Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Zébástian

[Resolvido!] Analise meu log

Recommended Posts

Galera não aguento mais usar o eBuddy

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 14:03:12, on 22/5/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

C:\Arquivos de programas\USB Video Camera\Monitor.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Trend Micro\HiJackThis\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [sMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Monitor.lnk = C:\Arquivos de programas\USB Video Camera\Monitor.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{ACD1D250-6714-434E-A849-EAC932D3B318}: NameServer = 200.204.0.10,200.204.0.138

O17 - HKLM\System\CCS\Services\Tcpip\..\{D2740C35-F54D-4D6F-ABC1-BB5C420707A5}: NameServer = 208.67.222.222,208.67.220.220

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

 

--

End of file - 4829 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! Zébástian

 

<!> O log não apresenta entradas ruíns ou suspeitas.

<!> Ps: Caso utilize Proxy,para acessar a Internet,você poderá ter seu MSN bloqueado.

<!> Desabilite-o no Firefox ou IE8,segundo estas instruções!

0000000000000000000000

<@> Abra o Firefox.

<@> Vá em Ferramentas -> Opções -> Avançado -> Rede -> Configurar Conexão.

<@> Clique em "Sem Proxy".

<@> Abra o IE8.

<@> Vá em Ferramentas -> Opções da Internet -> Conexões -> Configurações da LAN.

<@> Desmarque: "Usar Servidor Proxy"

0000000000000000000000

<@> Baixe: < Malwarebytes' Anti-Malware >

 

<@> Link - 2: < marcinsig.gif >

 

<@> Ps: Salve ou imprima estas instruções:

 

- Dê um duplo-clique no mbam-setup.exe;escolha a linguagem e,na instalação,aceite todas as opções padrão.

- Verifique se as caixas: "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware" estão marcadas.

- Clique,à seguir,em Concluir.

- Ps: Se houver atualizações a serem feitas,serão baixadas e instaladas.

- Ao final da atualização,com o programa aberto, marque: Verificação Rápida

- Clique no botão Verificar.

- Começará então o exame. -> Aguarde,pois pode demorar!

- Concluindo,clique em OK e depois no botão "Mostrar Resultados",para dispormos do relatório.

- Ps: Se houver ítens encontrados,marque-os e clique no botão "Remover".

- Ps: Ao final da desinfecção,abrir-se-á o Bloco de notas contendo o relatório.

- Ps: O log será armazenado,automáticamente,pela ferramenta.

- Ps: Obtenha-o clicando na aba "Logs" na janela principal do Programa.

<@> Ps: Caso o MBAM encontre arquivos que não consiga remover,poderá ter de reiniciar o PC. Talvez mais de uma vez!

<@> Ps: Faça isso imediatamente,ao ser perguntado se quer reiniciar.

0000000000000000000000

<!> Selecione, copie e cole o conteúdo do log do MBAM,na sua próxima resposta.

<!> Poste,também,HijackThis atualizado.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Log do MBAM

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Versão da Base de Dados: 4133

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 6.0.2900.5512

 

23/5/2010 16:24:16

mbam-log-2010-05-23 (16-24-16).txt

 

Tipo de Verificação: Verificação Rápida

Objetos escaneados: 114718

Tempo decorrido: 5 minuto(s), 11 segundo(s)

 

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 0

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 0

 

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Infectadas:

(Não foram detectados ítens maliciosos)

 

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

 

Arquivos Infectados:

(Não foram detectados ítens maliciosos)

Log do Hijack

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 16:28:55, on 23/5/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

C:\Arquivos de programas\IVT Corporation\BlueSoleil\BtTray.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\Arquivos de programas\USB Video Camera\Monitor.exe

C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsMobileCS.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsHelpCS.exe

C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Arquivos de programas\Trend Micro\HiJackThis\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [sMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [btTray] "C:\Arquivos de programas\IVT Corporation\BlueSoleil\BtTray.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Monitor.lnk = C:\Arquivos de programas\USB Video Camera\Monitor.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Enviar por Bluetooth - C:\Arquivos de programas\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm

O8 - Extra context menu item: Enviar por mensagem(&M)... - C:\Arquivos de programas\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{ACD1D250-6714-434E-A849-EAC932D3B318}: NameServer = 200.204.0.10,200.204.0.138

O17 - HKLM\System\CCS\Services\Tcpip\..\{D2740C35-F54D-4D6F-ABC1-BB5C420707A5}: NameServer = 208.67.222.222,208.67.220.220

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\skype4com.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: BlueSoleilCS - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

O23 - Service: BsHelpCS - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsHelpCS.exe

O23 - Service: BsMobileCS - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsMobileCS.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

 

--

End of file - 6273 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! Zébástian

 

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

<!> Seu navegador está desatualizado. ( IE6 )

<!> Baixe e instale o IE8.

00000000000000000000000

ooooooooooooooooooooooo

<@> Baixe: < MSNCleaner >

<@> Clique no botão “Analisar”.

<@> Terminando,poste o relatório.

00000000000000000000000

ooooooooooooooooooooooo

<@> Faça um escaneamento,online,em: < Eset Nod32 >

<@> Ps: Utilize o navegador Internet Explorer.

<@> Marque a caixa: "SIM,aceito as condições de uso" --> Iniciar.

<@> Marque a caixa: "YES, I accept the Terms of Use" --> Start.

 

xekda9.png

 

<@> Desmarque a caixa "Remove found threats".

<@> Aceite a instalação do ActiveX --> Dê início ao scan.

<@> Concluindo,poste os relatórios: C:\Program Files\EsetOnlineScanner\log.txt + HijackThis,atualizado.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Infelizmente eu não consegui passar o scanner do Eset porque, há 1 hora aproximadamente antes de eu postar este, parou acessar algumas páginas e a do Eset foi uma das que não consigo acessar. A página do baixaki é uma outra que eu não consigo também.

Caso sirva, o log do hijack está aqui.

Vlw por enquanto.

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 22:48:36, on 23/5/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe

C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsMobileCS.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsHelpCS.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

C:\Arquivos de programas\IVT Corporation\BlueSoleil\BtTray.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\Arquivos de programas\USB Video Camera\Monitor.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Trend Micro\HiJackThis\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [sMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [btTray] "C:\Arquivos de programas\IVT Corporation\BlueSoleil\BtTray.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Monitor.lnk = C:\Arquivos de programas\USB Video Camera\Monitor.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Enviar por Bluetooth - C:\Arquivos de programas\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm

O8 - Extra context menu item: Enviar por mensagem(&M)... - C:\Arquivos de programas\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{D2740C35-F54D-4D6F-ABC1-BB5C420707A5}: NameServer = 208.67.222.222,208.67.220.220

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\skype4com.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: BlueSoleilCS - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

O23 - Service: BsHelpCS - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsHelpCS.exe

O23 - Service: BsMobileCS - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsMobileCS.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

 

--

End of file - 6130 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! Zébástian

 

<@> Baixe: < desktopicon.png > ( ...by sUBs )

 

<!> Link-2 --> < ForoSpyware >

 

<!> Link-3 --> < GeeksToGo >

 

<@> Salve-o no desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

<@> Ps: A execução,por comando,também é possível:

<@> Vá em Iniciar --> Executar --> Digite ou cole: "%userprofile%\desktop\Combofix.exe" /killall

 

combofixejr8.gif

 

<@> Clique em Ok.

<@> Na janela: "Contrato de garantia de software" --> Clique em Sim!

 

RcAuto1.gif

 

<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

<@> Terminando,clique Sim ou Yes. --> Aguarde!

 

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta ComboFix.exe e faça,novamente,seu download.

<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em "Modo de Segurança". <-- Link!

<!> Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação:

 

Rookit_found.gif

 

<!> Ps: Anote essas detecções,e dê o OK.

<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

<!> Ps: Evite executar,voluntariamente,esta ferramenta!

<!> Ps: Para evitar problemas,siga todas as recomendações propostas.

<!> Ps: ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão profissional.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Para finalizar remoções,o ComboFix poderá reiniciar o computador.

<@> Se houver necessidade,digite a opção ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 10-05-21.06 - Administrador 25/05/2010 2:15.3.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.446.252 [GMT -3:00]

Executando de: c:\documents and settings\Administrador\desktop\Combofix.exe

Comandos utilizados :: /killall

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2010-04-25 to 2010-05-25 ))))))))))))))))))))))))))))

.

