Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Felipe7l

[Arquivado] Log Hijackthis Analisar

Por , em Tópicos Arquivados (Seguranca & Malwares)

Recommended Posts

Felipe7l    0

Felipe7l
Postado

Boa noite.

Estou com meu pc muito lento...

Esta custando para iniciar e com erros....

ajuda ae!

:grin:

 

 

Log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:59:27, on 28/8/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Nero\Nero8\InCD\InCDsrv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Arquivos de programas\Google\Quick Search Box\GoogleQuickSearchBox.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\OpenDNS Updater\OpenDNS Updater.exe

C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\slserv.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\HiJackThis\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.search.yahoo.com/search?fr=mcafee&p=%s

O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: CBHO Object - {CBA74CDA-DF78-4AD9-954E-3B15D0A993DE} - C:\Arquivos de programas\CoreStreet\SpoofStick\SpoofStickBHO.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: SpoofStick - {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} - C:\Arquivos de programas\CoreStreet\SpoofStick\SpoofStick.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Arquivos de programas\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun

O4 - HKCU\..\Run: [bitTorrent] "C:\Arquivos de programas\BitTorrent\bittorrent.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: "Adicionar ao Bloqueador de banner de anúncio" - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Translate with &Babylon - res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm

O9 - Extra button: Estatísticas de proteção de tráfego da web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O20 - AppInit_DLLs: C:\ARQUIV~1\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd.dll,C:\ARQUIV~1\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd3.dll,C:\ARQUIV~1\Kaspersky Lab\Kaspersky Internet Security 2009\adialhk.dll,C:\ARQUIV~1\Kaspersky Lab\Kaspersky Internet Security 2009\kloehk.dll

O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

O23 - Service: Google Update Service (gupdate1c9f0603e0f074e) (gupdate1c9f0603e0f074e) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero8\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: OpenDNS Updater (OpenDNS Updater.exe) - OpenDNS - C:\Arquivos de programas\OpenDNS Updater\OpenDNS Updater.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 10245 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Noite! Felipe71

 

<@> Baixe: < otlDesktopIcon.png > ( ...by OldTimer Tools )

<@> Salve-o no desktop!

 

OTLI-scan.png

 

<@> Segundo a imagem,mude a opção em "Output" para "Minimal Output".

<@> Duplo-clique em OTL.exe --> Marque a opção "Scan All Users".

<@> Clique em: < runscanbutton.png > --> Aguarde!

<@> Poste:

 

<1> OTL.txt <--

<2> Extra.txt <--

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Felipe7l    0

Felipe7l
Postado

Fla ae DigRam...

Malz a demora ae...

Como q eu gero esse "Extra.txt"?

o OTL eu rrumei...

ta aki..

 

 

OTL logfile created on: 3/9/2009 17:07:31 - Run 2

OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Felipe de Souza\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

 

511,53 Mb Total Physical Memory | 72,71 Mb Available Physical Memory | 14,21% Memory free

859,21 Mb Paging File | 360,53 Mb Available in Paging File | 41,96% Paging File free

Paging file location(s): C:\pagefile.sys 384 768 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 19,66 Gb Total Space | 0,68 Gb Free Space | 3,45% Space Free | Partition Type: NTFS

Drive D: | 92,12 Gb Total Space | 2,48 Gb Free Space | 2,69% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: ACAS-6C15302737

Current User Name: Felipe de Souza

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 

========== Processes (SafeList) ==========

 

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)

PRC - C:\Arquivos de programas\Nero\Nero8\InCD\InCDsrv.exe (Nero AG)

PRC - C:\Arquivos de programas\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

PRC - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)

PRC - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)

PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)

PRC - C:\Arquivos de programas\OpenDNS Updater\OpenDNS Updater.exe (OpenDNS)

PRC - C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe ()

PRC - C:\Arquivos de programas\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)

PRC - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)

PRC - C:\WINDOWS\System32\slserv.exe ( )

PRC - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)

PRC - C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

PRC - C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)

PRC - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe (Nokia.)

PRC - C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)

PRC - C:\Arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)

PRC - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)

PRC - C:\Arquivos de programas\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Arquivos de programas\Windows Media Player\wmplayer.exe (Microsoft Corporation)

PRC - C:\Documents and Settings\Felipe de Souza\Desktop\OTL.exe (OldTimer Tools)

 

========== Win32 Services (SafeList) ==========

 

SRV - (6to4 [Auto | Running]) -- C:\WINDOWS\System32\6to4svc.dll (Microsoft Corporation)

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)

SRV - (AVP [Auto | Running]) -- C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Lab)

SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)

SRV - (fsssvc [On_Demand | Stopped]) -- C:\Arquivos de programas\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)

SRV - (gupdate1c9f0603e0f074e [Auto | Stopped]) -- C:\Arquivos de programas\Google\Update\GoogleUpdate.exe (Google Inc.)

