Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Meu notebook está lento, alguns sites que eu visitava frequentemente não consigo acessar ou mesmo estes não funcionam corretamente. Do meu outro computador tenho acesso normal. Não sei se é algum programa que instalei que pode estar dando conflito, se tem algo errado em configurações, ou mesmo se pode ser um vírus ...
Segue log do hijack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:09:22, on 30/1/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\SCardSvr.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\ngsrv\ngslotd.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe
C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\Arquivos de programas\ngsrv\epsng_certd.exe
C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Arquivos de programas\OEM\LIVE! OSD 1.03\osd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\sistray.exe
C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pucminas.br/destaques/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [synTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [sMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [epsng_certd] C:\Arquivos de programas\ngsrv\epsng_certd.exe -r
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: OSD.lnk = ?
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll
O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Arquivos de programas\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: ngSlotDaemon (ngSlotD) - OEM - C:\Arquivos de programas\ngsrv\ngslotd.exe
--
End of file - 10235 bytes
Olá.
Rodei o MBAM ontem e o OTL hoje, espero que não tenha problema.
Haviam 3 arquivos txt OTL, mas tentei postar aqui e não consegui, como havia fechado perdi 2 deles, pois só tem 1 salvo. Devo rodar novamente?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:47:11, on 24/1/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\SCardSvr.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe
C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\Arquivos de programas\ngsrv\epsng_certd.exe
C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe
C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\ngsrv\ngslotd.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\OEM\LIVE! OSD 1.03\osd.exe
C:\WINDOWS\system32\sistray.exe
C:\Arquivos de programas\Canon\CAL\CALMAIN.exe
C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pucminas.br/destaques/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [synTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [sMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [epsng_certd] C:\Arquivos de programas\ngsrv\epsng_certd.exe -r
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: OSD.lnk = ?
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll
O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Arquivos de programas\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: ngSlotDaemon (ngSlotD) - OEM - C:\Arquivos de programas\ngsrv\ngslotd.exe
--
End of file - 10284 bytes
[red]=================================================================================================================================================[/red]
OTL logfile created on: 24/1/2010 08:16:08 - Run 1
OTL by OldTimer - Version 3.1.26.0 Folder = C:\Documents and Settings\Edson\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 83,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas
Drive C: | 97,65 Gb Total Space | 72,04 Gb Free Space | 73,77% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 97,65 Gb Total Space | 79,33 Gb Free Space | 81,24% Space Free | Partition Type: NTFS
Drive F: | 102,78 Gb Total Space | 102,68 Gb Free Space | 99,90% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: CASA-46997CABD5
Current User Name: Edson
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Edson\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Arquivos de programas\ngsrv\epsng_certd.exe (OEM)
PRC - C:\Arquivos de programas\ngsrv\ngslotd.exe (OEM)
PRC - C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Arquivos de programas\GbPlugin\gbpsv.exe ( )
PRC - C:\Arquivos de programas\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Arquivos de programas\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Arquivos de programas\OEM\LIVE! OSD 1.03\osd.exe (ODM)
PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)
PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
PRC - C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Arquivos de programas\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Arquivos de programas\Bonjour\mDNSResponder.exe (Apple Computer, Inc.)
PRC - C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\Edson\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\linkinfo.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (ngSlotD) -- C:\Arquivos de programas\ngsrv\ngslotd.exe (OEM)
SRV - (GbpSv) -- C:\Arquivos de programas\GbPlugin\gbpsv.exe ( )
SRV - (JavaQuickStarterService) -- C:\Arquivos de programas\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (AntiVirService) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Microsoft Office Groove Audit Service) -- C:\Arquivos de programas\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (odserv) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (CCALib8) -- C:\Arquivos de programas\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (ose) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Bonjour Service) -- C:\Arquivos de programas\Bonjour\mDNSResponder.exe (Apple Computer, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-725345543-920026266-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.pucminas.br/destaques/
IE - HKU\S-1-5-21-725345543-920026266-1801674531-1003\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll File not found
IE - HKU\S-1-5-21-725345543-920026266-1801674531-1003\S-1-5-21-725345543-920026266-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-725345543-920026266-1801674531-1003\S-1-5-21-725345543-920026266-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
[2010/01/05 15:55:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edson\Dados de aplicativos\Mozilla\Extensions
[2009/09/06 17:36:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edson\Dados de aplicativos\Mozilla\Extensions\mozswing@mozswing.org
[2010/01/05 15:55:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edson\Dados de aplicativos\Mozilla\Firefox\Profiles\fnaha4kx.default\extensions
[2010/01/05 15:55:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edson\Dados de aplicativos\Mozilla\Firefox\Profiles\fnaha4kx.default\extensions\staged-xpis
O1 HOSTS File: ([2009/12/09 13:23:39 | 00,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehAbn.dll (Banco Real)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-725345543-920026266-1801674531-1003\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-725345543-920026266-1801674531-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [avgnt] C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [epsng_certd] C:\Arquivos de programas\ngsrv\epsng_certd.exe (OEM)
