Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Boa noite.
Estou com meu pc muito lento...
Esta custando para iniciar e com erros....
ajuda ae!
:grin:
Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:59:27, on 28/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Nero\Nero8\InCD\InCDsrv.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Arquivos de programas\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\OpenDNS Updater\OpenDNS Updater.exe
C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\slserv.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.search.yahoo.com/search?fr=mcafee&p=%s
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: CBHO Object - {CBA74CDA-DF78-4AD9-954E-3B15D0A993DE} - C:\Arquivos de programas\CoreStreet\SpoofStick\SpoofStickBHO.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SpoofStick - {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} - C:\Arquivos de programas\CoreStreet\SpoofStick\SpoofStick.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Arquivos de programas\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKCU\..\Run: [bitTorrent] "C:\Arquivos de programas\BitTorrent\bittorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: "Adicionar ao Bloqueador de banner de anúncio" - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: Estatísticas de proteção de tráfego da web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\ARQUIV~1\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd.dll,C:\ARQUIV~1\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd3.dll,C:\ARQUIV~1\Kaspersky Lab\Kaspersky Internet Security 2009\adialhk.dll,C:\ARQUIV~1\Kaspersky Lab\Kaspersky Internet Security 2009\kloehk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Google Update Service (gupdate1c9f0603e0f074e) (gupdate1c9f0603e0f074e) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpenDNS Updater (OpenDNS Updater.exe) - OpenDNS - C:\Arquivos de programas\OpenDNS Updater\OpenDNS Updater.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 10245 bytes
Fla ae DigRam...
Malz a demora ae...
Como q eu gero esse "Extra.txt"?
o OTL eu rrumei...
ta aki..
OTL logfile created on: 3/9/2009 17:07:31 - Run 2
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Felipe de Souza\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy
511,53 Mb Total Physical Memory | 72,71 Mb Available Physical Memory | 14,21% Memory free
859,21 Mb Paging File | 360,53 Mb Available in Paging File | 41,96% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas
Drive C: | 19,66 Gb Total Space | 0,68 Gb Free Space | 3,45% Space Free | Partition Type: NTFS
Drive D: | 92,12 Gb Total Space | 2,48 Gb Free Space | 2,69% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ACAS-6C15302737
Current User Name: Felipe de Souza
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Arquivos de programas\Nero\Nero8\InCD\InCDsrv.exe (Nero AG)
PRC - C:\Arquivos de programas\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
PRC - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)
PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Arquivos de programas\OpenDNS Updater\OpenDNS Updater.exe (OpenDNS)
PRC - C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe ()
PRC - C:\Arquivos de programas\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
PRC - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
PRC - C:\WINDOWS\System32\slserv.exe ( )
PRC - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
PRC - C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
PRC - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
PRC - C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
PRC - C:\Arquivos de programas\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Arquivos de programas\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Felipe de Souza\Desktop\OTL.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (6to4 [Auto | Running]) -- C:\WINDOWS\System32\6to4svc.dll (Microsoft Corporation)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (AVP [Auto | Running]) -- C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Lab)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (fsssvc [On_Demand | Stopped]) -- C:\Arquivos de programas\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (gupdate1c9f0603e0f074e [Auto | Stopped]) -- C:\Arquivos de programas\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [unknown | Running]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (InCDsrv [Auto | Running]) -- C:\Arquivos de programas\Nero\Nero8\InCD\InCDsrv.exe (Nero AG)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Arquivos de programas\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (MDM [Auto | Running]) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Arquivos de programas\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 3 [Auto | Running]) -- C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NMIndexingService [On_Demand | Stopped]) -- C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe (Nero AG)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (OpenDNS Updater.exe [Auto | Running]) -- C:\Arquivos de programas\OpenDNS Updater\OpenDNS Updater.exe (OpenDNS)
