Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Olá pessoal!
O Edvan, da área de Hardware, recomendou que postasse um log aqui antes de tomar quaisquer medidas posteriores.
Resumindo o problema, meu PC passou do nada a demorar uns 5 min. para abrir a área de trabalho, e fica extremamente lento por mais uns 5 minutos até a luz de uso do HD apagar (durante esse tempo fica acesa direto), depois disso consigo mexer no PC (ainda meio lento).
Bem, segue o log, se tiverem um tempinho e puderem ajudar ficaria muito agradecido.
===//===
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:40:35, on 27/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Native Instruments\Hardware\NIHardwareService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAL.EXE
C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\HijackThissss\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [skyTel] SkyTel.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus CX5600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAL.EXE /FU "C:\WINDOWS\TEMP\E_S88.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON Stylus CX5600 Series (cópia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAL.EXE /FU "C:\WINDOWS\TEMP\E_SD7.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\arquivos de programas\bonjour\mdnsnsp.dll' missing
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Arquivos de programas\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1ca3f992fa42274) (gupdate1ca3f992fa42274) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Arquivos de programas\Arquivos comuns\Native Instruments\Hardware\NIHardwareService.exe
--
End of file - 7304 bytes
Obrigado e abraço!
Olá DigRam!
Segue o OTL.txt, não há nenhum extra.txt, porém.
OTL logfile created on: 28/12/2009 12:00:27 - Run 2
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Home\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 66,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas
Drive C: | 53,71 Gb Total Space | 27,40 Gb Free Space | 51,01% Space Free | Partition Type: NTFS
Drive D: | 10,74 Gb Total Space | 2,91 Gb Free Space | 27,10% Space Free | Partition Type: NTFS
Drive E: | 10,07 Gb Total Space | 5,65 Gb Free Space | 56,14% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: NRLR-M04QJKA95R
Current User Name: Home
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Home\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Arquivos de programas\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO)
PRC - C:\Arquivos de programas\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
PRC - C:\Arquivos de programas\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Arquivos de programas\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Arquivos de programas\Arquivos comuns\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)
PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATICAL.EXE (SEIKO EPSON CORPORATION)
PRC - C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\Home\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\guard32.dll (COMODO)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (cmdAgent) -- C:\Arquivos de programas\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (getPlusHelper) getPlus® -- C:\Arquivos de programas\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (gupdate1ca3f992fa42274) Google Update Service (gupdate1ca3f992fa42274) -- C:\Arquivos de programas\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (JavaQuickStarterService) -- C:\Arquivos de programas\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (AntiVirService) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (NIHardwareService) -- C:\Arquivos de programas\Arquivos comuns\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)
SRV - (AntiVirSchedulerService) -- C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
========== Driver Services (SafeList) ==========
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (Applied Networking Inc.)
DRV - (cmdGuard) -- C:\WINDOWS\system32\drivers\cmdguard.sys (COMODO)
DRV - (Inspect) -- C:\WINDOWS\System32\DRIVERS\inspect.sys (COMODO)
DRV - (cmdHlp) -- C:\WINDOWS\system32\drivers\cmdhlp.sys (COMODO)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntmgr) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntmgr.sys (Avira GmbH)
DRV - (avgntdd) -- C:\WINDOWS\system32\drivers\avgntdd.sys (Avira GmbH)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\ialmnt5.sys (Intel Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1078081533-1303643608-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
IE - HKU\S-1-5-21-1078081533-1303643608-839522115-1003\S-1-5-21-1078081533-1303643608-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1078081533-1303643608-839522115-1003\S-1-5-21-1078081533-1303643608-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Ask.com (Virtus Designs)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.uol.com.br/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.2
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 49
FF - prefs.js..extensions.enabledItems: {fce36c1e-58d8-498a-b2a5-66ad1cedebbb}:0.76
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.5
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.7
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:3.3.19
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.2.9
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:4.0.0
FF - prefs.js..extensions.enabledItems: pt-BR@dictionaries.addons.mozilla.org:1.0.0.1
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028
FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.5
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components [2009/12/28 10:09:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox\plugins [2009/12/16 17:54:56 | 00,000,000 | ---D | M]
[2009/08/16 19:10:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Extensions
[2009/12/27 18:10:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions
[2009/11/03 19:41:05 | 00,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2009/12/11 19:20:10 | 00,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2009/08/16 19:17:12 | 00,000,000 | ---D | M] (Aero Fox) -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
[2009/11/03 19:41:05 | 00,000,000 | ---D | M] (ImTranslator) -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2009/11/05 20:17:01 | 00,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/11/28 20:11:25 | 00,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/12/12 11:45:50 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/10/28 18:36:35 | 00,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/11/24 20:40:42 | 00,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/12/11 19:20:21 | 00,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/08/16 19:21:45 | 00,000,000 | ---D | M] (CustomizeGoogle) -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}
[2009/10/28 18:36:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\anycolor.pavlos256@gmail.com
[2009/10/04 21:09:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\en-US@dictionaries.addons.mozilla.org
[2009/08/16 19:21:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\pt-BR@dictionaries.addons.mozilla.org
[2009/08/16 19:17:13 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\browser\extensions
[2009/08/16 19:17:13 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\mozapps\extensions
[2009/08/16 19:17:13 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\browser\extensions
[2009/08/16 19:17:14 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions
[2009/12/27 18:10:41 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\Mozilla Firefox\extensions
[2009/08/31 16:44:33 | 00,238,776 | ---- | M] (Pando Networks) -- C:\Arquivos de programas\Mozilla Firefox\plugins\npPandoWebInst.dll
[2009/07/30 20:51:30 | 00,001,027 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\buscape.xml
[2009/07/30 20:51:30 | 00,001,135 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\mercadolivre.xml
[2009/07/30 20:51:30 | 00,001,168 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\wikipedia-br.xml
[2009/07/30 20:51:30 | 00,000,648 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\yahoo-br.xml
O1 HOSTS File: (325963 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 11154 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [skyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-1078081533-1303643608-839522115-1003..\Run: [EPSON Stylus CX5600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAL.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1078081533-1303643608-839522115-1003..\Run: [EPSON Stylus CX5600 Series (cópia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAL.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1078081533-1303643608-839522115-1003..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1078081533-1303643608-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Arquivos de programas\Bonjour\mdnsNSP.dll File not found
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1078081533-1303643608-839522115-1003\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab](http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab) (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab](http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab) (Java Plug-in 1.6.0_14)O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.76.224.13 201.76.224.14
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Minha página inicial atual) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/16 17:33:31 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{8731c65a-8dd0-11de-9ec5-001d7d863312}\Shell\AutoRun\command - "" = jmemox.exe
O33 - MountPoints2\{8731c65a-8dd0-11de-9ec5-001d7d863312}\Shell\explore\Command - "" = jmemox.exe
O33 - MountPoints2\{8731c65a-8dd0-11de-9ec5-001d7d863312}\Shell\open\Command - "" = jmemox.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2009/12/28 10:09:00 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Home\Desktop\OTL.exe
[2009/12/27 18:19:32 | 00,000,000 | ---D | C] -- C:\HijackThissss
[2009/12/26 16:26:52 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Western Digital Corporation
[2009/12/25 15:45:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Home\Desktop\Guitarra
[2009/12/25 14:19:30 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2009/12/23 21:39:22 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Lavalys
[2009/12/20 18:45:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Home\Meus documentos\Native Instruments
[2009/12/20 18:42:07 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\{D69A48BF-7653-4AA8-94BC-5847522A4573}
[2009/12/20 18:40:03 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Digidesign
[2009/12/20 18:39:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Native Instruments
[2009/12/20 18:39:45 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\{0CC51CB2-911C-40BB-BC1B-BD3CAC590222}