O4 - HKLM..\Run: [GrooveMonitor] C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [siSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [sMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [synTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKU\S-1-5-21-725345543-920026266-1801674531-1003..\Run: [Google Update] C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Acrobat Synchronizer.lnk = C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\OSD.lnk = C:\WINDOWS\Installer\{73289228-1853-4623-982A-EB17FF0270CA}\_E8A79982C3B6DC35709DD1.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-725345543-920026266-1801674531-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-725345543-920026266-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-725345543-920026266-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-725345543-920026266-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-725345543-920026266-1801674531-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Append to existing PDF - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de programas\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Arquivos de programas\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Arquivos de programas\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-725345543-920026266-1801674531-1003\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab](http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab) (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab](http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab) (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab](http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab) (Java Plug-in 1.6.0_11)O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} https://imagem.caixa.gov.br/cab/gbpdist.cab (GbpDistObj Class)
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab (GbPluginObj Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ GbPluginAbn: DllName - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll - C:\Arquivos de programas\GbPlugin\gbiehAbn.dll (Banco Real)
O20 - Winlogon\Notify\ GbPluginCef: DllName - C:\Arquivos de programas\GbPlugin\gbiehCef.dll - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O24 - Desktop Components:0 (Minha página inicial atual) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\Arquivos de programas\GbPlugin\gbiehAbn.dll (Banco Real)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/01 10:17:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
========== Files/Folders - Created Within 14 Days ==========
[2010/01/30 21:08:01 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\HiJackThis.exe
[2010/01/30 20:52:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/01/30 20:52:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/01/30 20:51:56 | 00,000,000 | ---D | C] -- C:\Config.Msi
[2010/01/30 20:41:27 | 00,000,000 | --SD | C] -- C:\ComboFix
[2010/01/29 18:29:56 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Edson\IECompatCache
[2010/01/24 08:13:47 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Edson\Desktop\OTL.exe
[2010/01/22 11:41:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft
[2010/01/18 22:28:52 | 00,000,000 | ---D | C] -- C:\BrowserPlusPlugins
[2010/01/10 10:47:26 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Edson\PrivacIE
[2009/09/01 10:20:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft
[2009/09/01 10:17:06 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dados de aplicativos\Microsoft
[2009/09/01 10:17:06 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dados de aplicativos\Microsoft
[3 C:\WINDOWS\.tmp files -> C:\WINDOWS\.tmp -> ]
[1 C:\WINDOWS\System32\.tmp files -> C:\WINDOWS\System32\.tmp -> ]
========== Files - Modified Within 14 Days ==========
[2010/01/31 06:54:28 | 00,233,134 | ---- | M] () -- E:\Artigo%20Thiago.pdf
[2010/01/31 06:41:56 | 00,656,220 | ---- | M] () -- E:\mateus_simoes_de_almeida2.pdf
[2010/01/31 06:41:32 | 00,149,779 | ---- | M] () -- E:\DIALOGO-JURIDICO-14-JUNHO-AGOSTO-2002-LUIS-ROBERTO-BARROSO.pdf
[2010/01/31 06:38:38 | 00,142,356 | ---- | M] () -- C:\Documents and Settings\Edson\Desktop\DireitoNet - Artigos - Intervenção direta do Estado no domínio econômico e discricionariedade administrativa.pdf
[2010/01/31 06:28:26 | 00,032,380 | ---- | M] () -- E:\Constituição 1988 e intervenção.pdf
[2010/01/31 06:26:51 | 00,067,388 | ---- | M] () -- C:\Documents and Settings\Edson\Desktop\Jus Navigandi - Doutrina - A intervenção estatal no domínio econômico_ o atual papel do Estado na constitucionalidade democrática brasileira.pdf
[2010/01/30 21:08:30 | 00,115,712 | ---- | M] () -- C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/30 21:08:03 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\HiJackThis.exe
[2010/01/30 20:13:56 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/30 17:23:12 | 00,014,699 | ---- | M] () -- E:\Tudo começou.docx
[2010/01/24 08:13:51 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Edson\Desktop\OTL.exe
[2010/01/24 08:11:38 | 00,002,375 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\OSD.lnk
[2010/01/24 08:11:31 | 00,002,369 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Acrobat Speed Launcher.lnk
[2010/01/24 08:11:23 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/24 08:11:15 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/23 22:53:15 | 05,767,168 | ---- | M] () -- C:\Documents and Settings\Edson\ntuser.dat
[2010/01/23 22:53:15 | 00,000,210 | -HS- | M] () -- C:\Documents and Settings\Edson\ntuser.ini
[2010/01/23 18:16:41 | 00,031,154 | ---- | M] () -- E:\Carol gastos.xlsx
[2010/01/22 16:39:44 | 00,022,528 | ---- | M] () -- C:\Documents and Settings\Edson\Desktop\CEMEIS.doc
[2010/01/22 12:33:07 | 00,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/22 07:15:18 | 00,033,153 | ---- | M] () -- E:\requerimento_cadastro_anuncios.pdf
[2010/01/15 11:22:43 | 00,035,834 | ---- | M] () -- E:\relacao_escolas_municipais_contagem.pdf
[2010/01/14 22:31:01 | 00,927,762 | ---- | M] () -- E:\CONTRATO_PRESTACAO_SERVICOS_EDUCACIONAIS_CALOUROS2010.pdf
[2010/01/13 22:21:52 | 00,491,520 | ---- | M] () -- E:\Banco de Dados1.accdb
[2010/01/13 22:13:41 | 04,194,304 | ---- | M] () -- E:\Northwind 2007.accdb
[2010/01/12 09:31:01 | 00,014,932 | ---- | M] () -- E:\PLAN0.xlsx
[2010/01/12 09:26:52 | 00,014,994 | ---- | M] () -- E:\Pasta1.xlsx
[3 C:\WINDOWS\.tmp files -> C:\WINDOWS\.tmp -> ]
[1 C:\WINDOWS\System32\.tmp files -> C:\WINDOWS\System32\.tmp -> ]
========== Files Created - No Company Name ==========
[2010/01/31 06:51:39 | 00,233,134 | ---- | C] () -- E:\Artigo%20Thiago.pdf
[2010/01/31 06:41:56 | 00,656,220 | ---- | C] () -- E:\mateus_simoes_de_almeida2.pdf