SRV - (ose [On_Demand | Stopped]) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (RichVideo [Auto | Running]) -- C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe ()
SRV - (SeaPort [Auto | Running]) -- C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
SRV - (ServiceLayer [On_Demand | Running]) -- C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (SLService [Auto | Running]) -- C:\WINDOWS\System32\slserv.exe ( )
SRV - (SoundMAX Agent Service (default) [Auto | Running]) -- C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (aeaudio [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (AnyDVD [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (ElbyCDIO [Auto | Running]) -- C:\WINDOWS\System32\Drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (ElbyDelay [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\ElbyDelay.sys (Elaborate Bytes AG)
DRV - (fssfltr [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (gameenum [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys (Microsoft Corporation)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys (HP)
DRV - (InCDfs [Disabled | Running]) -- C:\WINDOWS\System32\drivers\InCDFs.sys (Nero AG)
DRV - (InCDPass [system | Running]) -- C:\WINDOWS\System32\drivers\InCDPass.sys (Nero AG)
DRV - (incdrm [system | Running]) -- C:\WINDOWS\System32\drivers\InCDRm.sys (Nero AG)
DRV - (kl1 [boot | Running]) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab)
DRV - (klbg [boot | Running]) -- C:\WINDOWS\system32\drivers\klbg.sys (Kaspersky Lab)
DRV - (KLFLTDEV [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\klfltdev.sys (Kaspersky Lab)
DRV - (KLIF [system | Running]) -- C:\WINDOWS\System32\DRIVERS\klif.sys (Kaspersky Lab)
DRV - (klim5 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\klim5.sys (Kaspersky Lab)
DRV - (MagicTune [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\MTiCtwl.sys ()
DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (Mtlmnt5 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\Mtlmnt5.sys (Smart Link)
DRV - (Mtlstrm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\Mtlstrm.sys (Smart Link)
DRV - (nmwcd [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\ccdcmb.sys (Nokia)
DRV - (nmwcdc [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcdnsu [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdnsuc [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (pccsmcfd [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\pccsmcfd.sys (Nokia)
DRV - (pcouffin [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\pcouffin.sys (VSO Software)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RecAgent [boot | Running]) -- C:\WINDOWS\system32\DRIVERS\RecAgent.sys (Smart Link)
DRV - (SCDEmu [system | Running]) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSide [boot | Running]) -- C:\WINDOWS\system32\DRIVERS\siside.sys (Silicon Integrated Systems Corp.)
DRV - (SISNIC [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\sisnic.sys (SiS Corporation)
DRV - (Slntamr [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\slntamr.sys (Smart Link)
DRV - (SlNtHal [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\Slnthal.sys (Smart Link)
DRV - (SlWdmSup [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\SlWdmSup.sys (Smart Link)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (SONYPVU1 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS (Sony Corporation)
DRV - (Tcpip6 [system | Running]) -- C:\WINDOWS\System32\DRIVERS\tcpip6.sys (Microsoft Corporation)
DRV - (upperdev [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\usbser_lowerflt.sys (Nokia)
DRV - (usbser [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\usbser.sys (Microsoft Corporation)
DRV - (UsbserFilt [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\usbser_lowerfltj.sys (Nokia)
DRV - ({95808DC4-FA4A-4c74-92FE-5B863F82066B} [Auto | Running]) -- C:\Arquivos de programas\CyberLink\PowerDVD\000.fcl (Cyberlink Corp.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1614895754-57989841-527237240-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1614895754-57989841-527237240-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1614895754-57989841-527237240-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1614895754-57989841-527237240-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1614895754-57989841-527237240-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1614895754-57989841-527237240-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1614895754-57989841-527237240-1003\S-1-5-21-1614895754-57989841-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..extensions.enabledItems: {09ec805c-cb2e-4d53-b0d3-a75a428b81c7}:2.1.0.19
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:5.0.20090324W
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}:6.0.06
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: twitternotifier@naan.net:1.8.3
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 19:05:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Arquivos de programas\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/07/21 12:53:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ff [2009/04/26 14:20:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components [2009/08/23 13:41:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox\plugins [2009/08/06 01:21:07 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\THBExt [2009/08/07 15:59:04 | 00,000,000 | ---D | M]