 

2010-05-24 01:11 . 2010-05-24 01:11 -------- d-sh--w- c:\documents and settings\Administrador\IECompatCache

2010-05-24 01:10 . 2010-05-24 01:10 -------- d-sh--w- c:\documents and settings\Administrador\PrivacIE

2010-05-24 01:08 . 2010-05-24 01:08 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2010-05-24 01:07 . 2010-05-24 01:07 -------- d-sh--w- c:\documents and settings\Administrador\IETldCache

2010-05-24 01:05 . 2010-05-24 01:05 -------- d-----w- c:\windows\ie8updates

2010-05-24 01:03 . 2010-05-24 01:04 -------- dc-h--w- c:\windows\ie8

2010-05-24 01:01 . 2010-02-25 06:17 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-05-24 01:01 . 2010-02-25 06:17 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2010-05-24 01:01 . 2010-02-25 06:17 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll

2010-05-24 01:01 . 2010-02-25 06:17 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2010-05-24 01:01 . 2010-02-25 06:17 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2010-05-24 01:00 . 2010-02-16 04:50 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll

2010-05-24 00:45 . 2010-05-24 00:45 2165 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\UOL\UIM\Profiles\zecnv@hotmail.com\.purple\certificates\x509\tls_peers\rsi.hotmail.com

2010-05-24 00:45 . 2010-05-24 00:45 167936 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\UOL\lib\fotoblog-1.0.0.3.dll

2010-05-24 00:45 . 2010-05-24 00:45 2153 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\UOL\UIM\Profiles\zecnv@hotmail.com\.purple\certificates\x509\tls_peers\contacts.msn.com

2010-05-24 00:45 . 2010-05-24 00:45 2095 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\UOL\UIM\Profiles\zecnv@hotmail.com\.purple\certificates\x509\tls_peers\login.live.com

2010-05-24 00:43 . 2010-05-24 00:43 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\UOL

2010-05-24 00:42 . 2010-05-24 00:42 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\UOL

2010-05-24 00:42 . 2010-05-24 01:50 -------- d-----w- c:\arquivos de programas\UOL

2010-05-24 00:35 . 2010-05-24 00:37 -------- d-----w- C:\MSNCleaner

2010-05-23 19:16 . 2010-05-23 19:16 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Malwarebytes

2010-05-23 19:15 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-05-23 19:15 . 2010-05-23 19:15 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2010-05-23 19:15 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-05-23 19:15 . 2010-05-23 19:15 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-05-22 21:31 . 2010-05-22 21:31 -------- d-----w- c:\arquivos de programas\IVT Corporation

2010-05-22 16:36 . 2010-05-22 16:36 388096 ----a-r- c:\documents and settings\Administrador\Dados de aplicativos\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-05-22 16:36 . 2010-05-22 16:36 -------- d-----w- c:\arquivos de programas\Trend Micro

2010-05-22 16:12 . 2010-05-22 16:12 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Babylon

2010-05-22 16:12 . 2010-05-22 16:12 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Babylon

2010-05-21 07:43 . 2008-05-09 10:55 90112 -c----w- c:\windows\system32\dllcache\wshext.dll

2010-05-21 07:43 . 2008-05-09 10:55 180224 -c----w- c:\windows\system32\dllcache\scrobj.dll

2010-05-21 07:43 . 2008-05-09 10:55 172032 -c----w- c:\windows\system32\dllcache\scrrun.dll

2010-05-21 07:43 . 2008-05-09 08:45 135168 -c----w- c:\windows\system32\dllcache\cscript.exe

2010-05-21 07:43 . 2008-05-08 11:24 155648 -c----w- c:\windows\system32\dllcache\wscript.exe

2010-05-21 07:37 . 2008-04-21 21:15 216064 -c----w- c:\windows\system32\dllcache\wordpad.exe

2010-05-21 07:31 . 2010-02-17 17:07 2194176 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe

2010-05-21 07:31 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe

2010-05-21 07:31 . 2009-03-06 14:20 286208 -c----w- c:\windows\system32\dllcache\pdh.dll

2010-05-21 07:31 . 2009-02-09 11:25 111104 -c----w- c:\windows\system32\dllcache\services.exe

2010-05-21 07:31 . 2009-02-09 10:53 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll

2010-05-21 07:31 . 2009-02-09 10:53 683520 -c----w- c:\windows\system32\dllcache\advapi32.dll

2010-05-21 07:31 . 2009-02-09 10:53 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll

2010-05-21 07:31 . 2009-02-09 10:53 730624 -c----w- c:\windows\system32\dllcache\ntdll.dll

2010-05-21 07:31 . 2009-02-09 10:53 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll

2010-05-21 07:31 . 2010-02-16 19:07 2150400 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe

2010-05-21 07:31 . 2010-02-16 19:07 2028544 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe

2010-05-21 07:13 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys

2010-05-21 07:13 . 2008-06-14 17:34 272384 -c----w- c:\windows\system32\dllcache\bthport.sys

2010-05-21 07:02 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2010-05-21 07:02 . 2009-11-21 15:58 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

2010-05-21 07:02 . 2009-10-15 16:32 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll

2010-05-21 07:02 . 2009-10-15 16:32 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll

2010-05-21 07:02 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys

2010-05-21 07:01 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

2010-05-21 07:01 . 2008-05-01 14:36 331776 -c----w- c:\windows\system32\dllcache\msadce.dll

2010-05-21 06:48 . 2009-06-21 21:48 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

2010-05-21 06:19 . 2008-10-15 16:36 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll

2010-05-21 06:19 . 2009-07-31 04:33 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll

2010-05-21 06:08 . 2009-03-08 07:33 726528 -c--a-w- c:\windows\system32\dllcache\jscript.dll

2010-05-21 06:06 . 2010-05-24 01:05 -------- d--h--w- c:\windows\$hf_mig$

2010-05-21 05:48 . 2010-05-24 15:29 -------- d-----w- c:\documents and settings\Administrador\Tracing

2010-05-21 05:10 . 2010-05-21 05:10 -------- d-----w- c:\arquivos de programas\Microsoft

2010-05-21 05:10 . 2010-05-21 05:10 -------- d-----w- c:\arquivos de programas\Windows Live SkyDrive

2010-05-21 05:02 . 2010-05-21 05:02 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Windows Live

2010-05-19 03:47 . 2010-05-19 03:47 -------- d-----w- c:\arquivos de programas\USB Video Camera

2010-05-19 03:46 . 2005-01-14 16:47 180224 ----a-w- c:\windows\system\StillDrv.dll

2010-05-19 03:46 . 2006-06-30 13:40 775936 ----a-w- c:\windows\system32\drivers\BisonCam.sys

2010-05-19 03:46 . 2006-03-30 03:05 90112 ----a-w- c:\windows\system\BisonVfw.dll

2010-05-19 03:46 . 2006-03-30 03:05 126976 ----a-w- c:\windows\system\BisonCam.dll

2010-05-19 03:46 . 2006-03-02 17:41 77942 ----a-w- c:\windows\system32\BisonRem.dll

2010-05-19 03:23 . 2010-05-22 04:55 -------- d-----w- c:\windows\BisonCam

2010-05-17 02:31 . 2010-05-17 02:33 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\CyberLink

2010-05-17 02:18 . 2010-05-17 02:32 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\CyberLink

2010-05-17 02:18 . 2010-05-17 02:18 -------- d-----w- c:\arquivos de programas\Arquivos comuns\CyberLink

2010-05-17 02:15 . 2010-05-17 02:35 53319 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Temp\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\PostBuild.exe

2010-05-17 02:15 . 2010-05-17 02:15 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Temp

2010-05-16 19:14 . 2010-05-16 19:14 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\pdf995

2010-05-16 19:06 . 2010-05-16 19:20 59 ----a-w- c:\windows\wpd99.drv

2010-05-16 19:06 . 2010-05-16 19:20 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\pdf995

2010-05-16 19:06 . 2010-05-16 19:06 51716 ----a-w- c:\windows\system32\pdf995mon.dll

2010-05-16 19:06 . 2010-05-16 19:06 249856 ----a-w- c:\windows\system32\pdfmona.dll

2010-05-16 19:06 . 2010-05-16 19:19 -------- d-----w- c:\arquivos de programas\pdf995

2010-05-16 17:56 . 2010-05-16 17:57 -------- d-----w- c:\arquivos de programas\WinXMedia

2010-05-16 03:37 . 2010-05-16 03:37 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Ahead

2010-05-16 03:37 . 2003-03-18 19:12 451584 ----a-w- c:\windows\system32\mfc71u.dll

2010-05-15 19:34 . 2010-05-23 21:07 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Autodesk