SRV - (gusvc [On_Demand | Stopped]) -- C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)

SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

SRV - (IDriverT [On_Demand | Stopped]) -- C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (idsvc [unknown | Running]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)

SRV - (InCDsrv [Auto | Running]) -- C:\Arquivos de programas\Nero\Nero8\InCD\InCDsrv.exe (Nero AG)

SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Arquivos de programas\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

SRV - (MDM [Auto | Running]) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)

SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Arquivos de programas\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)

SRV - (Nero BackItUp Scheduler 3 [Auto | Running]) -- C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)

SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)

SRV - (NMIndexingService [On_Demand | Stopped]) -- C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe (Nero AG)

SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)

SRV - (odserv [On_Demand | Stopped]) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)

SRV - (OpenDNS Updater.exe [Auto | Running]) -- C:\Arquivos de programas\OpenDNS Updater\OpenDNS Updater.exe (OpenDNS)

SRV - (ose [On_Demand | Stopped]) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (RichVideo [Auto | Running]) -- C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe ()

SRV - (SeaPort [Auto | Running]) -- C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)

SRV - (ServiceLayer [On_Demand | Running]) -- C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe (Nokia.)

SRV - (SLService [Auto | Running]) -- C:\WINDOWS\System32\slserv.exe ( )

SRV - (SoundMAX Agent Service (default) [Auto | Running]) -- C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)

SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

 

========== Driver Services (SafeList) ==========

 

DRV - (aeaudio [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aeaudio.sys (Andrea Electronics Corporation)

DRV - (AnyDVD [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\AnyDVD.sys (SlySoft, Inc.)

DRV - (ElbyCDIO [Auto | Running]) -- C:\WINDOWS\System32\Drivers\ElbyCDIO.sys (Elaborate Bytes AG)

DRV - (ElbyDelay [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\ElbyDelay.sys (Elaborate Bytes AG)

DRV - (fssfltr [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys (Microsoft Corporation)

DRV - (gameenum [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys (Microsoft Corporation)

DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys (HP)

DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys (HP)

DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys (HP)

DRV - (InCDfs [Disabled | Running]) -- C:\WINDOWS\System32\drivers\InCDFs.sys (Nero AG)

DRV - (InCDPass [system | Running]) -- C:\WINDOWS\System32\drivers\InCDPass.sys (Nero AG)

DRV - (incdrm [system | Running]) -- C:\WINDOWS\System32\drivers\InCDRm.sys (Nero AG)

DRV - (kl1 [boot | Running]) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab)

DRV - (klbg [boot | Running]) -- C:\WINDOWS\system32\drivers\klbg.sys (Kaspersky Lab)

DRV - (KLFLTDEV [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\klfltdev.sys (Kaspersky Lab)

DRV - (KLIF [system | Running]) -- C:\WINDOWS\System32\DRIVERS\klif.sys (Kaspersky Lab)

DRV - (klim5 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\klim5.sys (Kaspersky Lab)

DRV - (MagicTune [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\MTiCtwl.sys ()

DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys (Microsoft Corporation)

DRV - (Mtlmnt5 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\Mtlmnt5.sys (Smart Link)

DRV - (Mtlstrm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\Mtlstrm.sys (Smart Link)

DRV - (nmwcd [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\ccdcmb.sys (Nokia)

DRV - (nmwcdc [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys (Nokia)

DRV - (nmwcdnsu [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\nmwcdnsu.sys (Nokia)

DRV - (nmwcdnsuc [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\nmwcdnsuc.sys (Nokia)

DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)

DRV - (pccsmcfd [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\pccsmcfd.sys (Nokia)

DRV - (pcouffin [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\pcouffin.sys (VSO Software)

DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)

DRV - (PxHelp20 [boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)

DRV - (RecAgent [boot | Running]) -- C:\WINDOWS\system32\DRIVERS\RecAgent.sys (Smart Link)

DRV - (SCDEmu [system | Running]) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)

DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

DRV - (SiSide [boot | Running]) -- C:\WINDOWS\system32\DRIVERS\siside.sys (Silicon Integrated Systems Corp.)

DRV - (SISNIC [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\sisnic.sys (SiS Corporation)

DRV - (Slntamr [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\slntamr.sys (Smart Link)

DRV - (SlNtHal [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\Slnthal.sys (Smart Link)

DRV - (SlWdmSup [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\SlWdmSup.sys (Smart Link)

DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\smwdm.sys (Analog Devices, Inc.)

DRV - (SONYPVU1 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS (Sony Corporation)

DRV - (Tcpip6 [system | Running]) -- C:\WINDOWS\System32\DRIVERS\tcpip6.sys (Microsoft Corporation)

DRV - (upperdev [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\usbser_lowerflt.sys (Nokia)

DRV - (usbser [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\usbser.sys (Microsoft Corporation)

DRV - (UsbserFilt [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\usbser_lowerfltj.sys (Nokia)

DRV - ({95808DC4-FA4A-4c74-92FE-5B863F82066B} [Auto | Running]) -- C:\Arquivos de programas\CyberLink\PowerDVD\000.fcl (Cyberlink Corp.)