[2009/04/20 21:29:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Felipe de Souza\Dados de aplicativos\mozilla\Extensions
[2009/04/20 21:29:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Felipe de Souza\Dados de aplicativos\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/03 16:57:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Felipe de Souza\Dados de aplicativos\mozilla\Firefox\Profiles\rbkrvids.default\extensions
[2009/07/08 20:37:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Felipe de Souza\Dados de aplicativos\mozilla\Firefox\Profiles\rbkrvids.default\extensions\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}
[2009/09/03 16:09:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Felipe de Souza\Dados de aplicativos\mozilla\Firefox\Profiles\rbkrvids.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/04/23 14:47:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Felipe de Souza\Dados de aplicativos\mozilla\Firefox\Profiles\rbkrvids.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/07/01 18:56:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Felipe de Souza\Dados de aplicativos\mozilla\Firefox\Profiles\rbkrvids.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2009/08/04 11:47:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Felipe de Souza\Dados de aplicativos\mozilla\Firefox\Profiles\rbkrvids.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/07/19 12:52:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Felipe de Souza\Dados de aplicativos\mozilla\Firefox\Profiles\rbkrvids.default\extensions\twitternotifier@naan.net
[2009/09/03 16:19:14 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\mozilla firefox\extensions
[2009/08/06 01:21:08 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/20 21:47:29 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
[2009/04/26 14:21:15 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/08/05 22:31:20 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/07/30 20:45:43 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Arquivos de programas\mozilla firefox\components\browserdirprovider.dll
[2009/07/30 20:45:43 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Arquivos de programas\mozilla firefox\components\brwsrcmp.dll
[2008/09/03 21:11:24 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Arquivos de programas\mozilla firefox\plugins\npbittorrent.dll
[2009/07/25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\mozilla firefox\plugins\npdeploytk.dll
[2009/07/30 20:45:43 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Arquivos de programas\mozilla firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\mozilla firefox\plugins\NPOFF12.DLL
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Arquivos de programas\mozilla firefox\plugins\nppdf32.dll
[2008/09/10 16:56:44 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Arquivos de programas\mozilla firefox\plugins\nppl3260.dll
[2008/09/10 16:37:54 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Arquivos de programas\mozilla firefox\plugins\nprpjplug.dll
[2009/07/30 19:51:30 | 00,001,027 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\buscape.xml
[2009/07/30 20:45:41 | 00,002,371 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\google.xml
[2009/07/30 19:51:30 | 00,001,135 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\mercadolivre.xml
[2009/07/30 19:51:30 | 00,001,168 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\wikipedia-br.xml
[2009/07/30 19:51:30 | 00,000,648 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\yahoo-br.xml
O1 HOSTS File: (698 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (CBHO Object) - {CBA74CDA-DF78-4AD9-954E-3B15D0A993DE} - C:\Arquivos de programas\CoreStreet\SpoofStick\SpoofStickBHO.dll (CoreStreet, Ltd.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (SpoofStick) - {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} - C:\Arquivos de programas\CoreStreet\SpoofStick\SpoofStick.dll (CoreStreet, Ltd.)
O3 - HKU\S-1-5-21-1614895754-57989841-527237240-1003\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1614895754-57989841-527237240-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1614895754-57989841-527237240-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll File not found
O3 - HKU\S-1-5-21-1614895754-57989841-527237240-1003\..\Toolbar\WebBrowser: (SpoofStick) - {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} - C:\Arquivos de programas\CoreStreet\SpoofStick\SpoofStick.dll (CoreStreet, Ltd.)