2010-05-15 19:34 . 2010-05-23 20:45 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Autodesk

2010-05-15 19:05 . 2008-07-10 14:00 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll

2010-05-15 19:04 . 2005-05-26 18:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll

2010-05-15 19:03 . 2010-05-15 19:03 -------- d-----w- c:\windows\Logs

2010-05-08 14:49 . 2010-05-08 14:49 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\MapInfo

2010-05-08 14:48 . 2010-05-08 14:48 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\FLEXnet

2010-05-08 14:48 . 2010-05-08 14:48 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Macrovision Shared

2010-05-05 09:14 . 2010-05-05 09:14 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Corel

2010-05-05 09:06 . 2010-05-05 09:06 -------- d--h--w- c:\windows\PIF

2010-05-02 16:42 . 2010-05-02 16:42 737280 ----a-w- c:\windows\iun6002.exe

2010-05-01 20:28 . 2008-04-13 22:20 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll

2010-05-01 20:28 . 2008-04-13 22:20 3967 ------w- c:\windows\system32\drivers\adv02nt5.dll

2010-05-01 20:28 . 2008-04-13 22:20 3775 ------w- c:\windows\system32\drivers\adv11nt5.dll

2010-05-01 20:28 . 2008-04-13 22:20 3711 ------w- c:\windows\system32\drivers\adv09nt5.dll

2010-05-01 20:28 . 2008-04-13 22:20 3647 ------w- c:\windows\system32\drivers\adv07nt5.dll

2010-05-01 20:28 . 2008-04-13 22:20 3615 ------w- c:\windows\system32\drivers\adv05nt5.dll

2010-05-01 20:28 . 2008-04-13 22:20 3135 ------w- c:\windows\system32\drivers\adv08nt5.dll

2010-05-01 20:28 . 2008-04-13 14:36 44928 ------w- c:\windows\system32\drivers\agpcpq.sys

2010-05-01 20:28 . 2008-04-13 14:36 43008 ------w- c:\windows\system32\drivers\amdagp.sys

2010-05-01 20:28 . 2008-04-13 14:36 42752 ------w- c:\windows\system32\drivers\alim1541.sys

2010-05-01 20:28 . 2008-04-13 14:36 42368 ------w- c:\windows\system32\drivers\agp440.sys

2010-05-01 20:28 . 2008-04-13 12:34 56623 ------w- c:\windows\system32\drivers\ati1btxx.sys

2010-05-01 20:28 . 2008-04-13 12:34 11615 ------w- c:\windows\system32\drivers\ati1mdxx.sys

2010-04-28 17:01 . 2010-04-28 17:01 -------- d-sh--w- c:\documents and settings\Administrador\UserData

2010-04-25 22:32 . 2010-04-25 22:32 -------- d-----w- c:\windows\system32\wbem\Repository

2010-04-25 22:31 . 2010-05-15 17:28 -------- d-----w- c:\arquivos de programas\EasyPrediction

2010-04-25 22:31 . 2010-04-25 22:32 -------- d-----w- c:\arquivos de programas\Windows Media Connect 2

2010-04-25 22:31 . 2010-05-24 01:08 -------- d-----w- c:\windows\system32\LogFiles

2010-04-25 22:30 . 2010-05-19 02:39 -------- dc----w- c:\windows\system32\DRVSTORE

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-05-24 15:34 . 2001-10-28 12:07 82790 ----a-w- c:\windows\system32\perfc016.dat

2010-05-24 15:34 . 2001-10-28 12:07 477654 ----a-w- c:\windows\system32\perfh016.dat

2010-05-24 15:27 . 2010-04-21 21:03 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\uTorrent

2010-05-21 05:10 . 2010-04-22 06:22 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\WindowsLiveInstaller

2010-05-21 05:10 . 2010-04-22 06:21 -------- d-----w- c:\arquivos de programas\Windows Live

2010-05-19 03:47 . 2010-04-22 03:48 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2010-05-19 01:48 . 2010-04-22 06:21 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\WLInstaller

2010-05-17 02:15 . 2010-04-22 13:19 505128 ----a-w- c:\windows\system32\msvcp71.dll

2010-05-17 02:15 . 2010-04-22 13:19 353576 ----a-w- c:\windows\system32\msvcr71.dll

2010-05-16 19:21 . 2010-04-22 03:43 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield

2010-05-03 06:02 . 2010-04-21 22:19 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2010-04-22 17:13 . 2010-04-22 17:13 7680 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Thinstall\MapInfo Professional 9.0\4000003000003i\imut.exe

2010-04-22 17:11 . 2010-04-22 17:11 7680 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Thinstall\MapInfo Professional 9.0\4000006b00002i\imutgui.exe

2010-04-22 13:23 . 2010-04-22 13:22 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Media Player Classic

2010-04-22 06:07 . 2010-04-22 06:07 -------- d-----w- c:\arquivos de programas\MSBuild

2010-04-22 06:07 . 2010-04-22 06:07 -------- d-----w- c:\arquivos de programas\Reference Assemblies

2010-04-22 05:59 . 2010-04-22 05:59 -------- d-----w- c:\arquivos de programas\MSXML 6.0

2010-04-22 05:49 . 2010-04-21 21:35 -------- d-----w- c:\arquivos de programas\MSECache

2010-04-22 05:35 . 2010-04-22 05:30 -------- d-----w- c:\arquivos de programas\VDownloader 1.13

2010-04-22 03:56 . 2010-04-22 03:56 7680 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Thinstall\MapInfo Professional 9.0\400000a600003i\FNPLicensingService.exe

2010-04-22 03:56 . 2010-04-22 03:56 658432 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Thinstall\MapInfo Professional 9.0\%ProgramFilesDir%\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

2010-04-22 03:56 . 2010-04-21 21:16 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Thinstall

2010-04-22 03:52 . 2010-04-22 03:52 -------- d-----w- c:\arquivos de programas\Motorola

2010-04-22 03:46 . 2010-04-22 03:46 -------- d-----w- c:\arquivos de programas\VIAudioi

2010-04-22 03:43 . 2010-04-22 03:43 -------- d-----w- c:\arquivos de programas\VIA

2010-04-22 02:57 . 2010-04-22 02:57 -------- d-----w- c:\arquivos de programas\Microsoft.NET

2010-04-21 23:16 . 2010-04-21 23:16 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Avira

2010-04-21 23:04 . 2010-04-21 23:04 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira

2010-04-21 23:04 . 2010-04-21 23:04 -------- d-----w- c:\arquivos de programas\Avira

2010-04-21 21:03 . 2010-04-21 21:03 0 ----a-w- c:\windows\nsreg.dat

2010-04-21 19:31 . 2010-04-21 18:43 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2010-04-21 19:02 . 2006-07-19 06:18 180480 ----a-w- c:\windows\system32\drivers\RTL8187.sys

2010-04-21 19:02 . 2006-10-25 06:36 42240 ----a-w- c:\windows\system32\drivers\ESD7SK.sys

2010-04-21 19:02 . 2006-10-25 06:36 62208 ----a-w- c:\windows\system32\drivers\EMS7SK.sys

2010-04-21 18:44 . 2010-04-21 18:44 -------- d-----w- c:\arquivos de programas\microsoft frontpage

2010-04-21 18:42 . 2010-04-21 18:42 -------- d-----w- c:\arquivos de programas\Serviços on-line

2010-04-21 18:42 . 2010-04-21 18:42 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Serviços

2010-04-21 18:41 . 2010-04-21 18:41 21844 ----a-w- c:\windows\system32\emptyregdb.dat

2010-04-17 01:12 . 2010-04-17 01:12 48464 ----a-w- c:\windows\system32\sirenacm.dll

2010-03-17 14:35 . 2010-04-21 21:20 309248 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\mm06c0qz.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll

2010-03-01 12:05 . 2010-04-21 23:04 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys

2010-02-25 06:17 . 2004-08-04 03:45 916480 ----a-w- c:\windows\system32\wininet.dll

2010-02-24 13:11 . 2004-08-04 02:15 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2003-09-24 15:33 . 2010-04-12 23:37 356352 ----a-w- c:\arquivos de programas\putty.exe

.

 

((((((((((((((((((((((((((((( SnapShot_2010-05-24_01.30.01 )))))))))))))))))))))))))))))))))))))))))

.