[2009/12/20 18:38:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2009/12/20 18:38:33 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\{EC98E512-708C-4C3B-9F07-B58768C1DD8A}
[2009/12/20 18:38:19 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}
[2009/12/20 18:38:13 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Native Instruments
[2009/12/20 18:38:12 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Native Instruments
[2009/12/20 18:33:09 | 00,000,000 | ---D | C] -- C:\guitarRig4
[2009/12/19 17:57:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Home\Desktop\Nova pasta
[2009/12/16 21:36:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Home\Dados de aplicativos\Audacity
[2009/12/16 21:35:36 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Audacity 1.3 Beta (Unicode)
[2009/12/14 17:49:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\LogMeIn Hamachi
[2009/12/12 23:50:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Home\Dados de aplicativos\Hamachi
[2009/12/12 23:49:52 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Hamachi
[2009/12/11 22:24:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Home\Configurações locais\Dados de aplicativos\LogMeIn Hamachi
[2009/12/11 21:49:53 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Microsoft Games
[2009/11/29 17:39:54 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Guitar Pro 5
[2009/11/28 19:49:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2009/09/27 16:56:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Google
[2009/09/27 15:37:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Google
[2009/08/25 13:30:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft
[2009/08/23 16:22:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft
[2009/08/17 21:27:10 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dados de aplicativos\Microsoft
[2009/08/16 17:33:10 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dados de aplicativos\Microsoft
[2007/01/01 00:33:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Temp
[2 C:\Documents and Settings\Home\Meus documentos\.tmp files -> C:\Documents and Settings\Home\Meus documentos\.tmp -> ]
[1 C:\WINDOWS\.tmp files -> C:\WINDOWS\.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2009/12/28 12:02:00 | 00,001,048 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/12/28 10:09:22 | 07,602,176 | -H-- | M] () -- C:\Documents and Settings\Home\NTUSER.DAT
[2009/12/28 10:03:11 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Home\Desktop\OTL.exe
[2009/12/28 09:57:13 | 00,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/28 09:54:19 | 00,001,044 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/12/28 09:54:12 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/28 09:54:09 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/27 23:27:25 | 00,000,210 | -HS- | M] () -- C:\Documents and Settings\Home\ntuser.ini
[2009/12/27 18:27:48 | 00,001,620 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\CCleaner.lnk
[2009/12/26 21:10:12 | 01,250,816 | ---- | M] () -- C:\Documents and Settings\Home\Meus documentos\Seqüências.doc
[2009/12/25 14:21:18 | 00,007,268 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2009/12/25 10:04:40 | 04,323,720 | -H-- | M] () -- C:\Documents and Settings\Home\Configurações locais\Dados de aplicativos\IconCache.db
[2009/12/24 18:28:07 | 00,001,706 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/12/23 21:39:50 | 00,000,827 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\EVEREST Ultimate Edition.lnk
[2009/12/20 15:40:34 | 00,009,216 | ---- | M] () -- C:\Documents and Settings\Home\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/19 21:52:50 | 02,960,686 | ---- | M] () -- C:\sooolooo
[2009/12/19 21:52:48 | 00,743,744 | ---- | M] () -- C:\sooolooo2.mp3
[2009/12/19 21:41:14 | 02,118,190 | ---- | M] () -- C:\test2
[2009/12/19 21:41:14 | 01,559,086 | ---- | M] () -- C:\testeee
[2009/12/19 21:38:57 | 00,532,352 | ---- | M] () -- C:\aaaaaaaaaaaaa2.mp3
[2009/12/19 21:38:20 | 00,532,352 | ---- | M] () -- C:\Documents and Settings\Home\Meus documentos\aaaaaaaaa2
[2009/12/19 21:32:04 | 00,532,352 | ---- | M] () -- C:\Documents and Settings\Home\Meus documentos\testt
[2009/12/19 21:28:42 | 00,393,792 | ---- | M] () -- C:\aaaaaaaaaaaaa.mp3
[2009/12/19 20:46:20 | 00,466,688 | ---- | M] () -- C:\Documents and Settings\Home\Meus documentos\aaaaaaaaaaaaa
[2009/12/19 20:44:41 | 00,465,536 | ---- | M] () -- C:\Documents and Settings\Home\Meus documentos\rec
[2009/12/19 18:54:15 | 00,011,006 | ---- | M] () -- C:\Documents and Settings\Home\Meus documentos\cc_20091219_185359.reg
[2009/12/16 21:36:07 | 00,000,769 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2009/12/12 23:49:53 | 00,015,440 | ---- | M] (Applied Networking Inc.) -- C:\WINDOWS\System32\drivers\hamachi.sys
[2009/12/12 23:49:53 | 00,000,672 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\hamachi.lnk
[2009/12/12 23:21:40 | 00,001,989 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\Age of Empires II.lnk
[2009/12/12 17:07:33 | 00,021,432 | ---- | M] () -- C:\Documents and Settings\Home\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT
[2009/12/12 08:42:51 | 01,420,680 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/12/11 17:48:15 | 07,968,768 | ---- | M] () -- C:\Documents and Settings\Home\Meus documentos\Leaflet2.doc
[2009/12/11 16:39:56 | 00,029,184 | ---- | M] () -- C:\Documents and Settings\Home\Meus documentos\Leaflet.doc
[2009/12/09 10:31:39 | 00,344,380 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat
[2009/12/09 10:31:39 | 00,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/09 10:31:39 | 00,048,628 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat
[2009/12/09 10:31:39 | 00,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/09 10:31:38 | 00,752,074 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/09 09:31:30 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/08 15:36:32 | 00,000,759 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\ASIO4ALL v2 Off-Line Settings.lnk
[2009/12/02 19:22:41 | 00,171,552 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2009/12/02 19:22:34 | 00,133,064 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys
[2 C:\Documents and Settings\Home\Meus documentos\.tmp files -> C:\Documents and Settings\Home\Meus documentos\.tmp -> ]
[1 C:\WINDOWS\.tmp files -> C:\WINDOWS\.tmp -> ]
========== Files Created - No Company Name ==========
[2009/12/26 20:48:22 | 01,250,816 | ---- | C] () -- C:\Documents and Settings\Home\Meus documentos\Seqüências.doc
[2009/12/25 14:19:55 | 00,007,268 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2009/12/23 21:39:50 | 00,000,827 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\EVEREST Ultimate Edition.lnk
[2009/12/19 21:52:44 | 00,743,744 | ---- | C] () -- C:\sooolooo2.mp3
[2009/12/19 21:51:53 | 02,960,686 | ---- | C] () -- C:\sooolooo
[2009/12/19 21:38:55 | 00,532,352 | ---- | C] () -- C:\aaaaaaaaaaaaa2.mp3
[2009/12/19 21:38:18 | 00,532,352 | ---- | C] () -- C:\Documents and Settings\Home\Meus documentos\aaaaaaaaa2
[2009/12/19 21:32:02 | 00,532,352 | ---- | C] () -- C:\Documents and Settings\Home\Meus documentos\testt
[2009/12/19 21:31:17 | 02,118,190 | ---- | C] () -- C:\test2
[2009/12/19 21:19:02 | 00,393,792 | ---- | C] () -- C:\aaaaaaaaaaaaa.mp3
[2009/12/19 21:16:47 | 01,559,086 | ---- | C] () -- C:\testeee
[2009/12/19 20:46:18 | 00,466,688 | ---- | C] () -- C:\Documents and Settings\Home\Meus documentos\aaaaaaaaaaaaa
[2009/12/19 20:44:39 | 00,465,536 | ---- | C] () -- C:\Documents and Settings\Home\Meus documentos\rec
[2009/12/19 18:54:00 | 00,011,006 | ---- | C] () -- C:\Documents and Settings\Home\Meus documentos\cc_20091219_185359.reg
[2009/12/16 21:36:07 | 00,000,769 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2009/12/12 23:49:53 | 00,000,672 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\hamachi.lnk
[2009/12/11 21:51:19 | 00,001,989 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\Age of Empires II.lnk
[2009/12/11 17:46:27 | 07,968,768 | ---- | C] () -- C:\Documents and Settings\Home\Meus documentos\Leaflet2.doc
[2009/10/14 15:27:06 | 14,909,57360 | ---- | C] () -- C:\Arquivos de programas\ruina_de_morroc.zip
[2009/09/04 18:36:09 | 00,000,082 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/08/28 23:08:44 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/08/28 23:08:44 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/08/28 23:08:42 | 00,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/08/28 23:08:42 | 00,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/08/28 23:08:41 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/08/28 23:08:39 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/08/28 23:08:39 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/08/23 18:07:52 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/08/23 18:05:50 | 00,000,053 | ---- | C] () -- C:\WINDOWS\EPCX5600.ini
[2009/08/17 18:24:35 | 00,000,415 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/08/16 21:59:16 | 00,009,216 | ---- | C] () -- C:\Documents and Settings\Home\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/16 18:12:13 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/01/05 16:44:10 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2002/03/25 18:02:14 | 00,014,368 | R--- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[1999/01/22 14:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1997/06/13 22:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
========== LOP Check ==========
[2009/09/05 22:14:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Advanced Chemistry Development
[2009/08/22 21:42:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\EPSON
[2009/12/20 18:39:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Native Instruments
[2009/11/12 18:45:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\PMB Files
[2009/08/17 16:47:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP
[2009/12/20 18:39:45 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\{0CC51CB2-911C-40BB-BC1B-BD3CAC590222}
[2009/12/20 18:42:07 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\{D69A48BF-7653-4AA8-94BC-5847522A4573}
[2009/12/20 18:38:19 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}
[2009/12/20 18:38:33 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\{EC98E512-708C-4C3B-9F07-B58768C1DD8A}
[2009/09/05 22:14:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Dados de aplicativos\Advanced Chemistry Development
[2009/12/19 22:08:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Dados de aplicativos\Audacity
[2009/08/18 22:29:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Dados de aplicativos\GrabPro
[2009/12/22 23:28:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Dados de aplicativos\Orbit
[2009/12/20 18:45:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Dados de aplicativos\uTorrent
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:0CE7F3C9
< End of report >
===//===
Dei uma olhada no HOSTS para ver o que eram essas entradas estranhas, consta que foram inseridas pelo Spybot S&D, menos mal...