O4 - HKLM..\Run: [AVP] C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Arquivos de programas\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKU\S-1-5-21-1614895754-57989841-527237240-1003..\Run: [bitTorrent] C:\Arquivos de programas\BitTorrent\bittorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-1614895754-57989841-527237240-1003..\Run: [PC Suite Tray] C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKU\S-1-5-21-1614895754-57989841-527237240-1003..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1614895754-57989841-527237240-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1614895754-57989841-527237240-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-21-1614895754-57989841-527237240-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-21-1614895754-57989841-527237240-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-1614895754-57989841-527237240-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O8 - Extra context menu item: "Adicionar ao Bloqueador de banner de anúncio" - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de programas\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Translate with &Babylon - C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra Button: Estatísticas de proteção de tráfego da web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Arquivos de programas\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (Microsoft Corporation)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {00000161-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/msaud.cab (Reg Error: Key error.)
O16 - DPF: {32564D57-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv8dmo.cab (Reg Error: Key error.)
O16 - DPF: {3334504D-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/C/8/0C8EDFAB-30BC-4792-898E-2DABE27B2C4D/mp43dmo.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab](http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab) (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} [http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab](http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab) (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab](http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab) (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab](http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab) (Java Plug-in 1.6.0_15)O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.150.4.7 200.150.4.3 200.150.4.5
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Arquivos de programas\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de programas\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de programas\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\ARQUIV~1\Kaspersky) - File not found
O20 - AppInit_DLLs: (Lab\Kaspersky) - File not found
O20 - AppInit_DLLs: (Internet) - File not found
O20 - AppInit_DLLs: (Security) - C:\WINDOWS\System32\Security.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (2009\mzvkbd.dll) - File not found
O20 - AppInit_DLLs: (C:\ARQUIV~1\Kaspersky) - File not found
O20 - AppInit_DLLs: (Lab\Kaspersky) - File not found
O20 - AppInit_DLLs: (Internet) - File not found
O20 - AppInit_DLLs: (Security) - C:\WINDOWS\System32\Security.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (2009\mzvkbd3.dll) - File not found
O20 - AppInit_DLLs: (C:\ARQUIV~1\Kaspersky) - File not found
O20 - AppInit_DLLs: (Lab\Kaspersky) - File not found
O20 - AppInit_DLLs: (Internet) - File not found
O20 - AppInit_DLLs: (Security) - C:\WINDOWS\System32\Security.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (2009\adialhk.dll) - File not found
O20 - AppInit_DLLs: (C:\ARQUIV~1\Kaspersky) - File not found
O20 - AppInit_DLLs: (Lab\Kaspersky) - File not found
O20 - AppInit_DLLs: (Internet) - File not found
O20 - AppInit_DLLs: (Security) - C:\WINDOWS\System32\Security.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (2009\kloehk.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\System32\klogon.dll (Kaspersky Lab)
O24 - Desktop Components:0 (Minha página inicial atual) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/20 19:45:11 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2002/01/01 17:30:20 | 00,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1512ac04-351d-11de-a4ea-001cc06b60bc}\Shell\AutoRun\command - "" = G:\RESTORE\c-1-3-64-8794238531-8742492-9897532\Sys32.exe -- File not found
O33 - MountPoints2\{1512ac04-351d-11de-a4ea-001cc06b60bc}\Shell\open\command - "" = G:\RESTORE\c-1-3-64-8794238531-8742492-9897532\Sys32.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
========== Files/Folders - Created Within 30 Days ==========
[2009/09/03 17:05:24 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Felipe de Souza\Desktop\OTL.exe
[2009/08/30 23:12:43 | 02,395,745 | ---- | C] () -- C:\Documents and Settings\Felipe de Souza\Desktop\Bonde da Stronda - Reggaeton Playsson.mp3
[2009/08/30 23:07:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Felipe de Souza\Desktop\CD BONDE DA STRONDA - NOVA ERA DA STRONDA
[2009/08/30 23:07:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Felipe de Souza\Desktop\Bonde da Stronda
[2009/08/30 22:26:47 | 05,472,102 | ---- | C] () -- C:\Documents and Settings\Felipe de Souza\Desktop\Souja Boy -Kiss Me Thru The Phone.mp3
[2009/08/30 15:06:16 | 03,861,443 | ---- | C] () -- C:\Documents and Settings\Felipe de Souza\Desktop\GINO E GENO 2009 - com dinheiro é mole.mp3
[2009/08/30 14:46:47 | 00,005,759 | ---- | C] () -- C:\Documents and Settings\Felipe de Souza\Desktop\pork.jpg
[2009/08/30 14:28:36 | 03,940,835 | ---- | C] () -- C:\Documents and Settings\Felipe de Souza\Desktop\Ei, psiu ! beijo me liga - Michel Teló e João Bosco & Vinicius.mp3