- 2001-10-28 12:07 . 2010-05-24 01:11 69446 c:\windows\system32\perfc009.dat

+ 2001-10-28 12:07 . 2010-05-24 15:34 69446 c:\windows\system32\perfc009.dat

+ 2001-10-28 12:07 . 2010-05-24 15:34 435258 c:\windows\system32\perfh009.dat

- 2001-10-28 12:07 . 2010-05-24 01:11 435258 c:\windows\system32\perfh009.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2010-04-21 136176]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VTTimer"="VTTimer.exe" [2010-04-21 53248]

"Adobe Reader Speed Launcher"="d:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

"SMSERIAL"="c:\arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe" [2010-04-21 630784]

"BtTray"="c:\arquivos de programas\IVT Corporation\BlueSoleil\BtTray.exe" [2008-11-01 281600]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"d:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"d:\\Arquivos de programas\\DreaMule\\emule.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"10976:TCP"= 10976:TCP:Dreamule TCP

"10986:UDP"= 10986:UDP:Dreamule UDP

"443:TCP"= 443:TCP:MSN TCP

"443:UDP"= 443:UDP:MSN UDP

 

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [31/7/2008 20:45 20616]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [21/4/2010 20:04 135336]

R2 BsMobileCS;BsMobileCS;c:\arquivos de programas\IVT Corporation\BlueSoleil\BsMobileCS.exe [1/11/2008 09:29 143467]

R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2/7/2008 14:58 26248]

S3 Ca2001v;CA2001 WebCam Driver;c:\windows\system32\Drivers\Ca2001v.sys --> c:\windows\system32\Drivers\Ca2001v.sys [?]

S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [19/7/2006 03:18 180480]

S3 SR9USB;SR9600 USB To Fast Ethernet Adapter;c:\windows\system32\drivers\sr9usb.sys [21/4/2010 14:51 12544]

.

.

------- Scan Suplementar -------

.

IE: E&xportar para o Microsoft Excel - d:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

IE: Enviar por Bluetooth - c:\arquivos de programas\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm

IE: Enviar por mensagem(&M)... - c:\arquivos de programas\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm

TCP: {D2740C35-F54D-4D6F-ABC1-BB5C420707A5} = 208.67.222.222,208.67.220.220

FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\mm06c0qz.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=

FF - plugin: c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\mm06c0qz.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll

FF - plugin: d:\arquivos de programas\Adobe\Reader 9.0\Reader\browser\nppdf32.dll

FF - plugin: d:\arquivos de programas\Mozilla Firefox\plugins\npOGAPlugin.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

d:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

d:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

d:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

d:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-05-25 02:22

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_USERS\S-1-5-21-1214440339-1957994488-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fd,1c,b5,13,ff,22,3a,45,bb,7c,5e,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fd,1c,b5,13,ff,22,3a,45,bb,7c,5e,\

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(620)

c:\windows\system32\CLBCATQ.DLL

 

- - - - - - - > 'explorer.exe'(3992)

c:\windows\system32\WININET.dll

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\BsMobileSDK.dll

c:\windows\system32\BsLangInDepRes.dll

c:\windows\system32\Bs2Res.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Avira\AntiVir Desktop\avguard.exe

c:\arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

c:\arquivos de programas\Avira\AntiVir Desktop\avshadow.exe

c:\windows\system32\VTTimer.exe

c:\arquivos de programas\IVT Corporation\BlueSoleil\BsHelpCS.exe

c:\arquivos de programas\USB Video Camera\Monitor.exe

.

**************************************************************************

.

Tempo para conclusão: 2010-05-25 02:25:33 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-05-25 05:25

ComboFix2.txt 2010-05-24 01:31

ComboFix3.txt 2010-05-22 17:01

 

Pré-execução: 2.968.276.992 bytes disponíveis

Pós execução: 2.954.067.968 bytes disponíveis

 

- - End Of File - - B584F54CD2EE31BA1E288845EFD6885C

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 02:26:26, on 25/5/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe

C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsMobileCS.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsHelpCS.exe

D:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

C:\Arquivos de programas\IVT Corporation\BlueSoleil\BtTray.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\Arquivos de programas\USB Video Camera\Monitor.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Trend Micro\HiJackThis\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [sMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [btTray] "C:\Arquivos de programas\IVT Corporation\BlueSoleil\BtTray.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Monitor.lnk = C:\Arquivos de programas\USB Video Camera\Monitor.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Enviar por Bluetooth - C:\Arquivos de programas\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm

O8 - Extra context menu item: Enviar por mensagem(&M)... - C:\Arquivos de programas\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{D2740C35-F54D-4D6F-ABC1-BB5C420707A5}: NameServer = 208.67.222.222,208.67.220.220

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\skype4com.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: BlueSoleilCS - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

O23 - Service: BsHelpCS - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsHelpCS.exe

O23 - Service: BsMobileCS - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsMobileCS.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

 

--

End of file - 6126 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! Zébástian

 

<@> Baixe: < OTL > ( ...by OldTimer Tools )

<@> Salve-o no desktop!

<@> Clique duplo em: < otlDesktopIcon.png >

<@> Ps: Sigamos,agora,com sua configuração!

 

<!> 1 - Em "Saída",deixe marcado o botão "Resumida".

<!> 2 - Marque as caixas: Verificar All Users e Incluir Verificação 64bit <-- Ps: Caso o SO seja 64 bit!

<!> 3 - Processos: Usar SafeList <-- Marque!

<!> 4 - Módulos: Usar SafeList <-- Marque!

<!> 5 - Serviços: Usar SafeList <-- Marque!

<!> 6 - Drivers: Usar SafeList <-- Marque!

<!> 7 - Exame Padrão do Registro: Usar SafeList <-- Marque!

<!> 8 - Exame Extra do Registro: Usar SafeList <-- Marque!

<!> 9 - Verificação de Arquivos:

 

<!> Data de Criação >> Escolha: 14 dias

 

<!> Marque: Usar WhiteList para Nomes de Companhias

<!> Marque: Ignorar Arquivos Microsoft

 

<!> 10 - Arquivos Criados Desde:

 

<!> Marque: Data de Criação

 

<!> 11 - Arquivos Modificados Desde:

 

<!> Marque: Data de Criação

<!> Marque as caixas:

 

[] Verificar Lop

[] Verificar Purity

 

<@> Ps: Sugiro que imprima estas orientações,para posterior leitura.

 

netsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%SYSTEMDRIVE%\*.exe%SYSTEMDRIVE%\eventlog.dll /s /md5%SYSTEMDRIVE%\scecli.dll /s /md5%SYSTEMDRIVE%\sfcfiles.dll /s /md5%SYSTEMDRIVE%\netlogon.dll /s /md5%SYSTEMDRIVE%\atapi.sys /s /md5%SYSTEMDRIVE%\IdeChnDr.sys /s /md5%SYSTEMDRIVE%\viasraid.sys /s /md5

<@> Ps: Copie e cole estas informações,que estão no Code,para o campo abaixo de: Exames Personalizados/Correções

<@> Clique em: Verificar --> Aguarde!

<@> Concluindo,poste:

 

<!> <1> OTL.txt <--

<!> <2> Extra.txt <--

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

- OTL.txt

 

OTL logfile created on: 26/5/2010 22:56:51 - Run 1

OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Administrador\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

 

446,00 Mb Total Physical Memory | 224,00 Mb Available Physical Memory | 50,00% Memory free

1,00 Gb Paging File | 1,00 Gb Available in Paging File | 76,00% Paging File free

Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 9,77 Gb Total Space | 2,65 Gb Free Space | 27,08% Space Free | Partition Type: NTFS

Drive D: | 19,53 Gb Total Space | 0,96 Gb Free Space | 4,89% Space Free | Partition Type: NTFS

Drive E: | 45,22 Gb Total Space | 13,97 Gb Free Space | 30,90% Space Free | Partition Type: NTFS

Unable to calculate disk information.