Abraço!
Boa Tarde! RAT_GTR
Dei uma olhada no HOSTS para ver o que eram essas entradas estranhas, consta que foram inseridas pelo Spybot S&D, menos mal...
<!> É normal esse gerenciamento do Spybot,ao hosts,onde poderíamos incluir outros domínios nessa relação.
°°°°°°°°°°°°°°°°°°°°°°°°°
°°°°°°°°°°°°°°°°°°°°°°°°°
<@> Execute o OTL.exe.
<@> Copie estas informações que estão no Quote,para o campo clipboard da ferramenta. ( Custom Scans/Fixes )
>
:OTL@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:0CE7F3C9
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O33 - MountPoints2\{8731c65a-8dd0-11de-9ec5-001d7d863312}\Shell\AutoRun\command - "" = jmemox.exe
O33 - MountPoints2\{8731c65a-8dd0-11de-9ec5-001d7d863312}\Shell\explore\Command - "" = jmemox.exe
O33 - MountPoints2\{8731c65a-8dd0-11de-9ec5-001d7d863312}\Shell\open\Command - "" = jmemox.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
:Files
C:\Documents and Settings\Home\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Documents and Settings\Home\Meus documentos\*.tmp
C:\WINDOWS\*.tmp
:Commands
[purity]
[emptytemp]
[Reboot]
<@> Clique no botão Run Fix --> Aguarde a conclusão!
<@> Terminando,vá até a pasta: C:\_OTL\MovedFiles\.log <-- Poste!*
°°°°°°°°°°°°°°°°°°°°°°°°°
°°°°°°°°°°°°°°°°°°°°°°°°°
<@> Baixe: < UsbFix.exe > ( ...par Chiquitine29 et Chimay8 )
<@> Salve-a em Arquivos de programas!
<@> Desabilite seu antivírus!
<@> Instale e execute a ferramenta,com um duplo-clique em: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i39.tinypic.com/r2t69y.jpg&key=0fb5c165f1d6600b7bf95a7030d087f3c3d0cd066b22c96bd9aeb80922ea44ba" alt="r2t69y.jpg" /> >
<@> Nas opções da língua,escolha "PT-BR" --> Enter.
<@> Escolha a opção 2: 2. Suppression des fichiers infectieux --> Aperte Enter.
< /applications/core/interface/imageproxy/imageproxy.php?img=http://i44.tinypic.com/wrmljk.jpg&key=8a98b970d18a6145e41ab9e34dad2d39b6ac62af3c84ae62a6a79f611f9e4020" alt="wrmljk.jpg" /> >
<@> Surgirá uma mensagem,pedindo que seja conectada sua(s) mídia(s) removíveis,ao computador. ( pendrive,mp3,mp4,iPods,etc... )
<@> Aceite a solicitação,e dê o Ok. --> À seguir clique,novamente,em Ok.
< /applications/core/interface/imageproxy/imageproxy.php?img=http://i39.tinypic.com/6f8nwo.jpg&key=0560e9b135188afe88910b0f35be92353ae7701e625357480ba37b16a8ba5fee" alt="6f8nwo.jpg" /> >
<@> O computador irá reiniciar. <-- Aguarde!
<@> Terminando,clique em "Continue" e aguarde a finalização da ferramenta.
<@> Ps: Não desconecte,ainda,sua(s) mídia(s) removíveis! <-- Importante!
<@> Surgirá a mensagem: "Nettoyage effectue" --> Aperte Enter.
<@> Poste o relatório,que estará em: C:\UsbFix.txt <--
°°°°°°°°°°°°°°°°°°°°°°°°°
°°°°°°°°°°°°°°°°°°°°°°°°°
<@> Execute o OTL Quick Scan,onde teremos um rápido escaneamento da ferramenta.
<@> Duplo-clique em: < /applications/core/interface/imageproxy/imageproxy.php?img=http://billy-oneal.com/Canned%2520Speeches/speechimages/OTL/otlDesktopIcon.png&key=1894e5d356219721410c3360cbf9af74877ae24ccc81ed88026fc2d95dd96a07" alt="otlDesktopIcon.png" /> >
<@> Clique em "Scan All Users" --> /applications/core/interface/imageproxy/imageproxy.php?img=http://i27.tinypic.com/2j287qe.png&key=ed81a672e2ffbf39739363233aa436c32b4bb92bded0c687a6bac5431ff58e96" alt="2j287qe.png" /> --> Aguarde!
<@> Copie e poste o relatório. ( OTL log )
Abraços!
Boa Noite DigRam!
Seguem os logs.
===//===
All processes killed
========== OTL ==========
ADS C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:0CE7F3C9 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8731c65a-8dd0-11de-9ec5-001d7d863312}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8731c65a-8dd0-11de-9ec5-001d7d863312}\ not found.
File jmemox.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8731c65a-8dd0-11de-9ec5-001d7d863312}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8731c65a-8dd0-11de-9ec5-001d7d863312}\ not found.
File jmemox.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8731c65a-8dd0-11de-9ec5-001d7d863312}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8731c65a-8dd0-11de-9ec5-001d7d863312}\ not found.
File jmemox.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
========== FILES ==========
C:\Documents and Settings\Home\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
C:\Documents and Settings\Home\Meus documentos\~WRL1286.tmp moved successfully.
C:\Documents and Settings\Home\Meus documentos\~WRL1578.tmp moved successfully.
C:\WINDOWS\002445_.tmp moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrador
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Home
->Temp folder emptied: 4576509 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 93937077 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33616 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 153771 bytes
RecycleBin emptied: 1072690673 bytes
Total Files Cleaned = 1.117,00 mb
OTL by OldTimer - Version 3.1.20.1 log created on 12282009_192149
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
===//===
############################## | UsbFix V6.068 |
User : Home (Administradores) # NRLR-M04QJKA95R
Update on 28/12/2009 by Chiquitine29, C_XX & Chimay8
Start at: 19:43:05 | 28/12/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel® Pentium® 4 CPU 3.06GHz
Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : AntiVir Desktop 9.0.1.32 [ (!) Disabled | (!) Outdated ]
FW : COMODO Firewall[ Enabled ]3.9
A:\ -> Unidade de disquete de 3 1/2 polegadas
C:\ -> Disco fixo local # 53,71 Go (27,25 Go free) # NTFS
D:\ -> Disco fixo local # 10,74 Go (2,92 Go free) [Disco Local] # NTFS
E:\ -> Disco fixo local # 10,07 Go (6,57 Go free) [Novo Volume] # NTFS
F:\ -> Disco removível
G:\ -> Disco removível
H:\ -> Disco removível
I:\ -> Disco removível
J:\ -> Disco CD-ROM
############################## | Processos activos |
C:\WINDOWS\System32\smss.exe 684
C:\WINDOWS\system32\csrss.exe 724
C:\WINDOWS\system32\winlogon.exe 748
C:\WINDOWS\system32\services.exe 792
C:\WINDOWS\system32\lsass.exe 804
C:\WINDOWS\system32\svchost.exe 980
C:\WINDOWS\system32\svchost.exe 1048
C:\Arquivos de programas\COMODO\COMODO Internet Security\cmdagent.exe 1144
C:\WINDOWS\system32\svchost.exe 1172
C:\WINDOWS\System32\svchost.exe 1308
C:\WINDOWS\System32\svchost.exe 1476
C:\WINDOWS\system32\spoolsv.exe 1596
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe 1660
C:\WINDOWS\System32\svchost.exe 1760
C:\WINDOWS\system32\WgaTray.exe 1932
C:\Arquivos de programas\Google\Update\GoogleUpdate.exe 1952
C:\WINDOWS\Explorer.EXE 2000
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe 268
C:\Arquivos de programas\Java\jre6\bin\jqs.exe 400
C:\Arquivos de programas\Arquivos comuns\Native Instruments\Hardware\NIHardwareService.exe 504
C:\WINDOWS\System32\svchost.exe 1084
C:\WINDOWS\system32\wuauclt.exe 1268
C:\WINDOWS\system32\wbem\wmiprvse.exe 1416
################## | Ficheiros # pastas infeciosos |
Supprimido ! C:\Recycler\S-1-5-21-1078081533-1303643608-839522115-1003
Supprimido ! D:\Recycler\S-1-5-21-1078081533-1303643608-839522115-1003
Supprimido ! D:\Recycler\S-1-5-21-1614895754-1801674531-839522115-1001
Supprimido ! D:\Recycler\S-1-5-21-1659004503-1482476501-839522115-1003
Supprimido ! D:\Recycler\S-1-5-21-56604596-3646181656-1509837818-1003
Supprimido ! E:\Recycler\S-1-5-21-1078081533-1303643608-839522115-1003
Supprimido ! E:\Recycler\S-1-5-21-56604596-3646181656-1509837818-1003
################## | Registro # Chaves infectieuses |
################## | Registro # Mountpoints2 |
################## | Listing |
[07/09/2009 13:53|--a------|89953] C:\07rato550.jpg
[13/09/2009 00:23|--a------|153194] C:\3d2647iq.jpg
[13/09/2009 00:23|--a------|152341] C:\3d2697zc.jpg
[04/10/2009 16:12|--a------|836796] C:\45434.gif
[19/12/2009 21:28|--a------|393792] C:\aaaaaaaaaaaaa.mp3
[19/12/2009 21:38|--a------|532352] C:\aaaaaaaaaaaaa2.mp3
[30/09/2009 18:02|--a------|25682] C:\ajudandoopapai.jpg
[16/08/2009 17:33|--a------|0] C:\AUTOEXEC.BAT
[13/09/2009 00:22|---------|581097] C:\Balance_Wallpaper_by_nxxos.jpg
[23/08/2009 15:43|-rahs----|211] C:\boot.ini
[28/10/2001 10:06|-rahs----|4952] C:\Bootfont.bin
[12/09/2009 00:54|--a------|2119256] C:\bunnyattack.gif
[31/08/2009 21:50|--a------|55] C:\celulares.txt
[16/08/2009 17:33|--a------|0] C:\CONFIG.SYS
[16/08/2009 18:07|--a------|58] C:\csb.log
[02/10/2009 22:43|--a------|65536] C:\epic-fail-manicure-set-fail.jpg
[09/09/2009 23:10|--a------|7284] C:\fake_smile_4110.jpg
[19/09/2009 23:33|--a------|58551] C:\figura1h.jpg