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

 

 

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-1614895754-57989841-527237240-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

IE - HKU\S-1-5-21-1614895754-57989841-527237240-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKU\S-1-5-21-1614895754-57989841-527237240-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\S-1-5-21-1614895754-57989841-527237240-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-1614895754-57989841-527237240-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKU\S-1-5-21-1614895754-57989841-527237240-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\S-1-5-21-1614895754-57989841-527237240-1003\S-1-5-21-1614895754-57989841-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Google"

FF - prefs.js..extensions.enabledItems: {09ec805c-cb2e-4d53-b0d3-a75a428b81c7}:2.1.0.19

FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:5.0.20090324W

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}:6.0.06

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1

FF - prefs.js..extensions.enabledItems: twitternotifier@naan.net:1.8.3

FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.2

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2

 

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 19:05:11 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Arquivos de programas\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/07/21 12:53:31 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ff [2009/04/26 14:20:53 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components [2009/08/23 13:41:48 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox\plugins [2009/08/06 01:21:07 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\THBExt [2009/08/07 15:59:04 | 00,000,000 | ---D | M]

 

[2009/04/20 21:29:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Felipe de Souza\Dados de aplicativos\mozilla\Extensions

[2009/04/20 21:29:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Felipe de Souza\Dados de aplicativos\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009/09/03 16:57:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Felipe de Souza\Dados de aplicativos\mozilla\Firefox\Profiles\rbkrvids.default\extensions

[2009/07/08 20:37:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Felipe de Souza\Dados de aplicativos\mozilla\Firefox\Profiles\rbkrvids.default\extensions\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}

[2009/09/03 16:09:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Felipe de Souza\Dados de aplicativos\mozilla\Firefox\Profiles\rbkrvids.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2009/04/23 14:47:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Felipe de Souza\Dados de aplicativos\mozilla\Firefox\Profiles\rbkrvids.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2009/07/01 18:56:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Felipe de Souza\Dados de aplicativos\mozilla\Firefox\Profiles\rbkrvids.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}

[2009/08/04 11:47:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Felipe de Souza\Dados de aplicativos\mozilla\Firefox\Profiles\rbkrvids.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

[2009/07/19 12:52:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Felipe de Souza\Dados de aplicativos\mozilla\Firefox\Profiles\rbkrvids.default\extensions\twitternotifier@naan.net

[2009/09/03 16:19:14 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\mozilla firefox\extensions

[2009/08/06 01:21:08 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009/04/20 21:47:29 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

[2009/04/26 14:21:15 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

[2009/08/05 22:31:20 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

[2009/07/30 20:45:43 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Arquivos de programas\mozilla firefox\components\browserdirprovider.dll

[2009/07/30 20:45:43 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Arquivos de programas\mozilla firefox\components\brwsrcmp.dll

[2008/09/03 21:11:24 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Arquivos de programas\mozilla firefox\plugins\npbittorrent.dll

[2009/07/25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\mozilla firefox\plugins\npdeploytk.dll

[2009/07/30 20:45:43 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Arquivos de programas\mozilla firefox\plugins\npnul32.dll

[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\mozilla firefox\plugins\NPOFF12.DLL

[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Arquivos de programas\mozilla firefox\plugins\nppdf32.dll

[2008/09/10 16:56:44 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Arquivos de programas\mozilla firefox\plugins\nppl3260.dll

[2008/09/10 16:37:54 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Arquivos de programas\mozilla firefox\plugins\nprpjplug.dll

[2009/07/30 19:51:30 | 00,001,027 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\buscape.xml

[2009/07/30 20:45:41 | 00,002,371 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\google.xml

[2009/07/30 19:51:30 | 00,001,135 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\mercadolivre.xml

[2009/07/30 19:51:30 | 00,001,168 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\wikipedia-br.xml

[2009/07/30 19:51:30 | 00,000,648 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\yahoo-br.xml

 

O1 HOSTS File: (698 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - No CLSID value found.

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll (Kaspersky Lab)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)

O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)

O2 - BHO: (CBHO Object) - {CBA74CDA-DF78-4AD9-954E-3B15D0A993DE} - C:\Arquivos de programas\CoreStreet\SpoofStick\SpoofStickBHO.dll (CoreStreet, Ltd.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (SpoofStick) - {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} - C:\Arquivos de programas\CoreStreet\SpoofStick\SpoofStick.dll (CoreStreet, Ltd.)

O3 - HKU\S-1-5-21-1614895754-57989841-527237240-1003\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-1614895754-57989841-527237240-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKU\S-1-5-21-1614895754-57989841-527237240-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll File not found

O3 - HKU\S-1-5-21-1614895754-57989841-527237240-1003\..\Toolbar\WebBrowser: (SpoofStick) - {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} - C:\Arquivos de programas\CoreStreet\SpoofStick\SpoofStick.dll (CoreStreet, Ltd.)

O4 - HKLM..\Run: [AVP] C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Lab)

O4 - HKLM..\Run: [Google Quick Search Box] C:\Arquivos de programas\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKU\S-1-5-21-1614895754-57989841-527237240-1003..\Run: [bitTorrent] C:\Arquivos de programas\BitTorrent\bittorrent.exe (BitTorrent, Inc.)