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: SEBASTIAN-NOTE

Current User Name: Administrador

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Standard

 

========== Processes (SafeList) ==========

 

PRC - [2010/05/26 22:50:31 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Desktop\OTL.exe

PRC - [2010/04/21 20:10:25 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

PRC - [2010/04/21 16:01:35 | 000,630,784 | ---- | M] (Motorola Inc.) -- C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

PRC - [2010/04/21 16:01:32 | 000,053,248 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe

PRC - [2010/03/24 15:17:47 | 000,952,768 | ---- | M] (Adobe Systems Incorporated) -- C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

PRC - [2010/03/02 10:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe

PRC - [2008/11/01 09:56:06 | 000,281,600 | ---- | M] () -- C:\Arquivos de programas\IVT Corporation\BlueSoleil\BtTray.exe

PRC - [2008/11/01 09:30:26 | 000,098,407 | ---- | M] () -- C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsHelpCS.exe

PRC - [2008/11/01 09:29:10 | 000,143,467 | ---- | M] () -- C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsMobileCS.exe

PRC - [2008/07/09 20:51:20 | 000,775,168 | ---- | M] () -- C:\Arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

PRC - [2008/04/13 19:21:00 | 001,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/10/16 18:32:18 | 000,249,856 | ---- | M] () -- C:\Arquivos de programas\USB Video Camera\Monitor.exe

 

 

========== Modules (SafeList) ==========

 

MOD - [2010/05/26 22:50:31 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Desktop\OTL.exe

MOD - [2008/04/13 19:19:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

 

 

========== Win32 Services (SafeList) ==========

 

SRV - [2010/05/08 11:48:50 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2010/04/21 20:10:25 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2008/11/01 09:30:26 | 000,098,407 | ---- | M] () [On_Demand | Running] -- C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsHelpCS.exe -- (BsHelpCS)

SRV - [2008/11/01 09:29:10 | 000,143,467 | ---- | M] () [Auto | Running] -- C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsMobileCS.exe -- (BsMobileCS)

SRV - [2008/07/09 20:51:20 | 000,775,168 | ---- | M] () [Auto | Running] -- C:\Arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleilCS.exe -- (BlueSoleilCS)

SRV - [2006/10/26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2004/10/22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)

 

 

========== Driver Services (SafeList) ==========

 

DRV - [2010/04/21 16:02:08 | 000,180,480 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8187.sys -- (RTLWUSB)

DRV - [2010/04/21 16:02:03 | 000,062,208 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)

DRV - [2010/04/21 16:02:03 | 000,042,240 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)

DRV - [2010/04/21 16:01:35 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)

DRV - [2010/04/21 16:01:24 | 000,634,880 | ---- | M] (S3 Graphics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\S3gIGPm.sys -- (S3GIGP)

DRV - [2010/03/01 09:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2010/02/16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2009/05/11 11:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Arquivos de programas\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009/02/08 17:04:24 | 000,012,544 | ---- | M] (SUPERAL Semiconductor, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sr9usb.sys -- (SR9USB)

DRV - [2008/10/22 12:32:54 | 000,039,432 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)

DRV - [2008/07/31 20:45:42 | 000,020,616 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BtHidBus.sys -- (BtHidBus)

DRV - [2008/07/02 14:58:48 | 000,026,248 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IvtBtBus.sys -- (IvtBtBUs)

DRV - [2008/07/02 14:58:36 | 000,029,960 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)

DRV - [2008/04/13 09:36:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2008/01/21 19:28:12 | 000,014,600 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btnetdrv.sys -- (BT)

DRV - [2008/01/21 19:27:50 | 000,014,856 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)

DRV - [2006/06/30 10:40:40 | 000,775,936 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BisonCam.sys -- (Cam5603D)

DRV - [2006/06/20 14:12:34 | 000,134,656 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (HdAudAddService)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 6A A0 BE E1 FA CA 01 [binary data]

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Bing"

FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://go.microsoft.com/fwlink/?LinkId=69157"

FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2

FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.3

FF - prefs.js..extensions.enabledItems: {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:2.4.14.1

FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=IEFM1&q="

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: d:\Arquivos de programas\Mozilla Firefox\components [2010/04/23 21:16:24 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: d:\Arquivos de programas\Mozilla Firefox\plugins [2010/05/11 16:57:23 | 000,000,000 | ---D | M]

 

[2010/04/21 18:03:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Extensions

[2010/05/25 02:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\mm06c0qz.default\extensions

[2010/04/21 18:20:09 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\mm06c0qz.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}

[2010/05/15 00:00:09 | 000,000,000 | ---D | M] (FEBE) -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\mm06c0qz.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}

[2010/05/02 00:26:55 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\mm06c0qz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010/04/21 18:20:12 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\mm06c0qz.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2010/05/21 02:48:01 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\mm06c0qz.default\searchplugins\bing.xml

 

O1 HOSTS File: ([2010/05/25 02:22:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O4 - HKLM..\Run: [Adobe ARM] C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [btTray] C:\Arquivos de programas\IVT Corporation\BlueSoleil\BtTray.exe ()

O4 - HKLM..\Run: [sMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)

O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Monitor.lnk = C:\Arquivos de programas\USB Video Camera\Monitor.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: E&xportar para o Microsoft Excel - D:\Arquivos de programas\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Enviar por Bluetooth - C:\Arquivos de programas\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm ()

O8 - Extra context menu item: Enviar por mensagem(&M)... - C:\Arquivos de programas\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm ()

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.171.222.97 200.204.0.10

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de programas\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de programas\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\skype4com.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Minha página inicial atual) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/04/21 15:44:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2008/07/30 16:26:06 | 000,000,000 | ---D | M] - D:\autorun.inf -- [ NTFS ]

O32 - Unable to obtain root file information for disk E:\

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: 6to4 - File not found

NetSvcs: Ias - C:\WINDOWS\system32\ias [2010/04/21 15:43:55 | 000,000,000 | ---D | M]

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

 

 

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vds - Service

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

ActiveX: {0A8C991C-F1C9-86E9-504C-4F74AA80C2F5} - Outlook Express

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Processamento de gráficos vetoriais (VML)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2AE47EDE-AEF1-9067-D3A8-10FA2887E20E} - Outlook Express

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Ligação de dados de HTML dinâmico para Java

ActiveX: {3ACAEF4B-B2AD-02C7-6DCA-84F1B252B6BA} - DirectAnimation

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Cancelar inscrição

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Criação avançada

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes DirectAnimation para Java

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7

ActiveX: {515C3651-A74F-55E9-05B2-AAC79F82B93E} - NetShow

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5E4CEC43-5D84-9519-82DD-D2AA50BDEF2B} - DirectAnimation

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7247241E-10D4-8835-2B3F-D214FFD4EA92} - Microsoft Windows Media Player 6.4

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Pastas da Web

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {876F401D-3DF9-5000-BB41-C4CBCEC8B6A9} - NetShow

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CA4E4270-6972-05F7-1A3A-0EE0297C5300} - Personalização do navegador

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Agendador de tarefas

ActiveX: {CCF65B59-2836-A1F6-10AA-24C656D786E8} - DirectAnimation

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

 

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

 

========== Files/Folders - Created Within 14 Days ==========

 

[2010/05/26 22:53:26 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Desktop\OTL.exe

[2010/05/25 06:06:11 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2010/05/25 02:25:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp

[2010/05/24 02:08:46 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrador\Recent

[2010/05/23 22:11:55 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrador\IECompatCache

[2010/05/23 22:10:18 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrador\PrivacIE

[2010/05/23 22:07:24 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrador\IETldCache

[2010/05/23 22:05:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates

[2010/05/23 22:04:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM

[2010/05/23 22:03:04 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8

[2010/05/23 21:43:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Dados de aplicativos\UOL

[2010/05/23 21:42:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\UOL

[2010/05/23 21:42:48 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\UOL

[2010/05/23 21:36:56 | 000,184,320 | ---- | C] (InfoSpyware - ForoSpyware) -- C:\Documents and Settings\Administrador\Desktop\MSNCleaner.exe

[2010/05/23 21:35:27 | 000,000,000 | ---D | C] -- C:\MSNCleaner

[2010/05/23 18:05:33 | 000,000,000 | ---D | C] -- C:\Config.Msi

[2010/05/23 16:16:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Malwarebytes

[2010/05/23 16:15:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/05/23 16:15:15 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/05/23 16:15:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes

[2010/05/23 16:15:14 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Malwarebytes' Anti-Malware

[2010/05/22 18:48:53 | 000,000,000 | ---D | C] -- D:\Meus Documentos\Bluetooth

[2010/05/22 18:48:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\bluesoleil

[2010/05/22 18:31:48 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\IVT Corporation

[2010/05/22 13:55:57 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2010/05/22 13:50:18 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010/05/22 13:50:18 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010/05/22 13:50:18 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010/05/22 13:50:18 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010/05/22 13:50:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010/05/22 13:49:46 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/05/22 13:36:51 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Trend Micro

[2010/05/22 13:12:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Babylon

[2010/05/22 13:12:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Babylon

[2010/05/21 03:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall

[2010/05/21 03:06:30 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$

[2010/05/21 03:01:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution

[2010/05/21 02:48:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Tracing

[2010/05/21 02:10:52 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Microsoft

[2010/05/21 02:10:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documentos\microsoft