[19/09/2009 23:33|--a------|74515] C:\figura2v.jpg
[19/09/2009 23:33|--a------|47356] C:\figura3y.jpg
[19/09/2009 23:33|--a------|52923] C:\figura4.jpg
[19/09/2009 23:33|--a------|54713] C:\figura5t.jpg
[19/09/2009 23:33|--a------|50969] C:\figura6r.jpg
[19/09/2009 23:34|--a------|41080] C:\figura7e.jpg
[19/09/2009 23:34|--a------|35341] C:\figura8p.jpg
[19/09/2009 23:34|--a------|52283] C:\figura9.jpg
[04/12/2009 22:07|--a------|929] C:\fisica 1na.txt
[06/09/2009 22:43|--a------|66872] C:\gato.JPG
[03/09/2009 16:58|--a------|22363] C:\img.jpg
[01/01/2007 01:01|--a------|158616] C:\Img00028.jpg
[03/09/2009 17:19|--a------|455578] C:\Img00028alt c¢pia.jpg
[03/09/2009 17:19|--a------|9807923] C:\Img00028alt.psd
[03/09/2009 16:59|--a------|23381] C:\img2.jpg
[07/09/2009 11:56|--a------|23936] C:\img3.jpg
[07/09/2009 11:56|--a------|23958] C:\img4.jpg
[07/09/2009 11:57|--a------|24713] C:\img5.jpg
[25/09/2009 16:49|--a------|24859] C:\imgcrono.jpg
[02/10/2009 23:19|--a------|24576] C:\imprimir.doc
[16/08/2009 17:33|-rahs----|0] C:\IO.SYS
[13/09/2009 00:20|--a------|32031] C:\kevin-daniel-howling-wolves.jpg
[18/11/2009 10:57|--a------|1075] C:\medley 32.txt
[16/08/2009 17:33|-rahs----|0] C:\MSDOS.SYS
[13/09/2009 00:15|--a------|80383] C:\namib-desert-air-p-32.3.jpg
[13/09/2009 00:15|--a------|105814] C:\namib-desert-air-v-23.3.jpg
[23/08/2009 15:38|-rahs----|47564] C:\NTDETECT.COM
[23/08/2009 15:38|-rahs----|251168] C:\ntldr
[10/10/2009 21:31|--a------|81817] C:\OgAAAA64V9Ed_CVWFGmCJDQGpmvo1iREvjX6t1l_nhCZzG2putym0uJ0e1gb8gjhl3XEhjTGE5X4hKR9LMk86Je6my4Am1T1UNRlq7UwwCr4rz6GSpzC6O4DKL_L.jpg
[?|?|?] C:\pagefile.sys
[28/09/2009 15:42|--a------|316480] C:\Pangea_animation_03.gif
[11/10/2009 00:16|--a------|269] C:\rap.txt
[13/10/2009 18:09|--a------|283] C:\ratmus estoria.txt
[16/08/2009 18:07|--a------|347] C:\RHDSetup.log
[27/09/2009 16:46|--a------|1972280] C:\rota enem01-2.bmp
[27/09/2009 16:41|--a------|2359350] C:\rota enem01.bmp
[27/09/2009 16:49|--a------|1972280] C:\rota enem02-2.bmp
[27/09/2009 16:42|--a------|2359350] C:\rota enem02.bmp
[27/09/2009 16:51|--a------|1984568] C:\rota enem03-2.bmp
[27/09/2009 16:43|--a------|2359350] C:\rota enem03.bmp
[03/10/2009 14:12|--a------|1274] C:\saasassaasassaas.txt
[19/12/2009 21:52|--a------|2960686] C:\sooolooo
[19/12/2009 21:52|--a------|743744] C:\sooolooo2.mp3
[19/12/2009 21:41|--a------|2118190] C:\test2
[19/12/2009 21:41|--a------|1559086] C:\testeee
[13/09/2009 00:25|--a------|556562] C:\thecube1024x768lg4.jpg
[10/10/2009 23:04|--ahs----|188928] C:\Thumbs.db
[28/12/2009 19:48|--a------|6404] C:\UsbFix.txt
[09/09/2009 21:05|--a------|39] C:\ytyttyt.txt
[07/08/2009 23:22|--a------|13492] D:\100.gif
[12/07/2009 00:18|--a------|200017] D:\11469538.jpg
[12/06/2009 18:51|--a------|41823] D:\1222451-3380-atm14.jpg
[12/06/2009 18:52|--a------|50680] D:\1222462-9350-atm14.jpg
[12/06/2009 18:52|--a------|37570] D:\1222464-2000-atm14.jpg
[14/08/2009 16:10|--a------|4456] D:\1250206823.jpg
[29/08/2009 23:57|--a------|15888] D:\136017-10uyt0-erroxpsp2.jpg
[10/08/2009 20:02|--a------|626289] D:\160px-Chuck_Approves.gif
[07/08/2009 23:22|--a------|4843] D:\26.gif
[07/07/2009 21:51|--a------|22400] D:\2887060541_cc40fa6e93.jpg
[17/06/2009 22:33|--a------|2554] D:\57.gif
[07/08/2009 23:22|--a------|3158] D:\64.gif
[18/08/2009 22:17|--a------|112171] D:\800px-Starwars-tatooine.jpg
[24/08/2009 18:09|--a------|441653] D:\admmoduser.gif
[06/08/2009 14:49|--a------|2983929] D:\Baixe o manual aqui.pdf.htm
[19/07/2009 01:36|--a------|109139] D:\Bejeweled (128x160).jar
[07/08/2009 15:46|--a------|99582] D:\dwarf_male120x.gif
[03/08/2009 18:40|--a------|46978] D:\Esquema21c.gif
[25/06/2009 20:29|--a------|10756] D:\gargalhada2.gif
[30/08/2009 12:20|--a------|13971] D:\happy50.gif
[19/07/2009 19:47|--a------|41955] D:\House_de_m scara.jpg
[26/07/2009 16:57|--a------|66789] D:\Ibeat.jpg
[01/01/2007 01:02|--a------|139518] D:\Img00087.jpg
[01/01/2007 01:00|--a------|203295] D:\Img00440.jpg
[01/01/2007 01:00|--a------|203597] D:\Img00441.jpg
[01/01/2007 01:00|--a------|243006] D:\Img00442.jpg
[01/01/2007 01:00|--a------|243529] D:\Img00443.jpg
[01/01/2007 01:01|--a------|234943] D:\Img00444.jpg
[01/01/2007 01:01|--a------|234608] D:\Img00445.jpg
[25/06/2009 20:29|--a------|41101] D:\jerry_gargalhada.gif
[08/08/2009 22:15|--a------|4767] D:\kiko.jpg
[29/06/2009 22:26|--a------|1190512] D:\Neri seguro Regina.one
[08/08/2009 22:38|--a------|41444] D:\nogos1.jpg
[10/06/2009 20:45|--a------|131200] D:\odin-and-puppies.jpg
[28/06/2009 14:10|--a------|76436] D:\Odin.jpg
[03/08/2009 23:21|--a------|55579] D:\OgAAAABaOC7hoOZS6IbTjXyycWPHBGAp8n61UELQuqAS1nepU6eWLQmJiSNw1U6m9HfUisoNUJ2erd5cxV0j4s0rq2oAm1T1UOkE-SPHm4E1KQZBtAD62DRPBULO.jpg
[09/07/2009 19:14|--a------|30931] D:\OgAAADybGzaKjvkvKnuZQ3LLokZHI0ji6dbTICY9sVECtp6ejpQAlqOzq2BKFI_S41Gw9va41hhNQX-2SIr4gn1IZswAm1T1UD7YD43BxHkcfO0umB7nOMbhQd5J.jpg
[09/07/2009 19:24|--a------|113970] D:\OgAAAFncrba-esrPX5ZzkeD2m8QpjY51iTjvHzroPpdiEs22JCiIvw8PCTmc1twVwNA7QN9ToYY_8ksRTsBDTNEUAP0Am1T1UJtUdO-U77ndI6L15v1ej_bnkVfc.jpg
[09/07/2009 19:08|--a------|29409] D:\OgAAAHeLuanKxJHsfbFyFKSjPcx4G802JsECMS4a1pxRdjYN4_1WfvY_dO7H4kGRFnmkOaMf-OP66shXrV5cl4OqNaoAm1T1UNM89797mw0U1euEQD56liukHQ7B.jpg
[09/07/2009 19:14|--a------|39126] D:\OgAAAHnCwlc-vPwwa9rMPt2azWv6iPvOy6hNi9EaN47lrZDs9popEWXppTm0qqRQshzsAzbbg9ui7A164pDYMoLf2KwAm1T1UDjzn6IRE0Emh3jAbSS5cMCtyBqs.jpg
[30/08/2009 12:20|--a------|958] D:\ohyeah.gif
[09/07/2009 19:25|--a------|100198] D:\OQAAABAwuF1upgI0cY0VcBTRT_-iy3rbq7ZDpdEzuI-WyIuNVd33OXfqNMHtpW-H93kvn8xUe8U4NaiFswD42c2xuPgAm1T1UE4lzhU7CEhTGGlxXKBznmbgGb95.jpg
[09/07/2009 19:21|--a------|15492] D:\OQAAADzs7MzlGLqbAYdBGSrzfukwJh6h3GvWNQxT-dxKIOoG0UvLzhO1fHafoop_TumgtmB0PJ4LY3j3QwQQNGq0KMMAm1T1UB30CXR3nA2aE_D0lsv7ii0Bv1f_.jpg
[02/08/2009 00:28|--a------|351933] D:\Overtonesandundertones2.jpg
[30/06/2009 20:17|--a------|25170] D:\picard-facepalm.jpg
[28/06/2009 14:01|--a------|19756] D:\pirata_montilla_.jpg
[28/06/2009 13:59|--a------|123938] D:\pirate-skeleton.jpg
[04/08/2009 22:05|--a------|103371] D:\pirate-skeleton2.JPG
[11/07/2009 17:17|--a------|58044] D:\quadrinho_mecanica_006.jpg
[29/06/2009 23:05|--a------|8296] D:\ReadMe.b4u
[22/06/2009 17:31|--a------|66828] D:\Sheriff Badge (2)_2.jpg
[21/08/2009 18:02|--a------|75468] D:\spawn.gif
[03/08/2009 18:34|--a------|29202] D:\stand2hb1sc.gif
[03/08/2009 22:40|--a------|63646] D:\sthac-HSH-wiring.jpg
[02/08/2009 00:28|--a------|600947] D:\Table_of_Harmonics.jpg
[10/07/2009 14:15|--a------|200177] D:\Tesla_colorado.jpg
[27/12/2009 12:43|--ahs----|352768] D:\Thumbs.db
[26/10/2008 20:19|--a------|74972] D:\Vick.jpg
[03/08/2009 18:53|--a------|123485] D:\wdu_hsh5l11_01.jpg
[03/08/2009 18:53|--a------|136645] D:\wdu_hsh5l11_02.jpg
[03/08/2009 18:55|--a------|145888] D:\wdu_hsh5l11_03.jpg
[03/08/2009 18:52|--a------|110415] D:\wdu_hss5l11_01.jpg
[06/08/2009 22:30|--a------|24648] E:\Campo Harm“nico.gp5
[16/08/2009 16:08|--ahs----|357376] E:\Thumbs.db
################## | Vaccinação |
################## | Crack > Keygen > Serial |
"C:\Arquivos de programas\Microsoft Games\Age of Empires II\CrackXP.exe"
27/11/1999 00:00 |Size 89088 |Crc32 7ad018b9 |Md5 a7d491c3b7d8aef934573b2679eb5909
"D:\Shared\PACK(ARES CRACK)\PACK(ARES CRACK)\crack\Ares.exe"
05/07/2009 03:39 |Size 3231744 |Crc32 45e20368 |Md5 2931f8782ef11bdf33c448e5ac5c90cf
"D:\Shared\PACK(ARES CRACK).zip"
-> Contain : PACK(ARES CRACK)\crack\Ares.exe
################## | Upload |
Favor enviar o arquivo : C:\DOCUME~1\Home\Desktop\UsbFix_Upload_Me_NRLR-M04QJKA95R.zip : http://chiquitine.changelog.fr/Sample/Upload.php
Obrigado pela sua contribuição .
################## | ! Fim do relatório # UsbFix V6.068 ! |
===//===
OTL logfile created on: 28/12/2009 20:38:57 - Run 3
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Home\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 66,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas
Drive C: | 53,71 Gb Total Space | 27,19 Gb Free Space | 50,61% Space Free | Partition Type: NTFS
Drive D: | 10,74 Gb Total Space | 4,21 Gb Free Space | 39,21% Space Free | Partition Type: NTFS
Drive E: | 10,07 Gb Total Space | 6,64 Gb Free Space | 65,98% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: NRLR-M04QJKA95R
Current User Name: Home
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Home\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Arquivos de programas\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO)