[2010/01/31 06:41:32 | 00,149,779 | ---- | C] () -- E:\DIALOGO-JURIDICO-14-JUNHO-AGOSTO-2002-LUIS-ROBERTO-BARROSO.pdf
[2010/01/31 06:38:38 | 00,142,356 | ---- | C] () -- C:\Documents and Settings\Edson\Desktop\DireitoNet - Artigos - Intervenção direta do Estado no domínio econômico e discricionariedade administrativa.pdf
[2010/01/31 06:28:26 | 00,032,380 | ---- | C] () -- E:\Constituição 1988 e intervenção.pdf
[2010/01/31 06:26:51 | 00,067,388 | ---- | C] () -- C:\Documents and Settings\Edson\Desktop\Jus Navigandi - Doutrina - A intervenção estatal no domínio econômico_ o atual papel do Estado na constitucionalidade democrática brasileira.pdf
[2010/01/30 17:23:12 | 00,014,699 | ---- | C] () -- E:\Tudo começou.docx
[2010/01/22 16:39:43 | 00,022,528 | ---- | C] () -- C:\Documents and Settings\Edson\Desktop\CEMEIS.doc
[2010/01/22 07:15:18 | 00,033,153 | ---- | C] () -- E:\requerimento_cadastro_anuncios.pdf
[2010/01/15 15:52:26 | 00,031,154 | ---- | C] () -- E:\Carol gastos.xlsx
[2010/01/15 11:22:43 | 00,035,834 | ---- | C] () -- E:\relacao_escolas_municipais_contagem.pdf
[2010/01/14 22:31:01 | 00,927,762 | ---- | C] () -- E:\CONTRATO_PRESTACAO_SERVICOS_EDUCACIONAIS_CALOUROS2010.pdf
[2010/01/13 22:13:41 | 00,491,520 | ---- | C] () -- E:\Banco de Dados1.accdb
[2010/01/13 22:10:34 | 04,194,304 | ---- | C] () -- E:\Northwind 2007.accdb
[2010/01/10 12:39:42 | 05,767,168 | ---- | C] () -- C:\Documents and Settings\Edson\ntuser.dat
[2009/12/15 23:09:08 | 00,197,352 | ---- | C] () -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\FontCache3.0.0.0.dat
[2009/12/15 21:36:58 | 00,011,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\ft12usb.sys
[2009/12/15 21:36:58 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\FT12CoIn.dll
[2009/10/20 22:56:27 | 00,001,323 | ---- | C] () -- C:\Documents and Settings\Edson\Dados de aplicativos\momento.log
[2009/09/13 18:32:01 | 00,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/09/13 18:32:00 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/09/13 18:31:59 | 00,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/09/13 18:31:59 | 00,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/09/13 18:31:58 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/09/13 18:31:57 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/09/13 18:31:56 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/09/06 17:53:14 | 00,132,096 | ---- | C] () -- C:\WINDOWS\System32\ZipDLL.dll
[2009/09/06 17:53:14 | 00,117,760 | ---- | C] () -- C:\WINDOWS\System32\Unzdll.dll
[2009/09/02 18:29:13 | 02,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2009/09/01 19:27:23 | 00,000,952 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/09/01 19:11:55 | 00,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2009/09/01 19:11:55 | 00,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2009/09/01 15:52:41 | 00,115,712 | ---- | C] () -- C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/01 14:52:36 | 00,093,718 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2009/09/01 14:51:52 | 00,130,007 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2009/09/01 14:39:56 | 00,031,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\RLVrtAuCbl.sys
[2009/09/01 14:33:14 | 00,016,336 | ---- | C] () -- C:\WINDOWS\System32\drivers\ECSLiveIO.sys
[2009/01/07 12:27:06 | 00,016,336 | ---- | C] () -- C:\WINDOWS\System32\ECSLiveIO.sys
========== LOP Check ==========
[2010/01/30 20:53:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin
[2009/10/23 10:51:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edson\Dados de aplicativos\Grupo Projecao
[2009/11/23 10:24:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edson\Dados de aplicativos\LimeWire
[2010/01/01 22:28:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edson\Dados de aplicativos\UNOUndercover
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 308 bytes -> C:\WINDOWS\System32\drivers:GbpKmAp.lst
< End of report >
[2010/01/31 06:54:28 | 00,233,134 | ---- | M] () -- E:\Artigo%20Thiago.pdf
[2010/01/31 06:41:56 | 00,656,220 | ---- | M] () -- E:\mateus_simoes_de_almeida2.pdf
[2010/01/31 06:41:32 | 00,149,779 | ---- | M] () -- E:\DIALOGO-JURIDICO-14-JUNHO-AGOSTO-2002-LUIS-ROBERTO-BARROSO.pdf
[2010/01/31 06:38:38 | 00,142,356 | ---- | M] () -- C:\Documents and Settings\Edson\Desktop\DireitoNet - Artigos - Intervenção direta do Estado no domínio econômico e discricionariedade administrativa.pdf
[2010/01/31 06:28:26 | 00,032,380 | ---- | M] () -- E:\Constituição 1988 e intervenção.pdf
[2010/01/31 06:26:51 | 00,067,388 | ---- | M] () -- C:\Documents and Settings\Edson\Desktop\Jus Navigandi - Doutrina - A intervenção estatal no domínio econômico_ o atual papel do Estado na constitucionalidade democrática brasileira.pdf
[2010/01/30 21:08:30 | 00,115,712 | ---- | M] () -- C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/30 20:55:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edson\Dados de aplicativos\CameraWindowDC
[2010/01/30 20:55:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\Ares
[2010/01/30 20:53:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin
[2010/01/30 20:53:22 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\Internet Explorer
[2010/01/30 20:52:30 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\Arquivos comuns\Symantec Shared
[2010/01/30 20:13:56 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/30 17:23:12 | 00,014,699 | ---- | M] () -- E:\Tudo começou.docx
[2010/01/24 08:13:51 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Edson\Desktop\OTL.exe
[2010/01/24 08:11:38 | 00,002,375 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\OSD.lnk
[2010/01/24 08:11:31 | 00,002,369 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Acrobat Speed Launcher.lnk
[2010/01/24 08:11:23 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/24 08:11:15 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/23 22:53:15 | 05,767,168 | ---- | M] () -- C:\Documents and Settings\Edson\ntuser.dat
[2010/01/23 22:53:15 | 00,000,210 | -HS- | M] () -- C:\Documents and Settings\Edson\ntuser.ini
[2010/01/23 18:16:41 | 00,031,154 | ---- | M] () -- E:\Carol gastos.xlsx
[2010/01/22 16:39:44 | 00,022,528 | ---- | M] () -- C:\Documents and Settings\Edson\Desktop\CEMEIS.doc
[2010/01/22 12:33:07 | 00,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/22 11:41:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help
[2010/01/22 11:41:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft
[2010/01/22 11:41:29 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\Microsoft Silverlight
[2010/01/22 07:15:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edson\Dados de aplicativos\Adobe
[2010/01/22 07:15:18 | 00,033,153 | ---- | M] () -- E:\requerimento_cadastro_anuncios.pdf
[2010/01/18 22:28:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\Yahoo!