[2010/05/21 02:10:31 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Windows Live SkyDrive

[2010/05/21 02:02:39 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Windows Live

[2010/05/19 00:47:33 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\USB Video Camera

[2010/05/19 00:46:39 | 000,775,936 | ---- | C] (Bison Electronics. Inc. ) -- C:\WINDOWS\System32\drivers\BisonCam.sys

[2010/05/19 00:46:39 | 000,077,942 | ---- | C] (Bison Inc.) -- C:\WINDOWS\System32\BisonRem.dll

[2010/05/19 00:23:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\BisonCam

[2010/05/18 22:43:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Desktop\MSN 8.5.1235.0517

[2010/05/16 23:32:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Cyberlink

[2010/05/16 23:31:07 | 000,000,000 | ---D | C] -- D:\Meus Documentos\CyberLink

[2010/05/16 23:31:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Dados de aplicativos\CyberLink

[2010/05/16 23:18:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\CyberLink

[2010/05/16 23:18:20 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\CyberLink

[2010/05/16 23:15:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Temp

[2010/05/16 16:14:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Dados de aplicativos\pdf995

[2010/05/16 16:06:28 | 000,249,856 | ---- | C] (TODO: <Company name>) -- C:\WINDOWS\System32\pdfmona.dll

[2010/05/16 16:06:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\pdf995

[2010/05/16 16:06:25 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\pdf995

[2010/05/16 14:56:11 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\WinXMedia

[2010/05/16 00:37:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Ahead

[2010/05/15 16:36:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Autodesk

[2010/05/15 16:34:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Autodesk

[2010/05/15 16:34:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Autodesk

[2010/05/15 16:13:42 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$

[2010/05/15 16:03:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs

[2010/05/14 01:07:05 | 000,000,000 | ---D | C] -- D:\Meus Documentos\Elektro

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files - Modified Within 14 Days ==========

 

[2010/05/26 22:51:50 | 000,477,654 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat

[2010/05/26 22:51:50 | 000,435,258 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/05/26 22:51:50 | 000,082,790 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat

[2010/05/26 22:51:50 | 000,069,446 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/05/26 22:51:49 | 001,077,902 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/05/26 22:50:31 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Desktop\OTL.exe

[2010/05/26 22:47:34 | 000,001,030 | ---- | M] () -- C:\WINDOWS\System32\bscs.ini

[2010/05/26 22:47:33 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/05/26 22:47:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/05/26 22:39:34 | 002,883,584 | ---- | M] () -- C:\Documents and Settings\Administrador\ntuser.dat

[2010/05/26 22:39:34 | 000,000,210 | -HS- | M] () -- C:\Documents and Settings\Administrador\ntuser.ini

[2010/05/26 06:22:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/05/26 03:26:14 | 000,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/05/25 02:26:11 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\HiJackThis.lnk

[2010/05/25 02:22:42 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2010/05/25 02:22:10 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010/05/24 04:01:53 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf

[2010/05/24 03:46:06 | 000,005,982 | ---- | M] () -- C:\WINDOWS\System32\LOCALSERVICE.INI

[2010/05/23 22:07:13 | 000,176,264 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/05/23 19:04:37 | 061,705,798 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\Rainbow Gummy Bear English Long.mp4

[2010/05/23 17:55:35 | 000,072,616 | ---- | M] () -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT

[2010/05/23 16:15:23 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/05/22 23:59:48 | 000,000,129 | ---- | M] () -- C:\WINDOWS\System32\REMOTEDEVICE.INI

[2010/05/22 23:51:51 | 000,000,106 | ---- | M] () -- C:\WINDOWS\System32\LOCALDEVICE.INI

[2010/05/22 18:52:26 | 000,000,378 | ---- | M] () -- C:\WINDOWS\System32\SHORTCUT.INI

[2010/05/22 18:34:57 | 000,000,032 | ---- | M] () -- C:\WINDOWS\0

[2010/05/22 18:34:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\BSPRINT.INI

[2010/05/22 18:31:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\0

[2010/05/22 16:54:37 | 006,943,688 | -H-- | M] () -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\IconCache.db

[2010/05/22 13:56:00 | 000,000,326 | RHS- | M] () -- C:\boot.ini

[2010/05/22 13:46:54 | 003,693,801 | R--- | M] () -- C:\Documents and Settings\Administrador\Desktop\ComboFix.exe

[2010/05/19 23:22:11 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/05/19 00:47:36 | 000,000,715 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Monitor.lnk

[2010/05/19 00:28:12 | 000,000,669 | ---- | M] () -- C:\WINDOWS\win.ini

[2010/05/18 23:30:46 | 000,000,847 | ---- | M] () -- D:\Meus Documentos\My Sharing Folders.lnk

[2010/05/18 01:53:02 | 000,000,406 | ---- | M] () -- D:\Meus Documentos\Minhas Pastas de Compartilhamento.lnk

[2010/05/16 22:36:50 | 000,169,414 | ---- | M] () -- D:\Meus Documentos\10promo-csbrazucas.jpg

[2010/05/16 16:20:30 | 000,005,778 | ---- | M] () -- D:\Meus Documentos\HVAC - Heating Ventilation Air Conditioning.pdf

[2010/05/16 16:20:28 | 000,000,059 | ---- | M] () -- C:\WINDOWS\wpd99.drv

[2010/05/16 16:14:51 | 000,000,028 | ---- | M] () -- C:\WINDOWS\pdf995.ini

[2010/05/16 16:06:28 | 000,249,856 | ---- | M] (TODO: <Company name>) -- C:\WINDOWS\System32\pdfmona.dll

[2010/05/16 16:06:28 | 000,051,716 | ---- | M] () -- C:\WINDOWS\System32\pdf995mon.dll

[2010/05/16 14:47:46 | 000,000,036 | -H-- | M] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\swk.ini

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2010/05/26 06:21:48 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK

[2010/05/23 19:01:55 | 061,705,798 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\Rainbow Gummy Bear English Long.mp4

[2010/05/23 16:15:23 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/05/22 18:52:26 | 000,000,378 | ---- | C] () -- C:\WINDOWS\System32\SHORTCUT.INI

[2010/05/22 18:49:41 | 000,000,129 | ---- | C] () -- C:\WINDOWS\System32\REMOTEDEVICE.INI

[2010/05/22 18:48:52 | 000,005,982 | ---- | C] () -- C:\WINDOWS\System32\LOCALSERVICE.INI

[2010/05/22 18:48:34 | 000,000,106 | ---- | C] () -- C:\WINDOWS\System32\LOCALDEVICE.INI

[2010/05/22 18:34:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\BSPRINT.INI

[2010/05/22 18:31:38 | 000,000,032 | ---- | C] () -- C:\WINDOWS\0

[2010/05/22 18:31:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\0

[2010/05/22 13:56:00 | 000,000,256 | ---- | C] () -- C:\Boot.bak

[2010/05/22 13:55:58 | 000,261,856 | ---- | C] () -- C:\cmldr

[2010/05/22 13:50:18 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010/05/22 13:50:18 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010/05/22 13:50:18 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010/05/22 13:50:18 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010/05/22 13:50:18 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010/05/22 13:46:28 | 003,693,801 | R--- | C] () -- C:\Documents and Settings\Administrador\Desktop\ComboFix.exe

[2010/05/22 13:36:51 | 000,002,519 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\HiJackThis.lnk

[2010/05/19 00:47:42 | 000,003,210 | ---- | C] () -- C:\WINDOWS\DEXT2001.ini

[2010/05/19 00:47:36 | 000,000,715 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Monitor.lnk

[2010/05/19 00:46:40 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System\StillDrv.dll

[2010/05/19 00:46:40 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M2000Twn.ini

[2010/05/19 00:46:40 | 000,013,448 | ---- | C] () -- C:\WINDOWS\M2000Twn.src

[2010/05/19 00:46:40 | 000,002,264 | ---- | C] () -- C:\WINDOWS\System\S20H0220.csr

[2010/05/19 00:46:40 | 000,002,264 | ---- | C] () -- C:\WINDOWS\System\S20F0220.csr

[2010/05/19 00:46:39 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System\BisonCam.dll

[2010/05/19 00:46:39 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System\BisonVfw.dll

[2010/05/18 22:45:40 | 000,000,847 | ---- | C] () -- D:\Meus Documentos\My Sharing Folders.lnk

[2010/05/18 22:43:38 | 020,237,571 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\MSN 8.5.1235.0517.rar

[2010/05/16 22:36:50 | 000,169,414 | ---- | C] () -- D:\Meus Documentos\10promo-csbrazucas.jpg