PRC - C:\Arquivos de programas\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
PRC - C:\Arquivos de programas\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Arquivos de programas\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\update.exe (Avira GmbH)
PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Arquivos de programas\Arquivos comuns\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)
PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\Home\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\guard32.dll (COMODO)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (cmdAgent) -- C:\Arquivos de programas\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (getPlusHelper) getPlus® -- C:\Arquivos de programas\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (gupdate1ca3f992fa42274) Google Update Service (gupdate1ca3f992fa42274) -- C:\Arquivos de programas\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (JavaQuickStarterService) -- C:\Arquivos de programas\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (AntiVirService) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (NIHardwareService) -- C:\Arquivos de programas\Arquivos comuns\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)
SRV - (AntiVirSchedulerService) -- C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1078081533-1303643608-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
IE - HKU\S-1-5-21-1078081533-1303643608-839522115-1003\S-1-5-21-1078081533-1303643608-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1078081533-1303643608-839522115-1003\S-1-5-21-1078081533-1303643608-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Ask.com (Virtus Designs)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.uol.com.br/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.2
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 49
FF - prefs.js..extensions.enabledItems: {fce36c1e-58d8-498a-b2a5-66ad1cedebbb}:0.76
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.5
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.7
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:3.3.19
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.2.9
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:4.0.0
FF - prefs.js..extensions.enabledItems: pt-BR@dictionaries.addons.mozilla.org:1.0.0.1
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028
FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.5
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components [2009/12/28 10:09:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox\plugins [2009/12/16 17:54:56 | 00,000,000 | ---D | M]
[2009/08/16 19:10:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Extensions
[2009/12/28 18:17:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions
[2009/11/03 19:41:05 | 00,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2009/12/11 19:20:10 | 00,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2009/08/16 19:17:12 | 00,000,000 | ---D | M] (Aero Fox) -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
[2009/11/03 19:41:05 | 00,000,000 | ---D | M] (ImTranslator) -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2009/11/05 20:17:01 | 00,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/11/28 20:11:25 | 00,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/12/12 11:45:50 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/10/28 18:36:35 | 00,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/11/24 20:40:42 | 00,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/12/11 19:20:21 | 00,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/08/16 19:21:45 | 00,000,000 | ---D | M] (CustomizeGoogle) -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}
[2009/10/28 18:36:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\anycolor.pavlos256@gmail.com
[2009/10/04 21:09:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\en-US@dictionaries.addons.mozilla.org
[2009/08/16 19:21:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\pt-BR@dictionaries.addons.mozilla.org
[2009/08/16 19:17:13 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\browser\extensions
[2009/08/16 19:17:13 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\mozapps\extensions
[2009/08/16 19:17:13 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\browser\extensions
[2009/08/16 19:17:14 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions
[2009/12/28 18:17:34 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\Mozilla Firefox\extensions
[2009/08/31 16:44:33 | 00,238,776 | ---- | M] (Pando Networks) -- C:\Arquivos de programas\Mozilla Firefox\plugins\npPandoWebInst.dll
[2009/07/30 20:51:30 | 00,001,027 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\buscape.xml
[2009/07/30 20:51:30 | 00,001,135 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\mercadolivre.xml
[2009/07/30 20:51:30 | 00,001,168 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\wikipedia-br.xml
[2009/07/30 20:51:30 | 00,000,648 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\yahoo-br.xml
O1 HOSTS File: (325963 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 11154 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [skyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-1078081533-1303643608-839522115-1003..\Run: [EPSON Stylus CX5600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAL.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1078081533-1303643608-839522115-1003..\Run: [EPSON Stylus CX5600 Series (cópia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAL.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1078081533-1303643608-839522115-1003..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 128
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 128
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1078081533-1303643608-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 128
O7 - HKU\S-1-5-21-1078081533-1303643608-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 128
O7 - HKU\S-1-5-21-1078081533-1303643608-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Arquivos de programas\Bonjour\mdnsNSP.dll File not found
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1078081533-1303643608-839522115-1003\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab](http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab) (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab](http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab) (Java Plug-in 1.6.0_14)O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.76.224.13 201.76.224.14
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Minha página inicial atual) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/16 17:33:31 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/12/28 19:48:06 | 00,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/12/28 19:48:06 | 00,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/12/28 19:48:07 | 00,000,000 | RHSD | M] - E:\autorun.inf -- [ NTFS ]
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
========== Files/Folders - Created Within 14 Days ==========
[2009/12/28 19:48:06 | 00,000,000 | RHSD | C] -- C:\autorun.inf
[2009/12/28 19:34:52 | 00,000,000 | ---D | C] -- C:\UsbFix
[2009/12/28 19:21:49 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/12/28 10:09:00 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Home\Desktop\OTL.exe
[2009/12/27 18:19:32 | 00,000,000 | ---D | C] -- C:\HijackThissss
[2009/12/26 16:26:52 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Western Digital Corporation
[2009/12/25 15:45:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Home\Desktop\Guitarra
[2009/12/25 14:19:30 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2009/12/23 21:39:22 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Lavalys
[2009/12/20 18:45:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Home\Meus documentos\Native Instruments
[2009/12/20 18:42:07 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\{D69A48BF-7653-4AA8-94BC-5847522A4573}
[2009/12/20 18:40:03 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Digidesign
[2009/12/20 18:39:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Native Instruments
[2009/12/20 18:39:45 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\{0CC51CB2-911C-40BB-BC1B-BD3CAC590222}