[2010/01/15 11:22:43 | 00,035,834 | ---- | M] () -- E:\relacao_escolas_municipais_contagem.pdf
[2010/01/14 22:31:01 | 00,927,762 | ---- | M] () -- E:\CONTRATO_PRESTACAO_SERVICOS_EDUCACIONAIS_CALOUROS2010.pdf
[2010/01/13 22:21:52 | 00,491,520 | ---- | M] () -- E:\Banco de Dados1.accdb
[2010/01/13 22:13:41 | 04,194,304 | ---- | M] () -- E:\Northwind 2007.accdb
[2010/01/13 10:33:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\Microsoft
[2010/01/13 10:26:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edson\Dados de aplicativos\ZoomBrowser EX
[2010/01/12 09:31:01 | 00,014,932 | ---- | M] () -- E:\PLAN0.xlsx
[2010/01/12 09:26:52 | 00,014,994 | ---- | M] () -- E:\Pasta1.xlsx
[2010/01/10 09:55:30 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Edson\Dados de aplicativos\Microsoft
[2009/12/15 23:09:08 | 00,197,352 | ---- | M] () -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\FontCache3.0.0.0.dat
[2009/12/15 21:28:24 | 04,290,600 | -H-- | M] () -- C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\IconCache.db
[2009/10/30 17:29:28 | 00,072,488 | ---- | M] () -- C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT
[2009/10/23 11:29:14 | 00,001,323 | ---- | M] () -- C:\Documents and Settings\Edson\Dados de aplicativos\momento.log
[2009/09/01 10:20:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft
[2009/09/01 10:17:06 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dados de aplicativos\Microsoft
[2009/09/01 10:17:06 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dados de aplicativos\Microsoft
[2009/09/01 10:03:18 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Edson\Dados de aplicativos\desktop.ini
[2009/09/01 10:03:18 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Dados de aplicativos\desktop.ini
[2006/06/29 15:58:52 | 00,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 15:53:56 | 00,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 16:39:28 | 00,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 16:39:28 | 00,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[3 C:\WINDOWS\.tmp files -> C:\WINDOWS\.tmp -> ]
[1 C:\WINDOWS\System32\.tmp files -> C:\WINDOWS\System32\.tmp -> ]
========== Files - Modified Within 14 Days ==========
[2010/01/31 06:54:28 | 00,233,134 | ---- | M] () -- E:\Artigo%20Thiago.pdf
[2010/01/31 06:41:56 | 00,656,220 | ---- | M] () -- E:\mateus_simoes_de_almeida2.pdf
[2010/01/31 06:41:32 | 00,149,779 | ---- | M] () -- E:\DIALOGO-JURIDICO-14-JUNHO-AGOSTO-2002-LUIS-ROBERTO-BARROSO.pdf
[2010/01/31 06:38:38 | 00,142,356 | ---- | M] () -- C:\Documents and Settings\Edson\Desktop\DireitoNet - Artigos - Intervenção direta do Estado no domínio econômico e discricionariedade administrativa.pdf
[2010/01/31 06:28:26 | 00,032,380 | ---- | M] () -- E:\Constituição 1988 e intervenção.pdf
[2010/01/31 06:26:51 | 00,067,388 | ---- | M] () -- C:\Documents and Settings\Edson\Desktop\Jus Navigandi - Doutrina - A intervenção estatal no domínio econômico_ o atual papel do Estado na constitucionalidade democrática brasileira.pdf
[2010/01/30 21:08:30 | 00,115,712 | ---- | M] () -- C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/30 21:08:03 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\HiJackThis.exe
[2010/01/30 20:13:56 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/30 17:23:12 | 00,014,699 | ---- | M] () -- E:\Tudo começou.docx
[2010/01/24 08:13:51 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Edson\Desktop\OTL.exe
[2010/01/24 08:11:38 | 00,002,375 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\OSD.lnk
[2010/01/24 08:11:31 | 00,002,369 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Acrobat Speed Launcher.lnk
[2010/01/24 08:11:23 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/24 08:11:15 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/23 22:53:15 | 05,767,168 | ---- | M] () -- C:\Documents and Settings\Edson\ntuser.dat
[2010/01/23 22:53:15 | 00,000,210 | -HS- | M] () -- C:\Documents and Settings\Edson\ntuser.ini
[2010/01/23 18:16:41 | 00,031,154 | ---- | M] () -- E:\Carol gastos.xlsx
[2010/01/22 16:39:44 | 00,022,528 | ---- | M] () -- C:\Documents and Settings\Edson\Desktop\CEMEIS.doc
[2010/01/22 12:33:07 | 00,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/22 07:15:18 | 00,033,153 | ---- | M] () -- E:\requerimento_cadastro_anuncios.pdf
[2010/01/15 11:22:43 | 00,035,834 | ---- | M] () -- E:\relacao_escolas_municipais_contagem.pdf
[2010/01/14 22:31:01 | 00,927,762 | ---- | M] () -- E:\CONTRATO_PRESTACAO_SERVICOS_EDUCACIONAIS_CALOUROS2010.pdf
[2010/01/13 22:21:52 | 00,491,520 | ---- | M] () -- E:\Banco de Dados1.accdb
[2010/01/13 22:13:41 | 04,194,304 | ---- | M] () -- E:\Northwind 2007.accdb
[2010/01/12 09:31:01 | 00,014,932 | ---- | M] () -- E:\PLAN0.xlsx
[2010/01/12 09:26:52 | 00,014,994 | ---- | M] () -- E:\Pasta1.xlsx
[3 C:\WINDOWS\.tmp files -> C:\WINDOWS\.tmp -> ]
[1 C:\WINDOWS\System32\.tmp files -> C:\WINDOWS\System32\.tmp -> ]
========== LOP Check ==========
[2010/01/30 20:53:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin
[2009/10/23 10:51:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edson\Dados de aplicativos\Grupo Projecao
[2009/11/23 10:24:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edson\Dados de aplicativos\LimeWire
[2010/01/01 22:28:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edson\Dados de aplicativos\UNOUndercover
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 308 bytes -> C:\WINDOWS\System32\drivers:GbpKmAp.lst
< End of report >
[2010/01/31 06:54:28 | 00,233,134 | ---- | M] () -- E:\Artigo%20Thiago.pdf
[2010/01/31 06:41:56 | 00,656,220 | ---- | M] () -- E:\mateus_simoes_de_almeida2.pdf
