 | ---- | M] (Emsi Software GmbH) -- C:\Computer Maint\a-squared Free\a2service.exe -- (a2free [On_Demand | Stopped])
[07/07/2008 08:15:18 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Stopped])
[09/04/2008 20:45:31 | 00,334,720 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\owner\Local Settings\Temp\AL.exe -- (AL [On_Demand | Stopped])
[07/20/2008 03:32:42 | 00,039,936 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA [Auto | Running])
[09/04/2007 20:25:44 | 00,131,072 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService [Auto | Stopped])
[10/13/2007 22:05:31 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
File not found -- C:\DOCUME~1\owner\LOCALS~1\Temp\SKMXKZ.exe -- (SKMXKZ [On_Demand | Stopped])
[07/04/2005 16:46:04 | 00,053,307 | ---- | M] (GEMTEKS) -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe -- (WUSB54Gv42SVC [Auto | Running])

========== Driver Services - Non-Microsoft Only ==========

File not found -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Stopped])
File not found -- C:\WINDOWS\System32\DRIVERS\Alpham1.sys -- (Alpham1 [On_Demand | Stopped])
File not found -- C:\WINDOWS\System32\DRIVERS\Alpham2.sys -- (Alpham2 [On_Demand | Stopped])
[10/24/2007 17:45:10 | 00,165,376 | ---- | M] () -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt [Auto | Running])
File not found -- C:\WINDOWS\System32\BCM42RLY.SYS -- (BCM42RLY [On_Demand | Stopped])
[07/20/2008 03:32:41 | 00,008,864 | ---- | M] () -- C:\WINDOWS\system32\drivers\CDAC15BA.SYS -- (CdaC15BA [On_Demand | Stopped])
[04/03/1996 15:33:26 | 00,005,248 | ---- | M] () -- C:\WINDOWS\system32\giveio.sys -- (giveio [Boot | Running])
File not found -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI [On_Demand | Stopped])
[10/24/2007 17:45:09 | 00,018,048 | ---- | M] () -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt [Auto | Running])
File not found -- D:\install4\MSICPL.sys -- (MSICPL [On_Demand | Stopped])
File not found -- D:\NTACCESS.sys -- (NTACCESS [On_Demand | Stopped])
[09/04/2007 20:26:32 | 00,029,696 | ---- | M] (NVidia Corp.) -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev [On_Demand | Running])
File not found -- C:\WINDOWS\System32\DRIVERS\OmniUsb.sys -- (OmniUsb [On_Demand | Stopped])
File not found -- C:\WINDOWS\System32\DRIVERS\OmniUsbl.sys -- (OmniUsbl [On_Demand | Stopped])
[04/13/2004 08:14:12 | 00,070,144 | R--- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp [On_Demand | Running])
[10/04/2007 13:45:59 | 00,012,464 | ---- | M] (Macrovision Europe Ltd) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
File not found -- D:\NTGLM7X.sys -- (SetupNTGLM7X [On_Demand | Stopped])
[02/22/2002 07:10:48 | 00,026,505 | R--- | M] (Realtek ) -- C:\WINDOWS\system32\drivers\RTL8150.SYS -- (USB-100 [On_Demand | Stopped])
File not found -- C:\WINDOWS\System32\DRIVERS\usbsermpt.sys -- (usbsermpt [On_Demand | Stopped])
File not found -- C:\WINDOWS\system32\drivers\VCdRom.sys -- (vcdrom [System | Stopped])
File not found -- C:\WINDOWS\System32\DRIVERS\VMNetSrv.sys -- (VPCNetS2 [On_Demand | Stopped])
File not found -- C:\WINDOWS\System32\DRIVERS\rt2500usb.sys -- (WUSB54GPV4SRV [On_Demand | Stopped])


========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com/
URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\C urrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0

etc....

Fonte: Fórum PC Seguro

Related Posts Plugin for WordPress, Blogger...
Feed Orkut Fórum Facebook Twitter
 

Copyright © Caixa de dicas | Política de Privacidade | Todos os direitos reservados |