[2010/05/16 16:20:28 | 000,005,778 | ---- | C] () -- D:\Meus Documentos\HVAC - Heating Ventilation Air Conditioning.pdf

[2010/05/16 16:14:51 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini

[2010/05/16 16:06:28 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll

[2010/05/16 16:06:28 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv

[2010/05/16 14:47:46 | 000,000,036 | -H-- | C] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\swk.ini

[2010/04/22 10:20:03 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2010/04/21 23:58:19 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2008/11/01 09:56:10 | 000,001,030 | ---- | C] () -- C:\WINDOWS\System32\bscs.ini

[2008/11/01 09:32:58 | 000,405,589 | ---- | C] () -- C:\WINDOWS\System32\BsUI.dll

[2008/11/01 09:32:36 | 000,278,647 | ---- | C] () -- C:\WINDOWS\System32\outlookAddin.dll

[2008/11/01 09:32:16 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\HtmPrintHelper.dll

[2008/11/01 09:32:00 | 000,622,693 | ---- | C] () -- C:\WINDOWS\System32\BSShell.dll

[2008/11/01 09:29:20 | 000,122,976 | ---- | C] () -- C:\WINDOWS\System32\BsMobileSDK.dll

[2008/11/01 09:29:12 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\BsMobileCSps.dll

[2008/11/01 09:27:52 | 000,106,595 | ---- | C] () -- C:\WINDOWS\System32\Bs2Res.dll

[2008/10/22 15:30:30 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\BsVistaCommon.dll

[2008/03/07 13:54:22 | 017,907,824 | ---- | C] () -- C:\WINDOWS\System32\BsLangInDepRes.dll

[2007/09/27 14:48:10 | 000,014,100 | ---- | C] () -- C:\WINDOWS\twspmm.ini

[2006/11/14 22:45:26 | 002,706,432 | ---- | C] () -- C:\WINDOWS\System32\s3gcil_inv.dll

[2000/10/25 18:15:00 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.exe >

 

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >

[2004/08/04 00:45:22 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=BD18C87A4E1EA136C44D374296B981DC -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

[2008/04/13 19:20:28 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=A8CDC8DECE4735B86BBEF28460996C30 -- C:\WINDOWS\ERDNT\cache\eventlog.dll

[2008/04/13 19:20:28 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=A8CDC8DECE4735B86BBEF28460996C30 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008/04/13 19:20:28 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=A8CDC8DECE4735B86BBEF28460996C30 -- C:\WINDOWS\system32\eventlog.dll

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 

< %SYSTEMDRIVE%\scecli.dll /s /md5 >

[2004/08/04 00:45:26 | 000,183,808 | ---- | M] (Microsoft Corporation) MD5=E95230A31F912E07B19F8335D4DFF110 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

[2008/04/13 19:20:42 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=879E802EF4EF2405014B170EA41E552B -- C:\WINDOWS\ERDNT\cache\scecli.dll

[2008/04/13 19:20:42 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=879E802EF4EF2405014B170EA41E552B -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008/04/13 19:20:42 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=879E802EF4EF2405014B170EA41E552B -- C:\WINDOWS\system32\scecli.dll

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 

< %SYSTEMDRIVE%\sfcfiles.dll /s /md5 >

[2004/08/04 00:45:28 | 001,548,288 | ---- | M] (Microsoft Corporation) MD5=1DD4FC7EEE3A45257528A34FDF7BC689 -- C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll

[2008/04/13 19:20:42 | 001,571,840 | ---- | M] (Microsoft Corporation) MD5=698F9583D1EB213B09F12DD5826A46E2 -- C:\WINDOWS\ERDNT\cache\sfcfiles.dll

[2008/04/13 19:20:42 | 001,571,840 | ---- | M] (Microsoft Corporation) MD5=698F9583D1EB213B09F12DD5826A46E2 -- C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll

[2008/04/13 19:20:42 | 001,571,840 | ---- | M] (Microsoft Corporation) MD5=698F9583D1EB213B09F12DD5826A46E2 -- C:\WINDOWS\system32\sfcfiles.dll

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >

[2004/08/04 00:45:26 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=82777C1BE8E9F0B1574DAC5BC29C7D6F -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

[2008/04/13 19:20:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=49897D67B04E62F8E59EB8B1C7DF7072 -- C:\WINDOWS\ERDNT\cache\netlogon.dll

[2008/04/13 19:20:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=49897D67B04E62F8E59EB8B1C7DF7072 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008/04/13 19:20:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=49897D67B04E62F8E59EB8B1C7DF7072 -- C:\WINDOWS\system32\netlogon.dll

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 

< %SYSTEMDRIVE%\atapi.sys /s /md5 >

[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

[2008/04/13 11:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys

[2008/04/13 11:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008/04/13 11:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

 

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

 

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< End of report >

 

- Extras.txt

 

OTL Extras logfile created on: 26/5/2010 22:56:51 - Run 1

OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Administrador\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

 

446,00 Mb Total Physical Memory | 224,00 Mb Available Physical Memory | 50,00% Memory free

1,00 Gb Paging File | 1,00 Gb Available in Paging File | 76,00% Paging File free

Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 9,77 Gb Total Space | 2,65 Gb Free Space | 27,08% Space Free | Partition Type: NTFS

Drive D: | 19,53 Gb Total Space | 0,96 Gb Free Space | 4,89% Space Free | Partition Type: NTFS

Drive E: | 45,22 Gb Total Space | 13,97 Gb Free Space | 30,90% Space Free | Partition Type: NTFS

Unable to calculate disk information.

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: SEBASTIAN-NOTE

Current User Name: Administrador

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Standard

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- d:\Arquivos de programas\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "D:\Arquivos de programas\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"10976:TCP" = 10976:TCP:*:Enabled:Dreamule TCP

"10986:UDP" = 10986:UDP:*:Enabled:Dreamule UDP

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

"443:TCP" = 443:TCP:*:Enabled:MSN TCP

"443:UDP" = 443:UDP:*:Enabled:MSN UDP

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Arquivos de programas\MSN Messenger\msncall.exe" = C:\Arquivos de programas\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe" = C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"D:\Arquivos de programas\uTorrent\uTorrent.exe" = D:\Arquivos de programas\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)

"D:\Arquivos de programas\DreaMule\emule.exe" = D:\Arquivos de programas\DreaMule\emule.exe:*:Enabled:Dreamule -- (http://www.dreamule.org)

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe" = C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleilCS.exe" = C:\Arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:*:Enabled:BlueSoleilCS -- ()

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{07A540AB-D785-11D5-8E89-0090275862A0}" = Corel Graphics Suite 11

"{0FFEA8EE-7BC7-4C9D-8CC6-5B8C891BA3F2}" = Windows Live Essentials

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{350C9416-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = Acer OrbiCam

"{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}" = Assistente de Conexão do Windows Live

"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)

"{590035D9-BFA0-406A-A7F0-479C72C0DDB2}" = Windows Live Call

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{81770338-86AE-4669-8390-DAD2A8E83E33}" = Bluesoleil 6.4.237.0

"{90110416-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edição 2003

"{90120000-0020-0416-0000-0000000FF1CE}" = Pacote de Compatibilidade para o sistema Office 2007

"{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9ADC3E4F-34DA-48CD-8727-BB26D90257BD}" = Windows Live Messenger

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3

"{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}" = Adobe Flash Player 9 ActiveX

"{BCF2CEFB-E23D-42EF-A5FA-F9ED2A085821}_is1" = CoolSMS 2.06 beta

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F11D6791-FBE8-4817-B5D4-D3191DDDCDC8}" = USB Video Camera

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"aTube Catcher" = aTube Catcher

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"DreaMule_is1" = DreaMule 3.2

"ie8" = Windows Internet Explorer 8

"InstallShield_{F11D6791-FBE8-4817-B5D4-D3191DDDCDC8}" = USB Video Camera

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"Pdf995" = Pdf995

"ShockwaveFlash" = Macromedia Flash Player 8

"SMSERIAL" = Motorola SM56 Data Fax Modem

"uTorrent" = µTorrent

"WIC" = Windows Imaging Component

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinLiveSuite_Wave3" = Windows Live Essentials

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 22/5/2010 04:08:06 | Computer Name = SEBASTIAN-NOTE | Source = Google Update | ID = 20

Description =

 

Error - 22/5/2010 12:08:05 | Computer Name = SEBASTIAN-NOTE | Source = Google Update | ID = 20

Description =

 

Error - 23/5/2010 15:32:28 | Computer Name = SEBASTIAN-NOTE | Source = Application Hang | ID = 1002

Description = Aplicativo com falha msmsgs.exe, versão 4.7.0.3001, módulo com falha

hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

 

Error - 23/5/2010 16:45:01 | Computer Name = SEBASTIAN-NOTE | Source = MsiInstaller | ID = 11904

Description = Product: Adobe Flash Player 9 ActiveX -- Error 1904.Module C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx

failed to register. HRESULT -2147220473. Contact your support personnel.