[2010/01/31 06:41:32 | 00,149,779 | ---- | M] () -- E:\DIALOGO-JURIDICO-14-JUNHO-AGOSTO-2002-LUIS-ROBERTO-BARROSO.pdf
[2010/01/31 06:38:38 | 00,142,356 | ---- | M] () -- C:\Documents and Settings\Edson\Desktop\DireitoNet - Artigos - Intervenção direta do Estado no domínio econômico e discricionariedade administrativa.pdf
[2010/01/31 06:28:26 | 00,032,380 | ---- | M] () -- E:\Constituição 1988 e intervenção.pdf
[2010/01/31 06:26:51 | 00,067,388 | ---- | M] () -- C:\Documents and Settings\Edson\Desktop\Jus Navigandi - Doutrina - A intervenção estatal no domínio econômico_ o atual papel do Estado na constitucionalidade democrática brasileira.pdf
[2010/01/30 21:08:30 | 00,115,712 | ---- | M] () -- C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/30 20:55:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edson\Dados de aplicativos\CameraWindowDC
[2010/01/30 20:55:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\Ares
[2010/01/30 20:53:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin
[2010/01/30 20:53:22 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\Internet Explorer
[2010/01/30 20:52:30 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\Arquivos comuns\Symantec Shared
[2010/01/30 20:13:56 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/30 17:23:12 | 00,014,699 | ---- | M] () -- E:\Tudo começou.docx
[2010/01/24 08:13:51 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Edson\Desktop\OTL.exe
[2010/01/24 08:11:38 | 00,002,375 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\OSD.lnk
[2010/01/24 08:11:31 | 00,002,369 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Acrobat Speed Launcher.lnk
[2010/01/24 08:11:23 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/24 08:11:15 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/23 22:53:15 | 05,767,168 | ---- | M] () -- C:\Documents and Settings\Edson\ntuser.dat
[2010/01/23 22:53:15 | 00,000,210 | -HS- | M] () -- C:\Documents and Settings\Edson\ntuser.ini
[2010/01/23 18:16:41 | 00,031,154 | ---- | M] () -- E:\Carol gastos.xlsx
[2010/01/22 16:39:44 | 00,022,528 | ---- | M] () -- C:\Documents and Settings\Edson\Desktop\CEMEIS.doc
[2010/01/22 12:33:07 | 00,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/22 11:41:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help
[2010/01/22 11:41:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft
[2010/01/22 11:41:29 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\Microsoft Silverlight
[2010/01/22 07:15:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edson\Dados de aplicativos\Adobe
[2010/01/22 07:15:18 | 00,033,153 | ---- | M] () -- E:\requerimento_cadastro_anuncios.pdf
[2010/01/18 22:28:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\Yahoo!
[2010/01/15 11:22:43 | 00,035,834 | ---- | M] () -- E:\relacao_escolas_municipais_contagem.pdf
[2010/01/14 22:31:01 | 00,927,762 | ---- | M] () -- E:\CONTRATO_PRESTACAO_SERVICOS_EDUCACIONAIS_CALOUROS2010.pdf
[2010/01/13 22:21:52 | 00,491,520 | ---- | M] () -- E:\Banco de Dados1.accdb
[2010/01/13 22:13:41 | 04,194,304 | ---- | M] () -- E:\Northwind 2007.accdb
[2010/01/13 10:33:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\Microsoft
[2010/01/13 10:26:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edson\Dados de aplicativos\ZoomBrowser EX
[2010/01/12 09:31:01 | 00,014,932 | ---- | M] () -- E:\PLAN0.xlsx
[2010/01/12 09:26:52 | 00,014,994 | ---- | M] () -- E:\Pasta1.xlsx
[2010/01/10 09:55:30 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Edson\Dados de aplicativos\Microsoft
[2010/01/09 09:43:12 | 00,000,000 | -H-D | M] -- C:\Arquivos de programas\Uninstall Information
[2010/01/07 07:26:17 | 00,977,920 | ---- | M] () -- C:\Documents and Settings\Edson\Desktop\BAMEC_2010_1.0.xls
[2010/01/06 22:19:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Norton
[2010/01/06 22:14:09 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\DigiPix
[2010/01/05 15:54:49 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/01/05 15:54:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edson\Dados de aplicativos\Mozilla
[2010/01/05 15:54:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\Mozilla
[2010/01/04 09:31:32 | 00,862,720 | ---- | M] () -- C:\Documents and Settings\Edson\Desktop\BAMEC_2010_1.0.xlsm
[2010/01/02 16:50:28 | 00,011,606 | ---- | M] () -- E:\carol.xlsx
[2010/01/02 01:21:31 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\Arquivos comuns
[2010/01/01 23:02:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Symantec
[2010/01/01 23:02:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\NortonInstaller
[2010/01/01 22:28:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edson\Dados de aplicativos\UNOUndercover
[2010/01/01 20:02:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edson\Dados de aplicativos\Macromedia
[2009/12/29 10:18:50 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\Recuva
[2009/12/15 23:09:08 | 00,197,352 | ---- | M] () -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\FontCache3.0.0.0.dat
[2009/12/15 21:28:24 | 04,290,600 | -H-- | M] () -- C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\IconCache.db
[2009/10/30 17:29:28 | 00,072,488 | ---- | M] () -- C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT
[2009/10/23 11:29:14 | 00,001,323 | ---- | M] () -- C:\Documents and Settings\Edson\Dados de aplicativos\momento.log
[2009/09/01 10:20:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft
[2009/09/01 10:17:06 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dados de aplicativos\Microsoft
[2009/09/01 10:17:06 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dados de aplicativos\Microsoft
[2009/09/01 10:03:18 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Edson\Dados de aplicativos\desktop.ini