[2009/12/20 18:38:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2009/12/20 18:38:33 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\{EC98E512-708C-4C3B-9F07-B58768C1DD8A}
[2009/12/20 18:38:19 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}
[2009/12/20 18:38:13 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Native Instruments
[2009/12/20 18:38:12 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Native Instruments
[2009/12/20 18:33:09 | 00,000,000 | ---D | C] -- C:\guitarRig4
[2009/12/19 17:57:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Home\Desktop\Nova pasta
[2009/12/16 21:36:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Home\Dados de aplicativos\Audacity
[2009/12/16 21:35:36 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Audacity 1.3 Beta (Unicode)
[2009/12/14 17:49:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\LogMeIn Hamachi
[2009/09/27 16:56:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Google
[2009/09/27 15:37:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Google
[2009/08/25 13:30:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft
[2009/08/23 16:22:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft
[2009/08/17 21:27:10 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dados de aplicativos\Microsoft
[2009/08/16 17:33:10 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dados de aplicativos\Microsoft
[2007/01/01 00:33:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Temp
========== Files - Modified Within 14 Days ==========
[2009/12/28 20:31:28 | 00,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/28 20:28:58 | 00,001,044 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/12/28 20:28:57 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/28 20:28:52 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/28 19:52:56 | 07,602,176 | -H-- | M] () -- C:\Documents and Settings\Home\NTUSER.DAT
[2009/12/28 19:52:56 | 00,000,210 | -HS- | M] () -- C:\Documents and Settings\Home\ntuser.ini
[2009/12/28 19:48:39 | 00,005,001 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\UsbFix_Upload_Me_NRLR-M04QJKA95R.zip
[2009/12/28 19:33:57 | 01,668,006 | ---- | M] () -- C:\Arquivos de programas\UsbFix.exe
[2009/12/28 19:02:00 | 00,001,048 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/12/28 10:03:11 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Home\Desktop\OTL.exe
[2009/12/27 18:27:48 | 00,001,620 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\CCleaner.lnk
[2009/12/26 21:10:12 | 01,250,816 | ---- | M] () -- C:\Documents and Settings\Home\Meus documentos\Seqüências.doc
[2009/12/25 14:21:18 | 00,007,268 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2009/12/25 10:04:40 | 04,323,720 | -H-- | M] () -- C:\Documents and Settings\Home\Configurações locais\Dados de aplicativos\IconCache.db
[2009/12/24 18:28:07 | 00,001,706 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/12/23 21:39:50 | 00,000,827 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\EVEREST Ultimate Edition.lnk
[2009/12/19 21:52:50 | 02,960,686 | ---- | M] () -- C:\sooolooo
[2009/12/19 21:52:48 | 00,743,744 | ---- | M] () -- C:\sooolooo2.mp3
[2009/12/19 21:41:14 | 02,118,190 | ---- | M] () -- C:\test2
[2009/12/19 21:41:14 | 01,559,086 | ---- | M] () -- C:\testeee
[2009/12/19 21:38:57 | 00,532,352 | ---- | M] () -- C:\aaaaaaaaaaaaa2.mp3
[2009/12/19 21:38:20 | 00,532,352 | ---- | M] () -- C:\Documents and Settings\Home\Meus documentos\aaaaaaaaa2
[2009/12/19 21:32:04 | 00,532,352 | ---- | M] () -- C:\Documents and Settings\Home\Meus documentos\testt
[2009/12/19 21:28:42 | 00,393,792 | ---- | M] () -- C:\aaaaaaaaaaaaa.mp3
[2009/12/19 20:46:20 | 00,466,688 | ---- | M] () -- C:\Documents and Settings\Home\Meus documentos\aaaaaaaaaaaaa
[2009/12/19 20:44:41 | 00,465,536 | ---- | M] () -- C:\Documents and Settings\Home\Meus documentos\rec
[2009/12/19 18:54:15 | 00,011,006 | ---- | M] () -- C:\Documents and Settings\Home\Meus documentos\cc_20091219_185359.reg
[2009/12/16 21:36:07 | 00,000,769 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\Audacity 1.3 Beta (Unicode).lnk
========== Files Created - No Company Name ==========
[2009/12/28 19:48:39 | 00,005,001 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\UsbFix_Upload_Me_NRLR-M04QJKA95R.zip
[2009/12/28 19:37:45 | 01,668,006 | ---- | C] () -- C:\Arquivos de programas\UsbFix.exe
[2009/12/26 20:48:22 | 01,250,816 | ---- | C] () -- C:\Documents and Settings\Home\Meus documentos\Seqüências.doc
[2009/12/25 14:19:55 | 00,007,268 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2009/12/23 21:39:50 | 00,000,827 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\EVEREST Ultimate Edition.lnk
[2009/12/19 21:52:44 | 00,743,744 | ---- | C] () -- C:\sooolooo2.mp3
[2009/12/19 21:51:53 | 02,960,686 | ---- | C] () -- C:\sooolooo
[2009/12/19 21:38:55 | 00,532,352 | ---- | C] () -- C:\aaaaaaaaaaaaa2.mp3
[2009/12/19 21:38:18 | 00,532,352 | ---- | C] () -- C:\Documents and Settings\Home\Meus documentos\aaaaaaaaa2
[2009/12/19 21:32:02 | 00,532,352 | ---- | C] () -- C:\Documents and Settings\Home\Meus documentos\testt
[2009/12/19 21:31:17 | 02,118,190 | ---- | C] () -- C:\test2
[2009/12/19 21:19:02 | 00,393,792 | ---- | C] () -- C:\aaaaaaaaaaaaa.mp3
[2009/12/19 21:16:47 | 01,559,086 | ---- | C] () -- C:\testeee
[2009/12/19 20:46:18 | 00,466,688 | ---- | C] () -- C:\Documents and Settings\Home\Meus documentos\aaaaaaaaaaaaa
[2009/12/19 20:44:39 | 00,465,536 | ---- | C] () -- C:\Documents and Settings\Home\Meus documentos\rec
[2009/12/19 18:54:00 | 00,011,006 | ---- | C] () -- C:\Documents and Settings\Home\Meus documentos\cc_20091219_185359.reg
[2009/12/16 21:36:07 | 00,000,769 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2009/10/14 15:27:06 | 14,909,57360 | ---- | C] () -- C:\Arquivos de programas\ruina_de_morroc.zip
[2009/09/04 18:36:09 | 00,000,082 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/08/28 23:08:44 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/08/28 23:08:44 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/08/28 23:08:42 | 00,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/08/28 23:08:42 | 00,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/08/28 23:08:41 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/08/28 23:08:39 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/08/28 23:08:39 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/08/23 18:07:52 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/08/23 18:05:50 | 00,000,053 | ---- | C] () -- C:\WINDOWS\EPCX5600.ini
[2009/08/17 18:24:35 | 00,000,415 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/08/16 18:12:13 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/01/05 16:44:10 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2002/03/25 18:02:14 | 00,014,368 | R--- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[1999/01/22 14:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1997/06/13 22:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
========== LOP Check ==========
[2009/09/05 22:14:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Advanced Chemistry Development
[2009/08/22 21:42:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\EPSON
[2009/12/20 18:39:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Native Instruments
[2009/11/12 18:45:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\PMB Files
[2009/08/17 16:47:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP
[2009/12/20 18:39:45 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\{0CC51CB2-911C-40BB-BC1B-BD3CAC590222}
[2009/12/20 18:42:07 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\{D69A48BF-7653-4AA8-94BC-5847522A4573}
[2009/12/20 18:38:19 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}
[2009/12/20 18:38:33 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\{EC98E512-708C-4C3B-9F07-B58768C1DD8A}
[2009/09/05 22:14:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Dados de aplicativos\Advanced Chemistry Development
[2009/12/19 22:08:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Dados de aplicativos\Audacity
[2009/08/18 22:29:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Dados de aplicativos\GrabPro
[2009/12/22 23:28:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Dados de aplicativos\Orbit
[2009/12/20 18:45:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Dados de aplicativos\uTorrent
========== Purity Check ==========
< End of report >
===//===
Obrigado e abraço!
