Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Galera não aguento mais usar o eBuddy
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:03:12, on 22/5/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe
C:\Arquivos de programas\USB Video Camera\Monitor.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Arquivos de programas\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [sMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Monitor.lnk = C:\Arquivos de programas\USB Video Camera\Monitor.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{ACD1D250-6714-434E-A849-EAC932D3B318}: NameServer = 200.204.0.10,200.204.0.138
O17 - HKLM\System\CCS\Services\Tcpip\..\{D2740C35-F54D-4D6F-ABC1-BB5C420707A5}: NameServer = 208.67.222.222,208.67.220.220
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe
--
End of file - 4829 bytes
Log do MBAM
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Versão da Base de Dados: 4133
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
23/5/2010 16:24:16
mbam-log-2010-05-23 (16-24-16).txt
Tipo de Verificação: Verificação Rápida
Objetos escaneados: 114718
Tempo decorrido: 5 minuto(s), 11 segundo(s)
Processos de Memória Infectados: 0
Módulos de Memória Infectados: 0
Chaves de Registro Infectadas: 0
Valores de Registro Infectados: 0
Itens de Dados no Registro Infectados: 0
Pastas Infectadas: 0
Arquivos Infectados: 0
Processos de Memória Infectados:
(Não foram detectados ítens maliciosos)
Módulos de Memória Infectados:
(Não foram detectados ítens maliciosos)
Chaves de Registro Infectadas:
(Não foram detectados ítens maliciosos)
Valores de Registro Infectados:
(Não foram detectados ítens maliciosos)
Itens de Dados no Registro Infectados:
(Não foram detectados ítens maliciosos)
Pastas Infectadas:
(Não foram detectados ítens maliciosos)
Arquivos Infectados:
(Não foram detectados ítens maliciosos)
Log do Hijack
Logfile of Trend Micro HijackThis v2.0.4Scan saved at 16:28:55, on 23/5/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe
C:\Arquivos de programas\IVT Corporation\BlueSoleil\BtTray.exe
C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe
C:\Arquivos de programas\USB Video Camera\Monitor.exe
C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsMobileCS.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Arquivos de programas\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [sMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [btTray] "C:\Arquivos de programas\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Monitor.lnk = C:\Arquivos de programas\USB Video Camera\Monitor.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Enviar por Bluetooth - C:\Arquivos de programas\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
O8 - Extra context menu item: Enviar por mensagem(&M)... - C:\Arquivos de programas\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{ACD1D250-6714-434E-A849-EAC932D3B318}: NameServer = 200.204.0.10,200.204.0.138
O17 - HKLM\System\CCS\Services\Tcpip\..\{D2740C35-F54D-4D6F-ABC1-BB5C420707A5}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\skype4com.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe
--
End of file - 6273 bytes
Boa Noite! Zébástian
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
<!> Seu navegador está desatualizado. ( IE6 )
<!> Baixe e instale o IE8.
00000000000000000000000
ooooooooooooooooooooooo
<@> Baixe: < MSNCleaner >
<@> Clique no botão “Analisar”.
<@> Terminando,poste o relatório.
00000000000000000000000
ooooooooooooooooooooooo
<@> Faça um escaneamento,online,em: < Eset Nod32 >
<@> Ps: Utilize o navegador Internet Explorer.
<@> Marque a caixa: "SIM,aceito as condições de uso" --> Iniciar.
<@> Marque a caixa: "YES, I accept the Terms of Use" --> Start.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i39.tinypic.com/xekda9.png&key=1f0fe2f989c143b5fa15ea169cffa7e1d3ad69f3385436273658ad909b66d9fc" alt="xekda9.png" />
<@> Desmarque a caixa "Remove found threats".
<@> Aceite a instalação do ActiveX --> Dê início ao scan.
<@> Concluindo,poste os relatórios: C:\Program Files\EsetOnlineScanner\log.txt + HijackThis,atualizado.
Abraços!
Infelizmente eu não consegui passar o scanner do Eset porque, há 1 hora aproximadamente antes de eu postar este, parou acessar algumas páginas e a do Eset foi uma das que não consigo acessar. A página do baixaki é uma outra que eu não consigo também.
Caso sirva, o log do hijack está aqui.
Vlw por enquanto.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:48:36, on 23/5/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe
C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsMobileCS.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe
C:\Arquivos de programas\IVT Corporation\BlueSoleil\BtTray.exe
C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe
C:\Arquivos de programas\USB Video Camera\Monitor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Arquivos de programas\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [sMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [btTray] "C:\Arquivos de programas\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Monitor.lnk = C:\Arquivos de programas\USB Video Camera\Monitor.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Enviar por Bluetooth - C:\Arquivos de programas\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
O8 - Extra context menu item: Enviar por mensagem(&M)... - C:\Arquivos de programas\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D2740C35-F54D-4D6F-ABC1-BB5C420707A5}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\skype4com.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe
--
End of file - 6130 bytes
Bom Dia! Zébástian
<@> Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://billy-oneal.com/Canned%2520Speeches/speechimages/combofix/desktopicon.png&key=c972c7524cf2a0d4771101cc561140ae5696a3aad55bcf64c111bf1861d92e85" alt="desktopicon.png" /> > ( ...by sUBs )
<!> Link-2 --> < ForoSpyware >
<!> Link-3 --> < GeeksToGo >
<@> Salve-o no desktop!
<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )
<@> Feche todas as janelas e execute a ferramenta!
<@> Ps: A execução,por comando,também é possível:
<@> Vá em Iniciar --> Executar --> Digite ou cole: "%userprofile%\desktop\Combofix.exe" /killall
/applications/core/interface/imageproxy/imageproxy.php?img=http://img181.imageshack.us/img181/5825/combofixejr8.gif&key=0d882a59a7a65b06e1b50e837804afc9002b25433ef74e0c3f66f43a58058f7b" alt="combofixejr8.gif" />
<@> Clique em Ok.
<@> Na janela: "Contrato de garantia de software" --> Clique em Sim!
/applications/core/interface/imageproxy/imageproxy.php?img=http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif&key=0010234c6eff8b98a829fe5910d3fd47cc8c551f0c1836fc4748c11079a71d03" alt="RcAuto1.gif" />
<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!
<@> Terminando,clique Sim ou Yes. --> Aguarde!
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta ComboFix.exe e faça,novamente,seu download.
<!> Salve-a no desktop,renomeada como: Kombo.exe
<!> Ps: Nomeie durante o salvamento,e não após salvá-la!
<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em "Modo de Segurança". <-- Link!
<!> Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação:
/applications/core/interface/imageproxy/imageproxy.php?img=http://img.photobucket.com/albums/v666/sUBs/Rookit_found.gif&key=eb1b849776e4208479b15adbf0e86845810495533720ff18c63647e4d0943f29" alt="Rookit_found.gif" />
<!> Ps: Anote essas detecções,e dê o OK.
<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!
<!> Ps: Evite executar,voluntariamente,esta ferramenta!
<!> Ps: Para evitar problemas,siga todas as recomendações propostas.
<!> Ps: ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão profissional.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
<@> Abrir-se-á a janela Auto Scan. --> Aguarde!
<@> Para finalizar remoções,o ComboFix poderá reiniciar o computador.
<@> Se houver necessidade,digite a opção ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!
<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!
<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!
<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.
Abraços!
ComboFix 10-05-21.06 - Administrador 25/05/2010 2:15.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.446.252 [GMT -3:00]
Executando de: c:\documents and settings\Administrador\desktop\Combofix.exe
Comandos utilizados :: /killall
AV: AntiVir Desktop On-access scanning disabled (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
(((((((((((((((( Arquivos/Ficheiros criados de 2010-04-25 to 2010-05-25 ))))))))))))))))))))))))))))
.