[2009/09/01 10:03:18 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Dados de aplicativos\desktop.ini
[2006/06/29 15:58:52 | 00,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 15:53:56 | 00,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 16:39:28 | 00,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 16:39:28 | 00,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[3 C:\WINDOWS\.tmp files -> C:\WINDOWS\.tmp -> ]
[1 C:\WINDOWS\System32\.tmp files -> C:\WINDOWS\System32\.tmp -> ]
========== Files - Modified Within 14 Days ==========
[2010/01/31 06:54:28 | 00,233,134 | ---- | M] () -- E:\Artigo%20Thiago.pdf
[2010/01/31 06:41:56 | 00,656,220 | ---- | M] () -- E:\mateus_simoes_de_almeida2.pdf
[2010/01/31 06:41:32 | 00,149,779 | ---- | M] () -- E:\DIALOGO-JURIDICO-14-JUNHO-AGOSTO-2002-LUIS-ROBERTO-BARROSO.pdf
[2010/01/31 06:38:38 | 00,142,356 | ---- | M] () -- C:\Documents and Settings\Edson\Desktop\DireitoNet - Artigos - Intervenção direta do Estado no domínio econômico e discricionariedade administrativa.pdf
[2010/01/31 06:28:26 | 00,032,380 | ---- | M] () -- E:\Constituição 1988 e intervenção.pdf
[2010/01/31 06:26:51 | 00,067,388 | ---- | M] () -- C:\Documents and Settings\Edson\Desktop\Jus Navigandi - Doutrina - A intervenção estatal no domínio econômico_ o atual papel do Estado na constitucionalidade democrática brasileira.pdf
[2010/01/30 21:08:30 | 00,115,712 | ---- | M] () -- C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/30 21:08:03 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\HiJackThis.exe
[2010/01/30 20:13:56 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/30 17:23:12 | 00,014,699 | ---- | M] () -- E:\Tudo começou.docx
[2010/01/24 08:13:51 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Edson\Desktop\OTL.exe
[2010/01/24 08:11:38 | 00,002,375 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\OSD.lnk
[2010/01/24 08:11:31 | 00,002,369 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Acrobat Speed Launcher.lnk
[2010/01/24 08:11:23 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/24 08:11:15 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/23 22:53:15 | 05,767,168 | ---- | M] () -- C:\Documents and Settings\Edson\ntuser.dat
[2010/01/23 22:53:15 | 00,000,210 | -HS- | M] () -- C:\Documents and Settings\Edson\ntuser.ini
[2010/01/23 18:16:41 | 00,031,154 | ---- | M] () -- E:\Carol gastos.xlsx
[2010/01/22 16:39:44 | 00,022,528 | ---- | M] () -- C:\Documents and Settings\Edson\Desktop\CEMEIS.doc
[2010/01/22 12:33:07 | 00,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/22 07:15:18 | 00,033,153 | ---- | M] () -- E:\requerimento_cadastro_anuncios.pdf
[2010/01/15 11:22:43 | 00,035,834 | ---- | M] () -- E:\relacao_escolas_municipais_contagem.pdf
[2010/01/14 22:31:01 | 00,927,762 | ---- | M] () -- E:\CONTRATO_PRESTACAO_SERVICOS_EDUCACIONAIS_CALOUROS2010.pdf
[2010/01/13 22:21:52 | 00,491,520 | ---- | M] () -- E:\Banco de Dados1.accdb
[2010/01/13 22:13:41 | 04,194,304 | ---- | M] () -- E:\Northwind 2007.accdb
[2010/01/12 09:31:01 | 00,014,932 | ---- | M] () -- E:\PLAN0.xlsx
[2010/01/12 09:26:52 | 00,014,994 | ---- | M] () -- E:\Pasta1.xlsx
[2010/01/07 07:26:17 | 00,977,920 | ---- | M] () -- C:\Documents and Settings\Edson\Desktop\BAMEC_2010_1.0.xls
[2010/01/05 15:54:49 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/01/04 09:31:32 | 00,862,720 | ---- | M] () -- C:\Documents and Settings\Edson\Desktop\BAMEC_2010_1.0.xlsm
[2010/01/02 16:50:28 | 00,011,606 | ---- | M] () -- E:\carol.xlsx
[3 C:\WINDOWS\.tmp files -> C:\WINDOWS\.tmp -> ]
[1 C:\WINDOWS\System32\.tmp files -> C:\WINDOWS\System32\.tmp -> ]
========== LOP Check ==========
[2010/01/30 20:53:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin
[2009/10/23 10:51:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edson\Dados de aplicativos\Grupo Projecao
[2009/11/23 10:24:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edson\Dados de aplicativos\LimeWire
[2010/01/01 22:28:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edson\Dados de aplicativos\UNOUndercover
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 308 bytes -> C:\WINDOWS\System32\drivers:GbpKmAp.lst
< End of report >
[red]=================================================================================================================================================[/red]
OTL Extras logfile created on: 24/1/2010 08:16:08 - Run 1
OTL by OldTimer - Version 3.1.26.0 Folder = C:\Documents and Settings\Edson\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 83,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas
Drive C: | 97,65 Gb Total Space | 72,04 Gb Free Space | 73,77% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 97,65 Gb Total Space | 79,33 Gb Free Space | 81,24% Space Free | Partition Type: NTFS
Drive F: | 102,78 Gb Total Space | 102,68 Gb Free Space | 99,90% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: CASA-46997CABD5
Current User Name: Edson
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\system32\ieframe.DLL File not found
[HKEY_USERS\S-1-5-21-725345543-920026266-1801674531-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Arquivos de programas\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l File not found
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\ARQUIV~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Arquivos de programas\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe" = C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe" = C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Arquivos de programas\Bonjour\mDNSResponder.exe" = C:\Arquivos de programas\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Computer, Inc.)