Boa Noite! RAT_GTR
O10 - Broken Internet access because of LSP provider 'c:\arquivos de programas\bonjour\mdnsnsp.dll' missing
<!> A remoção desta entrada,é providencial e não pode ser fixada pelo HijackThis.
°°°°°°°°°°°°°°°°°°°°°
°°°°°°°°°°°°°°°°°°°°°
<@> Baixe: < lspfix >
<@> Salve-o no Desktop!
<@> Feche o seu navegador e todos os programas!
<@> Execute o LSP-Fix!
<@> Marque a caixa "I know what I'm doing".
<@> Procure referências ao ficheiro: mdnsnsp.dll
<@> Mova essa referência da caixa "Keep",para a "Remove".
<@> Clique em Finish,para concluir!
°°°°°°°°°°°°°°°°°°°°°
°°°°°°°°°°°°°°°°°°°°°
<!> Poste: HijackThis atualizado.
Abraços!
Bom Dia DigRam!
Feito!
Segue o log do HT.
===//===
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:52:24, on 29/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Native Instruments\Hardware\NIHardwareService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\HijackThissss\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [skyTel] SkyTel.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus CX5600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAL.EXE /FU "C:\WINDOWS\TEMP\E_S88.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON Stylus CX5600 Series (cópia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAL.EXE /FU "C:\WINDOWS\TEMP\E_SD7.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Arquivos de programas\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1ca3f992fa42274) (gupdate1ca3f992fa42274) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Arquivos de programas\Arquivos comuns\Native Instruments\Hardware\NIHardwareService.exe
--
End of file - 7205 bytes
===//===
Obrigado, abraço!
Boa Tarde! RAT_GTR
<!> Seu log está limpo! Caso queira uma rápida investigação online,sugiro: BitDefender QuickScan
°°°°°°°°°°°°°°°°°°°°°°°°
°°°°°°°°°°°°°°°°°°°°°°°°
<@> Abra o OTL.exe --> Clique em /applications/core/interface/imageproxy/imageproxy.php?img=http://i517.photobucket.com/albums/u338/Eextremeboy/CleanUp.jpg&key=016573111ad9c169c0d3ea5a93ca37e71831cd749205c5cef20ab141f5efc42e" alt="CleanUp.jpg" /> --> Aguarde!
<@> Na solicitação,clique OK --> Reinicie o computador!
°°°°°°°°°°°°°°°°°°°°°°°°
°°°°°°°°°°°°°°°°°°°°°°°°
<@> Faça uma análise em: < BitDefender_QuickScan >
<@> Na página,clique em "Permitir" para que seja instalado o complemento ao Firefox. <-- Caso utilize esse navegador!
<@> Após instalar o complemento,clique em "Iniciar Análise".
<@> Marque: "I ACCEPT" --> OK
<@> Se houver algum alerta,clique em "Interromper script" para que tenha início o scan.
<@> Concluindo,clique em "Ver registro".
<@> Poste o relatório: Report 2009-xx-yy _*_.txt
Abraços!
Olá DigRam!
Scan realmente rápido hein! :natal_laugh:
Segue o log.
===//===
BitDefender QuickScan Beta 32-bit v0.9.8.4
------------------------------------------
Data da análise: Tue Dec 29 14:33:11 2009
ID da máquina: 400C3E0E
Não foram encontradas infecções.
----------------------------------
Processos
---------
<não assinado> NIHardwareService 1956 C:\Arquivos de programas\Arquivos comuns\Native Instruments\Hardware\NIHardwareService.exe
<não assinado> Antivirus System Tray Tool 2908 C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
<não assinado> Antivirus On-Access Service 1804 C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
<não assinado> Antivirus Scheduler 1640 C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
<não assinado> System settings protector 3440 C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
<verificado> COMODO Internet Security 3192 C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe
<verificado> COMODO Internet Security 1160 C:\Arquivos de programas\COMODO\COMODO Internet Security\cmdagent.exe
<verificado> Java Quick Starter Service 1876 C:\Arquivos de programas\Java\jre6\bin\jqs.exe
<verificado> Java Platform SE binary 2924 C:\Arquivos de programas\Java\jre6\bin\jusched.exe
<verificado> Firefox 4028 C:\Arquivos de programas\Mozilla Firefox\firefox.exe
<verificado> Windows Explorer 904 C:\WINDOWS\Explorer.EXE
<verificado> Realtek HD Audio Control Panel 2864 C:\WINDOWS\RTHDCPL.EXE
<verificado> Application Layer Gateway Service 1908 C:\WINDOWS\System32\alg.exe
<verificado> Client Server Runtime Process 720 C:\WINDOWS\system32\csrss.exe
<verificado> CTF Loader 3280 C:\WINDOWS\system32\ctfmon.exe
<verificado> hkcmd Module 2472 C:\WINDOWS\System32\hkcmd.exe
<verificado> persistence Module 2484 C:\WINDOWS\System32\igfxpers.exe
<verificado> igfxTray Module 2464 C:\WINDOWS\System32\igfxtray.exe
<verificado> LSA Shell (Export Version) 800 C:\WINDOWS\system32\lsass.exe
<verificado> Aplicativo de serviços e controle 788 C:\WINDOWS\system32\services.exe
<verificado> Gerenciador de Sessão do Windows NT 680 C:\WINDOWS\System32\smss.exe
<verificado> Spooler SubSystem App 1596 C:\WINDOWS\system32\spoolsv.exe
<verificado> Generic Host Process for Win32 Services 392 C:\WINDOWS\System32\svchost.exe
<verificado> Generic Host Process for Win32 Services 964 C:\WINDOWS\system32\svchost.exe
<verificado> Generic Host Process for Win32 Services 1044 C:\WINDOWS\system32\svchost.exe
<verificado> Generic Host Process for Win32 Services 1200 C:\WINDOWS\system32\svchost.exe
<verificado> Generic Host Process for Win32 Services 1288 C:\WINDOWS\System32\svchost.exe
<verificado> Generic Host Process for Win32 Services 1472 C:\WINDOWS\System32\svchost.exe
<verificado> Generic Host Process for Win32 Services 1748 C:\WINDOWS\System32\svchost.exe
<verificado> Aplicativo de logon do Windows NT 744 C:\WINDOWS\system32\winlogon.exe
<verificado> Windows Security Center Notification App 652 C:\WINDOWS\system32\wscntfy.exe
<verificado> Windows Update 2604 C:\WINDOWS\system32\wuauclt.exeAtividade da Rede
-----------------
Processo firefox.exe (4028) conectado à porta 80 (HTTP) - 91.199.104.31
Processo firefox.exe (4028) conectado à porta 80 (HTTP) - a96-7-244-20.deploy.akamaitechnologies.com
Processo firefox.exe (4028) conectado à porta 80 (HTTP) - bf-in-f102.1e100.net
Processo firefox.exe (4028) conectado à porta 80 (HTTP) - 12.120.78.110
Processo firefox.exe (4028) conectado à porta 80 (HTTP) - bf-in-f102.1e100.net
Processo firefox.exe (4028) conectado à porta 80 (HTTP) - dc2.122.2o7.net
Processo firefox.exe (4028) conectado à porta 80 (HTTP) - 12.120.11.223
Processo svchost.exe (1044) escuta na porta: 135 (RPC)
Autoruns e arquivos críticos
----------------------------
<não assinado> Antivirus System Tray Tool C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
<não assinado> Microsoft Office 2000 component C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE
<não assinado> System settings protector C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