[2009/08/30 14:28:33 | 06,125,560 | ---- | C] () -- C:\Documents and Settings\Felipe de Souza\Desktop\Vou jogar a chave fora - Maria Cecilia & Rodolfo.mp3
[2009/08/30 14:28:30 | 04,718,239 | ---- | C] () -- C:\Documents and Settings\Felipe de Souza\Desktop\QUEM AMA CUIDA-MARIA CECILIA E RODOLFO .mp3
[2009/08/30 13:48:54 | 00,000,000 | ---D | C] -- D:\MEUS DOCUMENTOS\Kav7
[2009/08/30 13:40:53 | 00,000,000 | ---D | C] -- D:\MEUS DOCUMENTOS\Forro Wanessa
[2009/08/30 13:18:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Felipe de Souza\Desktop\Luan Santana AO VIVO 2009
[2009/08/30 13:18:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Felipe de Souza\Desktop\FERNANDO E SOROCABA - VENDAVAL
[2009/08/30 12:36:59 | 03,318,758 | ---- | C] () -- C:\Documents and Settings\Felipe de Souza\Desktop\Fernando e Sorocaba - Paga Pau.mp3
[2009/08/28 19:44:18 | 00,140,486 | ---- | C] () -- D:\MEUS DOCUMENTOS\Peraeee!.JPG
[2009/08/28 19:43:41 | 00,000,000 | -H-- | C] () -- D:\MEUS DOCUMENTOS\Default.rdp
[2009/08/28 18:25:27 | 00,000,000 | ---D | C] -- C:\CD Fael
[2009/08/25 20:50:33 | 00,113,130 | ---- | C] () -- C:\Documents and Settings\Felipe de Souza\Desktop\Olha ele ae!2.jpg
[2009/08/25 20:50:03 | 00,067,137 | ---- | C] () -- C:\Documents and Settings\Felipe de Souza\Desktop\Olha ele ae!.jpg
[2009/08/25 20:40:25 | 00,185,988 | ---- | C] () -- C:\Documents and Settings\Felipe de Souza\Desktop\4.jpg
[2009/08/23 01:30:20 | 04,756,038 | ---- | C] () -- C:\Documents and Settings\Felipe de Souza\Desktop\04-T-Pain-Freeze (Feat. Chris Brown).mp3
[2009/08/23 01:30:13 | 03,668,010 | ---- | C] () -- C:\Documents and Settings\Felipe de Souza\Desktop\Britney - Radar ( CD High Quality ).mp3
[2009/08/22 14:28:11 | 53,644,9024 | -HS- | C] () -- C:\hiberfil.sys
[2009/08/20 20:57:54 | 00,000,000 | ---D | C] -- D:\MEUS DOCUMENTOS\rede wireless
[2009/08/17 23:38:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Felipe de Souza\Desktop\Celular de mae
[2009/08/13 14:35:00 | 00,322,604 | ---- | C] () -- D:\MEUS DOCUMENTOS\img166.jpg
[2009/08/12 21:21:53 | 00,009,822 | ---- | C] () -- D:\MEUS DOCUMENTOS\MENSAGEM EDNA.xlsx
[2009/08/12 13:33:28 | 00,062,524 | ---- | C] () -- D:\MEUS DOCUMENTOS\kkkkkk.jpg
[2009/08/12 12:50:07 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll
[2009/08/12 12:50:02 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2009/08/12 12:50:02 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2009/08/12 12:49:59 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2009/08/12 12:49:58 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll
[2009/08/12 12:49:51 | 11,067,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/08/12 12:49:15 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/08/10 15:45:06 | 00,001,876 | ---- | C] () -- D:\MEUS DOCUMENTOS\KIS8-CM-20090912-041659B0.KEY
[2009/08/09 21:09:15 | 00,000,777 | ---- | C] () -- C:\Documents and Settings\Felipe de Souza\Desktop\PhotoScape.lnk
[2009/08/09 21:07:27 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\PhotoScape
[2009/08/07 22:36:02 | 00,044,850 | ---- | C] () -- D:\MEUS DOCUMENTOS\OgAAABrg-s5WdEDPA7rBJiIglP-j-xOF7Y9S8OH5bC2Zya7x8Z06N-qyeXX-6aprKd09kT740tDQW2cKPqTeEbx5oEoAm1T1UCI49los9ianeo5JK5Zj1TRwGmav.jpg
[2009/08/07 16:10:36 | 00,000,000 | ---D | C] -- D:\MEUS DOCUMENTOS\Kaspersky+Internet+Security+8.0.0.33+Alpha+1
[2009/08/07 16:09:52 | 00,001,852 | ---- | C] () -- D:\MEUS DOCUMENTOS\KIS8-CM-20090826-0551C10E.KEY
[2009/08/07 16:09:52 | 00,000,000 | ---D | C] -- D:\MEUS DOCUMENTOS\Avira Antivir9
[2009/08/07 16:08:59 | 44,366,840 | ---- | C] () -- D:\MEUS DOCUMENTOS\kis8.0.0.506br.exe
[2009/08/07 15:59:35 | 00,105,395 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2009/08/07 15:59:35 | 00,094,643 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2009/08/07 15:58:29 | 02,082,336 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/08/07 15:58:29 | 00,426,016 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/08/07 15:58:29 | 00,018,396 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/08/07 15:58:29 | 00,003,584 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009/08/07 15:58:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab
[2009/08/07 15:58:29 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Kaspersky Lab
[2009/08/07 15:57:33 | 00,226,832 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2009/08/07 15:52:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files
[2009/08/07 12:32:03 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Rapidown
[2009/08/07 10:45:01 | 00,000,000 | ---D | C] -- D:\MEUS DOCUMENTOS\Ferr Virus
[2009/08/06 00:58:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Felipe de Souza\Dados de aplicativos\Malwarebytes
[2009/08/06 00:58:08 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/06 00:58:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes
[2009/08/06 00:58:04 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/06 00:58:04 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Malwarebytes' Anti-Malware
[2009/08/05 23:23:13 | 00,097,596 | ---- | C] () -- D:\MEUS DOCUMENTOS\Adivinha quem eh....JPG
[2009/08/05 23:19:49 | 00,112,350 | ---- | C] () -- D:\MEUS DOCUMENTOS\OgAAAKurpnBwpPVoYCVcvQ4koTVs10ibhzUqp1aZx2Ag9yuqX4BrMghQPUHuQc6nVsf9GJTxG42HRJDX2_ITNihHKtgAm1T1UA7K7p5F4UldVo_2-SGb2FTHHXDp.jpg
[2009/08/05 22:31:18 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/08/05 22:31:18 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/08/05 22:31:18 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/08/05 01:11:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\OpenDNS Updater
[2009/08/05 00:23:15 | 00,000,529 | ---- | C] () -- C:\Documents and Settings\Felipe de Souza\Desktop\Receitanet 2009.lnk
[2009/08/05 00:23:12 | 00,128,000 | ---- | C] () -- C:\WINDOWS\DesinstWRecnet.EXE
[2009/08/05 00:23:12 | 00,122,880 | ---- | C] () -- C:\WINDOWS\DesinstRecnet.exe
[2009/08/05 00:23:12 | 00,005,361 | ---- | C] () -- C:\WINDOWS\DesinstWRecnet.ini
[2009/08/05 00:23:12 | 00,000,131 | ---- | C] () -- C:\WINDOWS\REC-NET.INI
[2009/08/05 00:23:12 | 00,000,000 | ---D | C] -- C:\Recnet
[2009/08/04 23:51:47 | 00,000,727 | ---- | C] () -- C:\Documents and Settings\Felipe de Souza\Desktop\IRPF2009 - Declaração de Ajuste Anual e Final de Espólio.lnk
[2009/07/24 15:42:27 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/07/01 20:32:26 | 00,000,208 | ---- | C] () -- C:\WINDOWS\HpBestModeUpdatePatchLog.ini
[2009/07/01 20:25:18 | 00,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2009/07/01 20:24:57 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2009/07/01 19:37:56 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\MTiCtwl.sys
[2009/07/01 13:14:05 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2009/06/19 15:45:40 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009/05/06 23:24:41 | 02,402,304 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2009/05/06 23:24:39 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/05/06 23:24:39 | 00,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/05/06 23:24:32 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/05/06 23:24:30 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/04/29 15:06:45 | 00,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2009/04/29 14:59:31 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2009/04/29 14:59:27 | 00,152,064 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/04/29 14:59:25 | 00,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/04/23 14:44:11 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\MSJCE.dll
[2009/04/22 14:15:11 | 00,002,867 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/04/22 14:15:09 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/04/21 18:17:00 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/20 21:32:42 | 00,335,872 | ---- | C] () -- C:\WINDOWS\System32\ldf252.dll
[2009/04/20 20:43:45 | 00,540,672 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll
[2009/04/20 20:43:45 | 00,151,552 | ---- | C] () -- C:\WINDOWS\System32\SLMOHServ.dll
[2009/04/20 20:43:45 | 00,014,976 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\winddx.sys
[2009/04/20 20:36:45 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll
[2009/04/20 20:23:46 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2009/04/20 20:23:46 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/05/02 22:46:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/02 22:46:00 | 01,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/02 22:46:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/02 22:46:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2001/10/28 12:07:38 | 00,000,655 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/10/28 12:07:30 | 00,000,827 | ---- | C] () -- C:\WINDOWS\system.ini
========== Files - Modified Within 30 Days ==========
[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/09/03 17:05:34 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Felipe de Souza\Desktop\OTL.exe
[2009/09/03 16:49:03 | 00,001,048 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/09/03 16:04:54 | 00,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/03 16:03:34 | 00,004,668 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2009/09/03 16:03:14 | 00,001,044 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/09/03 16:03:10 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/03 16:03:06 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/03 16:03:03 | 53,644,9024 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/03 13:16:32 | 02,082,336 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/09/03 13:16:32 | 00,426,016 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/09/03 13:16:32 | 00,018,396 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/09/03 13:16:32 | 00,003,584 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009/09/03 11:56:27 | 00,000,474 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{2EE23A71-91D3-45DA-A56C-77DA13359452}.job
[2009/09/01 23:40:10 | 08,598,642 | -H-- | M] () -- C:\Documents and Settings\Felipe de Souza\Configurações locais\Dados de aplicativos\IconCache.db
[2009/08/30 23:13:17 | 02,395,745 | ---- | M] () -- C:\Documents and Settings\Felipe de Souza\Desktop\Bonde da Stronda - Reggaeton Playsson.mp3
[2009/08/30 22:26:54 | 05,472,102 | ---- | M] () -- C:\Documents and Settings\Felipe de Souza\Desktop\Souja Boy -Kiss Me Thru The Phone.mp3
[2009/08/30 15:11:21 | 03,861,443 | ---- | M] () -- C:\Documents and Settings\Felipe de Souza\Desktop\GINO E GENO 2009 - com dinheiro é mole.mp3
[2009/08/30 14:46:51 | 00,005,759 | ---- | M] () -- C:\Documents and Settings\Felipe de Souza\Desktop\pork.jpg
[2009/08/30 14:34:53 | 06,125,560 | ---- | M] () -- C:\Documents and Settings\Felipe de Souza\Desktop\Vou jogar a chave fora - Maria Cecilia & Rodolfo.mp3
[2009/08/30 14:33:46 | 04,718,239 | ---- | M] () -- C:\Documents and Settings\Felipe de Souza\Desktop\QUEM AMA CUIDA-MARIA CECILIA E RODOLFO .mp3
[2009/08/30 14:32:46 | 03,940,835 | ---- | M] () -- C:\Documents and Settings\Felipe de Souza\Desktop\Ei, psiu ! beijo me liga - Michel Teló e João Bosco & Vinicius.mp3
[2009/08/30 13:27:44 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/08/30 13:27:41 | 00,092,672 | ---- | M] () -- C:\Documents and Settings\Felipe de Souza\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/30 12:38:50 | 03,318,758 | ---- | M] () -- C:\Documents and Settings\Felipe de Souza\Desktop\Fernando e Sorocaba - Paga Pau.mp3
[2009/08/28 19:44:19 | 00,140,486 | ---- | M] () -- D:\MEUS DOCUMENTOS\Peraeee!.JPG
[2009/08/28 19:43:41 | 00,000,000 | -H-- | M] () -- D:\MEUS DOCUMENTOS\Default.rdp
[2009/08/25 20:50:33 | 00,113,130 | ---- | M] () -- C:\Documents and Settings\Felipe de Souza\Desktop\Olha ele ae!2.jpg
[2009/08/25 20:50:05 | 00,067,137 | ---- | M] () -- C:\Documents and Settings\Felipe de Souza\Desktop\Olha ele ae!.jpg
[2009/08/25 20:40:25 | 00,185,988 | ---- | M] () -- C:\Documents and Settings\Felipe de Souza\Desktop\4.jpg
[2009/08/25 13:28:19 | 00,000,655 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/08/23 18:49:00 | 01,049,370 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/08/23 18:49:00 | 00,479,518 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat
[2009/08/23 18:49:00 | 00,443,738 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/23 18:49:00 | 00,083,622 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat
[2009/08/23 18:49:00 | 00,071,764 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/23 01:30:56 | 00,011,867 | -HS- | M] () -- C:\Documents and Settings\Felipe de Souza\Desktop\Folder.jpg
[2009/08/23 01:30:56 | 00,003,136 | -HS- | M] () -- C:\Documents and Settings\Felipe de Souza\Desktop\AlbumArtSmall.jpg
[2009/08/23 01:30:41 | 04,756,038 | ---- | M] () -- C:\Documents and Settings\Felipe de Souza\Desktop\04-T-Pain-Freeze (Feat. Chris Brown).mp3
[2009/08/23 01:30:30 | 03,668,010 | ---- | M] () -- C:\Documents and Settings\Felipe de Souza\Desktop\Britney - Radar ( CD High Quality ).mp3
[2009/08/22 22:31:40 | 00,000,827 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/08/22 22:31:40 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009/08/13 14:35:00 | 00,322,604 | ---- | M] () -- D:\MEUS DOCUMENTOS\img166.jpg
[2009/08/12 22:02:49 | 00,009,822 | ---- | M] () -- D:\MEUS DOCUMENTOS\MENSAGEM EDNA.xlsx
[2009/08/12 13:33:32 | 00,062,524 | ---- | M] () -- D:\MEUS DOCUMENTOS\kkkkkk.jpg
[2009/08/10 15:41:11 | 00,001,876 | ---- | M] () -- D:\MEUS DOCUMENTOS\KIS8-CM-20090912-041659B0.KEY
[2009/08/09 21:09:15 | 00,000,777 | ---- | M] () -- C:\Documents and Settings\Felipe de Souza\Desktop\PhotoScape.lnk
[2009/08/07 22:36:04 | 00,044,850 | ---- | M] () -- D:\MEUS DOCUMENTOS\OgAAABrg-s5WdEDPA7rBJiIglP-j-xOF7Y9S8OH5bC2Zya7x8Z06N-qyeXX-6aprKd09kT740tDQW2cKPqTeEbx5oEoAm1T1UCI49los9ianeo5JK5Zj1TRwGmav.jpg
[2009/08/07 16:32:25 | 00,226,832 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2009/08/07 16:32:25 | 00,033,808 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klbg.sys
[2009/08/07 16:32:21 | 00,105,395 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2009/08/07 16:32:21 | 00,094,643 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2009/08/07 15:51:46 | 44,366,840 | ---- | M] () -- D:\MEUS DOCUMENTOS\kis8.0.0.506br.exe
[2009/08/07 15:48:50 | 00,001,852 | ---- | M] () -- D:\MEUS DOCUMENTOS\KIS8-CM-20090826-0551C10E.KEY
[2009/08/06 01:21:21 | 00,001,685 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/08/05 23:23:13 | 00,097,596 | ---- | M] () -- D:\MEUS DOCUMENTOS\Adivinha quem eh....JPG
[2009/08/05 23:19:53 | 00,112,350 | ---- | M] () -- D:\MEUS DOCUMENTOS\OgAAAKurpnBwpPVoYCVcvQ4koTVs10ibhzUqp1aZx2Ag9yuqX4BrMghQPUHuQc6nVsf9GJTxG42HRJDX2_ITNihHKtgAm1T1UA7K7p5F4UldVo_2-SGb2FTHHXDp.jpg
[2009/08/05 22:03:16 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/08/05 06:00:39 | 00,205,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mswebdvd.dll
[2009/08/05 06:00:39 | 00,205,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2009/08/05 00:50:24 | 00,000,008 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2009/08/05 00:29:42 | 00,000,727 | ---- | M] () -- C:\Documents and Settings\Felipe de Souza\Desktop\IRPF2009 - Declaração de Ajuste Anual e Final de Espólio.lnk
[2009/08/05 00:23:15 | 00,000,529 | ---- | M] () -- C:\Documents and Settings\Felipe de Souza\Desktop\Receitanet 2009.lnk
[2009/08/05 00:23:15 | 00,000,131 | ---- | M] () -- C:\WINDOWS\REC-NET.INI
========== Files - Unicode (All) ==========
2009/05/13 14:32:53 | 00,000,000 | ---D | C -- D:\MEUS DOCUMENTOS\Minhas msicas
2009/05/13 14:32:53 | 00,000,000 | ---D | M -- D:\MEUS DOCUMENTOS\Minhas msicas
< End of report >
Boa Noite! Felipe71
<!> Normalmente,Extras.txt fica minimizado ao final do scan.