 

Error - 24/5/2010 09:14:27 | Computer Name = SEBASTIAN-NOTE | Source = Google Update | ID = 20

Description =

 

Error - 24/5/2010 10:14:28 | Computer Name = SEBASTIAN-NOTE | Source = Google Update | ID = 20

Description =

 

Error - 24/5/2010 11:14:28 | Computer Name = SEBASTIAN-NOTE | Source = Google Update | ID = 20

Description =

 

Error - 25/5/2010 01:14:27 | Computer Name = SEBASTIAN-NOTE | Source = Application Hang | ID = 1002

Description = Aplicativo com falha chrome.exe, versão 0.0.0.0, módulo com falha

hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

 

Error - 25/5/2010 01:14:28 | Computer Name = SEBASTIAN-NOTE | Source = Application Hang | ID = 1002

Description = Aplicativo com falha chrome.exe, versão 0.0.0.0, módulo com falha

hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

 

Error - 26/5/2010 21:31:38 | Computer Name = SEBASTIAN-NOTE | Source = Application Hang | ID = 1002

Description = Aplicativo com falha chrome.exe, versão 0.0.0.0, módulo com falha

hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

 

[ System Events ]

Error - 12/5/2010 18:45:56 | Computer Name = SEBASTIAN-NOTE | Source = NetBT | ID = 4307

Description = Falha na inicialização porque o transporte não abriu os Endereços

iniciais.

 

Error - 15/5/2010 22:37:27 | Computer Name = SEBASTIAN-NOTE | Source = ipnathlp | ID = 32003

Description = O conversor de endereços de rede (NAT) não pôde solicitar uma operação

de

módulo de conversão do modo do núcleo. Isso pode indicar uma configuração errada,

recursos insuficientes ou erro interno. Os dados são o código de erro.

 

 

< End of report >

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! Zébástian

 

<@> Execute o OTL.exe.

<@> Copie estas informações que estão na Quote,para o campo abaixo de: Exames Personalizados/Correções

 

:files

c:\windows\iun6002.exe

:otl

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

:commands

[resethosts]

[purity]

[emptyflash]

[emptytemp]

[Reboot]

<@> Clique no botão Consertar --> Aguarde a conclusão! --> Executar!

<@> Poste o relatório,que também estará na pasta: C:\_OTL\MovedFiles\*.log <--

<@> Poste,também,HijackThis atualizado.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Log do OTL

All processes killed

========== FILES ==========

c:\windows\iun6002.exe moved successfully.

========== OTL ==========

C:\WINDOWS\002872_.tmp deleted successfully.

C:\WINDOWS\SET3.tmp deleted successfully.

C:\WINDOWS\SET4.tmp deleted successfully.

C:\WINDOWS\SET8.tmp deleted successfully.

C:\WINDOWS\System32\CONFIG.TMP deleted successfully.

========== COMMANDS ==========

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

[EMPTYFLASH]

 

User: Administrador

->Flash cache emptied: 1663 bytes

 

User: All Users

 

User: Default User

 

User: LocalService

 

User: NetworkService

 

Total Flash Files Cleaned = 0,00 mb

 

 

[EMPTYTEMP]

 

User: Administrador

->Temp folder emptied: 2901937 bytes

->Temporary Internet Files folder emptied: 8069000 bytes

->FireFox cache emptied: 76334422 bytes

->Google Chrome cache emptied: 228163773 bytes

->Flash cache emptied: 0 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

 

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 32902 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 301,00 mb

 

 

OTL by OldTimer - Version 3.2.5.0 log created on 05272010_232709

 

Files\Folders moved on Reboot...

 

Registry entries deleted on Reboot...

 

 

 

Log do Hijack

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 23:48:17, on 27/5/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe

C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsMobileCS.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

C:\Arquivos de programas\IVT Corporation\BlueSoleil\BtTray.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\USB Video Camera\Monitor.exe

C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsHelpCS.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Trend Micro\HiJackThis\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O1 - Hosts: ÿþ127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [sMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [btTray] "C:\Arquivos de programas\IVT Corporation\BlueSoleil\BtTray.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Monitor.lnk = C:\Arquivos de programas\USB Video Camera\Monitor.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Enviar por Bluetooth - C:\Arquivos de programas\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm

O8 - Extra context menu item: Enviar por mensagem(&M)... - C:\Arquivos de programas\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{D2740C35-F54D-4D6F-ABC1-BB5C420707A5}: NameServer = 208.67.222.222,208.67.220.220

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\skype4com.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: BlueSoleilCS - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

O23 - Service: BsHelpCS - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsHelpCS.exe

O23 - Service: BsMobileCS - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsMobileCS.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

 

--

End of file - 6255 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! Zébástian

 

<@> Desinstale,caso queira,o Malwarebytes.

<@> Dê um duplo-clique no arquivo em destaque:

 

<!> C:\Arquivos de programas\Malwarebytes' Anti-Malware\unins000.exe <--

 

<@> Reinicie o computador,após a conclusão!

00000000000000000000

oooooooooooooooooooo

<@> Vá em Iniciar --> Executar --> Digite ou cole: combofix.exe /uninstall --> Clique OK.

 

< 92674490.jpg >

 

<@> Abrir-se-á,a seguinte janela: ( Abrir arquivo - Aviso de Segurança )

<@> Clique em Executar --> Aguarde!

<@> Surgirá,finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK.

<@> Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório!

<@> Ou,vá em Iniciar --> Executar --> Digite ou cole:

 

"%userprofile%\desktop\combofix" /uninstall

 

<@> Clique OK.

00000000000000000000

oooooooooooooooooooo

<@> Abra o OTL.exe --> Clique em CleanUp.jpg ou Limpeza --> Aguarde!

<@> Na solicitação,clique OK --> Reinicie o computador!

00000000000000000000

oooooooooooooooooooo

<!> Seus logs estão limpos! :)

<!> Seu MSN,ainda está com problemas?

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Agora o MSN está funfando tranquilo mas, como eu disse no post #5, tem alguns sites que eu ñ consigo acessar nem no IE8 nem no FF e no Chrome, ele demoooooooooora mas acessa.

Ultimamente eu estava postando no FF e antes de postar este, eu limpei o cache do mesmo e após isto, não consegui acessar nem esta página.

Outras páginas que eu não consigo acessar são: login do 4shared.com, rapidshare, login do google (incluindo orkut, mail etc). Estas e outras não consigo nos 2 browsers..

Compartilhar este post


Link para o post
Compartilhar em outros sites

Agora o MSN está funfando tranquilo mas, como eu disse no post #5, tem alguns sites que eu ñ consigo acessar nem no IE8 nem no FF e no Chrome, ele demoooooooooora mas acessa.

Ultimamente eu estava postando no FF e antes de postar este, eu limpei o cache do mesmo e após isto, não consegui acessar nem esta página.

Outras páginas que eu não consigo acessar são: login do 4shared.com, rapidshare, login do google (incluindo orkut, mail etc). Estas e outras não consigo nos 2 browsers..

/////////////\\\\\\\\\\\\\\

Opa! Zébastian

 

<!> Ps: Verifique se os problemas,com os navegadores,ocorreram ao instalar o BlueSoleil.

<!> Se for o caso,pode desinstalar!

00000000000000000

ooooooooooooooooo

<@> Baixe: < TuneUp Utilities 2010 >

<@> Para baixar,digite o seu E-Mail e clique em Start download.

<@> Salve o executável,TU2010TrialEN.exe,em Arquivos de Programas.

<@> O programa é Trial! Mas...haverá tempo,para a otimização do computador.

<@> Procure desfragmentar o Disco e Registro.

<@> Otimize a navegação!

00000000000000000

<!> Seus logs estão limpos!

<!> Análise encerrada!

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Meu, valew mesmo...

Meu problema era mesmo o BlueSoleil... Agora ta rodando bem...

E quanto ao TuneUp melhorou bem o desempenho do pc...

Tópico encerrado c/ muito agradecimento...rs

Compartilhar este post


Link para o post
Compartilhar em outros sites

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.