O4 - HKU\S-1-5-21-1614895754-57989841-527237240-1003..\Run: [PC Suite Tray] C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)

O4 - HKU\S-1-5-21-1614895754-57989841-527237240-1003..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1614895754-57989841-527237240-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1614895754-57989841-527237240-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0

O7 - HKU\S-1-5-21-1614895754-57989841-527237240-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0

O7 - HKU\S-1-5-21-1614895754-57989841-527237240-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0

O7 - HKU\S-1-5-21-1614895754-57989841-527237240-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0

O8 - Extra context menu item: "Adicionar ao Bloqueador de banner de anúncio" - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm ()

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de programas\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Translate with &Babylon - C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)

O9 - Extra Button: Estatísticas de proteção de tráfego da web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll (Kaspersky Lab)

O9 - Extra Button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Arquivos de programas\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (Microsoft Corporation)

O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Key error.)

O16 - DPF: {00000161-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/msaud.cab (Reg Error: Key error.)

O16 - DPF: {32564D57-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv8dmo.cab (Reg Error: Key error.)

O16 - DPF: {3334504D-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/C/8/0C8EDFAB-30BC-4792-898E-2DABE27B2C4D/mp43dmo.CAB (Reg Error: Key error.)

O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab (Reg Error: Key error.)

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.150.4.7 200.150.4.3 200.150.4.5

O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Arquivos de programas\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de programas\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de programas\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter: - text/xml - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\ARQUIV~1\Kaspersky) - File not found

O20 - AppInit_DLLs: (Lab\Kaspersky) - File not found

O20 - AppInit_DLLs: (Internet) - File not found

O20 - AppInit_DLLs: (Security) - C:\WINDOWS\System32\Security.dll (Microsoft Corporation)

O20 - AppInit_DLLs: (2009\mzvkbd.dll) - File not found

O20 - AppInit_DLLs: (C:\ARQUIV~1\Kaspersky) - File not found

O20 - AppInit_DLLs: (Lab\Kaspersky) - File not found

O20 - AppInit_DLLs: (Internet) - File not found

O20 - AppInit_DLLs: (Security) - C:\WINDOWS\System32\Security.dll (Microsoft Corporation)

O20 - AppInit_DLLs: (2009\mzvkbd3.dll) - File not found

O20 - AppInit_DLLs: (C:\ARQUIV~1\Kaspersky) - File not found

O20 - AppInit_DLLs: (Lab\Kaspersky) - File not found

O20 - AppInit_DLLs: (Internet) - File not found

O20 - AppInit_DLLs: (Security) - C:\WINDOWS\System32\Security.dll (Microsoft Corporation)

O20 - AppInit_DLLs: (2009\adialhk.dll) - File not found

O20 - AppInit_DLLs: (C:\ARQUIV~1\Kaspersky) - File not found

O20 - AppInit_DLLs: (Lab\Kaspersky) - File not found

O20 - AppInit_DLLs: (Internet) - File not found

O20 - AppInit_DLLs: (Security) - C:\WINDOWS\System32\Security.dll (Microsoft Corporation)

O20 - AppInit_DLLs: (2009\kloehk.dll) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\System32\klogon.dll (Kaspersky Lab)

O24 - Desktop Components:0 (Minha página inicial atual) - About:Home

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/04/20 19:45:11 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2002/01/01 17:30:20 | 00,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{1512ac04-351d-11de-a4ea-001cc06b60bc}\Shell\AutoRun\command - "" = G:\RESTORE\c-1-3-64-8794238531-8742492-9897532\Sys32.exe -- File not found

O33 - MountPoints2\{1512ac04-351d-11de-a4ea-001cc06b60bc}\Shell\open\command - "" = G:\RESTORE\c-1-3-64-8794238531-8742492-9897532\Sys32.exe -- File not found

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

 

========== Files/Folders - Created Within 30 Days ==========

 

[2009/09/03 17:05:24 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Felipe de Souza\Desktop\OTL.exe

[2009/08/30 23:12:43 | 02,395,745 | ---- | C] () -- C:\Documents and Settings\Felipe de Souza\Desktop\Bonde da Stronda - Reggaeton Playsson.mp3

[2009/08/30 23:07:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Felipe de Souza\Desktop\CD BONDE DA STRONDA - NOVA ERA DA STRONDA

[2009/08/30 23:07:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Felipe de Souza\Desktop\Bonde da Stronda

[2009/08/30 22:26:47 | 05,472,102 | ---- | C] () -- C:\Documents and Settings\Felipe de Souza\Desktop\Souja Boy -Kiss Me Thru The Phone.mp3

[2009/08/30 15:06:16 | 03,861,443 | ---- | C] () -- C:\Documents and Settings\Felipe de Souza\Desktop\GINO E GENO 2009 - com dinheiro é mole.mp3

[2009/08/30 14:46:47 | 00,005,759 | ---- | C] () -- C:\Documents and Settings\Felipe de Souza\Desktop\pork.jpg

[2009/08/30 14:28:36 | 03,940,835 | ---- | C] () -- C:\Documents and Settings\Felipe de Souza\Desktop\Ei, psiu ! beijo me liga - Michel Teló e João Bosco & Vinicius.mp3