°°°°°°°°°°°°°°°°°°
<@> Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://billy-oneal.com/Canned%2520Speeches/speechimages/combofix/desktopicon.png&key=c972c7524cf2a0d4771101cc561140ae5696a3aad55bcf64c111bf1861d92e85" alt="desktopicon.png" /> > ( ...by sUBs )
<!> Link-2 --> < ForoSpyware >
<!> Link-3 --> < GeeksToGo >
<@> Salve-o no desktop!
<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )
<@> Feche todas as janelas e execute a ferramenta!
<@> Ps: A execução,por comando,também é possível:<@> Vá em Iniciar --> Executar --> Digite ou cole: "%userprofile%\desktop\Combofix.exe" /killall
/applications/core/interface/imageproxy/imageproxy.php?img=http://img181.imageshack.us/img181/5825/combofixejr8.gif&key=0d882a59a7a65b06e1b50e837804afc9002b25433ef74e0c3f66f43a58058f7b" alt="combofixejr8.gif" />
<@> Clique em Ok.
<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!
/applications/core/interface/imageproxy/imageproxy.php?img=http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif&key=0010234c6eff8b98a829fe5910d3fd47cc8c551f0c1836fc4748c11079a71d03" alt="RcAuto1.gif" />
<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!
<@> Terminando,clique Sim ou Yes. --> Aguarde!
<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta ComboFix.exe e faça,novamente,seu download.<!> Salve-a no desktop,renomeada como: Kombo.exe
<!> Ps: Nomeie durante o salvamento,e não após salvá-la!
<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em "Modo de Segurança". <-- Link!
<!> Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação:
/applications/core/interface/imageproxy/imageproxy.php?img=http://img.photobucket.com/albums/v666/sUBs/Rookit_found.gif&key=eb1b849776e4208479b15adbf0e86845810495533720ff18c63647e4d0943f29" alt="Rookit_found.gif" />
<!> Ps: Anote essas detecções,e dê o OK.
<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!
<!> Ps: Evite executar,voluntariamente,esta ferramenta!
<!> Ps: Para evitar problemas,siga todas as recomendações propostas.
<!> /applications/core/interface/imageproxy/imageproxy.php?img=http://www.bleepingcomputer.com/forums/style_emoticons/default/nuke.gif&key=c0e9c30559b25d185ea1b32a97bf019e216efb610a0bc1537235cd4f76019ff4" alt="nuke.gif" />*O **ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão** profissional.*
<@> Abrir-se-á a janela Auto Scan. --> Aguarde!
<@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.
<@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!
<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!
<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!
<><><><><><><><><><><><>
<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.
Abraços!
Tópico Arquivado
Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.
Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.
Boa Noite! Felipe71
<@> Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://billy-oneal.com/Canned%2520Speeches/speechimages/OTL/otlDesktopIcon.png&key=1894e5d356219721410c3360cbf9af74877ae24ccc81ed88026fc2d95dd96a07" alt="otlDesktopIcon.png" /> > ( ...by OldTimer Tools )
<@> Salve-o no desktop!
/applications/core/interface/imageproxy/imageproxy.php?img=http://www.geekstogo.com/misc/guide_icons/OTLI-scan.png&key=c1c0ea9de59a575dc1bed2c1a05aea719a59b87835a783b5874a791386bbd330" alt="OTLI-scan.png" />
<@> Segundo a imagem,mude a opção em "Output" para "Minimal Output".
<@> Duplo-clique em OTL.exe --> Marque a opção "Scan All Users".
<@> Clique em: < /applications/core/interface/imageproxy/imageproxy.php?img=http://billy-oneal.com/Canned%2520Speeches/speechimages/otli2/runscanbutton.png&key=e923c4e99200b3f328913bcb139cdc3df2bca2ef774057dc8a5231d49c60a872" alt="runscanbutton.png" /> > --> Aguarde!
<@> Poste:
<1> OTL.txt <--
<2> Extra.txt <--
Abraços!