2010-05-24 01:11 . 2010-05-24 01:11 -------- d-sh--w- c:\documents and settings\Administrador\IECompatCache
2010-05-24 01:10 . 2010-05-24 01:10 -------- d-sh--w- c:\documents and settings\Administrador\PrivacIE
2010-05-24 01:08 . 2010-05-24 01:08 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-05-24 01:07 . 2010-05-24 01:07 -------- d-sh--w- c:\documents and settings\Administrador\IETldCache
2010-05-24 01:05 . 2010-05-24 01:05 -------- d-----w- c:\windows\ie8updates
2010-05-24 01:03 . 2010-05-24 01:04 -------- dc-h--w- c:\windows\ie8
2010-05-24 01:01 . 2010-02-25 06:17 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-05-24 01:01 . 2010-02-25 06:17 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-05-24 01:01 . 2010-02-25 06:17 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-05-24 01:01 . 2010-02-25 06:17 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-05-24 01:01 . 2010-02-25 06:17 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-05-24 01:00 . 2010-02-16 04:50 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-05-24 00:45 . 2010-05-24 00:45 2165 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\UOL\UIM\Profiles\zecnv@hotmail.com\.purple\certificates\x509\tls_peers\rsi.hotmail.com
2010-05-24 00:45 . 2010-05-24 00:45 167936 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\UOL\lib\fotoblog-1.0.0.3.dll
2010-05-24 00:45 . 2010-05-24 00:45 2153 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\UOL\UIM\Profiles\zecnv@hotmail.com\.purple\certificates\x509\tls_peers\contacts.msn.com
2010-05-24 00:45 . 2010-05-24 00:45 2095 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\UOL\UIM\Profiles\zecnv@hotmail.com\.purple\certificates\x509\tls_peers\login.live.com
2010-05-24 00:43 . 2010-05-24 00:43 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\UOL
2010-05-24 00:42 . 2010-05-24 00:42 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\UOL
2010-05-24 00:42 . 2010-05-24 01:50 -------- d-----w- c:\arquivos de programas\UOL
2010-05-24 00:35 . 2010-05-24 00:37 -------- d-----w- C:\MSNCleaner
2010-05-23 19:16 . 2010-05-23 19:16 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Malwarebytes
2010-05-23 19:15 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-23 19:15 . 2010-05-23 19:15 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes
2010-05-23 19:15 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-23 19:15 . 2010-05-23 19:15 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware
2010-05-22 21:31 . 2010-05-22 21:31 -------- d-----w- c:\arquivos de programas\IVT Corporation
2010-05-22 16:36 . 2010-05-22 16:36 388096 ----a-r- c:\documents and settings\Administrador\Dados de aplicativos\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-22 16:36 . 2010-05-22 16:36 -------- d-----w- c:\arquivos de programas\Trend Micro
2010-05-22 16:12 . 2010-05-22 16:12 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Babylon
2010-05-22 16:12 . 2010-05-22 16:12 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Babylon
2010-05-21 07:43 . 2008-05-09 10:55 90112 -c----w- c:\windows\system32\dllcache\wshext.dll
2010-05-21 07:43 . 2008-05-09 10:55 180224 -c----w- c:\windows\system32\dllcache\scrobj.dll
2010-05-21 07:43 . 2008-05-09 10:55 172032 -c----w- c:\windows\system32\dllcache\scrrun.dll
2010-05-21 07:43 . 2008-05-09 08:45 135168 -c----w- c:\windows\system32\dllcache\cscript.exe
2010-05-21 07:43 . 2008-05-08 11:24 155648 -c----w- c:\windows\system32\dllcache\wscript.exe
2010-05-21 07:37 . 2008-04-21 21:15 216064 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-05-21 07:31 . 2010-02-17 17:07 2194176 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-05-21 07:31 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2010-05-21 07:31 . 2009-03-06 14:20 286208 -c----w- c:\windows\system32\dllcache\pdh.dll
2010-05-21 07:31 . 2009-02-09 11:25 111104 -c----w- c:\windows\system32\dllcache\services.exe
2010-05-21 07:31 . 2009-02-09 10:53 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2010-05-21 07:31 . 2009-02-09 10:53 683520 -c----w- c:\windows\system32\dllcache\advapi32.dll
2010-05-21 07:31 . 2009-02-09 10:53 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2010-05-21 07:31 . 2009-02-09 10:53 730624 -c----w- c:\windows\system32\dllcache\ntdll.dll
2010-05-21 07:31 . 2009-02-09 10:53 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-05-21 07:31 . 2010-02-16 19:07 2150400 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-05-21 07:31 . 2010-02-16 19:07 2028544 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-05-21 07:13 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-05-21 07:13 . 2008-06-14 17:34 272384 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-05-21 07:02 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-05-21 07:02 . 2009-11-21 15:58 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-05-21 07:02 . 2009-10-15 16:32 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-05-21 07:02 . 2009-10-15 16:32 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-05-21 07:02 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-05-21 07:01 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-05-21 07:01 . 2008-05-01 14:36 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-05-21 06:48 . 2009-06-21 21:48 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-05-21 06:19 . 2008-10-15 16:36 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-05-21 06:19 . 2009-07-31 04:33 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2010-05-21 06:08 . 2009-03-08 07:33 726528 -c--a-w- c:\windows\system32\dllcache\jscript.dll
2010-05-21 06:06 . 2010-05-24 01:05 -------- d--h--w- c:\windows\$hf_mig$
2010-05-21 05:48 . 2010-05-24 15:29 -------- d-----w- c:\documents and settings\Administrador\Tracing
2010-05-21 05:10 . 2010-05-21 05:10 -------- d-----w- c:\arquivos de programas\Microsoft
2010-05-21 05:10 . 2010-05-21 05:10 -------- d-----w- c:\arquivos de programas\Windows Live SkyDrive
2010-05-21 05:02 . 2010-05-21 05:02 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Windows Live
2010-05-19 03:47 . 2010-05-19 03:47 -------- d-----w- c:\arquivos de programas\USB Video Camera
2010-05-19 03:46 . 2005-01-14 16:47 180224 ----a-w- c:\windows\system\StillDrv.dll
2010-05-19 03:46 . 2006-06-30 13:40 775936 ----a-w- c:\windows\system32\drivers\BisonCam.sys
2010-05-19 03:46 . 2006-03-30 03:05 90112 ----a-w- c:\windows\system\BisonVfw.dll
2010-05-19 03:46 . 2006-03-30 03:05 126976 ----a-w- c:\windows\system\BisonCam.dll
2010-05-19 03:46 . 2006-03-02 17:41 77942 ----a-w- c:\windows\system32\BisonRem.dll
2010-05-19 03:23 . 2010-05-22 04:55 -------- d-----w- c:\windows\BisonCam
2010-05-17 02:31 . 2010-05-17 02:33 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\CyberLink
2010-05-17 02:18 . 2010-05-17 02:32 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\CyberLink
2010-05-17 02:18 . 2010-05-17 02:18 -------- d-----w- c:\arquivos de programas\Arquivos comuns\CyberLink
2010-05-17 02:15 . 2010-05-17 02:35 53319 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Temp\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\PostBuild.exe
2010-05-17 02:15 . 2010-05-17 02:15 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Temp
2010-05-16 19:14 . 2010-05-16 19:14 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\pdf995
2010-05-16 19:06 . 2010-05-16 19:20 59 ----a-w- c:\windows\wpd99.drv
2010-05-16 19:06 . 2010-05-16 19:20 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\pdf995
2010-05-16 19:06 . 2010-05-16 19:06 51716 ----a-w- c:\windows\system32\pdf995mon.dll
2010-05-16 19:06 . 2010-05-16 19:06 249856 ----a-w- c:\windows\system32\pdfmona.dll
2010-05-16 19:06 . 2010-05-16 19:19 -------- d-----w- c:\arquivos de programas\pdf995
2010-05-16 17:56 . 2010-05-16 17:57 -------- d-----w- c:\arquivos de programas\WinXMedia
2010-05-16 03:37 . 2010-05-16 03:37 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Ahead
2010-05-16 03:37 . 2003-03-18 19:12 451584 ----a-w- c:\windows\system32\mfc71u.dll
2010-05-15 19:34 . 2010-05-23 21:07 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Autodesk
2010-05-15 19:34 . 2010-05-23 20:45 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Autodesk
2010-05-15 19:05 . 2008-07-10 14:00 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-05-15 19:04 . 2005-05-26 18:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-05-15 19:03 . 2010-05-15 19:03 -------- d-----w- c:\windows\Logs
2010-05-08 14:49 . 2010-05-08 14:49 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\MapInfo
2010-05-08 14:48 . 2010-05-08 14:48 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\FLEXnet
2010-05-08 14:48 . 2010-05-08 14:48 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Macrovision Shared
2010-05-05 09:14 . 2010-05-05 09:14 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Corel
2010-05-05 09:06 . 2010-05-05 09:06 -------- d--h--w- c:\windows\PIF
2010-05-02 16:42 . 2010-05-02 16:42 737280 ----a-w- c:\windows\iun6002.exe
2010-05-01 20:28 . 2008-04-13 22:20 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll
2010-05-01 20:28 . 2008-04-13 22:20 3967 ------w- c:\windows\system32\drivers\adv02nt5.dll
2010-05-01 20:28 . 2008-04-13 22:20 3775 ------w- c:\windows\system32\drivers\adv11nt5.dll
2010-05-01 20:28 . 2008-04-13 22:20 3711 ------w- c:\windows\system32\drivers\adv09nt5.dll
2010-05-01 20:28 . 2008-04-13 22:20 3647 ------w- c:\windows\system32\drivers\adv07nt5.dll
2010-05-01 20:28 . 2008-04-13 22:20 3615 ------w- c:\windows\system32\drivers\adv05nt5.dll
2010-05-01 20:28 . 2008-04-13 22:20 3135 ------w- c:\windows\system32\drivers\adv08nt5.dll
2010-05-01 20:28 . 2008-04-13 14:36 44928 ------w- c:\windows\system32\drivers\agpcpq.sys
2010-05-01 20:28 . 2008-04-13 14:36 43008 ------w- c:\windows\system32\drivers\amdagp.sys
2010-05-01 20:28 . 2008-04-13 14:36 42752 ------w- c:\windows\system32\drivers\alim1541.sys
2010-05-01 20:28 . 2008-04-13 14:36 42368 ------w- c:\windows\system32\drivers\agp440.sys
2010-05-01 20:28 . 2008-04-13 12:34 56623 ------w- c:\windows\system32\drivers\ati1btxx.sys
2010-05-01 20:28 . 2008-04-13 12:34 11615 ------w- c:\windows\system32\drivers\ati1mdxx.sys
2010-04-28 17:01 . 2010-04-28 17:01 -------- d-sh--w- c:\documents and settings\Administrador\UserData
2010-04-25 22:32 . 2010-04-25 22:32 -------- d-----w- c:\windows\system32\wbem\Repository
2010-04-25 22:31 . 2010-05-15 17:28 -------- d-----w- c:\arquivos de programas\EasyPrediction
2010-04-25 22:31 . 2010-04-25 22:32 -------- d-----w- c:\arquivos de programas\Windows Media Connect 2
2010-04-25 22:31 . 2010-05-24 01:08 -------- d-----w- c:\windows\system32\LogFiles
2010-04-25 22:30 . 2010-05-19 02:39 -------- dc----w- c:\windows\system32\DRVSTORE
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-24 15:34 . 2001-10-28 12:07 82790 ----a-w- c:\windows\system32\perfc016.dat
2010-05-24 15:34 . 2001-10-28 12:07 477654 ----a-w- c:\windows\system32\perfh016.dat
2010-05-24 15:27 . 2010-04-21 21:03 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\uTorrent
2010-05-21 05:10 . 2010-04-22 06:22 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\WindowsLiveInstaller
2010-05-21 05:10 . 2010-04-22 06:21 -------- d-----w- c:\arquivos de programas\Windows Live
2010-05-19 03:47 . 2010-04-22 03:48 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information
2010-05-19 01:48 . 2010-04-22 06:21 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\WLInstaller
2010-05-17 02:15 . 2010-04-22 13:19 505128 ----a-w- c:\windows\system32\msvcp71.dll
2010-05-17 02:15 . 2010-04-22 13:19 353576 ----a-w- c:\windows\system32\msvcr71.dll
2010-05-16 19:21 . 2010-04-22 03:43 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield
2010-05-03 06:02 . 2010-04-21 22:19 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe
2010-04-22 17:13 . 2010-04-22 17:13 7680 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Thinstall\MapInfo Professional 9.0\4000003000003i\imut.exe
2010-04-22 17:11 . 2010-04-22 17:11 7680 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Thinstall\MapInfo Professional 9.0\4000006b00002i\imutgui.exe
2010-04-22 13:23 . 2010-04-22 13:22 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Media Player Classic
2010-04-22 06:07 . 2010-04-22 06:07 -------- d-----w- c:\arquivos de programas\MSBuild
2010-04-22 06:07 . 2010-04-22 06:07 -------- d-----w- c:\arquivos de programas\Reference Assemblies
2010-04-22 05:59 . 2010-04-22 05:59 -------- d-----w- c:\arquivos de programas\MSXML 6.0
2010-04-22 05:49 . 2010-04-21 21:35 -------- d-----w- c:\arquivos de programas\MSECache
2010-04-22 05:35 . 2010-04-22 05:30 -------- d-----w- c:\arquivos de programas\VDownloader 1.13
2010-04-22 03:56 . 2010-04-22 03:56 7680 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Thinstall\MapInfo Professional 9.0\400000a600003i\FNPLicensingService.exe
2010-04-22 03:56 . 2010-04-22 03:56 658432 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Thinstall\MapInfo Professional 9.0\%ProgramFilesDir%\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
2010-04-22 03:56 . 2010-04-21 21:16 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Thinstall
2010-04-22 03:52 . 2010-04-22 03:52 -------- d-----w- c:\arquivos de programas\Motorola
2010-04-22 03:46 . 2010-04-22 03:46 -------- d-----w- c:\arquivos de programas\VIAudioi
2010-04-22 03:43 . 2010-04-22 03:43 -------- d-----w- c:\arquivos de programas\VIA
2010-04-22 02:57 . 2010-04-22 02:57 -------- d-----w- c:\arquivos de programas\Microsoft.NET
2010-04-21 23:16 . 2010-04-21 23:16 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Avira
2010-04-21 23:04 . 2010-04-21 23:04 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira
2010-04-21 23:04 . 2010-04-21 23:04 -------- d-----w- c:\arquivos de programas\Avira
2010-04-21 21:03 . 2010-04-21 21:03 0 ----a-w- c:\windows\nsreg.dat
2010-04-21 19:31 . 2010-04-21 18:43 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-04-21 19:02 . 2006-07-19 06:18 180480 ----a-w- c:\windows\system32\drivers\RTL8187.sys
2010-04-21 19:02 . 2006-10-25 06:36 42240 ----a-w- c:\windows\system32\drivers\ESD7SK.sys
2010-04-21 19:02 . 2006-10-25 06:36 62208 ----a-w- c:\windows\system32\drivers\EMS7SK.sys
2010-04-21 18:44 . 2010-04-21 18:44 -------- d-----w- c:\arquivos de programas\microsoft frontpage
2010-04-21 18:42 . 2010-04-21 18:42 -------- d-----w- c:\arquivos de programas\Serviços on-line
2010-04-21 18:42 . 2010-04-21 18:42 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Serviços
2010-04-21 18:41 . 2010-04-21 18:41 21844 ----a-w- c:\windows\system32\emptyregdb.dat
2010-04-17 01:12 . 2010-04-17 01:12 48464 ----a-w- c:\windows\system32\sirenacm.dll
2010-03-17 14:35 . 2010-04-21 21:20 309248 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\mm06c0qz.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll
2010-03-01 12:05 . 2010-04-21 23:04 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-02-25 06:17 . 2004-08-04 03:45 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-04 02:15 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2003-09-24 15:33 . 2010-04-12 23:37 356352 ----a-w- c:\arquivos de programas\putty.exe
.
((((((((((((((((((((((((((((( SnapShot_2010-05-24_01.30.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2001-10-28 12:07 . 2010-05-24 15:34 69446 c:\windows\system32\perfc009.dat
+ 2001-10-28 12:07 . 2010-05-24 15:34 435258 c:\windows\system32\perfh009.dat
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
Nota entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2010-04-21 136176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2010-04-21 53248]
"Adobe Reader Speed Launcher"="d:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"SMSERIAL"="c:\arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe" [2010-04-21 630784]
"BtTray"="c:\arquivos de programas\IVT Corporation\BlueSoleil\BtTray.exe" [2008-11-01 281600]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=
"d:\\Arquivos de programas\\DreaMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10976:TCP"= 10976:TCP:Dreamule TCP
"10986:UDP"= 10986:UDP:Dreamule UDP
"443:TCP"= 443:TCP:MSN TCP
"443:UDP"= 443:UDP:MSN UDP
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [31/7/2008 20:45 20616]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [21/4/2010 20:04 135336]
R2 BsMobileCS;BsMobileCS;c:\arquivos de programas\IVT Corporation\BlueSoleil\BsMobileCS.exe [1/11/2008 09:29 143467]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2/7/2008 14:58 26248]
S3 Ca2001v;CA2001 WebCam Driver;c:\windows\system32\Drivers\Ca2001v.sys --> c:\windows\system32\Drivers\Ca2001v.sys [?]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [19/7/2006 03:18 180480]
S3 SR9USB;SR9600 USB To Fast Ethernet Adapter;c:\windows\system32\drivers\sr9usb.sys [21/4/2010 14:51 12544]
.