[2009/08/30 14:28:33 | 06,125,560 | ---- | C] () -- C:\Documents and Settings\Felipe de Souza\Desktop\Vou jogar a chave fora - Maria Cecilia & Rodolfo.mp3

[2009/08/30 14:28:30 | 04,718,239 | ---- | C] () -- C:\Documents and Settings\Felipe de Souza\Desktop\QUEM AMA CUIDA-MARIA CECILIA E RODOLFO .mp3

[2009/08/30 13:48:54 | 00,000,000 | ---D | C] -- D:\MEUS DOCUMENTOS\Kav7

[2009/08/30 13:40:53 | 00,000,000 | ---D | C] -- D:\MEUS DOCUMENTOS\Forro Wanessa

[2009/08/30 13:18:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Felipe de Souza\Desktop\Luan Santana AO VIVO 2009

[2009/08/30 13:18:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Felipe de Souza\Desktop\FERNANDO E SOROCABA - VENDAVAL

[2009/08/30 12:36:59 | 03,318,758 | ---- | C] () -- C:\Documents and Settings\Felipe de Souza\Desktop\Fernando e Sorocaba - Paga Pau.mp3

[2009/08/28 19:44:18 | 00,140,486 | ---- | C] () -- D:\MEUS DOCUMENTOS\Peraeee!.JPG

[2009/08/28 19:43:41 | 00,000,000 | -H-- | C] () -- D:\MEUS DOCUMENTOS\Default.rdp

[2009/08/28 18:25:27 | 00,000,000 | ---D | C] -- C:\CD Fael

[2009/08/25 20:50:33 | 00,113,130 | ---- | C] () -- C:\Documents and Settings\Felipe de Souza\Desktop\Olha ele ae!2.jpg

[2009/08/25 20:50:03 | 00,067,137 | ---- | C] () -- C:\Documents and Settings\Felipe de Souza\Desktop\Olha ele ae!.jpg

[2009/08/25 20:40:25 | 00,185,988 | ---- | C] () -- C:\Documents and Settings\Felipe de Souza\Desktop\4.jpg

[2009/08/23 01:30:20 | 04,756,038 | ---- | C] () -- C:\Documents and Settings\Felipe de Souza\Desktop\04-T-Pain-Freeze (Feat. Chris Brown).mp3

[2009/08/23 01:30:13 | 03,668,010 | ---- | C] () -- C:\Documents and Settings\Felipe de Souza\Desktop\Britney - Radar ( CD High Quality ).mp3

[2009/08/22 14:28:11 | 53,644,9024 | -HS- | C] () -- C:\hiberfil.sys

[2009/08/20 20:57:54 | 00,000,000 | ---D | C] -- D:\MEUS DOCUMENTOS\rede wireless

[2009/08/17 23:38:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Felipe de Souza\Desktop\Celular de mae

[2009/08/13 14:35:00 | 00,322,604 | ---- | C] () -- D:\MEUS DOCUMENTOS\img166.jpg

[2009/08/12 21:21:53 | 00,009,822 | ---- | C] () -- D:\MEUS DOCUMENTOS\MENSAGEM EDNA.xlsx

[2009/08/12 13:33:28 | 00,062,524 | ---- | C] () -- D:\MEUS DOCUMENTOS\kkkkkk.jpg

[2009/08/12 12:50:07 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll

[2009/08/12 12:50:02 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll

[2009/08/12 12:50:02 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll

[2009/08/12 12:49:59 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll

[2009/08/12 12:49:58 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll

[2009/08/12 12:49:51 | 11,067,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll

[2009/08/12 12:49:15 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll

[2009/08/10 15:45:06 | 00,001,876 | ---- | C] () -- D:\MEUS DOCUMENTOS\KIS8-CM-20090912-041659B0.KEY

[2009/08/09 21:09:15 | 00,000,777 | ---- | C] () -- C:\Documents and Settings\Felipe de Souza\Desktop\PhotoScape.lnk

[2009/08/09 21:07:27 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\PhotoScape

[2009/08/07 22:36:02 | 00,044,850 | ---- | C] () -- D:\MEUS DOCUMENTOS\OgAAABrg-s5WdEDPA7rBJiIglP-j-xOF7Y9S8OH5bC2Zya7x8Z06N-qyeXX-6aprKd09kT740tDQW2cKPqTeEbx5oEoAm1T1UCI49los9ianeo5JK5Zj1TRwGmav.jpg

[2009/08/07 16:10:36 | 00,000,000 | ---D | C] -- D:\MEUS DOCUMENTOS\Kaspersky+Internet+Security+8.0.0.33+Alpha+1

[2009/08/07 16:09:52 | 00,001,852 | ---- | C] () -- D:\MEUS DOCUMENTOS\KIS8-CM-20090826-0551C10E.KEY

[2009/08/07 16:09:52 | 00,000,000 | ---D | C] -- D:\MEUS DOCUMENTOS\Avira Antivir9