"C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE" = C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE" = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Console de gerenciamento Microsoft -- (Microsoft Corporation)
"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe" = C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe" = C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Arquivos de programas\Ares\Ares.exe" = C:\Arquivos de programas\Ares\Ares.exe:*:Enabled:Ares p2p for windows -- (Ares Development Group)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{09E2111C-16B1-4DDF-BF0D-F994C9A12350}" = Adobe Setup
"{0C405D1F-359E-41C5-A1A9-383A04BBD5E2}" = Windows Live Galeria de Fotos
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 11
"{271F5A67-A83A-4985-B41B-201EB267E6CF}" = LIVE! Control Center 1.03
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{32BC546A-8AA3-4239-AE92-9CF3291C35A6}" = Windows Live Call
"{350C9416-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}" = Assistente de Conexão do Windows Live
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{73289228-1853-4623-982A-EB17FF0270CA}" = LIVE! OSD 1.03
"{74AD1846-2010-4FB1-8E24-B6F2B87150C2}" = Windows Live Mail
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-0416-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Portuguese (Brazil)) 12
"{90120000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2007
"{90120000-0015-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007
"{90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007
"{90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007
"{90120000-0019-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007
"{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007
"{90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0416-0000-0000000FF1CE}_ENTERPRISE_{669EB263-0AFE-4FCB-A068-DB082CA6273C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007
"{90120000-0044-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007
"{90120000-006E-0416-0000-0000000FF1CE}_ENTERPRISE_{98003BDC-1B68-4970-B28E-ACC8000D2F3E}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007
"{90120000-00A1-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2007
"{90120000-00BA-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0416-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9E2EE2F7-33BD-4D30-9E5D-8469A9F32009}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC66F0B8-8E0E-4106-AF80-3F8F1F93BE14}_is1" = WHO Anthro
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B5ED7AB0-3838-4389-8549-7C8E22DD48F4}" = Windows Live Messenger
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1504C77-1B19-4AF0-8DEC-946666123B55}" = CrazyTalk Cam Suite
"{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}" = Adobe Creative Suite 3 Design Premium
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D4EEC21C-04F0-4CF4-8078-82C11E38EF11}" = REALTEK RTL8187SE Wireless LAN Driver
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2CD4651-F948-467C-B014-71FD981B7F59}" = Windows Live Essentials
"4673551D-STFT12-4FE7-A218-48BDAE051E2B_std" = ePass2000 (Somente remover)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_c14ac4070fd9614ffe63f4bb533db2c" = Add or Remove Adobe Creative Suite 3 Design Premium
"Ares" = Ares 2.1.2
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CAL" = Canon Camera Access Library
"CameraUserGuide-PSA470" = Canon PowerShot A470 Camera User Guide
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CCleaner" = CCleaner
"CSCLIB" = Canon Camera Support Core Library
"DirectPrintUserGuide" = Canon Direct Print User Guide
"e6f77d61-06ba-27ac-7e8a-0350e921ec7b" = Contextual Tool Precisead
"eBay Icon" = eBay Icon
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EOS Utility" = Canon Utilities EOS Utility
"eqbfscxkcshuwi" = RON Too1 Precisead
"falador" = falador
"HijackThis" = HijackThis 2.0.2
"HWiNFO32_is1" = HWiNFO32 Version 3.10
"ie8" = Windows Internet Explorer 8
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.1.0
"LHTTSPTB" = L&H TTS3000 Português (Brasil)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"PhotoStitch" = Canon Utilities PhotoStitch
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"Recuva" = Recuva
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SiS VGA Driver" = SiS VGA Utilities
"SMSERIAL" = Motorola SM56 Data Fax Modem
"SoftwareStarterGuide-DCSD34" = Canon Digital Camera Solution Disk 34 Software Starter Guide
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TUGZip_is1" = TUGZip 3.5
"Uploader" = Uploader
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-725345543-920026266-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 22/1/2010 05:18:14 | Computer Name = CASA-46997CABD5 | Source = Application Error | ID = 1000
Description = Aplicativo com falha formdesigner.exe, versão 8.0.1291.1, módulo com
falha formdesigner.exe, versão 8.0.1291.1, endereço com falha 0x00366772.
Error - 22/1/2010 05:18:26 | Computer Name = CASA-46997CABD5 | Source = Application Error | ID = 1001
Description = Falha no compartimento de memória 375779571.
Error - 22/1/2010 05:19:09 | Computer Name = CASA-46997CABD5 | Source = Application Error | ID = 1000
Description = Aplicativo com falha formdesigner.exe, versão 8.0.1291.1, módulo com
falha formdesigner.exe, versão 8.0.1291.1, endereço com falha 0x00366772.
Error - 22/1/2010 05:35:53 | Computer Name = CASA-46997CABD5 | Source = Application Error | ID = 1000
Description = Aplicativo com falha setup.exe, versão 1.0.135.0, módulo com falha
setup.exe, versão 1.0.135.0, endereço com falha 0x0006f1fe.
Error - 22/1/2010 05:36:02 | Computer Name = CASA-46997CABD5 | Source = Application Error | ID = 1000
Description = Aplicativo com falha setup.exe, versão 1.0.135.0, módulo com falha
setup.exe, versão 1.0.135.0, endereço com falha 0x0006f1fe.
Error - 22/1/2010 10:33:38 | Computer Name = CASA-46997CABD5 | Source = Google Update | ID = 20
Description =
Error - 23/1/2010 15:39:14 | Computer Name = CASA-46997CABD5 | Source = Google Update | ID = 20
Description =
Error - 23/1/2010 15:43:10 | Computer Name = CASA-46997CABD5 | Source = Application Error | ID = 1000
Description = Aplicativo com falha hh.exe, versão 5.2.3790.2453, módulo com falha
hhctrl.ocx, versão 5.2.3790.4110, endereço com falha 0x00013004.
Error - 23/1/2010 17:08:39 | Computer Name = CASA-46997CABD5 | Source = Application Error | ID = 1000
Description = Aplicativo com falha formdesigner.exe, versão 8.0.1291.1, módulo com
falha formdesigner.exe, versão 8.0.1291.1, endereço com falha 0x00366772.
Error - 24/1/2010 06:11:39 | Computer Name = CASA-46997CABD5 | Source = Google Update | ID = 20
Description =
[ System Events ]
Error - 22/1/2010 10:33:17 | Computer Name = CASA-46997CABD5 | Source = sr | ID = 1
Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'
ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume
foi interrompido.
Error - 22/1/2010 14:22:24 | Computer Name = CASA-46997CABD5 | Source = sr | ID = 1
Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'
ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume
foi interrompido.
Error - 22/1/2010 17:03:40 | Computer Name = CASA-46997CABD5 | Source = sr | ID = 1
Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'
ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume
foi interrompido.
Error - 23/1/2010 15:38:57 | Computer Name = CASA-46997CABD5 | Source = sr | ID = 1
Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'
ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume
foi interrompido.
Error - 23/1/2010 16:10:37 | Computer Name = CASA-46997CABD5 | Source = BROWSER | ID = 8032
Description = O serviço localizador não pôde recuperar a lista de backup muitas
vezes no transporte \Device\NetBT_Tcpip_{8E2A87FF-0AEA-49D3-90BD-D450CB5C356B}. O
localizador reserva está finalizando.
Error - 23/1/2010 16:25:03 | Computer Name = CASA-46997CABD5 | Source = sr | ID = 1
Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'
ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume
foi interrompido.
Error - 23/1/2010 16:46:38 | Computer Name = CASA-46997CABD5 | Source = sr | ID = 1
Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'
ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume
foi interrompido.
Error - 23/1/2010 17:07:37 | Computer Name = CASA-46997CABD5 | Source = sr | ID = 1
Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'
ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume
foi interrompido.
Error - 23/1/2010 18:36:28 | Computer Name = CASA-46997CABD5 | Source = NetBT | ID = 4321
Description = O nome "MSHOME :1d" não pôde ser registrado na interface com
o endereço IP 192.168.0.181. O computador de endereço IP 192.168.0.177 não permitiu
que o nome fosse solicitado por este computador.
Error - 24/1/2010 06:11:30 | Computer Name = CASA-46997CABD5 | Source = sr | ID = 1
Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'
ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume
foi interrompido.
[red]=================================================================================================================================================[/red]
Malwarebytes' Anti-Malware 1.41
Versão do banco de dados: 3222
Windows 5.1.2600 Service Pack 3
23/1/2010 18:21:10
mbam-log-2010-01-23 (18-21-10).txt
Tipo de Verificação: Completa (C:\|E:\|F:\|)
Objetos verificados: 176769
Tempo decorrido: 23 minute(s), 48 second(s)
Processos da Memória infectados: 0
Módulos de Memória Infectados: 0
Chaves do Registro infectadas: 21
Valores do Registro infectados: 0
Ítens do Registro infectados: 0
Pastas infectadas: 0
Arquivos infectados: 2
Processos da Memória infectados:
(Nenhum ítem malicioso foi detectado)
Módulos de Memória Infectados:
(Nenhum ítem malicioso foi detectado)
Chaves do Registro infectadas:
HKEY_CLASSES_ROOT\gnucdna.core (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{2850bdc7-2330-4e31-9fa0-88268846539a} (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0be385a3-85a5-4722-b677-68dae891ff21} (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{272c0d60-0561-4c83-b3db-eb0a71f9d2eb} (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{284477e4-a7cb-4055-9e1b-0ea7cba28945} (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{70ca4938-6a0f-4641-a9a9-c936e4c1e7de} (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7468213e-010e-4ec6-a17d-642e909ba7ec} (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{89dc33a2-f86f-42a1-8b5f-d4d1943efc9c} (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a916af3c-976d-4358-8736-95bea0b5fd2c} (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b86f4810-19a9-4050-9ac9-b5cf60b5799a} (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bb5b7e14-f8b4-4365-a24d-f4965c33e1ee} (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{be45f056-e005-437b-be88-23acf70b0b6a} (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c13d4627-02f5-4b03-897a-bf6a90022dd2} (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c636f1fc-6ae4-4e6a-90ab-6d61d821a0dd} (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cb971ac0-6408-40da-a540-92f9f256f51f} (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d5694dfe-43b6-4e05-aa29-8c556c968973} (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e2032ec2-a9ac-4ed7-9bdb-ebecacf076f2} (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ebab4a71-8c34-461a-b57d-dd041d439555} (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f06fea43-0cc3-4bf6-a85b-5efb1c07aa4b} (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fc94a0f7-9c7c-4ae2-9106-5c212332b209} (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f02c0ae1-d796-42c9-81e1-084d88f79b8e} (Adware.WhenU) -> Quarantined and deleted successfully.
Valores do Registro infectados:
(Nenhum ítem malicioso foi detectado)
Ítens do Registro infectados:
(Nenhum ítem malicioso foi detectado)
Pastas infectadas:
(Nenhum ítem malicioso foi detectado)
Arquivos infectados:
C:\WINDOWS\system32\GnucDNA.dll (Adware.WhenU) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\u_mmipnnxwlgxefvnqg.dll.exe (Adware.AdRotator) -> Quarantined and deleted successfully.
Hoje estão ocorrendo coisas estranhas no computador... 2 vezes ele travou, apareceu uma tela azul com algumas coisas escritas, mas foi rápido e não consegui ler nada, após isso ele desliga sozinho.
Quando religado novamente aparece a mensagem que o sistema se recuperou de um erro grave.
O que será?
Bom dia carol...
Em relação ao desligamento do PC, ainda acontece?
Caso positivo, seria bom levar a um técnico para dar uma olhada na fonte do seu PC ou verificar os pentes da(s) memória(s).
Em relação ao acesso dos sites, quais os sites?...
Verifique se o bloqueador de cookies do IE seja o responsável.
http://windows.microsoft.com/pt-BR/windows-vista/Block-or-allow-cookies
O pc não desligou mais, e os sites já estão sendo acessados normalmente... o único que tenho algum problema ainda é o twitter.
1.
*Abra o programa Malwarebytes e na aba [Quarentena], selecione todos os resultados e clique em [Remover tudo]
*Clique na aba [Logs], selecione o relatório e clique em [Remover]
2.
*Atualize seu Internet Explorer para a versão 8.
PROBLEMA RESOLVIDO!
Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.
Constatei um worm no seu log, vamos utilizar os programas abaixo.
Baixe o Malwarebytes dê um destes locais abaixo:
Link 1
Link 2
-- Salve o programa no seu Desktop (área de trabalho)
• Dê um duplo clique no programa para executá-lo.
• Atualize o programa Malwarebytes.
• Escolha a Verificação Completa (Tenha paciência, é um pouco demorado)
• Desabilite o seu Antivírus e AntiSpyware , geralmente através de um clique direito sobre o ícone da bandeja do sistema. Eles podem interferir na execução da ferramenta.
• Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.
• Lembrando que, se algo for detectado, clique no botão remover para remoção. (Importante).
• O log do programa será aberto automaticamente para você.
• Poste-o na sua próxima resposta juntamente com um novo log do hijackThis.
Ps:. Em computadores muitos infectados, a ferramenta a informa uma opção informando que o computador deve ser reiniciado, por favor. Faça-o imediatamente.
• Baixe:OTL.exe
• Salve-o no desktop!
/applications/core/interface/imageproxy/imageproxy.php?img=http://www.geekstogo.com/misc/guide_icons/OTLI-scan.png&key=c1c0ea9de59a575dc1bed2c1a05aea719a59b87835a783b5874a791386bbd330" alt="OTLI-scan.png" />
• Segundo a imagem, mude a opção em "Output" para "Minimal Output".
• Duplo-clique em OTL.exe --> Marque a opção "Scan All Users".
• Marque as caixas:
-- [] LOP check e [] Purity check
• Clique em: /applications/core/interface/imageproxy/imageproxy.php?img=http://billy-oneal.com/Canned%2520Speeches/speechimages/otli2/runscanbutton.png&key=e923c4e99200b3f328913bcb139cdc3df2bca2ef774057dc8a5231d49c60a872" alt="runscanbutton.png" /> e aguarde.
• Poste:
1) OTL.txt <-- <3>
2) Extra.txt <--