.
------- Scan Suplementar -------
.
IE: E&xportar para o Microsoft Excel - d:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Enviar por Bluetooth - c:\arquivos de programas\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
IE: Enviar por mensagem(&M)... - c:\arquivos de programas\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
TCP: {D2740C35-F54D-4D6F-ABC1-BB5C420707A5} = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\mm06c0qz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - plugin: c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\mm06c0qz.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll
FF - plugin: d:\arquivos de programas\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - plugin: d:\arquivos de programas\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
d:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
d:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
d:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
d:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-25 02:22
Windows 5.1.2600 Service Pack 3 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
[HKEY_USERS\S-1-5-21-1214440339-1957994488-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fd,1c,b5,13,ff,22,3a,45,bb,7c,5e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fd,1c,b5,13,ff,22,3a,45,bb,7c,5e,\
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
c:\windows\system32\CLBCATQ.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\BsMobileSDK.dll
c:\windows\system32\BsLangInDepRes.dll
c:\windows\system32\Bs2Res.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\arquivos de programas\Avira\AntiVir Desktop\avguard.exe
c:\arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
c:\arquivos de programas\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\VTTimer.exe
c:\arquivos de programas\IVT Corporation\BlueSoleil\BsHelpCS.exe
c:\arquivos de programas\USB Video Camera\Monitor.exe
.
**************************************************************************
.
Tempo para conclusão: 2010-05-25 02:25:33 - Máquina reiniciou
ComboFix-quarantined-files.txt 2010-05-25 05:25
ComboFix2.txt 2010-05-24 01:31
ComboFix3.txt 2010-05-22 17:01
Pré-execução: 2.968.276.992 bytes disponíveis
Pós execução: 2.954.067.968 bytes disponíveis
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 02:26:26, on 25/5/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe
C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsMobileCS.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsHelpCS.exe
D:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe
C:\Arquivos de programas\IVT Corporation\BlueSoleil\BtTray.exe
C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe
C:\Arquivos de programas\USB Video Camera\Monitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Arquivos de programas\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [sMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [btTray] "C:\Arquivos de programas\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Monitor.lnk = C:\Arquivos de programas\USB Video Camera\Monitor.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Enviar por Bluetooth - C:\Arquivos de programas\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
O8 - Extra context menu item: Enviar por mensagem(&M)... - C:\Arquivos de programas\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D2740C35-F54D-4D6F-ABC1-BB5C420707A5}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\skype4com.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe
--
End of file - 6126 bytes
Bom Dia! Zébástian
<@> Baixe: < OTL > ( ...by OldTimer Tools )
<@> Salve-o no desktop!
<@> Clique duplo em: < /applications/core/interface/imageproxy/imageproxy.php?img=http://billy-oneal.com/Canned%2520Speeches/speechimages/OTL/otlDesktopIcon.png&key=1894e5d356219721410c3360cbf9af74877ae24ccc81ed88026fc2d95dd96a07" alt="otlDesktopIcon.png" /> >
<@> Ps: Sigamos,agora,com sua configuração!
<!> 1 - Em "Saída",deixe marcado o botão "Resumida".
<!> 2 - Marque as caixas: Verificar All Users e Incluir Verificação 64bit <-- Ps: Caso o SO seja 64 bit!
<!> 3 - Processos: Usar SafeList <-- Marque!
<!> 4 - Módulos: Usar SafeList <-- Marque!
<!> 5 - Serviços: Usar SafeList <-- Marque!
<!> 6 - Drivers: Usar SafeList <-- Marque!
<!> 7 - Exame Padrão do Registro: Usar SafeList <-- Marque!
<!> 8 - Exame Extra do Registro: Usar SafeList <-- Marque!
<!> 9 - Verificação de Arquivos:
<!> Data de Criação >> Escolha: 14 dias
<!> Marque: Usar WhiteList para Nomes de Companhias
<!> Marque: Ignorar Arquivos Microsoft
<!> 10 - Arquivos Criados Desde:
<!> Marque: Data de Criação
<!> 11 - Arquivos Modificados Desde:
<!> Marque: Data de Criação
<!> Marque as caixas:
[] Verificar Lop
[] Verificar Purity
<@> Ps: Sugiro que imprima estas orientações,para posterior leitura.
netsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%SYSTEMDRIVE%\*.exe%SYSTEMDRIVE%\eventlog.dll /s /md5%SYSTEMDRIVE%\scecli.dll /s /md5%SYSTEMDRIVE%\sfcfiles.dll /s /md5%SYSTEMDRIVE%\netlogon.dll /s /md5%SYSTEMDRIVE%\atapi.sys /s /md5%SYSTEMDRIVE%\IdeChnDr.sys /s /md5%SYSTEMDRIVE%\viasraid.sys /s /md5
<@> Ps: Copie e cole estas informações,que estão no Code,para o campo abaixo de: Exames Personalizados/Correções
<@> Clique em: Verificar --> Aguarde!
<@> Concluindo,poste:
<!> <1> OTL.txt <--
<!> <2> Extra.txt <--
Abraços!
OTL logfile created on: 26/5/2010 22:56:51 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Administrador\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy
446,00 Mb Total Physical Memory | 224,00 Mb Available Physical Memory | 50,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas
Drive C: | 9,77 Gb Total Space | 2,65 Gb Free Space | 27,08% Space Free | Partition Type: NTFS
Drive D: | 19,53 Gb Total Space | 0,96 Gb Free Space | 4,89% Space Free | Partition Type: NTFS
Drive E: | 45,22 Gb Total Space | 13,97 Gb Free Space | 30,90% Space Free | Partition Type: NTFS
Unable to calculate disk information.
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: SEBASTIAN-NOTE
Current User Name: Administrador
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010/05/26 22:50:31 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Desktop\OTL.exe
PRC - [2010/04/21 20:10:25 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/04/21 16:01:35 | 000,630,784 | ---- | M] (Motorola Inc.) -- C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2010/04/21 16:01:32 | 000,053,248 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe
PRC - [2010/03/24 15:17:47 | 000,952,768 | ---- | M] (Adobe Systems Incorporated) -- C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe
PRC - [2010/03/02 10:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/11/01 09:56:06 | 000,281,600 | ---- | M] () -- C:\Arquivos de programas\IVT Corporation\BlueSoleil\BtTray.exe
PRC - [2008/11/01 09:30:26 | 000,098,407 | ---- | M] () -- C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsHelpCS.exe
PRC - [2008/11/01 09:29:10 | 000,143,467 | ---- | M] () -- C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsMobileCS.exe
PRC - [2008/07/09 20:51:20 | 000,775,168 | ---- | M] () -- C:\Arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
PRC - [2008/04/13 19:21:00 | 001,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/16 18:32:18 | 000,249,856 | ---- | M] () -- C:\Arquivos de programas\USB Video Camera\Monitor.exe
========== Modules (SafeList) ==========
MOD - [2010/05/26 22:50:31 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Desktop\OTL.exe
MOD - [2008/04/13 19:19:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - [2010/05/08 11:48:50 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/04/21 20:10:25 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/11/01 09:30:26 | 000,098,407 | ---- | M] () [On_Demand | Running] -- C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsHelpCS.exe -- (BsHelpCS)
SRV - [2008/11/01 09:29:10 | 000,143,467 | ---- | M] () [Auto | Running] -- C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsMobileCS.exe -- (BsMobileCS)
SRV - [2008/07/09 20:51:20 | 000,775,168 | ---- | M] () [Auto | Running] -- C:\Arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleilCS.exe -- (BlueSoleilCS)
SRV - [2006/10/26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2004/10/22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
========== Driver Services (SafeList) ==========
DRV - [2010/04/21 16:02:08 | 000,180,480 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8187.sys -- (RTLWUSB)
DRV - [2010/04/21 16:02:03 | 000,062,208 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2010/04/21 16:02:03 | 000,042,240 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2010/04/21 16:01:35 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2010/04/21 16:01:24 | 000,634,880 | ---- | M] (S3 Graphics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\S3gIGPm.sys -- (S3GIGP)
DRV - [2010/03/01 09:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 11:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Arquivos de programas\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/02/08 17:04:24 | 000,012,544 | ---- | M] (SUPERAL Semiconductor, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sr9usb.sys -- (SR9USB)
DRV - [2008/10/22 12:32:54 | 000,039,432 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2008/07/31 20:45:42 | 000,020,616 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BtHidBus.sys -- (BtHidBus)
DRV - [2008/07/02 14:58:48 | 000,026,248 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV - [2008/07/02 14:58:36 | 000,029,960 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2008/04/13 09:36:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/01/21 19:28:12 | 000,014,600 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btnetdrv.sys -- (BT)
DRV - [2008/01/21 19:27:50 | 000,014,856 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2006/06/30 10:40:40 | 000,775,936 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BisonCam.sys -- (Cam5603D)
DRV - [2006/06/20 14:12:34 | 000,134,656 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (HdAudAddService)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 6A A0 BE E1 FA CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://go.microsoft.com/fwlink/?LinkId=69157"
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.3
FF - prefs.js..extensions.enabledItems: {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:2.4.14.1
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=IEFM1&q="
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: d:\Arquivos de programas\Mozilla Firefox\components [2010/04/23 21:16:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: d:\Arquivos de programas\Mozilla Firefox\plugins [2010/05/11 16:57:23 | 000,000,000 | ---D | M]
[2010/04/21 18:03:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Extensions
[2010/05/25 02:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\mm06c0qz.default\extensions
[2010/04/21 18:20:09 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\mm06c0qz.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2010/05/15 00:00:09 | 000,000,000 | ---D | M] (FEBE) -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\mm06c0qz.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2010/05/02 00:26:55 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\mm06c0qz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/21 18:20:12 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\mm06c0qz.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/05/21 02:48:01 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\mm06c0qz.default\searchplugins\bing.xml
O1 HOSTS File: ([2010/05/25 02:22:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [btTray] C:\Arquivos de programas\IVT Corporation\BlueSoleil\BtTray.exe ()
O4 - HKLM..\Run: [sMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Monitor.lnk = C:\Arquivos de programas\USB Video Camera\Monitor.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xportar para o Microsoft Excel - D:\Arquivos de programas\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Enviar por Bluetooth - C:\Arquivos de programas\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm ()
O8 - Extra context menu item: Enviar por mensagem(&M)... - C:\Arquivos de programas\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm ()
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.171.222.97 200.204.0.10
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de programas\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de programas\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\skype4com.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Minha página inicial atual) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/21 15:44:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/07/30 16:26:06 | 000,000,000 | ---D | M] - D:\autorun.inf -- [ NTFS ]
O32 - Unable to obtain root file information for disk E:\
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010/04/21 15:43:55 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {0A8C991C-F1C9-86E9-504C-4F74AA80C2F5} - Outlook Express
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Processamento de gráficos vetoriais (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2AE47EDE-AEF1-9067-D3A8-10FA2887E20E} - Outlook Express
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Ligação de dados de HTML dinâmico para Java
ActiveX: {3ACAEF4B-B2AD-02C7-6DCA-84F1B252B6BA} - DirectAnimation
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Cancelar inscrição
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Criação avançada
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes DirectAnimation para Java
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {515C3651-A74F-55E9-05B2-AAC79F82B93E} - NetShow
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5E4CEC43-5D84-9519-82DD-D2AA50BDEF2B} - DirectAnimation
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7247241E-10D4-8835-2B3F-D214FFD4EA92} - Microsoft Windows Media Player 6.4
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Pastas da Web
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {876F401D-3DF9-5000-BB41-C4CBCEC8B6A9} - NetShow
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CA4E4270-6972-05F7-1A3A-0EE0297C5300} - Personalização do navegador
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Agendador de tarefas
ActiveX: {CCF65B59-2836-A1F6-10AA-24C656D786E8} - DirectAnimation
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
========== Files/Folders - Created Within 14 Days ==========
[2010/05/26 22:53:26 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Desktop\OTL.exe
[2010/05/25 06:06:11 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/05/25 02:25:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/05/24 02:08:46 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrador\Recent
[2010/05/23 22:11:55 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrador\IECompatCache
[2010/05/23 22:10:18 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrador\PrivacIE
[2010/05/23 22:07:24 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrador\IETldCache
[2010/05/23 22:05:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/05/23 22:04:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/05/23 22:03:04 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/05/23 21:43:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Dados de aplicativos\UOL
[2010/05/23 21:42:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\UOL
[2010/05/23 21:42:48 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\UOL
[2010/05/23 21:36:56 | 000,184,320 | ---- | C] (InfoSpyware - ForoSpyware) -- C:\Documents and Settings\Administrador\Desktop\MSNCleaner.exe
[2010/05/23 21:35:27 | 000,000,000 | ---D | C] -- C:\MSNCleaner
[2010/05/23 18:05:33 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/05/23 16:16:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Malwarebytes
[2010/05/23 16:15:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/23 16:15:15 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/23 16:15:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes
[2010/05/23 16:15:14 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Malwarebytes' Anti-Malware
[2010/05/22 18:48:53 | 000,000,000 | ---D | C] -- D:\Meus Documentos\Bluetooth
[2010/05/22 18:48:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\bluesoleil
[2010/05/22 18:31:48 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\IVT Corporation
[2010/05/22 13:55:57 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/05/22 13:50:18 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/05/22 13:50:18 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/05/22 13:50:18 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/05/22 13:50:18 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/05/22 13:50:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/22 13:49:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/22 13:36:51 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Trend Micro
[2010/05/22 13:12:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Babylon
[2010/05/22 13:12:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Babylon
[2010/05/21 03:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/05/21 03:06:30 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010/05/21 03:01:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/05/21 02:48:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Tracing
[2010/05/21 02:10:52 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Microsoft
[2010/05/21 02:10:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documentos\microsoft
[2010/05/21 02:10:31 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Windows Live SkyDrive
[2010/05/21 02:02:39 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Windows Live
[2010/05/19 00:47:33 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\USB Video Camera
[2010/05/19 00:46:39 | 000,775,936 | ---- | C] (Bison Electronics. Inc. ) -- C:\WINDOWS\System32\drivers\BisonCam.sys
[2010/05/19 00:46:39 | 000,077,942 | ---- | C] (Bison Inc.) -- C:\WINDOWS\System32\BisonRem.dll
[2010/05/19 00:23:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\BisonCam
[2010/05/18 22:43:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Desktop\MSN 8.5.1235.0517
[2010/05/16 23:32:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Cyberlink
[2010/05/16 23:31:07 | 000,000,000 | ---D | C] -- D:\Meus Documentos\CyberLink
[2010/05/16 23:31:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Dados de aplicativos\CyberLink
[2010/05/16 23:18:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\CyberLink
[2010/05/16 23:18:20 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\CyberLink
[2010/05/16 23:15:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Temp
[2010/05/16 16:14:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Dados de aplicativos\pdf995
[2010/05/16 16:06:28 | 000,249,856 | ---- | C] (TODO: <Company name>) -- C:\WINDOWS\System32\pdfmona.dll
[2010/05/16 16:06:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\pdf995
[2010/05/16 16:06:25 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\pdf995
[2010/05/16 14:56:11 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\WinXMedia
[2010/05/16 00:37:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Ahead
[2010/05/15 16:36:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Autodesk
[2010/05/15 16:34:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Autodesk
[2010/05/15 16:34:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Autodesk
[2010/05/15 16:13:42 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2010/05/15 16:03:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010/05/14 01:07:05 | 000,000,000 | ---D | C] -- D:\Meus Documentos\Elektro
[4 C:\WINDOWS\.tmp files -> C:\WINDOWS\.tmp -> ]
[1 C:\WINDOWS\System32\.tmp files -> C:\WINDOWS\System32\.tmp -> ]
========== Files - Modified Within 14 Days ==========
[2010/05/26 22:51:50 | 000,477,654 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat
[2010/05/26 22:51:50 | 000,435,258 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/26 22:51:50 | 000,082,790 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat
[2010/05/26 22:51:50 | 000,069,446 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/26 22:51:49 | 001,077,902 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/26 22:50:31 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Desktop\OTL.exe
[2010/05/26 22:47:34 | 000,001,030 | ---- | M] () -- C:\WINDOWS\System32\bscs.ini
[2010/05/26 22:47:33 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/26 22:47:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/26 22:39:34 | 002,883,584 | ---- | M] () -- C:\Documents and Settings\Administrador\ntuser.dat
[2010/05/26 22:39:34 | 000,000,210 | -HS- | M] () -- C:\Documents and Settings\Administrador\ntuser.ini
[2010/05/26 06:22:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/26 03:26:14 | 000,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/25 02:26:11 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\HiJackThis.lnk
[2010/05/25 02:22:42 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/25 02:22:10 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/05/24 04:01:53 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/05/24 03:46:06 | 000,005,982 | ---- | M] () -- C:\WINDOWS\System32\LOCALSERVICE.INI
[2010/05/23 22:07:13 | 000,176,264 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/23 19:04:37 | 061,705,798 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\Rainbow Gummy Bear English Long.mp4
[2010/05/23 17:55:35 | 000,072,616 | ---- | M] () -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT
[2010/05/23 16:15:23 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/22 23:59:48 | 000,000,129 | ---- | M] () -- C:\WINDOWS\System32\REMOTEDEVICE.INI
[2010/05/22 23:51:51 | 000,000,106 | ---- | M] () -- C:\WINDOWS\System32\LOCALDEVICE.INI
[2010/05/22 18:52:26 | 000,000,378 | ---- | M] () -- C:\WINDOWS\System32\SHORTCUT.INI
[2010/05/22 18:34:57 | 000,000,032 | ---- | M] () -- C:\WINDOWS\0
[2010/05/22 18:34:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\BSPRINT.INI
[2010/05/22 18:31:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\0
[2010/05/22 16:54:37 | 006,943,688 | -H-- | M] () -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\IconCache.db
[2010/05/22 13:56:00 | 000,000,326 | RHS- | M] () -- C:\boot.ini
[2010/05/22 13:46:54 | 003,693,801 | R--- | M] () -- C:\Documents and Settings\Administrador\Desktop\ComboFix.exe
[2010/05/19 23:22:11 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/19 00:47:36 | 000,000,715 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Monitor.lnk
[2010/05/19 00:28:12 | 000,000,669 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/18 23:30:46 | 000,000,847 | ---- | M] () -- D:\Meus Documentos\My Sharing Folders.lnk
[2010/05/18 01:53:02 | 000,000,406 | ---- | M] () -- D:\Meus Documentos\Minhas Pastas de Compartilhamento.lnk
[2010/05/16 22:36:50 | 000,169,414 | ---- | M] () -- D:\Meus Documentos\10promo-csbrazucas.jpg
[2010/05/16 16:20:30 | 000,005,778 | ---- | M] () -- D:\Meus Documentos\HVAC - Heating Ventilation Air Conditioning.pdf
[2010/05/16 16:20:28 | 000,000,059 | ---- | M] () -- C:\WINDOWS\wpd99.drv
[2010/05/16 16:14:51 | 000,000,028 | ---- | M] () -- C:\WINDOWS\pdf995.ini
[2010/05/16 16:06:28 | 000,249,856 | ---- | M] (TODO: <Company name>) -- C:\WINDOWS\System32\pdfmona.dll
[2010/05/16 16:06:28 | 000,051,716 | ---- | M] () -- C:\WINDOWS\System32\pdf995mon.dll
[2010/05/16 14:47:46 | 000,000,036 | -H-- | M] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\swk.ini
[4 C:\WINDOWS\.tmp files -> C:\WINDOWS\.tmp -> ]
[1 C:\WINDOWS\System32\.tmp files -> C:\WINDOWS\System32\.tmp -> ]
========== Files Created - No Company Name ==========
[2010/05/26 06:21:48 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/05/23 19:01:55 | 061,705,798 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\Rainbow Gummy Bear English Long.mp4
[2010/05/23 16:15:23 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/22 18:52:26 | 000,000,378 | ---- | C] () -- C:\WINDOWS\System32\SHORTCUT.INI
[2010/05/22 18:49:41 | 000,000,129 | ---- | C] () -- C:\WINDOWS\System32\REMOTEDEVICE.INI
[2010/05/22 18:48:52 | 000,005,982 | ---- | C] () -- C:\WINDOWS\System32\LOCALSERVICE.INI
[2010/05/22 18:48:34 | 000,000,106 | ---- | C] () -- C:\WINDOWS\System32\LOCALDEVICE.INI
[2010/05/22 18:34:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\BSPRINT.INI
[2010/05/22 18:31:38 | 000,000,032 | ---- | C] () -- C:\WINDOWS\0
[2010/05/22 18:31:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\0
[2010/05/22 13:56:00 | 000,000,256 | ---- | C] () -- C:\Boot.bak
[2010/05/22 13:55:58 | 000,261,856 | ---- | C] () -- C:\cmldr
[2010/05/22 13:50:18 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/22 13:50:18 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/22 13:50:18 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/22 13:50:18 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/22 13:50:18 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/05/22 13:46:28 | 003,693,801 | R--- | C] () -- C:\Documents and Settings\Administrador\Desktop\ComboFix.exe
[2010/05/22 13:36:51 | 000,002,519 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\HiJackThis.lnk
[2010/05/19 00:47:42 | 000,003,210 | ---- | C] () -- C:\WINDOWS\DEXT2001.ini
[2010/05/19 00:47:36 | 000,000,715 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Monitor.lnk
[2010/05/19 00:46:40 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System\StillDrv.dll
[2010/05/19 00:46:40 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M2000Twn.ini
[2010/05/19 00:46:40 | 000,013,448 | ---- | C] () -- C:\WINDOWS\M2000Twn.src
[2010/05/19 00:46:40 | 000,002,264 | ---- | C] () -- C:\WINDOWS\System\S20H0220.csr
[2010/05/19 00:46:40 | 000,002,264 | ---- | C] () -- C:\WINDOWS\System\S20F0220.csr
[2010/05/19 00:46:39 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System\BisonCam.dll
[2010/05/19 00:46:39 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System\BisonVfw.dll
[2010/05/18 22:45:40 | 000,000,847 | ---- | C] () -- D:\Meus Documentos\My Sharing Folders.lnk
[2010/05/18 22:43:38 | 020,237,571 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\MSN 8.5.1235.0517.rar
[2010/05/16 22:36:50 | 000,169,414 | ---- | C] () -- D:\Meus Documentos\10promo-csbrazucas.jpg
[2010/05/16 16:20:28 | 000,005,778 | ---- | C] () -- D:\Meus Documentos\HVAC - Heating Ventilation Air Conditioning.pdf
[2010/05/16 16:14:51 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2010/05/16 16:06:28 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2010/05/16 16:06:28 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2010/05/16 14:47:46 | 000,000,036 | -H-- | C] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\swk.ini
[2010/04/22 10:20:03 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/04/21 23:58:19 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/11/01 09:56:10 | 000,001,030 | ---- | C] () -- C:\WINDOWS\System32\bscs.ini
[2008/11/01 09:32:58 | 000,405,589 | ---- | C] () -- C:\WINDOWS\System32\BsUI.dll
[2008/11/01 09:32:36 | 000,278,647 | ---- | C] () -- C:\WINDOWS\System32\outlookAddin.dll
[2008/11/01 09:32:16 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\HtmPrintHelper.dll
[2008/11/01 09:32:00 | 000,622,693 | ---- | C] () -- C:\WINDOWS\System32\BSShell.dll
[2008/11/01 09:29:20 | 000,122,976 | ---- | C] () -- C:\WINDOWS\System32\BsMobileSDK.dll
[2008/11/01 09:29:12 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\BsMobileCSps.dll
[2008/11/01 09:27:52 | 000,106,595 | ---- | C] () -- C:\WINDOWS\System32\Bs2Res.dll
[2008/10/22 15:30:30 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\BsVistaCommon.dll
[2008/03/07 13:54:22 | 017,907,824 | ---- | C] () -- C:\WINDOWS\System32\BsLangInDepRes.dll
[2007/09/27 14:48:10 | 000,014,100 | ---- | C] () -- C:\WINDOWS\twspmm.ini
[2006/11/14 22:45:26 | 002,706,432 | ---- | C] () -- C:\WINDOWS\System32\s3gcil_inv.dll
[2000/10/25 18:15:00 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[2004/08/04 00:45:22 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=BD18C87A4E1EA136C44D374296B981DC -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/13 19:20:28 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=A8CDC8DECE4735B86BBEF28460996C30 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 19:20:28 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=A8CDC8DECE4735B86BBEF28460996C30 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:20:28 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=A8CDC8DECE4735B86BBEF28460996C30 -- C:\WINDOWS\system32\eventlog.dll
[1 C:\WINDOWS\system32\.tmp files -> C:\WINDOWS\system32\.tmp -> ]
< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2004/08/04 00:45:26 | 000,183,808 | ---- | M] (Microsoft Corporation) MD5=E95230A31F912E07B19F8335D4DFF110 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:20:42 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=879E802EF4EF2405014B170EA41E552B -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 19:20:42 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=879E802EF4EF2405014B170EA41E552B -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:20:42 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=879E802EF4EF2405014B170EA41E552B -- C:\WINDOWS\system32\scecli.dll
[1 C:\WINDOWS\system32\.tmp files -> C:\WINDOWS\system32\.tmp -> ]
< %SYSTEMDRIVE%\sfcfiles.dll /s /md5 >
[2004/08/04 00:45:28 | 001,548,288 | ---- | M] (Microsoft Corporation) MD5=1DD4FC7EEE3A45257528A34FDF7BC689 -- C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll
[2008/04/13 19:20:42 | 001,571,840 | ---- | M] (Microsoft Corporation) MD5=698F9583D1EB213B09F12DD5826A46E2 -- C:\WINDOWS\ERDNT\cache\sfcfiles.dll
[2008/04/13 19:20:42 | 001,571,840 | ---- | M] (Microsoft Corporation) MD5=698F9583D1EB213B09F12DD5826A46E2 -- C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll
[2008/04/13 19:20:42 | 001,571,840 | ---- | M] (Microsoft Corporation) MD5=698F9583D1EB213B09F12DD5826A46E2 -- C:\WINDOWS\system32\sfcfiles.dll
[1 C:\WINDOWS\system32\.tmp files -> C:\WINDOWS\system32\.tmp -> ]
< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2004/08/04 00:45:26 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=82777C1BE8E9F0B1574DAC5BC29C7D6F -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008/04/13 19:20:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=49897D67B04E62F8E59EB8B1C7DF7072 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:20:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=49897D67B04E62F8E59EB8B1C7DF7072 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:20:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=49897D67B04E62F8E59EB8B1C7DF7072 -- C:\WINDOWS\system32\netlogon.dll
[1 C:\WINDOWS\system32\.tmp files -> C:\WINDOWS\system32\.tmp -> ]
< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/13 11:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 11:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >
< %SYSTEMDRIVE%\viasraid.sys /s /md5 >
< End of report >
OTL Extras logfile created on: 26/5/2010 22:56:51 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Administrador\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy
446,00 Mb Total Physical Memory | 224,00 Mb Available Physical Memory | 50,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas
Drive C: | 9,77 Gb Total Space | 2,65 Gb Free Space | 27,08% Space Free | Partition Type: NTFS
Drive D: | 19,53 Gb Total Space | 0,96 Gb Free Space | 4,89% Space Free | Partition Type: NTFS
Drive E: | 45,22 Gb Total Space | 13,97 Gb Free Space | 30,90% Space Free | Partition Type: NTFS
Unable to calculate disk information.
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: SEBASTIAN-NOTE
Current User Name: Administrador
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>].html [@ = FirefoxHTML] -- d:\Arquivos de programas\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "D:\Arquivos de programas\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"10976:TCP" = 10976:TCP:*:Enabled:Dreamule TCP
"10986:UDP" = 10986:UDP:*:Enabled:Dreamule UDP
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"443:TCP" = 443:TCP:*:Enabled:MSN TCP
"443:UDP" = 443:UDP:*:Enabled:MSN UDP
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Arquivos de programas\MSN Messenger\msncall.exe" = C:\Arquivos de programas\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe" = C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Arquivos de programas\uTorrent\uTorrent.exe" = D:\Arquivos de programas\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"D:\Arquivos de programas\DreaMule\emule.exe" = D:\Arquivos de programas\DreaMule\emule.exe:*:Enabled:Dreamule -- (http://www.dreamule.org)
"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe" = C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleilCS.exe" = C:\Arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:*:Enabled:BlueSoleilCS -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07A540AB-D785-11D5-8E89-0090275862A0}" = Corel Graphics Suite 11
"{0FFEA8EE-7BC7-4C9D-8CC6-5B8C891BA3F2}" = Windows Live Essentials
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C9416-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = Acer OrbiCam
"{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}" = Assistente de Conexão do Windows Live
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{590035D9-BFA0-406A-A7F0-479C72C0DDB2}" = Windows Live Call
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{81770338-86AE-4669-8390-DAD2A8E83E33}" = Bluesoleil 6.4.237.0
"{90110416-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edição 2003
"{90120000-0020-0416-0000-0000000FF1CE}" = Pacote de Compatibilidade para o sistema Office 2007
"{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ADC3E4F-34DA-48CD-8727-BB26D90257BD}" = Windows Live Messenger
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}" = Adobe Flash Player 9 ActiveX
"{BCF2CEFB-E23D-42EF-A5FA-F9ED2A085821}_is1" = CoolSMS 2.06 beta
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F11D6791-FBE8-4817-B5D4-D3191DDDCDC8}" = USB Video Camera
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"aTube Catcher" = aTube Catcher
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"DreaMule_is1" = DreaMule 3.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{F11D6791-FBE8-4817-B5D4-D3191DDDCDC8}" = USB Video Camera
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Pdf995" = Pdf995
"ShockwaveFlash" = Macromedia Flash Player 8
"SMSERIAL" = Motorola SM56 Data Fax Modem
"uTorrent" = µTorrent
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 22/5/2010 04:08:06 | Computer Name = SEBASTIAN-NOTE | Source = Google Update | ID = 20
Description =
Error - 22/5/2010 12:08:05 | Computer Name = SEBASTIAN-NOTE | Source = Google Update | ID = 20
Description =
Error - 23/5/2010 15:32:28 | Computer Name = SEBASTIAN-NOTE | Source = Application Hang | ID = 1002
Description = Aplicativo com falha msmsgs.exe, versão 4.7.0.3001, módulo com falha
hungapp, versão 0.0.0.0, endereço com falha 0x00000000.
Error - 23/5/2010 16:45:01 | Computer Name = SEBASTIAN-NOTE | Source = MsiInstaller | ID = 11904
Description = Product: Adobe Flash Player 9 ActiveX -- Error 1904.Module C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx
failed to register. HRESULT -2147220473. Contact your support personnel.
Error - 24/5/2010 09:14:27 | Computer Name = SEBASTIAN-NOTE | Source = Google Update | ID = 20
Description =
Error - 24/5/2010 10:14:28 | Computer Name = SEBASTIAN-NOTE | Source = Google Update | ID = 20
Description =
Error - 24/5/2010 11:14:28 | Computer Name = SEBASTIAN-NOTE | Source = Google Update | ID = 20
Description =
Error - 25/5/2010 01:14:27 | Computer Name = SEBASTIAN-NOTE | Source = Application Hang | ID = 1002
Description = Aplicativo com falha chrome.exe, versão 0.0.0.0, módulo com falha
hungapp, versão 0.0.0.0, endereço com falha 0x00000000.
Error - 25/5/2010 01:14:28 | Computer Name = SEBASTIAN-NOTE | Source = Application Hang | ID = 1002
Description = Aplicativo com falha chrome.exe, versão 0.0.0.0, módulo com falha
hungapp, versão 0.0.0.0, endereço com falha 0x00000000.
Error - 26/5/2010 21:31:38 | Computer Name = SEBASTIAN-NOTE | Source = Application Hang | ID = 1002
Description = Aplicativo com falha chrome.exe, versão 0.0.0.0, módulo com falha
hungapp, versão 0.0.0.0, endereço com falha 0x00000000.
[ System Events ]
Error - 12/5/2010 18:45:56 | Computer Name = SEBASTIAN-NOTE | Source = NetBT | ID = 4307
Description = Falha na inicialização porque o transporte não abriu os Endereços
iniciais.
Error - 15/5/2010 22:37:27 | Computer Name = SEBASTIAN-NOTE | Source = ipnathlp | ID = 32003
Description = O conversor de endereços de rede (NAT) não pôde solicitar uma operação
de
módulo de conversão do modo do núcleo. Isso pode indicar uma configuração errada,
recursos insuficientes ou erro interno. Os dados são o código de erro.
< End of report >
Boa Tarde! Zébástian
<@> Execute o OTL.exe.
<@> Copie estas informações que estão na Quote,para o campo abaixo de: Exames Personalizados/Correções
>
:filesc:\windows\iun6002.exe
:otl
[4 C:\WINDOWS\.tmp files -> C:\WINDOWS\.tmp -> ]
[1 C:\WINDOWS\System32\.tmp files -> C:\WINDOWS\System32\.tmp -> ]
:commands
[resethosts]
[purity]
[emptyflash]
[emptytemp]
[Reboot]
<@> Clique no botão Consertar --> Aguarde a conclusão! --> Executar!
<@> Poste o relatório,que também estará na pasta: C:\_OTL\MovedFiles\*.log <--
<@> Poste,também,HijackThis atualizado.
Abraços!
Log do OTL
All processes killed
========== FILES ==========
c:\windows\iun6002.exe moved successfully.
========== OTL ==========
C:\WINDOWS\002872_.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYFLASH]
User: Administrador
->Flash cache emptied: 1663 bytes
User: All Users
User: Default User
User: LocalService
User: NetworkService
Total Flash Files Cleaned = 0,00 mb
[EMPTYTEMP]
User: Administrador
->Temp folder emptied: 2901937 bytes
->Temporary Internet Files folder emptied: 8069000 bytes
->FireFox cache emptied: 76334422 bytes
->Google Chrome cache emptied: 228163773 bytes
->Flash cache emptied: 0 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 301,00 mb
OTL by OldTimer - Version 3.2.5.0 log created on 05272010_232709
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Log do Hijack
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:48:17, on 27/5/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe
C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsMobileCS.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe
C:\Arquivos de programas\IVT Corporation\BlueSoleil\BtTray.exe
C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\USB Video Camera\Monitor.exe
C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [sMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [btTray] "C:\Arquivos de programas\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Monitor.lnk = C:\Arquivos de programas\USB Video Camera\Monitor.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Enviar por Bluetooth - C:\Arquivos de programas\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
O8 - Extra context menu item: Enviar por mensagem(&M)... - C:\Arquivos de programas\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D2740C35-F54D-4D6F-ABC1-BB5C420707A5}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\skype4com.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe
--
End of file - 6255 bytes
Bom Dia! Zébástian
<@> Desinstale,caso queira,o Malwarebytes.
<@> Dê um duplo-clique no arquivo em destaque:
<!> C:\Arquivos de programas\Malwarebytes' Anti-Malware\unins000.exe <--
<@> Reinicie o computador,após a conclusão!
00000000000000000000
oooooooooooooooooooo
<@> Vá em Iniciar --> Executar --> Digite ou cole: combofix.exe /uninstall --> Clique OK.
< /applications/core/interface/imageproxy/imageproxy.php?img=http://img253.imageshack.us/img253/5458/92674490.jpg&key=2fc49898c2a3227a04869e4e115134db28e77598d7c8b7a0e1fbc2d660bc4b87" alt="92674490.jpg" /> >
<@> Abrir-se-á,a seguinte janela: ( Abrir arquivo - Aviso de Segurança )
<@> Clique em Executar --> Aguarde!
<@> Surgirá,finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK.
<@> Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório!
<@> Ou,vá em Iniciar --> Executar --> Digite ou cole:
"%userprofile%\desktop\combofix" /uninstall
<@> Clique OK.
00000000000000000000
oooooooooooooooooooo
<@> Abra o OTL.exe --> Clique em /applications/core/interface/imageproxy/imageproxy.php?img=http://i517.photobucket.com/albums/u338/Eextremeboy/CleanUp.jpg&key=016573111ad9c169c0d3ea5a93ca37e71831cd749205c5cef20ab141f5efc42e" alt="CleanUp.jpg" /> ou Limpeza --> Aguarde!
<@> Na solicitação,clique OK --> Reinicie o computador!
00000000000000000000
oooooooooooooooooooo
<!> Seus logs estão limpos! :)
<!> Seu MSN,ainda está com problemas?
Abraços!
Agora o MSN está funfando tranquilo mas, como eu disse no post #5, tem alguns sites que eu ñ consigo acessar nem no IE8 nem no FF e no Chrome, ele demoooooooooora mas acessa.
Ultimamente eu estava postando no FF e antes de postar este, eu limpei o cache do mesmo e após isto, não consegui acessar nem esta página.
Outras páginas que eu não consigo acessar são: login do 4shared.com, rapidshare, login do google (incluindo orkut, mail etc). Estas e outras não consigo nos 2 browsers..
>
Agora o MSN está funfando tranquilo mas, como eu disse no post #5, tem alguns sites que eu ñ consigo acessar nem no IE8 nem no FF e no Chrome, ele demoooooooooora mas acessa.
Ultimamente eu estava postando no FF e antes de postar este, eu limpei o cache do mesmo e após isto, não consegui acessar nem esta página.
Outras páginas que eu não consigo acessar são: login do 4shared.com, rapidshare, login do google (incluindo orkut, mail etc). Estas e outras não consigo nos 2 browsers..
/////////////\\\\\\\\\\\\\\
Opa! Zébastian
<!> Ps: Verifique se os problemas,com os navegadores,ocorreram ao instalar o BlueSoleil.
<!> Se for o caso,pode desinstalar!
00000000000000000
ooooooooooooooooo
<@> Baixe: < TuneUp Utilities 2010 >
<@> Para baixar,digite o seu E-Mail e clique em Start download.
<@> Salve o executável,TU2010TrialEN.exe,em Arquivos de Programas.
<@> O programa é Trial! Mas...haverá tempo,para a otimização do computador.
<@> Procure desfragmentar o Disco e Registro.
<@> Otimize a navegação!
00000000000000000
<!> Seus logs estão limpos!
<!> Análise encerrada!
Abraços!
Meu, valew mesmo...
Meu problema era mesmo o BlueSoleil... Agora ta rodando bem...
E quanto ao TuneUp melhorou bem o desempenho do pc...
Tópico encerrado c/ muito agradecimento...rs
PROBLEMA RESOLVIDO!
Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.
Bom Dia! Zébástian
<!> O log não apresenta entradas ruíns ou suspeitas.
<!> Ps: Caso utilize Proxy,para acessar a Internet,você poderá ter seu MSN bloqueado.
<!> Desabilite-o no Firefox ou IE8,segundo estas instruções!
0000000000000000000000
<@> Abra o Firefox.
<@> Vá em Ferramentas -> Opções -> Avançado -> Rede -> Configurar Conexão.
<@> Clique em "Sem Proxy".
<@> Abra o IE8.
<@> Vá em Ferramentas -> Opções da Internet -> Conexões -> Configurações da LAN.
<@> Desmarque: "Usar Servidor Proxy"
0000000000000000000000
<@> Baixe: < Malwarebytes' Anti-Malware >
<@> Link - 2: < /applications/core/interface/imageproxy/imageproxy.php?img=http://www.malwarebytes.org/images/marcinsig.gif&key=2c45e7fd674c4b18d376ffbe83bf82547806ac60e230409c7eb4c31999009760" alt="marcinsig.gif" /> >
<@> Ps: Salve ou imprima estas instruções:
>
<@> Ps: Caso o MBAM encontre arquivos que não consiga remover,poderá ter de reiniciar o PC. Talvez mais de uma vez!
<@> Ps: Faça isso imediatamente,ao ser perguntado se quer reiniciar.
0000000000000000000000
<!> Selecione, copie e cole o conteúdo do log do MBAM,na sua próxima resposta.
<!> Poste,também,HijackThis atualizado.
Abraços!