[2009/08/07 16:08:59 | 44,366,840 | ---- | C] () -- D:\MEUS DOCUMENTOS\kis8.0.0.506br.exe

[2009/08/07 15:59:35 | 00,105,395 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat

[2009/08/07 15:59:35 | 00,094,643 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat

[2009/08/07 15:58:29 | 02,082,336 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat

[2009/08/07 15:58:29 | 00,426,016 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat

[2009/08/07 15:58:29 | 00,018,396 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx

[2009/08/07 15:58:29 | 00,003,584 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.idx

[2009/08/07 15:58:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab

[2009/08/07 15:58:29 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Kaspersky Lab

[2009/08/07 15:57:33 | 00,226,832 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys

[2009/08/07 15:52:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files

[2009/08/07 12:32:03 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Rapidown

[2009/08/07 10:45:01 | 00,000,000 | ---D | C] -- D:\MEUS DOCUMENTOS\Ferr Virus

[2009/08/06 00:58:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Felipe de Souza\Dados de aplicativos\Malwarebytes

[2009/08/06 00:58:08 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/08/06 00:58:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes

[2009/08/06 00:58:04 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/08/06 00:58:04 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Malwarebytes' Anti-Malware

[2009/08/05 23:23:13 | 00,097,596 | ---- | C] () -- D:\MEUS DOCUMENTOS\Adivinha quem eh....JPG

[2009/08/05 23:19:49 | 00,112,350 | ---- | C] () -- D:\MEUS DOCUMENTOS\OgAAAKurpnBwpPVoYCVcvQ4koTVs10ibhzUqp1aZx2Ag9yuqX4BrMghQPUHuQc6nVsf9GJTxG42HRJDX2_ITNihHKtgAm1T1UA7K7p5F4UldVo_2-SGb2FTHHXDp.jpg

[2009/08/05 22:31:18 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2009/08/05 22:31:18 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2009/08/05 22:31:18 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2009/08/05 01:11:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\OpenDNS Updater

[2009/08/05 00:23:15 | 00,000,529 | ---- | C] () -- C:\Documents and Settings\Felipe de Souza\Desktop\Receitanet 2009.lnk

[2009/08/05 00:23:12 | 00,128,000 | ---- | C] () -- C:\WINDOWS\DesinstWRecnet.EXE

[2009/08/05 00:23:12 | 00,122,880 | ---- | C] () -- C:\WINDOWS\DesinstRecnet.exe

[2009/08/05 00:23:12 | 00,005,361 | ---- | C] () -- C:\WINDOWS\DesinstWRecnet.ini

[2009/08/05 00:23:12 | 00,000,131 | ---- | C] () -- C:\WINDOWS\REC-NET.INI

[2009/08/05 00:23:12 | 00,000,000 | ---D | C] -- C:\Recnet

[2009/08/04 23:51:47 | 00,000,727 | ---- | C] () -- C:\Documents and Settings\Felipe de Souza\Desktop\IRPF2009 - Declaração de Ajuste Anual e Final de Espólio.lnk

[2009/07/24 15:42:27 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini

[2009/07/01 20:32:26 | 00,000,208 | ---- | C] () -- C:\WINDOWS\HpBestModeUpdatePatchLog.ini

[2009/07/01 20:25:18 | 00,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini

[2009/07/01 20:24:57 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini

[2009/07/01 19:37:56 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\MTiCtwl.sys

[2009/07/01 13:14:05 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll

[2009/06/19 15:45:40 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll

[2009/05/06 23:24:41 | 02,402,304 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll

[2009/05/06 23:24:39 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2009/05/06 23:24:39 | 00,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2009/05/06 23:24:32 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2009/05/06 23:24:30 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2009/04/29 15:06:45 | 00,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll

[2009/04/29 14:59:31 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll

[2009/04/29 14:59:27 | 00,152,064 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2009/04/29 14:59:25 | 00,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009/04/23 14:44:11 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\MSJCE.dll

[2009/04/22 14:15:11 | 00,002,867 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2009/04/22 14:15:09 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2009/04/21 18:17:00 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2009/04/20 21:32:42 | 00,335,872 | ---- | C] () -- C:\WINDOWS\System32\ldf252.dll

[2009/04/20 20:43:45 | 00,540,672 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll

[2009/04/20 20:43:45 | 00,151,552 | ---- | C] () -- C:\WINDOWS\System32\SLMOHServ.dll

[2009/04/20 20:43:45 | 00,014,976 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\winddx.sys

[2009/04/20 20:36:45 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll

[2009/04/20 20:23:46 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll

[2009/04/20 20:23:46 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2008/05/02 22:46:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2008/05/02 22:46:00 | 01,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2008/05/02 22:46:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2008/05/02 22:46:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2001/10/28 12:07:38 | 00,000,655 | ---- | C] () -- C:\WINDOWS\win.ini

[2001/10/28 12:07:30 | 00,000,827 | ---- | C] () -- C:\WINDOWS\system.ini

 

========== Files - Modified Within 30 Days ==========

 

[1 C:\WINDOWS\System32\*.tmp files]