<verificado> Adobe Acrobat SpeedLauncher C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe
<verificado> Adobe Reader and Acrobat Manager C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe
<verificado> COMODO Internet Security C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe
<verificado> Google Installer C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
<verificado> Java Platform SE binary C:\Arquivos de programas\Java\jre6\bin\jusched.exe
<verificado> Realtek HD Audio Control Panel C:\WINDOWS\RTHDCPL.EXE
<verificado> Realtek Voice Manager C:\WINDOWS\SkyTel.EXE
<verificado> Biblioteca da interface de usuário do navegador do C:\WINDOWS\system32\browseui.dll
<verificado> Crypto API32 C:\WINDOWS\system32\crypt32.dll
<verificado> Crypto Network Related API C:\WINDOWS\system32\cryptnet.dll
<verificado> Agente de rede off-line C:\WINDOWS\system32\cscdll.dll
<verificado> CTF Loader C:\WINDOWS\system32\ctfmon.exe
<verificado> COMODO Internet Security C:\WINDOWS\system32\guard32.dll
<verificado> hkcmd Module C:\WINDOWS\System32\hkcmd.exe
<verificado> igfxdev Module C:\WINDOWS\system32\igfxdev.dll
<verificado> persistence Module C:\WINDOWS\System32\igfxpers.exe
<verificado> igfxTray Module C:\WINDOWS\System32\igfxtray.exe
<verificado> Interface de logon do Windows C:\WINDOWS\system32\logonui.exe
<verificado> DLL de notificação do serviço de logon secundário C:\WINDOWS\system32\sclgntfy.dll
<verificado> DLL comum do Shell do Windows C:\WINDOWS\system32\shell32.dll
<verificado> EPSON Status Monitor 3 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAL.EXE
<verificado> Objeto de serviço do shell de Systray C:\WINDOWS\system32\stobject.dll
<verificado> Aplicativo de logon Userinit c:\windows\system32\userinit.exe
<verificado> Web Site Monitor C:\WINDOWS\system32\webcheck.dll
<verificado> Notificações do Programa de Vantagens do Windows O C:\WINDOWS\system32\WgaLogon.dll
<verificado> DLL comum para receber notificações do Winlogon C:\WINDOWS\system32\wlnotify.dllPlugins do navegador
--------------------
<não assinado> GEPlugin C:\Arquivos de programas\Google\Google Earth\plugin\npgeplugin.dll
<não assinado> Java Quick Starter binary c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
<não assinado> 6.0.12.69 C:\Arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
<não assinado> 6.0.12.69 C:\Arquivos de programas\Mozilla Firefox\plugins\nprpjplug.dll
<não assinado> bdoscandel.exe C:\WINDOWS\bdoscandel.exe
<não assinado> ipsupd.dll C:\WINDOWS\Downloaded Program Files\ipsupd.dll
<não assinado> BitDefender Online Scanner C:\WINDOWS\Downloaded Program Files\oscan82.ocx
<não assinado> Adobe Shockwave for Director Netscape plug-in, ver C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
<verificado> Adobe PDF Helper for Internet Explorer c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\acroiehelpershim.dll
<verificado> WindowsLiveLogin.dll c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\windowslivelogin.dll
<verificado> Google Update C:\Arquivos de programas\Google\Update\1.2.183.13\npGoogleOneClick8.dll
<verificado> Adobe PDF Plug-In For Firefox and Netscape C:\Arquivos de programas\Internet Explorer\plugins\nppdf32.dll
<verificado> Java Platform SE binary c:\arquivos de programas\java\jre6\bin\jp2ssv.dll
<verificado> RealPlayer LiveConnect-Enabled Plug-In C:\Arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
<verificado> Windows Messenger C:\Arquivos de programas\Messenger\msmsgs.exe
<verificado> 3.0.40818.0 c:\Arquivos de programas\Microsoft Silverlight\3.0.40818.0\npctrl.dll
<verificado> getplusplusadobe16249 C:\Arquivos de programas\Mozilla Firefox\plugins\np_gp.dll
<verificado> NPRuntime Script Plug-in Library for Java Depl C:\Arquivos de programas\Mozilla Firefox\plugins\npdeploytk.dll
<verificado> Default Plug-in C:\Arquivos de programas\Mozilla Firefox\plugins\npnul32.dll
<verificado> Pando Web Installer C:\Arquivos de programas\Mozilla Firefox\plugins\npPandoWebInst.dll
<verificado> Adobe PDF Plug-In For Firefox and Netscape C:\Arquivos de programas\Mozilla Firefox\plugins\nppdf32.dll
<verificado> RealPlayer LiveConnect-Enabled Plug-In C:\Arquivos de programas\Mozilla Firefox\plugins\nppl3260.dll
<verificado> SBSD IE Protection c:\arquivos de programas\spybot - search & destroy\sdhelper.dll
<verificado> Adobe® Flash® Player ActiveX Installer C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
<verificado> Zone.com Stats Client for MSN Messenger C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll
<verificado> Internet Explorer C:\WINDOWS\system32\ieframe.dll
<verificado> NPSWF32.dll C:\WINDOWS\System32\Macromed\Flash\NPSWF32.dll
<verificado> Fornecedor de serviços do Microsoft Windows Socket C:\WINDOWS\system32\mswsock.dll
<verificado> Microsoft Windows Rsvp 1.0 Service Provider C:\WINDOWS\system32\rsvpsp.dll
<verificado> LDAP RnR Provider DLL C:\WINDOWS\system32\winrnr.dllArquivos desaparecidos
----------------------
Arquivos não encontrados:
referenciado em: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\"AppInit_DLLs"
Análise
-------
Nenhum arquivo carregado.
Fim da Análise - a comunicação levou 8 seg
Tráfego Total - 0.05 MB enviados, 2.64 KB receb
Analisados 950 arquivos e módulos - 133 segundos
===//===
Obrigado, abraço!
Boa Tarde! RAT_GTR
<!> Computador limpo! :natal_happy:
<!> Bom trabalho! :bye:
Abraços!
Boa Tarde DigRam!
Apesar de estar tudo OK nessa parte, os problemas continuam, o que me faz crer que será algo um pouco mais dispendioso e demorado, de qualquer maneira voltarei na área de hardware para informar sobre isso e ver se o pessoal tem mais alguma sugestão.
Agradeço muito pela ajuda!
Obrigado e abraço!
PROBLEMA RESOLVIDO!
Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.
Boa Noite! RAT_GTR
<@> Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://billy-oneal.com/Canned%2520Speeches/speechimages/OTL/otlDesktopIcon.png&key=1894e5d356219721410c3360cbf9af74877ae24ccc81ed88026fc2d95dd96a07" alt="otlDesktopIcon.png" /> > ( ...by OldTimer Tools )
<@> Salve-o no desktop!
/applications/core/interface/imageproxy/imageproxy.php?img=http://www.geekstogo.com/misc/guide_icons/OTLI-scan.png&key=c1c0ea9de59a575dc1bed2c1a05aea719a59b87835a783b5874a791386bbd330" alt="OTLI-scan.png" />
<@> Segundo a imagem,mude a opção em "Output" para "Minimal Output".
<@> Duplo-clique em OTL.exe --> Marque a opção "Scan All Users".
<@> Marque as caixas:
<!> [] LOP check e [] Purity check
<@> Clique em: < /applications/core/interface/imageproxy/imageproxy.php?img=http://billy-oneal.com/Canned%2520Speeches/speechimages/otli2/runscanbutton.png&key=e923c4e99200b3f328913bcb139cdc3df2bca2ef774057dc8a5231d49c60a872" alt="runscanbutton.png" /> > --> Aguarde!
<@> Poste:
<1> OTL.txt <--
<2> Extra.txt <--
Abraços!