[3 C:\WINDOWS\*.tmp files]

[2009/09/03 17:05:34 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Felipe de Souza\Desktop\OTL.exe

[2009/09/03 16:49:03 | 00,001,048 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2009/09/03 16:04:54 | 00,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/09/03 16:03:34 | 00,004,668 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml

[2009/09/03 16:03:14 | 00,001,044 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2009/09/03 16:03:10 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/09/03 16:03:06 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/09/03 16:03:03 | 53,644,9024 | -HS- | M] () -- C:\hiberfil.sys

[2009/09/03 13:16:32 | 02,082,336 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat

[2009/09/03 13:16:32 | 00,426,016 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat

[2009/09/03 13:16:32 | 00,018,396 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx

[2009/09/03 13:16:32 | 00,003,584 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx

[2009/09/03 11:56:27 | 00,000,474 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{2EE23A71-91D3-45DA-A56C-77DA13359452}.job

[2009/09/01 23:40:10 | 08,598,642 | -H-- | M] () -- C:\Documents and Settings\Felipe de Souza\Configurações locais\Dados de aplicativos\IconCache.db

[2009/08/30 23:13:17 | 02,395,745 | ---- | M] () -- C:\Documents and Settings\Felipe de Souza\Desktop\Bonde da Stronda - Reggaeton Playsson.mp3

[2009/08/30 22:26:54 | 05,472,102 | ---- | M] () -- C:\Documents and Settings\Felipe de Souza\Desktop\Souja Boy -Kiss Me Thru The Phone.mp3

[2009/08/30 15:11:21 | 03,861,443 | ---- | M] () -- C:\Documents and Settings\Felipe de Souza\Desktop\GINO E GENO 2009 - com dinheiro é mole.mp3

[2009/08/30 14:46:51 | 00,005,759 | ---- | M] () -- C:\Documents and Settings\Felipe de Souza\Desktop\pork.jpg

[2009/08/30 14:34:53 | 06,125,560 | ---- | M] () -- C:\Documents and Settings\Felipe de Souza\Desktop\Vou jogar a chave fora - Maria Cecilia & Rodolfo.mp3

[2009/08/30 14:33:46 | 04,718,239 | ---- | M] () -- C:\Documents and Settings\Felipe de Souza\Desktop\QUEM AMA CUIDA-MARIA CECILIA E RODOLFO .mp3

[2009/08/30 14:32:46 | 03,940,835 | ---- | M] () -- C:\Documents and Settings\Felipe de Souza\Desktop\Ei, psiu ! beijo me liga - Michel Teló e João Bosco & Vinicius.mp3

[2009/08/30 13:27:44 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2009/08/30 13:27:41 | 00,092,672 | ---- | M] () -- C:\Documents and Settings\Felipe de Souza\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/08/30 12:38:50 | 03,318,758 | ---- | M] () -- C:\Documents and Settings\Felipe de Souza\Desktop\Fernando e Sorocaba - Paga Pau.mp3

[2009/08/28 19:44:19 | 00,140,486 | ---- | M] () -- D:\MEUS DOCUMENTOS\Peraeee!.JPG

[2009/08/28 19:43:41 | 00,000,000 | -H-- | M] () -- D:\MEUS DOCUMENTOS\Default.rdp

[2009/08/25 20:50:33 | 00,113,130 | ---- | M] () -- C:\Documents and Settings\Felipe de Souza\Desktop\Olha ele ae!2.jpg

[2009/08/25 20:50:05 | 00,067,137 | ---- | M] () -- C:\Documents and Settings\Felipe de Souza\Desktop\Olha ele ae!.jpg

[2009/08/25 20:40:25 | 00,185,988 | ---- | M] () -- C:\Documents and Settings\Felipe de Souza\Desktop\4.jpg

[2009/08/25 13:28:19 | 00,000,655 | ---- | M] () -- C:\WINDOWS\win.ini

[2009/08/23 18:49:00 | 01,049,370 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009/08/23 18:49:00 | 00,479,518 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat

[2009/08/23 18:49:00 | 00,443,738 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009/08/23 18:49:00 | 00,083,622 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat

[2009/08/23 18:49:00 | 00,071,764 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009/08/23 01:30:56 | 00,011,867 | -HS- | M] () -- C:\Documents and Settings\Felipe de Souza\Desktop\Folder.jpg

[2009/08/23 01:30:56 | 00,003,136 | -HS- | M] () -- C:\Documents and Settings\Felipe de Souza\Desktop\AlbumArtSmall.jpg

[2009/08/23 01:30:41 | 04,756,038 | ---- | M] () -- C:\Documents and Settings\Felipe de Souza\Desktop\04-T-Pain-Freeze (Feat. Chris Brown).mp3

[2009/08/23 01:30:30 | 03,668,010 | ---- | M] () -- C:\Documents and Settings\Felipe de Souza\Desktop\Britney - Radar ( CD High Quality ).mp3

[2009/08/22 22:31:40 | 00,000,827 | ---- | M] () -- C:\WINDOWS\system.ini

[2009/08/22 22:31:40 | 00,000,211 | -HS- | M] () -- C:\boot.ini

[2009/08/13 14:35:00 | 00,322,604 | ---- | M] () -- D:\MEUS DOCUMENTOS\img166.jpg

[2009/08/12 22:02:49 | 00,009,822 | ---- | M] () -- D:\MEUS DOCUMENTOS\MENSAGEM EDNA.xlsx

[2009/08/12 13:33:32 | 00,062,524 | ---- | M] () -- D:\MEUS DOCUMENTOS\kkkkkk.jpg

[2009/08/10 15:41:11 | 00,001,876 | ---- | M] () -- D:\MEUS DOCUMENTOS\KIS8-CM-20090912-041659B0.KEY

[2009/08/09 21:09:15 | 00,000,777 | ---- | M] () -- C:\Documents and Settings\Felipe de Souza\Desktop\PhotoScape.lnk

[2009/08/07 22:36:04 | 00,044,850 | ---- | M] () -- D:\MEUS DOCUMENTOS\OgAAABrg-s5WdEDPA7rBJiIglP-j-xOF7Y9S8OH5bC2Zya7x8Z06N-qyeXX-6aprKd09kT740tDQW2cKPqTeEbx5oEoAm1T1UCI49los9ianeo5JK5Zj1TRwGmav.jpg

[2009/08/07 16:32:25 | 00,226,832 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys

[2009/08/07 16:32:25 | 00,033,808 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klbg.sys

[2009/08/07 16:32:21 | 00,105,395 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat

[2009/08/07 16:32:21 | 00,094,643 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat

[2009/08/07 15:51:46 | 44,366,840 | ---- | M] () -- D:\MEUS DOCUMENTOS\kis8.0.0.506br.exe

[2009/08/07 15:48:50 | 00,001,852 | ---- | M] () -- D:\MEUS DOCUMENTOS\KIS8-CM-20090826-0551C10E.KEY

[2009/08/06 01:21:21 | 00,001,685 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2009/08/05 23:23:13 | 00,097,596 | ---- | M] () -- D:\MEUS DOCUMENTOS\Adivinha quem eh....JPG

[2009/08/05 23:19:53 | 00,112,350 | ---- | M] () -- D:\MEUS DOCUMENTOS\OgAAAKurpnBwpPVoYCVcvQ4koTVs10ibhzUqp1aZx2Ag9yuqX4BrMghQPUHuQc6nVsf9GJTxG42HRJDX2_ITNihHKtgAm1T1UA7K7p5F4UldVo_2-SGb2FTHHXDp.jpg

[2009/08/05 22:03:16 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

[2009/08/05 06:00:39 | 00,205,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mswebdvd.dll

[2009/08/05 06:00:39 | 00,205,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll

[2009/08/05 00:50:24 | 00,000,008 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat

[2009/08/05 00:29:42 | 00,000,727 | ---- | M] () -- C:\Documents and Settings\Felipe de Souza\Desktop\IRPF2009 - Declaração de Ajuste Anual e Final de Espólio.lnk

[2009/08/05 00:23:15 | 00,000,529 | ---- | M] () -- C:\Documents and Settings\Felipe de Souza\Desktop\Receitanet 2009.lnk

[2009/08/05 00:23:15 | 00,000,131 | ---- | M] () -- C:\WINDOWS\REC-NET.INI

 

========== Files - Unicode (All) ==========

[2009/05/13 14:32:53 | 00,000,000 | ---D | C](D:\MEUS DOCUMENTOS\Minhas m?sicas) -- D:\MEUS DOCUMENTOS\Minhas msicas

[2009/05/13 14:32:53 | 00,000,000 | ---D | M](D:\MEUS DOCUMENTOS\Minhas m?sicas) -- D:\MEUS DOCUMENTOS\Minhas msicas

< End of report >

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Noite! Felipe71

 

<!> Normalmente,Extras.txt fica minimizado ao final do scan.

°°°°°°°°°°°°°°°°°°

<@> Baixe: < desktopicon.png > ( ...by sUBs )

 

<!> Link-2 --> < ForoSpyware >

 

<!> Link-3 --> < GeeksToGo >

 

<@> Salve-o no desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

 

<@> Ps: A execução,por comando,também é possível:

<@> Vá em Iniciar --> Executar --> Digite ou cole: "%userprofile%\desktop\Combofix.exe" /killall

 

combofixejr8.gif

 

<@> Clique em Ok.

<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!

 

RcAuto1.gif

 

<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

<@> Terminando,clique Sim ou Yes. --> Aguarde!

 

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta ComboFix.exe e faça,novamente,seu download.

<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em "Modo de Segurança". <-- Link!

<!> Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação:

 

Rookit_found.gif

 

<!> Ps: Anote essas detecções,e dê o OK.

<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

<!> Ps: Evite executar,voluntariamente,esta ferramenta!

<!> Ps: Para evitar problemas,siga todas as recomendações propostas.

<!> nuke.gifO ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão profissional.

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

<@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!

<><><><><><><><><><><><>

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Mário Monteiro    179

Mário Monteiro
Postado

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Arquivados (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito