[Resolvido!] Windows muito lento

[Villalobos 0]

Meu Windows esta muito lento, nunca foi desta maneira, qualquer programa que vou utilizar demora para abrir ou trava. Utilizo o Internet Explorer 8.0 e esta absurdamente lento (minha internet é de 1mb), e quando abro mais de uma guia aparece a mensagem de que o programa não esta respondendo, mas após alguns minutos a mensagem some e volta a funcionar. Já desfragmentei a HD, utilizei o programa MV Regclean para limpar o registro e o programa Full Speed para melhorar a conexão da internet, já passei o antivirus Spybot, AVG e o Bitdefender, mas nada melhorou. Acredito que seja algum virus, malware, spy segue o log do HiJackThis e do BankerFix.

E todos os programas sem exceção travam por alguns segundos quando estão inicializando.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:45:00, on 21/9/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Scan Server\bdss.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\system32\RunDll32.exe

C:\Arquivos de programas\Softwin\BitDefender8\bdmcon.exe

C:\Arquivos de programas\Softwin\BitDefender8\bdnagent.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABP.EXE

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Innovative Solutions\DriverMax\devices.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = >>> 'Full Speed' Enabled <<<

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll

O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [bDMCon] "C:\Arquivos de programas\Softwin\BitDefender8\bdmcon.exe"

O4 - HKLM\..\Run: [bDNewsAgent] "C:\Arquivos de programas\Softwin\BitDefender8\bdnagent.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [EPSON Stylus C87 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABP.EXE /P23 "EPSON Stylus C87 Series" /O5 "LPT1:" /M "Stylus C87"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [DriverMax] "C:\Arquivos de programas\Innovative Solutions\DriverMax\devices.exe" -agent

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Scan Server\bdss.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Arquivos de programas\Arquivos comuns\SureThing Shared\stllssvr.exe

O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Communicator\xcommsvr.exe

 

--

End of file - 9015 bytes

 

 

-------------------------------------------------------

BankerFix 3.1 VALKYRIE - Removedor de Bankers

Linha Defensiva | http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

-------------------------------------------------------

Data: 2009-09-21 - 22:48

-------------------------------------------------------

Lista de Definição: 2009-07-24-2 | CORE: 2009-07-24-1

=======================================================

 

 

 

----- Fim -------------------------

[DigRam 144]

Boa Tarde! Villalobos

 

<@> Baixe: < > ( ...by OldTimer Tools )

<@> Salve-o no desktop!

 

 

<@> Segundo a imagem,mude a opção em "Output" para "Minimal Output".

<@> Duplo-clique em OTL.exe --> Marque a opção "Scan All Users".

<@> Clique em: < > --> Aguarde!

<@> Poste:

 

<1> OTL.txt <--

<2> Extra.txt <--

 

Abraços!

[Villalobos 0]

Boa noite, DigRam!

 

Segue o OTL.txt e o Extras.txt

 

OTL logfile created on: 23/9/2009 20:47:25 - Run 1

OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\Ricardo\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

 

735,48 Mb Total Physical Memory | 201,11 Mb Available Physical Memory | 27,34% Memory free

1,76 Gb Paging File | 1,10 Gb Available in Paging File | 62,24% Paging File free

Paging file location(s): C:\pagefile.sys 1104 2208 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 74,55 Gb Total Space | 40,83 Gb Free Space | 54,77% Space Free | Partition Type: NTFS

Drive D: | 19,07 Gb Total Space | 8,24 Gb Free Space | 43,20% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: VILLALOBOS

Current User Name: Ricardo

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 

========== Processes (SafeList) ==========

 

PRC - C:\Arquivos de programas\GbPlugin\gbpsv.exe ( )

PRC - C:\Arquivos de programas\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)

PRC - C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Communicator\xcommsvr.exe (Softwin)

PRC - C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Scan Server\bdss.exe ()

PRC - C:\Arquivos de programas\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Arquivos de programas\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Arquivos de programas\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)

PRC - C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Arquivos de programas\Softwin\BitDefender8\bdmcon.exe (SOFTWIN S.R.L.)

PRC - C:\Arquivos de programas\Softwin\BitDefender8\bdnagent.exe ()

PRC - C:\Arquivos de programas\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABP.EXE (SEIKO EPSON CORPORATION)

PRC - C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)

PRC - C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

PRC - C:\Arquivos de programas\Innovative Solutions\DriverMax\devices.exe (Innovative Solutions)

PRC - C:\Arquivos de programas\Skype\Phone\Skype.exe (Skype Technologies S.A.)

PRC - C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

PRC - C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Co.)

PRC - C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe (Skype Technologies)

PRC - C:\Arquivos de programas\Internet Explorer\iexplore.exe (Microsoft Corporation)

PRC - C:\Arquivos de programas\Internet Explorer\iexplore.exe (Microsoft Corporation)

PRC - C:\Documents and Settings\Ricardo\Desktop\HiJackThis.exe (OldTimer Tools)

 

========== Win32 Services (SafeList) ==========

 

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)

SRV - (avg8emc [Auto | Running]) -- C:\Arquivos de programas\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)

SRV - (avg8wd [Auto | Running]) -- C:\Arquivos de programas\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (bdss [Auto | Running]) -- C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Scan Server\bdss.exe ()

SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)

SRV - (GbpSv [unknown | Running]) -- C:\Arquivos de programas\GbPlugin\gbpsv.exe ( )

SRV - (gusvc [On_Demand | Stopped]) -- C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)

SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

SRV - (hpqcxs08 [On_Demand | Running]) -- C:\Arquivos de programas\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)

SRV - (hpqddsvc [Auto | Running]) -- C:\Arquivos de programas\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)

SRV - (idsvc [unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)

SRV - (MDM [Auto | Running]) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)

SRV - (Net Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\System32\HPZinw12.dll (Hewlett-Packard)

SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)

SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\System32\HPZipm12.dll (Hewlett-Packard)

SRV - (stllssvr [On_Demand | Stopped]) -- C:\Arquivos de programas\Arquivos comuns\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)

SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)

SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

SRV - (XCOMM [Auto | Running]) -- C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Communicator\xcommsvr.exe (Softwin)

 

========== Driver Services (SafeList) ==========

 

DRV - (AvgLdx86 [system | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgMfx86 [system | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgTdiX [system | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)

DRV - (cmuda [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\cmuda.sys (C-Media Inc)

DRV - (gameenum [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys (Microsoft Corporation)

DRV - (GbpKm [boot | Running]) -- C:\WINDOWS\system32\drivers\GbpKm.sys (GAS Tecnologia)

DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys (HP)

DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys (HP)

DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys (HP)

DRV - (lgmcbus [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\lgmcbus.sys (MCCI Corporation)

DRV - (lgmcmdfl [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\lgmcmdfl.sys (MCCI Corporation)

DRV - (lgmcmdm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\lgmcmdm.sys (MCCI Corporation)

DRV - (lgmcmgmt [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\lgmcmgmt.sys (MCCI Corporation)

DRV - (lgmcnd5 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\lgmcnd5.sys (MCCI Corporation)

DRV - (lgmcobex [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\lgmcobex.sys (MCCI Corporation)

DRV - (lgmcunic [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\lgmcunic.sys (MCCI Corporation)

DRV - (ms_mpu401 [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\msmpu401.sys (Microsoft Corporation)

DRV - (NuidFltr [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\NuidFltr.sys (Microsoft Corporation)

DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)

DRV - (PxHelp20 [boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)

DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

DRV - (SiS315 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\sisgrp.sys (Silicon Integrated Systems Corporation)

DRV - (sisagp [boot | Running]) -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)

DRV - (SiSkp [system | Running]) -- C:\WINDOWS\System32\drivers\srvkp.sys ()

DRV - (SISNIC [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\sisnic.sys (SiS Corporation)

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

 

 

IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll ()

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll ()

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-606747145-1993962763-1957994488-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKU\S-1-5-21-606747145-1993962763-1957994488-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

IE - HKU\S-1-5-21-606747145-1993962763-1957994488-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-606747145-1993962763-1957994488-1003\S-1-5-21-606747145-1993962763-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 13:54:58 | 00,000,000 | ---D | M]

 

 

O1 HOSTS File: (331655 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.123topsearch.com

O1 - Hosts: 127.0.0.1 123topsearch.com

O1 - Hosts: 127.0.0.1 www.132.com

O1 - Hosts: 127.0.0.1 132.com

O1 - Hosts: 127.0.0.1 www.136136.net

O1 - Hosts: 127.0.0.1 136136.net

O1 - Hosts: 127.0.0.1 www.163ns.com

O1 - Hosts: 127.0.0.1 163ns.com

O1 - Hosts: 11359 more lines...

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()

O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehAbn.dll (Banco ABN AMRO)

O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.

O3 - HKU\S-1-5-21-606747145-1993962763-1957994488-1003\..\Toolbar\ShellBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.

O3 - HKU\S-1-5-21-606747145-1993962763-1957994488-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O4 - HKLM..\Run: [AVG8_TRAY] C:\Arquivos de programas\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [bDMCon] C:\Arquivos de programas\Softwin\BitDefender8\bdmcon.exe (SOFTWIN S.R.L.)

O4 - HKLM..\Run: [bDNewsAgent] C:\Arquivos de programas\Softwin\BitDefender8\bdnagent.exe ()

O4 - HKLM..\Run: [Cmaudio] File not found

O4 - HKLM..\Run: [EPSON Stylus C87 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABP.EXE (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [siS Tray] File not found

O4 - HKLM..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.)

O4 - HKU\S-1-5-21-606747145-1993962763-1957994488-1003..\Run: [DriverMax] C:\Arquivos de programas\Innovative Solutions\DriverMax\devices.exe (Innovative Solutions)

O4 - HKU\S-1-5-21-606747145-1993962763-1957994488-1003..\Run: [skype] C:\Arquivos de programas\Skype\Phone\Skype.exe (Skype Technologies S.A.)

O4 - HKU\S-1-5-21-606747145-1993962763-1957994488-1003..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - HKU\S-1-5-21-606747145-1993962763-1957994488-1003..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-606747145-1993962763-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de programas\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)

O12 - Plugin for: .spop - C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)

O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKU\S-1-5-21-606747145-1993962763-1957994488-1003\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx (get_atlcom Class)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab (GbPluginObj Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.204.0.10 200.204.0.138

O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de programas\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de programas\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de programas\Arquivos comuns\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O20 - HKU\S-1-5-21-606747145-1993962763-1957994488-1003 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\ GbPluginAbn: DllName - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll - C:\Arquivos de programas\GbPlugin\gbiehAbn.dll (Banco ABN AMRO)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found

O24 - Desktop Components:0 (Minha página inicial atual) - About:Home

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\Arquivos de programas\GbPlugin\gbiehAbn.dll (Banco ABN AMRO)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/06/29 10:32:10 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2006/11/26 13:42:04 | 00,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

 

========== Files/Folders - Created Within 30 Days ==========

 

[6 C:\WINDOWS\System32\*.tmp files]

[2009/09/23 20:45:59 | 00,514,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ricardo\Desktop\HiJackThis.exe

[2009/09/21 22:47:01 | 00,000,000 | ---D | C] -- C:\LinhaDefensiva

[2009/09/21 22:44:12 | 00,001,813 | ---- | C] () -- C:\Documents and Settings\Ricardo\Desktop\HijackThis.lnk

[2009/09/21 22:44:10 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Trend Micro

[2009/09/18 23:16:40 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Haali

[2009/09/18 23:16:23 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\CoreCodec

[2009/09/17 19:14:23 | 00,000,996 | ---- | C] () -- C:\Documents and Settings\Ricardo\Desktop\Spybot - Search & Destroy.lnk

[2009/09/17 19:07:25 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Ricardo\Desktop\setup-spybotsd162.exe

[2009/09/17 14:25:44 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Microsoft

[2009/09/17 14:25:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documentos\microsoft

[2009/09/17 14:25:18 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Windows Live SkyDrive

[2009/09/17 14:17:40 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Windows Live

[2009/09/17 13:57:55 | 00,000,769 | ---- | C] () -- C:\Documents and Settings\Ricardo\Desktop\MediaCoder.lnk

[2009/09/17 13:05:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ricardo\Dados de aplicativos\Broad Intelligence

[2009/09/13 20:04:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ricardo\Dados de aplicativos\Google

[2009/09/13 20:04:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ricardo\Configurações locais\Dados de aplicativos\Google

[2009/09/13 19:30:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Google

[2009/09/13 19:30:11 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Google

[2009/09/12 18:30:50 | 00,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2009/09/12 18:30:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ricardo\Dados de aplicativos\skypePM

[2009/09/12 18:30:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ricardo\Dados de aplicativos\Skype

[2009/09/12 18:29:21 | 00,001,896 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2009/09/12 18:29:19 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Skype

[2009/09/12 18:29:12 | 00,000,000 | R--D | C] -- C:\Arquivos de programas\Skype

[2009/09/12 18:29:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Skype

[2009/09/11 19:55:34 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt10.sqm

[2009/09/11 19:55:34 | 00,000,232 | -H-- | C] () -- C:\sqmdata10.sqm

[2009/09/06 23:55:11 | 00,000,035 | ---- | C] () -- C:\Documents and Settings\Ricardo\Meus documentos\WUPDATE.INI

[2009/09/06 23:54:57 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Sexy Dreams

[2009/09/06 13:42:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Windows Genuine Advantage

[2009/09/06 11:27:09 | 00,018,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll

[2009/09/06 11:26:04 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Windows Media Connect 2

[2009/09/06 11:21:13 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf

[2009/09/06 11:21:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles

[2009/09/06 11:21:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF

[2009/09/04 20:44:33 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Sexy Poker 5

[2009/08/28 18:30:59 | 00,000,268 | -H-- | C] () -- C:\sqmdata09.sqm

[2009/08/28 18:30:59 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt09.sqm

[2009/08/27 20:29:04 | 00,027,712 | ---- | C] () -- C:\Documents and Settings\Ricardo\Meus documentos\Domino.Rally.USA.Wii-APATHY(TorrentSpain.com) [mininova].torrent

[2009/08/26 14:32:26 | 00,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MSTEE.sys

[2009/08/26 14:32:26 | 00,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys

[2009/08/26 14:32:17 | 00,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\NdisIP.sys

[2009/08/26 14:32:17 | 00,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys

[2009/08/26 14:32:13 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax

[2009/08/26 14:32:13 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax

[2009/08/26 14:32:13 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\StreamIP.sys

[2009/08/26 14:32:13 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys

[2009/08/26 14:32:10 | 00,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\SLIP.sys

[2009/08/26 14:32:10 | 00,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys

[2009/08/26 14:32:06 | 00,019,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\WSTCODEC.SYS

[2009/08/26 14:32:06 | 00,019,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys

[2009/08/26 14:32:02 | 00,085,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\NABTSFEC.sys

[2009/08/26 14:32:02 | 00,085,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys

[2009/08/26 14:31:59 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\CCDECODE.sys

[2009/08/26 14:31:59 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys

[2009/08/26 14:31:30 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax

[2009/08/26 14:31:30 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax

[2009/08/26 14:31:30 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax

[2009/08/26 14:31:30 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax

[2009/08/26 14:31:30 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax

[2009/08/26 14:31:30 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vidcap.ax

[2009/08/26 14:31:29 | 00,078,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbvideo.sys

[2009/08/26 14:31:29 | 00,078,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbvideo.sys

[2009/08/26 14:31:29 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll

[2009/08/26 14:31:29 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll

[2009/08/26 14:31:27 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax

[2009/08/26 14:31:27 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax

[2009/08/26 14:31:27 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dshowext.ax

[2009/08/26 14:31:27 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax

[2009/06/14 07:39:56 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2009/06/14 07:39:56 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini

[2009/06/14 07:39:53 | 00,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009/06/14 07:39:53 | 00,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2008/11/21 18:45:16 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest

[2008/11/21 18:45:16 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest

[2008/07/02 21:25:34 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI

[2008/06/29 17:34:03 | 00,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll

[2008/06/29 15:06:04 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2008/06/29 11:14:38 | 00,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2008/06/29 11:03:50 | 00,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI

[2008/06/29 11:03:50 | 00,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI

[2008/06/29 11:03:49 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Wininit.ini

[2008/06/29 11:03:27 | 00,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll

[2008/06/29 11:00:35 | 00,032,738 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini

[2008/06/29 11:00:35 | 00,015,066 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini

[2008/06/29 11:00:35 | 00,008,576 | R--- | C] () -- C:\WINDOWS\System32\drivers\srvkp.sys

[2008/06/29 10:59:25 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\setuplib.dll

[2008/06/29 10:57:02 | 00,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL

[2005/01/18 13:34:36 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\akrip32.dll

[2004/11/09 11:08:20 | 00,864,256 | ---- | C] () -- C:\WINDOWS\System32\FreeImage.dll

[2003/11/18 01:29:04 | 00,055,808 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll

[2002/12/03 21:47:16 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll

[2001/10/28 09:07:38 | 00,001,391 | ---- | C] () -- C:\WINDOWS\win.ini

[2001/10/28 09:07:30 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini

 

========== Files - Modified Within 30 Days ==========

 

[6 C:\WINDOWS\System32\*.tmp files]

[3 C:\WINDOWS\*.tmp files]

[2009/09/23 20:46:18 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ricardo\Desktop\HiJackThis.exe

[2009/09/23 19:59:49 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job

[2009/09/23 19:50:36 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/09/23 19:50:26 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/09/23 09:47:37 | 41,682,288 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2009/09/22 20:15:31 | 00,112,900 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg

[2009/09/22 20:10:55 | 00,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/09/21 22:49:50 | 00,331,655 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2009/09/21 22:44:12 | 00,001,813 | ---- | M] () -- C:\Documents and Settings\Ricardo\Desktop\HijackThis.lnk

[2009/09/21 22:05:23 | 00,199,168 | ---- | M] () -- C:\Documents and Settings\Ricardo\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/09/17 20:32:05 | 00,331,657 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090920-141705.backup

[2009/09/17 20:31:19 | 00,331,657 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090917-203205.backup

[2009/09/17 19:19:41 | 00,145,216 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009/09/17 19:14:23 | 00,000,996 | ---- | M] () -- C:\Documents and Settings\Ricardo\Desktop\Spybot - Search & Destroy.lnk

[2009/09/17 19:09:38 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Ricardo\Desktop\setup-spybotsd162.exe

[2009/09/17 19:02:05 | 00,262,472 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090917-203118.backup

[2009/09/17 14:26:52 | 00,030,376 | ---- | M] () -- C:\Documents and Settings\Ricardo\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT

[2009/09/17 14:16:29 | 00,000,964 | ---- | M] () -- C:\Documents and Settings\Ricardo\Meus documentos\Minhas Pastas de Compartilhamento.lnk

[2009/09/17 13:57:55 | 00,000,769 | ---- | M] () -- C:\Documents and Settings\Ricardo\Desktop\MediaCoder.lnk

[2009/09/12 18:45:12 | 00,054,272 | ---- | M] () -- C:\Documents and Settings\Ricardo\Meus documentos\CV - Ricardo Villalobos.doc

[2009/09/12 18:30:50 | 00,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat

[2009/09/12 18:29:21 | 00,001,896 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2009/09/11 19:55:34 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm

[2009/09/11 19:55:34 | 00,000,232 | -H-- | M] () -- C:\sqmdata10.sqm

[2009/09/08 21:01:10 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2009/09/07 00:02:43 | 00,000,035 | ---- | M] () -- C:\Documents and Settings\Ricardo\Meus documentos\WUPDATE.INI

[2009/09/06 13:40:23 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb

[2009/09/06 13:40:23 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb

[2009/09/06 11:26:31 | 00,001,391 | ---- | M] () -- C:\WINDOWS\win.ini

[2009/09/06 11:23:17 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx

[2009/09/06 11:21:13 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf

[2009/09/06 10:42:56 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2009/08/28 18:38:20 | 24,689,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

[2009/08/28 18:30:59 | 00,000,268 | -H-- | M] () -- C:\sqmdata09.sqm

[2009/08/28 18:30:59 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm

[2009/08/27 20:29:05 | 00,027,712 | ---- | M] () -- C:\Documents and Settings\Ricardo\Meus documentos\Domino.Rally.USA.Wii-APATHY(TorrentSpain.com) [mininova].torrent

[2009/08/25 18:13:51 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll

[2009/08/25 18:13:50 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys

[2009/08/25 18:13:50 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 262 bytes -> C:\WINDOWS\System32\drivers:GbpKmAp.lst

@Alternate Data Stream - 24 bytes -> C:\WINDOWS:8D34975E9892B1DE

< End of report >

 

 

 

 

 

OTL Extras logfile created on: 23/9/2009 20:47:25 - Run 1

OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\Ricardo\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

 

735,48 Mb Total Physical Memory | 201,11 Mb Available Physical Memory | 27,34% Memory free

1,76 Gb Paging File | 1,10 Gb Available in Paging File | 62,24% Paging File free

Paging file location(s): C:\pagefile.sys 1104 2208 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 74,55 Gb Total Space | 40,83 Gb Free Space | 54,77% Space Free | Partition Type: NTFS

Drive D: | 19,07 Gb Total Space | 8,24 Gb Free Space | 43,20% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: VILLALOBOS

Current User Name: Ricardo

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

htmlfile [edit] -- "C:\Arquivos de programas\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [open] -- "C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Arquivos de programas\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- "C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

https [open] -- "C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Arquivos de programas\Internet Explorer\iexplore.exe" (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe" = C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" = C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Arquivos de programas\AVG\AVG8\avgupd.exe" = C:\Arquivos de programas\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Arquivos de programas\AVG\AVG8\avgemc.exe" = C:\Arquivos de programas\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Arquivos de programas\uTorrent\uTorrent.exe" = C:\Arquivos de programas\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqste08.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hposfx08.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpoews01.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\Messenger\msmsgs.exe" = C:\Arquivos de programas\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)

"C:\Arquivos de programas\Soulseek-Test\slsk.exe" = C:\Arquivos de programas\Soulseek-Test\slsk.exe:*:Enabled:SoulSeek -- ()

"C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE" = C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE:*:Disabled:Internet Explorer -- (Microsoft Corporation)

"C:\WINDOWS\system32\rtcshare.exe" = C:\WINDOWS\system32\rtcshare.exe:*:Disabled:Compartilhamento de aplicativo RTC -- (Microsoft Corporation)

"C:\Arquivos de programas\Windows Live\Messenger\msmnsgr.exe" = C:\Arquivos de programas\Windows Live\Messenger\msmnsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe" = C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" = C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

"C:\Arquivos de programas\Skype\Phone\Skype.exe" = C:\Arquivos de programas\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc

"{084BCE20-5505-4586-8A37-D454E2A6FB09}" = LG PC Suite II

"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp

"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch

"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II

"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live

"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer

"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg

"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan

"{32BC546A-8AA3-4239-AE92-9CF3291C35A6}" = Windows Live Call

"{350C9416-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{44B2E182-DD85-45FC-9F51-326B81D7C7F1}" = Fax

"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply

"{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}" = Assistente de Conexão do Windows Live

"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features

"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport

"{6059C682-4C5F-4106-8487-943E98225D3B}" = LG MC USB Modem driver

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder

"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01

"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01

"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{8BFFDBAB-FD81-4137-A98E-A769C828080C}" = BitDefender 8 Free Edition

"{90280416-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional com FrontPage

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant

"{AF145F8997B44EE9B106D018EF1DB58B}" = DivX Converter Mobile

"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B5ED7AB0-3838-4389-8549-7C8E22DD48F4}" = Windows Live Messenger

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{B7FB6B99-C93C-4818-825B-37EF4B64C80C}" = PS_AIO_02_Software

"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution

"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C14337B6-7777-4643-A0B0-B054EF10F59D}" = c5200_Help

"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver

"{C68BF996-C440-46f5-AFCF-A0CE584AB95C}" = C5200

"{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1

"{D25BDCF5-19F6-4d9e-B9C9-273FE81446C4}" = PS_AIO_02_ProductContext

"{D64BC2CF-0F12-47d7-B412-B4F3FD684253}" = HP Photosmart All-In-One Software 9.0

"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm

"{E96DA799-C0DF-44d7-AE41-D8312824B898}" = C5200_doccd

"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox

"{EDA2E9CA-8B7E-4BC0-9B0F-34B299555BF3}" = Retail Virtual EVE

"{EF0D2E55-6FE2-4e35-BE22-A742E85D84E3}" = PS_AIO_02_Software_min

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F2CD4651-F948-467C-B014-71FD981B7F59}" = Windows Live Essentials

"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE

"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status

"18 Wheels of Steel American Long Haul 1.00" = 18 Wheels of Steel American Long Haul 1.00

"7-Zip" = 7-Zip 4.43 beta

"Adobe Acrobat 5.0" = Adobe Acrobat 5.0

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"AVG8Uninstall" = AVG Free 8.5

"Checkers" = Checkers

"Chess" = Chess

"C-Media Audio" = C-Media 3D Audio

"CoreAVC Pro" = CoreAVC Pro (remove only)

"DMX4_is1" = DriverMax 4

"DVD Shrink_is1" = DVD Shrink 3.2

"EPSON Printer and Utilities" = EPSON Printer Software

"ffdshow_is1" = ffdshow [rev 2744] [2009-03-05]

"'Full Speed' Internet Booster + Performance Tests3.4" = 'Full Speed' Internet Booster + Performance Tests

"Gonzo Heads" = Gonzo Heads

"HaaliMkx" = Haali Media Splitter

"Hearts" = Hearts

"HijackThis" = HijackThis 2.0.2

"HP Imaging Device Functions" = HP Imaging Device Functions 9.0

"HP Photosmart Essential" = HP Photosmart Essential 2.01

"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0

"HPExtendedCapabilities" = HP Customer Participation Program 9.0

"HPOCR" = HP OCR Software 9.0

"ie8" = Windows Internet Explorer 8

"ImgBurn" = ImgBurn

"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.9.0

"Laptop Drop" = Laptop Drop

"Mahjongg Master 4" = Mahjongg Master 4

"Mahjongg Master 5" = Mahjongg Master 5

"MediaCoder" = MediaCoder 0.6.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"MV RegClean 5.9_is1" = MV RegClean 5.9

"Nero - Burning Rom!UninstallKey" = Nero OEM

"NeroVision!UninstallKey" = Nero Digital

"PMP Transcoding Tool_is1" = PMP Transcoding Tool 0.5.1.0 For Windows NT/2000/XP

"Poker Palace" = Poker Palace

"Puzzle Master 3" = Puzzle Master 3

"Sexy Poker 5" = Sexy Poker 5

"SiS Compatible VGA V2.12" = SiS Compatible VGA V2.12

"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver

"Solitaire Master 3" = Solitaire Master 3

"Soulseek2" = SoulSeek Client 157 test 12c

"Spades" = Spades

"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20

"VobSub" = VobSub v2.23 (Remove Only)

"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

"WIC" = Windows Imaging Component

"WinAVI Video Converter 9.09.0" = WinAVI Video Converter 9.0

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"WinLiveSuite_Wave3" = Windows Live Essentials

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-606747145-1993962763-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"uTorrent" = µTorrent

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 12/9/2009 17:43:43 | Computer Name = VILLALOBOS | Source = Application Hang | ID = 1002

Description = Aplicativo com falha iexplore.exe, versão 8.0.6001.18702, módulo com

falha hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

 

Error - 12/9/2009 17:55:51 | Computer Name = VILLALOBOS | Source = Windows Live Messenger | ID = 1000

Description =

 

Error - 13/9/2009 20:45:56 | Computer Name = VILLALOBOS | Source = Application Hang | ID = 1002

Description = Aplicativo com falha iexplore.exe, versão 8.0.6001.18702, módulo com

falha hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

 

Error - 15/9/2009 00:01:53 | Computer Name = VILLALOBOS | Source = Application Hang | ID = 1002

Description = Aplicativo com falha iexplore.exe, versão 8.0.6001.18702, módulo com

falha hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

 

Error - 17/9/2009 17:46:18 | Computer Name = VILLALOBOS | Source = Application Hang | ID = 1002

Description = Aplicativo com falha iexplore.exe, versão 8.0.6001.18702, módulo com

falha hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

 

Error - 19/9/2009 18:23:22 | Computer Name = VILLALOBOS | Source = Application Hang | ID = 1002

Description = Aplicativo com falha iexplore.exe, versão 8.0.6001.18702, módulo com

falha hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

 

Error - 20/9/2009 17:05:19 | Computer Name = VILLALOBOS | Source = Application Hang | ID = 1002

Description = Aplicativo com falha iexplore.exe, versão 8.0.6001.18702, módulo com

falha hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

 

Error - 20/9/2009 22:35:09 | Computer Name = VILLALOBOS | Source = Application Hang | ID = 1002

Description = Aplicativo com falha iexplore.exe, versão 8.0.6001.18702, módulo com

falha hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

 

Error - 20/9/2009 22:35:47 | Computer Name = VILLALOBOS | Source = Application Hang | ID = 1002

Description = Aplicativo com falha iexplore.exe, versão 8.0.6001.18702, módulo com

falha hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

 

Error - 21/9/2009 21:27:43 | Computer Name = VILLALOBOS | Source = Application Hang | ID = 1002

Description = Aplicativo com falha HiJackThis.exe, versão 2.0.0.2, módulo com falha

hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

 

[ System Events ]

Error - 18/9/2009 18:20:52 | Computer Name = VILLALOBOS | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume

foi interrompido.

 

Error - 19/9/2009 17:29:51 | Computer Name = VILLALOBOS | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume

foi interrompido.

 

Error - 20/9/2009 09:05:38 | Computer Name = VILLALOBOS | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume

foi interrompido.

 

Error - 20/9/2009 16:18:07 | Computer Name = VILLALOBOS | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume

foi interrompido.

 

Error - 21/9/2009 16:05:22 | Computer Name = VILLALOBOS | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume

foi interrompido.

 

Error - 21/9/2009 18:13:23 | Computer Name = VILLALOBOS | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume

foi interrompido.

 

Error - 22/9/2009 19:11:21 | Computer Name = VILLALOBOS | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume

foi interrompido.

 

Error - 23/9/2009 08:30:36 | Computer Name = VILLALOBOS | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume

foi interrompido.

 

Error - 23/9/2009 18:27:06 | Computer Name = VILLALOBOS | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume

foi interrompido.

 

Error - 23/9/2009 18:50:56 | Computer Name = VILLALOBOS | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume

foi interrompido.

 

 

< End of report >

 

 

Fico no arguardo porque o Lentiun aqui está dificil de usar :P !

Abraço!

[DigRam 144]

Boa Noite! Villalobos

 

<@> Faça um escaneamento online em: < Panda ActiveScan 2.0 >

<@> Ps: Utilize o navegador Firefox ou Internet Explorer.

<@> Faça o registro gratuito,para que tenhas a opção na desinfecção de arquivos.

<@> Clique em "Registar-se".

<@> Terminando,clique em "Enviar".

<@> Na janela de boas vindas,escolha a "Análise rápida" --> Clique em "Analisar agora".

<@> Se esta é a primeira vez que utiliza o ActiveScan 2.0,com o Mozilla Firefox,será pedido a instalação de um plugin.

<@> Portanto,para que o ActiveScan 2.0 funcione,é necessário transferir e instalar essa extensão.

<@> Aguarde,também,a atualização do ActiveScan 2.0.

<@> Terminando,podes dar início ao scan.

<@> Ao final da verificação,clique em "Disinfect". <-- Caso esteja habilitada!

<@> Clique,à seguir,em "Export to" para que tenhamos o relatório. <-- Salve-o no desktop!

<@> Poste: ActiveScan.txt <--

 

Abraços!

[Villalobos 0]

Boa tarde!

 

Fiz o escaneamento online e acusou infecção em algun arquivos, mas a opção Disinfect não ficou habilitada. Como vi que eram só cookies, mandei excluir todos os cookies. Também fiz a atualização do BitDefender pra versão 10, mandei escanear e não detectou nada, fiz a atualização do Spybot 1.6.2 e nenhuma ameça foi encontrada.

 

Segue o ActiveScan.txt:

 

;***********************************************************************

ANALYSIS: 2009-09-24 16:04:20

PROTECTIONS: 2

MALWARE: 21

SUSPECTS: 0

;***********************************************************************

PROTECTIONS

Description Version Active Updated

;=======================================================================

Bitdefender Antivirus 8.0 Yes Yes

AVG Anti-Virus Free 8.5 Yes Yes

;=======================================================================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;=======================================================================

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Ricardo\Cookies\ricardo@atdmt[2].txt

00149116 Cookie/Ccbill TrackingCookie No 0 Yes No C:\Documents and Settings\Ricardo\Cookies\ricardo@ccbill[1].txt

00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Ricardo\Cookies\ricardo@com[1].txt

00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\Ricardo\Cookies\ricardo@yadro[2].txt

00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Ricardo\Cookies\ricardo@xiti[1].txt

00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\Ricardo\Cookies\ricardo@toplist[1].txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Ricardo\Cookies\ricardo@ad.yieldmanager[2].txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Ricardo\Cookies\ricardo@ad.yieldmanager[3].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Ricardo\Cookies\ricardo@serving-sys[1].txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Ricardo\Cookies\ricardo@bs.serving-sys[1].txt

00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Ricardo\Cookies\ricardo@weborama[1].txt

00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\Ricardo\Cookies\ricardo@stat.onestat[2].txt

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Ricardo\Cookies\ricardo@ads.pointroll[1].txt

00170553 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Ricardo\Cookies\ricardo@ig.com[1].txt

00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Ricardo\Cookies\ricardo@overture[1].txt

00170557 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Ricardo\Cookies\ricardo@terra.com[2].txt

00170559 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Ricardo\Cookies\ricardo@uol.com[2].txt

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Ricardo\Cookies\ricardo@questionmarket[1].txt

00180246 Cookie/XXXCounter TrackingCookie No 0 Yes No C:\Documents and Settings\Ricardo\Cookies\ricardo@xxxcounter[1].txt

00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Ricardo\Cookies\ricardo@searchportal.information[1].txt

00286736 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Ricardo\Cookies\ricardo@cgi-bin[1].txt

01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Ricardo\Cookies\ricardo@adserver.easyad[2].txt

;======================================================================

SUSPECTS

Sent Location

;======================================================================

;======================================================================

VULNERABILITIES

Id Severity Description

;======================================================================

129976 MEDIUM MS06-052

;======================================================================

[DigRam 144]

Bom Dia! Villalobos

 

<@> Faça um scan online em: < Kaspersky >

<@> Utilize para isso,o navegador Internet Explorer.

<@> Acesse o site,e clique em Kaspersky Online Scanner.

<@> Na próxima página,clique em: I Accept

<@> Isto,para que se instale o controle ActiveX e,em seguida,atualize o banco de dados.

<@> Na próxima página,clique em: My Computer e faça o scan.

<@> Tenha paciência!

<@> Aguarde a atualização da base de dados,e também do exame,que é demorado.

<@> Terminando,salve e poste o relatório.

<@> Clique em Save Report As... para salvar o log. ( Kaspersky_Online_Scanner_7_Report.txt )

<@> Salve o resultado como .txt,segundo a imagem abaixo:

 

 

<@> Poste,também,HijackThis atualizado.

 

Abraços!

[Villalobos 0]

Bom dia!

 

DigRam, pelos resultados estou achando que a lentidão de meu computador esta em algum problema de instalação, conflito... tem algo que pode ser feito para verificar isso?

 

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0: scan report

Saturday, September 26, 2009

Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Friday, September 25, 2009 21:00:49

Records in database: 2920159

--------------------------------------------------------------------------------

 

Scan settings:

scan using the following database: extended

Scan archives: yes

Scan e-mail databases: yes

 

Scan area - My Computer:

A:\

C:\

D:\

E:\

F:\

 

Scan statistics:

Objects scanned: 154106

Threats found: 1

Infected objects found: 1

Suspicious objects found: 0

Scan duration: 11:40:27

 

 

File name / Threat / Threats count

D:\Documents and Settings\Ricardo\Meus documentos\Tranqueiras\WinASORD.exe Infected: Trojan.Win32.Delf.bsg 1

 

Selected area has been scanned.

 

 

OTL logfile created on: 26/9/2009 08:27:36 - Run 2

OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\Ricardo\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

 

735,48 Mb Total Physical Memory | 293,85 Mb Available Physical Memory | 39,95% Memory free

1,76 Gb Paging File | 0,68 Gb Available in Paging File | 38,56% Paging File free

Paging file location(s): C:\pagefile.sys 1104 2208 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 74,55 Gb Total Space | 32,12 Gb Free Space | 43,09% Space Free | Partition Type: NTFS

Drive D: | 19,07 Gb Total Space | 8,24 Gb Free Space | 43,20% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: VILLALOBOS

Current User Name: Ricardo

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 

========== Processes (SafeList) ==========

 

PRC - C:\Arquivos de programas\GbPlugin\gbpsv.exe ( )

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)

PRC - C:\Arquivos de programas\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABP.EXE (SEIKO EPSON CORPORATION)

PRC - C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)

PRC - C:\Arquivos de programas\Softwin\BitDefender10\bdmcon.exe (SOFTWIN S.R.L.)

PRC - C:\Arquivos de programas\Softwin\BitDefender10\bdagent.exe (SOFTWIN S.R.L.)

PRC - C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

PRC - C:\Arquivos de programas\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Arquivos de programas\Skype\Phone\Skype.exe (Skype Technologies S.A.)

PRC - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)

PRC - C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

PRC - C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Communicator\xcommsvr.exe (SOFTWIN S.R.L)

PRC - C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Update Service\livesrv.exe (SOFTWIN S.R.L.)

PRC - C:\Arquivos de programas\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Arquivos de programas\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Arquivos de programas\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Arquivos de programas\Internet Explorer\iexplore.exe (Microsoft Corporation)

PRC - C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

PRC - C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe (Skype Technologies)

PRC - C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)

PRC - C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Co.)

PRC - C:\Arquivos de programas\Internet Explorer\iexplore.exe (Microsoft Corporation)

PRC - C:\Arquivos de programas\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

PRC - C:\Arquivos de programas\Java\jre6\bin\java.exe (Sun Microsystems, Inc.)

PRC - C:\Documents and Settings\Ricardo\Configurações locais\Temp\jkos-Ricardo\binaries\ScanningProcess.exe (Kaspersky Lab.)

PRC - C:\Arquivos de programas\Internet Explorer\iexplore.exe (Microsoft Corporation)

PRC - C:\Arquivos de programas\Internet Explorer\iexplore.exe (Microsoft Corporation)

PRC - C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Scan Server\bdss.exe ()

PRC - C:\Arquivos de programas\Softwin\BitDefender10\vsserv.exe (SOFTWIN S.R.L.)

PRC - C:\Documents and Settings\Ricardo\Desktop\HiJackThis.exe (OldTimer Tools)

 

========== Win32 Services (SafeList) ==========

 

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)

SRV - (avg8emc [Auto | Running]) -- C:\Arquivos de programas\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)

SRV - (avg8wd [Auto | Running]) -- C:\Arquivos de programas\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (bdss [Auto | Running]) -- C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Scan Server\bdss.exe ()

SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)

SRV - (GbpSv [unknown | Running]) -- C:\Arquivos de programas\GbPlugin\gbpsv.exe ( )

SRV - (gusvc [On_Demand | Stopped]) -- C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)

SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

SRV - (hpqcxs08 [On_Demand | Running]) -- C:\Arquivos de programas\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)

SRV - (hpqddsvc [Auto | Running]) -- C:\Arquivos de programas\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)

SRV - (idsvc [unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)

SRV - (LIVESRV [Auto | Running]) -- C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Update Service\livesrv.exe (SOFTWIN S.R.L.)

SRV - (MDM [Auto | Running]) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)

SRV - (Net Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\System32\HPZinw12.dll (Hewlett-Packard)

SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)

SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\System32\HPZipm12.dll (Hewlett-Packard)

SRV - (stllssvr [On_Demand | Stopped]) -- C:\Arquivos de programas\Arquivos comuns\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)

SRV - (VSSERV [Auto | Running]) -- C:\Arquivos de programas\Softwin\BitDefender10\vsserv.exe (SOFTWIN S.R.L.)

SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)

SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

SRV - (XCOMM [Auto | Running]) -- C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Communicator\xcommsvr.exe (SOFTWIN S.R.L)

SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Arquivos de programas\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

 

========== Driver Services (SafeList) ==========

 

DRV - (AvgLdx86 [system | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgMfx86 [system | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgTdiX [system | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)

DRV - (cmuda [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\cmuda.sys (C-Media Inc)

DRV - (gameenum [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys (Microsoft Corporation)

DRV - (GbpKm [boot | Running]) -- C:\WINDOWS\system32\drivers\GbpKm.sys (GAS Tecnologia)

DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys (HP)

DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys (HP)

DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys (HP)

DRV - (lgmcbus [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\lgmcbus.sys (MCCI Corporation)

DRV - (lgmcmdfl [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\lgmcmdfl.sys (MCCI Corporation)

DRV - (lgmcmdm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\lgmcmdm.sys (MCCI Corporation)

DRV - (lgmcmgmt [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\lgmcmgmt.sys (MCCI Corporation)

DRV - (lgmcnd5 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\lgmcnd5.sys (MCCI Corporation)

DRV - (lgmcobex [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\lgmcobex.sys (MCCI Corporation)

DRV - (lgmcunic [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\lgmcunic.sys (MCCI Corporation)

DRV - (ms_mpu401 [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\msmpu401.sys (Microsoft Corporation)

DRV - (NuidFltr [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\NuidFltr.sys (Microsoft Corporation)

DRV - (pavboot [boot | Running]) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.)

DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)

DRV - (PxHelp20 [boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)

DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

DRV - (SiS315 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\sisgrp.sys (Silicon Integrated Systems Corporation)

DRV - (sisagp [boot | Running]) -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)

DRV - (SiSkp [system | Running]) -- C:\WINDOWS\System32\drivers\srvkp.sys ()

DRV - (SISNIC [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\sisnic.sys (SiS Corporation)

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 13:54:58 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ff [2009/09/25 18:07:24 | 00,000,000 | ---D | M]

 

 

O1 HOSTS File: (335717 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.123topsearch.com

O1 - Hosts: 127.0.0.1 123topsearch.com

O1 - Hosts: 127.0.0.1 www.132.com

O1 - Hosts: 127.0.0.1 132.com

O1 - Hosts: 127.0.0.1 www.136136.net

O1 - Hosts: 127.0.0.1 136136.net

O1 - Hosts: 127.0.0.1 www.163ns.com

O1 - Hosts: 127.0.0.1 163ns.com

O1 - Hosts: 11503 more lines...

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()

O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehAbn.dll (Banco ABN AMRO)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O4 - HKLM..\Run: [AVG8_TRAY] C:\Arquivos de programas\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [bDAgent] C:\Arquivos de programas\Softwin\BitDefender10\bdagent.exe (SOFTWIN S.R.L.)

O4 - HKLM..\Run: [bDMCon] C:\Arquivos de programas\Softwin\BitDefender10\bdmcon.exe (SOFTWIN S.R.L.)

O4 - HKLM..\Run: [Cmaudio] File not found

O4 - HKLM..\Run: [EPSON Stylus C87 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABP.EXE (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [siS Tray] File not found

O4 - HKLM..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKCU..\Run: [skype] C:\Arquivos de programas\Skype\Phone\Skype.exe (Skype Technologies S.A.)

O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - HKCU..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de programas\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)

O12 - Plugin for: .spop - C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)

O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx (get_atlcom Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab (GbPluginObj Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.204.0.10 200.204.0.138

O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de programas\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de programas\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de programas\Arquivos comuns\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\ GbPluginAbn: DllName - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll - C:\Arquivos de programas\GbPlugin\gbiehAbn.dll (Banco ABN AMRO)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found

O24 - Desktop Components:0 (Minha página inicial atual) - About:Home

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\Arquivos de programas\GbPlugin\gbiehAbn.dll (Banco ABN AMRO)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/06/29 10:32:10 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2006/11/26 13:42:04 | 00,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

 

========== Files/Folders - Created Within 30 Days ==========

 

[6 C:\WINDOWS\System32\*.tmp files]

[3 C:\WINDOWS\*.tmp files]

[2009/09/25 18:09:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun

[2009/09/25 18:07:50 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll

[2009/09/25 18:07:50 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2009/09/25 18:07:49 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2009/09/25 18:07:49 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2009/09/25 18:07:48 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2009/09/25 18:07:12 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Java

[2009/09/25 18:05:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ricardo\Dados de aplicativos\Sun

[2009/09/24 17:47:01 | 02,378,752 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll

[2009/09/24 17:46:57 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2009/09/24 17:46:57 | 00,090,112 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll

[2009/09/24 17:46:56 | 00,685,056 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx.dll

[2009/09/24 17:46:50 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2009/09/24 17:46:49 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2009/09/24 17:46:49 | 00,060,273 | ---- | C] (Open Source Software community project) -- C:\WINDOWS\System32\pthreadGC2.dll

[2009/09/24 16:57:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ricardo\Dados de aplicativos\Bitdefender

[2009/09/24 15:07:39 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys

[2009/09/24 15:07:17 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Panda Security

[2009/09/24 14:50:13 | 00,081,984 | ---- | C] () -- C:\WINDOWS\System32\bdod.bin

[2009/09/24 14:44:39 | 00,001,858 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BitDefender Free Edition v10.lnk

[2009/09/24 14:44:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\BitDefender

[2009/09/24 14:44:14 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Softwin

[2009/09/23 20:45:59 | 00,514,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ricardo\Desktop\HiJackThis.exe

[2009/09/21 22:47:01 | 00,000,000 | ---D | C] -- C:\LinhaDefensiva

[2009/09/21 22:44:12 | 00,001,813 | ---- | C] () -- C:\Documents and Settings\Ricardo\Desktop\HijackThis.lnk

[2009/09/21 22:44:10 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Trend Micro

[2009/09/18 23:16:40 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Haali

[2009/09/18 23:16:23 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\CoreCodec

[2009/09/17 19:14:23 | 00,000,996 | ---- | C] () -- C:\Documents and Settings\Ricardo\Desktop\Spybot - Search & Destroy.lnk

[2009/09/17 19:07:25 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Ricardo\Desktop\setup-spybotsd162.exe

[2009/09/17 14:25:44 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Microsoft

[2009/09/17 14:25:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documentos\microsoft

[2009/09/17 14:25:18 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Windows Live SkyDrive

[2009/09/17 14:17:40 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Windows Live

[2009/09/17 13:57:55 | 00,000,769 | ---- | C] () -- C:\Documents and Settings\Ricardo\Desktop\MediaCoder.lnk

[2009/09/17 13:05:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ricardo\Dados de aplicativos\Broad Intelligence

[2009/09/13 20:04:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ricardo\Dados de aplicativos\Google

[2009/09/13 20:04:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ricardo\Configurações locais\Dados de aplicativos\Google

[2009/09/13 19:30:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Google

[2009/09/13 19:30:11 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Google

[2009/09/12 18:30:50 | 00,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2009/09/12 18:30:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ricardo\Dados de aplicativos\skypePM

[2009/09/12 18:30:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ricardo\Dados de aplicativos\Skype

[2009/09/12 18:29:21 | 00,001,896 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2009/09/12 18:29:19 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Skype

[2009/09/12 18:29:12 | 00,000,000 | R--D | C] -- C:\Arquivos de programas\Skype

[2009/09/12 18:29:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Skype

[2009/09/11 19:55:34 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt10.sqm

[2009/09/11 19:55:34 | 00,000,232 | -H-- | C] () -- C:\sqmdata10.sqm

[2009/09/06 23:55:11 | 00,000,035 | ---- | C] () -- C:\Documents and Settings\Ricardo\Meus documentos\WUPDATE.INI

[2009/09/06 23:54:57 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Sexy Dreams

[2009/09/06 13:42:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Windows Genuine Advantage

[2009/09/06 11:27:09 | 00,018,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll

[2009/09/06 11:26:04 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Windows Media Connect 2

[2009/09/06 11:21:13 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf

[2009/09/06 11:21:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles

[2009/09/06 11:21:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF

[2009/09/04 20:44:33 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Sexy Poker 5

[2009/08/28 18:30:59 | 00,000,268 | -H-- | C] () -- C:\sqmdata09.sqm

[2009/08/28 18:30:59 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt09.sqm

[2009/08/27 20:29:04 | 00,027,712 | ---- | C] () -- C:\Documents and Settings\Ricardo\Meus documentos\Domino.Rally.USA.Wii-APATHY(TorrentSpain.com) [mininova].torrent

[2009/06/14 07:39:56 | 00,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2009/06/14 07:39:56 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini

[2009/06/14 07:39:53 | 00,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009/06/14 07:39:53 | 00,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2008/11/21 18:45:16 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest

[2008/11/21 18:45:16 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest

[2008/07/02 21:25:34 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI

[2008/06/29 17:34:03 | 00,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll

[2008/06/29 15:06:04 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2008/06/29 11:14:38 | 00,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2008/06/29 11:03:50 | 00,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI

[2008/06/29 11:03:50 | 00,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI

[2008/06/29 11:03:49 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Wininit.ini

[2008/06/29 11:03:27 | 00,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll

[2008/06/29 11:00:35 | 00,032,738 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini

[2008/06/29 11:00:35 | 00,015,066 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini

[2008/06/29 11:00:35 | 00,008,576 | R--- | C] () -- C:\WINDOWS\System32\drivers\srvkp.sys

[2008/06/29 10:59:25 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\setuplib.dll

[2008/06/29 10:57:02 | 00,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL

[2007/01/31 13:50:32 | 00,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll

[2005/01/18 13:34:36 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\akrip32.dll

[2004/11/09 11:08:20 | 00,864,256 | ---- | C] () -- C:\WINDOWS\System32\FreeImage.dll

[2003/11/18 01:29:04 | 00,055,808 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll

[2002/12/03 21:47:16 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll

[2001/10/28 09:07:38 | 00,001,354 | ---- | C] () -- C:\WINDOWS\win.ini

[2001/10/28 09:07:30 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini

 

========== Files - Modified Within 30 Days ==========

 

[6 C:\WINDOWS\System32\*.tmp files]

[3 C:\WINDOWS\*.tmp files]

[2009/09/26 08:39:19 | 00,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin

[2009/09/25 18:07:21 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll

[2009/09/25 18:07:21 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2009/09/25 18:07:21 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2009/09/25 18:07:21 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2009/09/25 18:07:21 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2009/09/25 17:45:51 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job

[2009/09/25 17:45:14 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/09/25 17:44:49 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/09/24 23:30:27 | 00,200,704 | ---- | M] () -- C:\Documents and Settings\Ricardo\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/09/24 18:07:11 | 00,335,717 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2009/09/24 14:44:39 | 00,001,858 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BitDefender Free Edition v10.lnk

[2009/09/24 14:34:03 | 00,001,354 | ---- | M] () -- C:\WINDOWS\win.ini

[2009/09/24 09:34:45 | 41,719,190 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2009/09/23 20:46:18 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ricardo\Desktop\HiJackThis.exe

[2009/09/22 20:15:31 | 00,112,900 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg

[2009/09/22 20:10:55 | 00,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/09/21 22:49:50 | 00,331,655 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090924-180711.backup

[2009/09/21 22:44:12 | 00,001,813 | ---- | M] () -- C:\Documents and Settings\Ricardo\Desktop\HijackThis.lnk

[2009/09/17 20:32:05 | 00,331,657 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090920-141705.backup

[2009/09/17 20:31:19 | 00,331,657 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090917-203205.backup

[2009/09/17 19:19:41 | 00,145,216 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009/09/17 19:14:23 | 00,000,996 | ---- | M] () -- C:\Documents and Settings\Ricardo\Desktop\Spybot - Search & Destroy.lnk

[2009/09/17 19:09:38 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Ricardo\Desktop\setup-spybotsd162.exe

[2009/09/17 19:02:05 | 00,262,472 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090917-203118.backup

[2009/09/17 14:26:52 | 00,030,376 | ---- | M] () -- C:\Documents and Settings\Ricardo\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT

[2009/09/17 14:16:29 | 00,000,964 | ---- | M] () -- C:\Documents and Settings\Ricardo\Meus documentos\Minhas Pastas de Compartilhamento.lnk

[2009/09/17 13:57:55 | 00,000,769 | ---- | M] () -- C:\Documents and Settings\Ricardo\Desktop\MediaCoder.lnk

[2009/09/12 18:45:12 | 00,054,272 | ---- | M] () -- C:\Documents and Settings\Ricardo\Meus documentos\CV - Ricardo Villalobos.doc

[2009/09/12 18:30:50 | 00,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat

[2009/09/12 18:29:21 | 00,001,896 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2009/09/11 19:55:34 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm

[2009/09/11 19:55:34 | 00,000,232 | -H-- | M] () -- C:\sqmdata10.sqm

[2009/09/08 21:01:10 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2009/09/07 00:02:43 | 00,000,035 | ---- | M] () -- C:\Documents and Settings\Ricardo\Meus documentos\WUPDATE.INI

[2009/09/06 13:40:23 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb

[2009/09/06 13:40:23 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb

[2009/09/06 11:23:17 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx

[2009/09/06 11:21:13 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf

[2009/09/06 10:42:56 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2009/08/28 18:38:20 | 24,689,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

[2009/08/28 18:30:59 | 00,000,268 | -H-- | M] () -- C:\sqmdata09.sqm

[2009/08/28 18:30:59 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm

[2009/08/27 20:29:05 | 00,027,712 | ---- | M] () -- C:\Documents and Settings\Ricardo\Meus documentos\Domino.Rally.USA.Wii-APATHY(TorrentSpain.com) [mininova].torrent

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 262 bytes -> C:\WINDOWS\System32\drivers:GbpKmAp.lst

@Alternate Data Stream - 24 bytes -> C:\WINDOWS:8D34975E9892B1DE

< End of report >

[DigRam 144]

Bom Dia! Villalobos

 

<!> Parece que o problema,não está relacionado à malwares.

<!> Recomendo que faça manutenção no PC,desinstalando programas não essenciais,gerenciando a inicialização,otimizando o navegador,etc...

<><><><><><><><><><>

<@> Baixe: < > ( ...by EmsiSoft )

<@> Salve-o em Arquivos de programas.

<@> Abra o programa e clique em: Atualizar agora --> Aguarde!

<@> Terminando,clique em: "Scan PC"

<@> Escolha a opção: "A fundo" --> Clique,à seguir,em "Analisar".

<@> Terminando,marque as caixinhas dos ítens encontrados e clique em "Enviar marcados à Quarentena".

<@> Salve e poste o relatório desta verificação. ( a2scan_xxyy09-xxxxxx.txt ) <--

<><><><><><><><><><>

<@> Faça o download do TuneUp Utilities 2009.

<@> Para baixar,digite o seu E-Mail e clique em Start download.

<@> Salve o executável,TU2009TrialEN.exe,em Arquivos de Programas.

<@> O programa é Trial! Mas...haverá tempo,para a otimização do computador.

<@> Procure desfragmentar o Disco e Registro.

<@> Posteriormente,voçê descobrirá que este utilitário realiza muitas funções,que são úteis ao computador.

 

Abraços!

[Villalobos 0]

Boa noite!

 

Passei o A-squared e aconteceu algumas coisas estranhas, na primeira vez o programa já havia verificado 50% e do nada o computador reinicializou sozinho. Mandei verificar novamente, e apareceu alguns arquivos de alto risco, mas a grande maioria é em um HD que esta no computador que praticamente não utilizo mais (D:), só quando preciso de algum arquivo antigo, mas quando mandei enviar os arquivos para quarenta, tudo estava normal, até chegar no ultimo arquivo da lista e o programa travou, só consegui desligar o programa com Ctrl+Alt+Del, será que preciso passar o programa novamente? ficou muitas horas verificando! Segue o relatório desta ultima verificação, salvei antes de enviar os arquivos para quarentena.

Também utilizei o TuneUp, excelente programa e fiz tudo que o programa oferece, mas o computador continuava lento, só consegui uma melhora quando parei de utilizar o IE8 e comecei a usar o Mozilla Firefox, o computador voltou a ser praticamente o que era quando utiliza-va o IE6, pois a lentidão surgiu quando atualizei o IE6 para o IE8 e o WMP9 para o WMP11, a lentidão pode ter surgido dessas atualizações?

 

a-squared Free - Versão 4.5

Última atualização 28/9/2009 14:00:54

 

Configurações da análise:

 

Scan type: deep

Objetos: Memória, Rastros, Cookies, C:\, D:\

Análise de arquivos: Ligado

Heurística: Desligado

Análise de ADS: Ligado

 

Início da análise: 29/9/2009 13:44:18

 

c:\arquivos de programas\egames detectado: Trace.Directory.Bling-O!A2

c:\documents and settings\ricardo\menu iniciar\programas\egames detectado: Trace.Directory.Bling-O!A2

c:\arquivos de programas\valusoft detectado: Trace.Directory.Hello Kitty Cutie World!A2

Value: HKEY_CLASSES_ROOT\CLSID\{0C1F87AE-AE62-11D3-911C-00105A17B608}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.SpyPc 8.0!A2

Value: HKEY_CLASSES_ROOT\CLSID\{371D0743-7A57-11D2-AD5A-00105A17B608}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.SpyPc 8.0!A2

Value: HKEY_CLASSES_ROOT\CLSID\{4F99A075-5227-11D2-AD06-00105A17B608}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.SpyPc 8.0!A2

Value: HKEY_CLASSES_ROOT\CLSID\{B22FE43C-D1E8-432A-A862-9F83D5F04732}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.SpyPc 8.0!A2

Value: HKEY_CLASSES_ROOT\CLSID\{CA4FC24B-C65C-11D1-AA6F-000000000000}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.SpyPc 8.0!A2

Value: HKEY_CLASSES_ROOT\CLSID\{DDD136CE-517B-11D2-AD03-00105A17B608}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.SpyPc 8.0!A2

Value: HKEY_CLASSES_ROOT\CLSID\{E9D55102-9683-11D2-BA68-0040053687FE}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.SpyPc 8.0!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0C1F87AE-AE62-11D3-911C-00105A17B608}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.SpyPc 8.0!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{371D0743-7A57-11D2-AD5A-00105A17B608}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.SpyPc 8.0!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F99A075-5227-11D2-AD06-00105A17B608}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.SpyPc 8.0!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B22FE43C-D1E8-432A-A862-9F83D5F04732}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.SpyPc 8.0!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA4FC24B-C65C-11D1-AA6F-000000000000}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.SpyPc 8.0!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DDD136CE-517B-11D2-AD03-00105A17B608}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.SpyPc 8.0!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E9D55102-9683-11D2-BA68-0040053687FE}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.SpyPc 8.0!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Puzzle Master 3 --> DisplayName detectado: Trace.Registry.Puzzle Master 3!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Puzzle Master 3 --> UninstallString detectado: Trace.Registry.Puzzle Master 3!A2

C:\Documents and Settings\Ricardo\Dados de aplicativos\Mozilla\Firefox\Profiles\hwkvpmur.default\cookies.sqlite:1254237176418000 detectado: Trace.TrackingCookie.doubleclick.net!A2

C:\Documents and Settings\Ricardo\Dados de aplicativos\Mozilla\Firefox\Profiles\hwkvpmur.default\cookies.sqlite:1254237249944000 detectado: Trace.TrackingCookie.www.googleadservices.com!A2

C:\Documents and Settings\Ricardo\Cookies\ricardo@atdmt[2].txt detectado: Trace.TrackingCookie.atdmt!A2

C:\Documents and Settings\Ricardo\Cookies\ricardo@google.com[1].txt detectado: Trace.TrackingCookie.google.com!A2

C:\Documents and Settings\Nadja\Meus documentos\Arquivos - Rodrigo\Nokia 6265\Diego\Diego_3_06.part01.rar/DK2WN95.386 detectado: Trojan.Win32.Agent!IK

C:\Documents and Settings\Nadja\Meus documentos\Arquivos - Rodrigo\Nokia 6265\Diego\Nokia Diego 3.xx Crack.exe/DK2WN95.386 detectado: Trojan.Win32.Agent!IK

C:\Documents and Settings\Nadja\Meus documentos\Arquivos - Rodrigo\Nokia 6265\Diego\Nokia Diego 3xx.rar/DK2WN95.386 detectado: Trojan.Win32.Agent!IK

C:\System Volume Information\_restore{3094512C-DCCD-41AC-AA34-A877914BD35D}\RP368\A0056603.rbf detectado: Trojan.Hijacker!IK

D:\WINDOWS\system32\xmlparse.dll detectado: Spyware.Win32.ShopAtHome!IK

D:\WINDOWS\system32\xmltok.dll detectado: Spyware.Win32.ShopAtHome.A!IK

D:\WINDOWS\Downloaded Program Files\games.inf detectado: Trojan.Win32.Dialer.fy#1!IK

D:\WINDOWS\Downloaded Program Files\bridge.inf detectado: Trojan-Spy.Win32.Briss.g#1!IK

D:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.INF detectado: AdWare.MediaTickets.1!IK

D:\WINDOWS\twaintec.ini detectado: Riskware.AdWare.ABetterInternet!IK

D:\Documents and Settings\Ricardo\Menu Iniciar\Programas\Inicializar\Reboot.exe detectado: Trojan-Banker.Win32.Banker!IK

D:\Documents and Settings\Ricardo\Meus documentos\Video-Audio - MP4\Programas\WinAVI 3GP MP4 PSP iPod Video Converter v3.0\Crack\keygen.exe detectado: Riskware.HackTool.Keygen.WinAVI!IK

D:\Documents and Settings\Ricardo\Meus documentos\Tranqueiras\WinASORD.exe detectado: Trojan-Dropper.Delf!IK

D:\Arquivos de programas\eMule\Incoming\Easy Video Joiner v5.21 (join & split avi, mpg, rm, wmv asf, audio files, MP3, wav.zip/ez joiner KG.exe detectado: Trojan.Win32.Anomaly!IK

D:\Arquivos de programas\softnyx\GunBound\GameGuard\npgmup.des.new detectado: Trojan-Spy.Win32.BZub!IK

D:\Arquivos de programas\softnyx\GunBound\GameGuard\npgmup.des detectado: Trojan-Spy.Win32.BZub!IK

D:\Arquivos de programas\Easy GIF Animator\gifan.exe detectado: Trojan-Spy.Win32.Banbra!IK

D:\Arquivos de programas\Easy\Easy Video Joiner v5.21 (join & split avi, mpg, rm, wmv asf, audio files, MP3, wav\ez joiner KG.exe detectado: Trojan.Win32.Anomaly!IK

 

Analisado

 

Arquivos: 245781

Objetos: 671882

Cookies: 103

Processos: 44

 

Encontrado

 

Arquivos: 20

Objetos: 19

Cookies: 4

Processos: 0

Chaves do registro: 0

 

Fim da análise: 29/9/2009 18:12:00

Duração da análise: 4:27:42

[DigRam 144]

Bom Dia! Villalobos

 

Passei o A-squared e aconteceu algumas coisas estranhas, na primeira vez o programa já havia verificado 50% e do nada o computador reinicializou sozinho. Mandei verificar novamente, e apareceu alguns arquivos de alto risco, mas a grande maioria é em um HD que esta no computador que praticamente não utilizo mais (D:), só quando preciso de algum arquivo antigo, mas quando mandei enviar os arquivos para quarenta, tudo estava normal, até chegar no ultimo arquivo da lista e o programa travou, só consegui desligar o programa com Ctrl+Alt+Del, será que preciso passar o programa novamente? ficou muitas horas verificando! Segue o relatório desta ultima verificação, salvei antes de enviar os arquivos para quarentena.

<!> Não há necessidade de um novo scan.

 

Também utilizei o TuneUp, excelente programa e fiz tudo que o programa oferece, mas o computador continuava lento, só consegui uma melhora quando parei de utilizar o IE8 e comecei a usar o Mozilla Firefox, o computador voltou a ser praticamente o que era quando utiliza-va o IE6, pois a lentidão surgiu quando atualizei o IE6 para o IE8 e o WMP9 para o WMP11, a lentidão pode ter surgido dessas atualizações?

<!> Sim! Tive o mesmo sintoma ao instalar o IE8 em meu PC. Aonde a instalação do WMP11,não me causou problemas. Acredito que por ter poucas músicas,não observei esse sintoma.

<!> Tente,opcionalmente,este Player: < foobar2000 v0.9.6.8 >

<!> Nunca o utilizei,mas tive boas referências sobre o mesmo.

 

< >

 

< Foobar2000:Components 0.9 >

 

<@> Já no link,àcima,teremos opções no complemento ao player.

<><><><><><><><><><><>

<@> Desinstale a Google Toolbar,pois costuma causar lentidões ao IE.

<><><><><><><><><><><>

<@> Execute o OTL.exe.

<@> Copie estas informações que estão no Quote,para o campo clipboard da ferramenta. ( Custom Scans/Fixes )

 

:OTL

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O4 - HKLM..\Run: [Cmaudio] File not found

O4 - HKLM..\Run: [siS Tray] File not found

O4 - HKCU..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

:Files

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.2.4204.1700

C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

C:\Arquivos de programas\Google\GoogleToolbarNotifier

C:\Arquivos de programas\Google\Google Toolbar

C:\Arquivos de programas\Google

C:\LinhaDefensiva

C:\sqmnoopt10.sqm

C:\sqmdata10.sqm

C:\sqmdata09.sqm

C:\sqmnoopt09.sqm

:Commands

[resethosts]

[Reboot]

<@> Clique no botão Run Fix --> Aguarde a conclusão!

<@> Terminando,vá até a pasta: C:\_OTL\MovedFiles\*.log <-- Poste!

 

Abraços!

[Villalobos 0]

Boa tarde, DigRam!

 

O problema que comentei com o player já resolvi com outro, mas vou verificar este que você comentou!

Desinstalei o google Toolbar e executei esse reparos no OTL, segue o log.

 

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found.

File C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ not found.

File C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ not found.

File C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.

File C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Cmaudio deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SiS Tray not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\swg not found.

File C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe not found.

========== FILES ==========

File\Folder C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe not found.

File\Folder C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll not found.

C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.2.4204.1700 moved successfully.

File\Folder C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll not found.

C:\Arquivos de programas\Google\GoogleToolbarNotifier moved successfully.

File\Folder C:\Arquivos de programas\Google\Google Toolbar not found.

C:\Arquivos de programas\Google moved successfully.

C:\LinhaDefensiva\rotinas\remocao moved successfully.

C:\LinhaDefensiva\rotinas moved successfully.

C:\LinhaDefensiva\relatorios moved successfully.

C:\LinhaDefensiva\reflist moved successfully.

C:\LinhaDefensiva\QUA\Pastas moved successfully.

C:\LinhaDefensiva\QUA\Arquivos moved successfully.

C:\LinhaDefensiva\QUA moved successfully.

C:\LinhaDefensiva\lang\vb moved successfully.

C:\LinhaDefensiva\lang\init moved successfully.

C:\LinhaDefensiva\lang\bat moved successfully.

C:\LinhaDefensiva\lang moved successfully.

C:\LinhaDefensiva\func moved successfully.

C:\LinhaDefensiva\exec moved successfully.

C:\LinhaDefensiva\credits moved successfully.

C:\LinhaDefensiva moved successfully.

C:\sqmnoopt10.sqm moved successfully.

C:\sqmdata10.sqm moved successfully.

C:\sqmdata09.sqm moved successfully.

C:\sqmnoopt09.sqm moved successfully.

========== COMMANDS ==========

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.0.16.0 log created on 09302009_140051

 

Abraço!

[DigRam 144]

Boa Noite! Villalobos

 

<@> Baixe: < > ( ...by Atribune )

<@> Salve-o no Desktop!

<@> Reinicie o computador,em Modo de Segurança!

<@> Clique em ATF-Cleaner.exe

<@> Em "Select Files To Delete",marque Select All.

<@> Clique em Empty Selected.

<@> Na janela Done Cleaning,dê o OK --> Exit

 

<@> Atenção: Se utiliza o Firefox:

 

* No topo,clique em Firefox e escolha: Select All --> Clique em Empty Selected.

 

<@> Atenção: Se utiliza o Opera:

 

* No topo,clique em Opera e escolha: Select All --> Clique em Empty Selected.

 

<@> Reinicie,normalmente,o computador.

<><><><><><><><><><>

<@> Execute o OTL Quick Scan,aonde teremos um rápido escaneamento da ferramenta.

<@> Duplo-clique em: < >

<@> Clique em "Scan All Users" --> --> Aguarde!

<@> Copie e poste o relatório. ( OTL log )

 

Abraços!

[Villalobos 0]

Boa noite, DigRam!

 

Segue o relatório (OTL.txt).

 

OTL logfile created on: 30/9/2009 19:59:16 - Run 4

OTL by OldTimer - Version 3.0.16.0 Folder = C:\Documents and Settings\Ricardo\Meus documentos\Downloads

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

 

735,48 Mb Total Physical Memory | 232,19 Mb Available Physical Memory | 31,57% Memory free

1,76 Gb Paging File | 1,17 Gb Available in Paging File | 66,68% Paging File free

Paging file location(s): C:\pagefile.sys 1104 2208 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 74,55 Gb Total Space | 28,53 Gb Free Space | 38,27% Space Free | Partition Type: NTFS

Drive D: | 19,07 Gb Total Space | 8,27 Gb Free Space | 43,36% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: VILLALOBOS

Current User Name: Ricardo

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Minimal

Quick Scan

 

========== Processes (SafeList) ==========

 

PRC - C:\Arquivos de programas\GbPlugin\gbpsv.exe ( )

PRC - C:\Arquivos de programas\a-squared Free\a2service.exe (Emsi Software GmbH)

PRC - C:\Arquivos de programas\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)

PRC - C:\Arquivos de programas\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

PRC - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)

PRC - C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Communicator\xcommsvr.exe (SOFTWIN S.R.L)

PRC - C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Scan Server\bdss.exe ()

PRC - C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Update Service\livesrv.exe (SOFTWIN S.R.L.)

PRC - C:\Arquivos de programas\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Arquivos de programas\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Arquivos de programas\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Arquivos de programas\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABP.EXE (SEIKO EPSON CORPORATION)

PRC - C:\Arquivos de programas\Softwin\BitDefender10\bdmcon.exe (SOFTWIN S.R.L.)

PRC - C:\Arquivos de programas\Softwin\BitDefender10\bdagent.exe (SOFTWIN S.R.L.)

PRC - C:\Arquivos de programas\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

PRC - C:\Arquivos de programas\Skype\Phone\Skype.exe (Skype Technologies S.A.)

PRC - C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

PRC - C:\Arquivos de programas\McAfee Security Scan\1.0.150\SSScheduler.exe (McAfee, Inc.)

PRC - C:\Arquivos de programas\Softwin\BitDefender10\vsserv.exe (SOFTWIN S.R.L.)

PRC - C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe (Skype Technologies)

PRC - C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Co.)

PRC - C:\Documents and Settings\Ricardo\Meus documentos\Downloads\OTL.exe (OldTimer Tools)

 

========== Win32 Services (SafeList) ==========

 

SRV - (a2free [Auto | Running]) -- C:\Arquivos de programas\a-squared Free\a2service.exe (Emsi Software GmbH)

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)

SRV - (avg8emc [Auto | Running]) -- C:\Arquivos de programas\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)

SRV - (avg8wd [Auto | Running]) -- C:\Arquivos de programas\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (bdss [Auto | Running]) -- C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Scan Server\bdss.exe ()

SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)

SRV - (GbpSv [unknown | Running]) -- C:\Arquivos de programas\GbPlugin\gbpsv.exe ( )

SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

SRV - (hpqcxs08 [On_Demand | Running]) -- C:\Arquivos de programas\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)

SRV - (hpqddsvc [Auto | Running]) -- C:\Arquivos de programas\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)

SRV - (idsvc [unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)

SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Arquivos de programas\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

SRV - (LIVESRV [Auto | Running]) -- C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Update Service\livesrv.exe (SOFTWIN S.R.L.)

SRV - (MDM [Auto | Running]) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)

SRV - (Net Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\System32\HPZinw12.dll (Hewlett-Packard)

SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)

SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\System32\HPZipm12.dll (Hewlett-Packard)

SRV - (stllssvr [On_Demand | Stopped]) -- C:\Arquivos de programas\Arquivos comuns\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)

SRV - (VSSERV [Auto | Running]) -- C:\Arquivos de programas\Softwin\BitDefender10\vsserv.exe (SOFTWIN S.R.L.)

SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)

SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

SRV - (XCOMM [Auto | Running]) -- C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Communicator\xcommsvr.exe (SOFTWIN S.R.L)

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

 

 

IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll ()

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll ()

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-606747145-1993962763-1957994488-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

IE - HKU\S-1-5-21-606747145-1993962763-1957994488-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

IE - HKU\S-1-5-21-606747145-1993962763-1957994488-1003\S-1-5-21-606747145-1993962763-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.5.0.145

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

 

 

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 13:54:58 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ff [2009/09/25 18:07:24 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components [2009/09/28 18:13:06 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox\plugins [2009/09/29 00:45:55 | 00,000,000 | ---D | M]

 

[2009/09/28 18:13:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ricardo\Dados de aplicativos\mozilla\Extensions

[2009/09/28 18:13:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ricardo\Dados de aplicativos\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009/09/29 12:31:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ricardo\Dados de aplicativos\mozilla\Firefox\Profiles\hwkvpmur.default\extensions

[2009/09/28 18:17:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ricardo\Dados de aplicativos\mozilla\Firefox\Profiles\hwkvpmur.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2009/09/29 12:31:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ricardo\Dados de aplicativos\mozilla\Firefox\Profiles\hwkvpmur.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2009/09/29 12:10:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ricardo\Dados de aplicativos\mozilla\Firefox\Profiles\hwkvpmur.default\extensions\toolbar@ask.com

[2009/09/28 18:12:15 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\mozilla firefox\extensions

[2009/09/28 18:12:15 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009/08/24 17:23:40 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Arquivos de programas\mozilla firefox\components\browserdirprovider.dll

[2009/08/24 17:23:40 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Arquivos de programas\mozilla firefox\components\brwsrcmp.dll

[2009/08/24 17:23:40 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Arquivos de programas\mozilla firefox\plugins\npnul32.dll

[2009/08/24 16:27:45 | 00,001,027 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\buscape.xml

[2009/08/24 16:27:45 | 00,002,371 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\google.xml

[2009/08/24 16:27:45 | 00,001,135 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\mercadolivre.xml

[2009/08/24 16:27:45 | 00,001,168 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\wikipedia-br.xml

[2009/08/24 16:27:45 | 00,000,648 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\yahoo-br.xml

 

O1 HOSTS File: (56 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()

O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehAbn.dll (Banco ABN AMRO)

O2 - BHO: (Quicksys Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll (Ask.com)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)

O3 - HKLM\..\Toolbar: (Quicksys Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll (Ask.com)

O3 - HKLM\..\Toolbar: (Barra de Ferramentas do Yahoo!) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKU\S-1-5-21-606747145-1993962763-1957994488-1003\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.

O3 - HKU\S-1-5-21-606747145-1993962763-1957994488-1003\..\Toolbar\WebBrowser: (Quicksys Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll (Ask.com)

O4 - HKLM..\Run: [AVG8_TRAY] C:\Arquivos de programas\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [bDAgent] C:\Arquivos de programas\Softwin\BitDefender10\bdagent.exe (SOFTWIN S.R.L.)

O4 - HKLM..\Run: [bDMCon] C:\Arquivos de programas\Softwin\BitDefender10\bdmcon.exe (SOFTWIN S.R.L.)

O4 - HKLM..\Run: [EPSON Stylus C87 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABP.EXE (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKU\S-1-5-21-606747145-1993962763-1957994488-1003..\Run: [skype] C:\Arquivos de programas\Skype\Phone\Skype.exe (Skype Technologies S.A.)

O4 - HKU\S-1-5-21-606747145-1993962763-1957994488-1003..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\McAfee Security Scan.lnk = C:\Arquivos de programas\McAfee Security Scan\1.0.150\SSScheduler.exe (McAfee, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-606747145-1993962763-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de programas\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)

O12 - Plugin for: .spop - C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)

O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKU\S-1-5-21-606747145-1993962763-1957994488-1003\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx (get_atlcom Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab (GbPluginObj Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.204.0.10 200.204.0.138

O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de programas\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de programas\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de programas\Arquivos comuns\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O20 - HKU\S-1-5-21-606747145-1993962763-1957994488-1003 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\ GbPluginAbn: DllName - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll - C:\Arquivos de programas\GbPlugin\gbiehAbn.dll (Banco ABN AMRO)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O24 - Desktop Components:0 (Minha página inicial atual) - About:Home

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\Arquivos de programas\GbPlugin\gbiehAbn.dll (Banco ABN AMRO)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/06/29 10:32:10 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2006/11/26 13:42:04 | 00,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

 

========== Files/Folders - Created Within 14 Days ==========

 

[6 C:\WINDOWS\System32\*.tmp files]

[3 C:\WINDOWS\*.tmp files]

[2009/09/30 18:20:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\McAfee

[2009/09/30 13:25:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW

[2009/09/30 13:25:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK

[2009/09/30 13:25:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR

[2009/09/30 13:25:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE

[2009/09/30 13:25:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL

[2009/09/30 13:25:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO

[2009/09/30 13:25:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR

[2009/09/30 13:25:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT

[2009/09/30 13:25:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL

[2009/09/30 13:25:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR

[2009/09/30 13:25:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI

[2009/09/30 13:25:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES

[2009/09/30 13:25:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR

[2009/09/30 13:25:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE

[2009/09/30 13:25:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK

[2009/09/30 13:25:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA

[2009/09/29 12:29:40 | 00,000,506 | ---- | C] () -- C:\WINDOWS\tasks\1-Click Maintenance.job

[2009/09/29 12:04:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ricardo\Configurações locais\Dados de aplicativos\AskToolbar

[2009/09/29 01:05:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ricardo\Dados de aplicativos\Yahoo!

[2009/09/29 01:05:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Yahoo! Companion

[2009/09/29 01:05:40 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Yahoo!

[2009/09/29 01:05:33 | 00,001,627 | ---- | C] () -- C:\Documents and Settings\Ricardo\Desktop\CCleaner.lnk

[2009/09/29 01:05:30 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\CCleaner

[2009/09/29 01:04:54 | 00,000,254 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[2009/09/29 01:04:45 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Ask.com

[2009/09/29 01:04:28 | 00,000,783 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Quicksys RegDefrag.lnk

[2009/09/29 01:04:15 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Quicksys

[2009/09/29 00:54:03 | 00,604,488 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TUProgSt.exe

[2009/09/28 18:19:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\McAfee Security Scan

[2009/09/28 18:19:43 | 00,000,763 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\McAfee Security Scan.lnk

[2009/09/28 18:19:41 | 00,000,771 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan.lnk

[2009/09/28 18:19:38 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\McAfee Security Scan

[2009/09/28 18:13:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2009/09/28 18:12:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ricardo\Configurações locais\Dados de aplicativos\Mozilla

[2009/09/28 18:12:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ricardo\Dados de aplicativos\Mozilla

[2009/09/28 18:12:36 | 00,001,681 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2009/09/28 18:12:14 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Mozilla Firefox

[2009/09/28 13:50:11 | 00,000,695 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\a-squared Free.lnk

[2009/09/28 13:49:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ricardo\Meus documentos\a-squared Free

[2009/09/28 13:49:48 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\a-squared Free

[2009/09/28 13:48:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ricardo\Dados de aplicativos\TuneUp Software

[2009/09/28 13:48:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\TuneUp Software

[2009/09/28 13:47:33 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\{55A29068-F2CE-456C-9148-C869879E2357}

[2009/09/28 13:43:09 | 57,933,832 | ---- | C] (Emsi Software GmbH ) -- C:\Arquivos de programas\a2FreeSetup.exe

[2009/09/28 13:36:44 | 17,774,920 | ---- | C] (TuneUp Software) -- C:\Arquivos de programas\TU2009TrialEN-US.exe

[2009/09/25 18:09:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun

[2009/09/25 18:07:12 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Java

[2009/09/25 18:05:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ricardo\Dados de aplicativos\Sun

[2009/09/24 17:47:01 | 02,378,752 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll

[2009/09/24 17:46:57 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2009/09/24 17:46:57 | 00,090,112 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll

[2009/09/24 17:46:56 | 00,685,056 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx.dll

[2009/09/24 17:46:50 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2009/09/24 17:46:49 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2009/09/24 17:46:49 | 00,060,273 | ---- | C] (Open Source Software community project) -- C:\WINDOWS\System32\pthreadGC2.dll

[2009/09/24 16:57:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ricardo\Dados de aplicativos\Bitdefender

[2009/09/24 15:07:39 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys

[2009/09/24 15:07:17 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Panda Security

[2009/09/24 14:50:13 | 00,081,984 | ---- | C] () -- C:\WINDOWS\System32\bdod.bin

[2009/09/24 14:44:39 | 00,001,858 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BitDefender Free Edition v10.lnk

[2009/09/24 14:44:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\BitDefender

[2009/09/24 14:44:14 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Softwin

[2009/09/23 20:45:59 | 00,514,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ricardo\Desktop\HiJackThis.exe

[2009/09/21 22:44:12 | 00,001,813 | ---- | C] () -- C:\Documents and Settings\Ricardo\Desktop\HijackThis.lnk

[2009/09/21 22:44:10 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Trend Micro

[2009/09/18 23:16:40 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Haali

[2009/09/18 23:16:23 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\CoreCodec

[2009/09/17 19:14:23 | 00,000,996 | ---- | C] () -- C:\Documents and Settings\Ricardo\Desktop\Spybot - Search & Destroy.lnk

[2009/09/17 19:07:25 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Ricardo\Desktop\setup-spybotsd162.exe

[2009/09/17 14:25:44 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Microsoft

[2009/09/17 14:25:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documentos\microsoft

[2009/09/17 14:25:18 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Windows Live SkyDrive

[2009/09/17 14:17:40 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Windows Live

[2009/09/17 13:57:55 | 00,000,769 | ---- | C] () -- C:\Documents and Settings\Ricardo\Desktop\MediaCoder.lnk

[2009/09/17 13:05:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ricardo\Dados de aplicativos\Broad Intelligence

 

========== Files - Modified Within 14 Days ==========

 

[6 C:\WINDOWS\System32\*.tmp files]

[3 C:\WINDOWS\*.tmp files]

[2009/09/30 20:07:34 | 00,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin

[2009/09/30 20:01:02 | 00,000,254 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[2009/09/30 20:00:24 | 00,000,506 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job

[2009/09/30 19:40:55 | 00,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/09/30 19:37:27 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/09/30 19:37:08 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/09/30 17:17:40 | 00,155,034 | ---- | M] () -- C:\WINDOWS\hpoins21.dat

[2009/09/30 17:10:40 | 00,001,354 | ---- | M] () -- C:\WINDOWS\win.ini

[2009/09/30 14:01:02 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts

[2009/09/30 13:00:53 | 00,212,480 | ---- | M] () -- C:\Documents and Settings\Ricardo\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/09/30 12:58:00 | 41,999,697 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2009/09/30 12:58:00 | 00,113,494 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg

[2009/09/29 11:53:14 | 00,029,888 | ---- | M] () -- C:\Documents and Settings\Ricardo\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT

[2009/09/29 01:05:33 | 00,001,627 | ---- | M] () -- C:\Documents and Settings\Ricardo\Desktop\CCleaner.lnk

[2009/09/29 01:04:28 | 00,000,783 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Quicksys RegDefrag.lnk

[2009/09/29 00:54:04 | 00,604,488 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TUProgSt.exe

[2009/09/29 00:35:00 | 17,774,920 | ---- | M] (TuneUp Software) -- C:\Arquivos de programas\TU2009TrialEN-US.exe

[2009/09/28 18:19:43 | 00,000,763 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\McAfee Security Scan.lnk

[2009/09/28 18:19:41 | 00,000,771 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan.lnk

[2009/09/28 18:13:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat

[2009/09/28 18:12:36 | 00,001,681 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2009/09/28 13:50:11 | 00,000,695 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\a-squared Free.lnk

[2009/09/28 13:49:33 | 57,933,832 | ---- | M] (Emsi Software GmbH ) -- C:\Arquivos de programas\a2FreeSetup.exe

[2009/09/27 13:07:03 | 00,144,424 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009/09/24 14:44:39 | 00,001,858 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BitDefender Free Edition v10.lnk

[2009/09/23 20:46:18 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ricardo\Desktop\HiJackThis.exe

[2009/09/23 16:51:36 | 00,027,368 | ---- | M] (GAS Tecnologia) -- C:\WINDOWS\System32\drivers\GbpKm.sys

[2009/09/21 22:49:50 | 00,331,655 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090924-180711.backup

[2009/09/21 22:44:12 | 00,001,813 | ---- | M] () -- C:\Documents and Settings\Ricardo\Desktop\HijackThis.lnk

[2009/09/17 20:32:05 | 00,331,657 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090920-141705.backup

[2009/09/17 20:31:19 | 00,331,657 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090917-203205.backup

[2009/09/17 19:14:23 | 00,000,996 | ---- | M] () -- C:\Documents and Settings\Ricardo\Desktop\Spybot - Search & Destroy.lnk

[2009/09/17 19:09:38 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Ricardo\Desktop\setup-spybotsd162.exe

[2009/09/17 19:02:05 | 00,262,472 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090917-203118.backup

[2009/09/17 14:16:29 | 00,000,964 | ---- | M] () -- C:\Documents and Settings\Ricardo\Meus documentos\Minhas Pastas de Compartilhamento.lnk

[2009/09/17 13:57:55 | 00,000,769 | ---- | M] () -- C:\Documents and Settings\Ricardo\Desktop\MediaCoder.lnk

 

========== LOP Check ==========

 

[2009/09/30 18:20:23 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos

[2009/09/29 00:51:54 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\{55A29068-F2CE-456C-9148-C869879E2357}

[2008/06/29 15:01:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Ahead

[2009/06/30 10:11:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\AVG Security Toolbar

[2009/09/24 14:45:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\BitDefender

[2008/10/17 18:35:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\DVD Shrink

[2009/09/28 08:55:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

[2008/08/31 13:59:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\SlySoft

[2009/09/28 13:48:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\TuneUp Software

[2008/06/29 07:17:07 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Dados de aplicativos

[2009/06/30 10:11:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dados de aplicativos

[2009/06/30 10:11:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dados de aplicativos\AVGTOOLBAR

[2009/09/27 18:50:38 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Nadja\Dados de aplicativos

[2009/01/16 12:39:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nadja\Dados de aplicativos\aAvgApi

[2009/06/03 14:58:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nadja\Dados de aplicativos\AVGTOOLBAR

[2009/09/27 16:29:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nadja\Dados de aplicativos\Bitdefender

[2008/06/29 10:37:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dados de aplicativos

[2009/09/29 01:05:45 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Ricardo\Dados de aplicativos

[2008/07/13 18:05:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ricardo\Dados de aplicativos\Acoustica

[2008/08/20 20:44:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ricardo\Dados de aplicativos\Ahead

[2009/05/21 16:59:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ricardo\Dados de aplicativos\AVGTOOLBAR

[2009/09/24 16:57:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ricardo\Dados de aplicativos\Bitdefender

[2009/09/17 13:57:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ricardo\Dados de aplicativos\Broad Intelligence

[2008/08/17 17:25:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ricardo\Dados de aplicativos\eGames

[2008/07/17 00:47:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ricardo\Dados de aplicativos\ImgBurn

[2008/06/29 14:24:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ricardo\Dados de aplicativos\InterTrust

[2009/02/15 13:56:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ricardo\Dados de aplicativos\LG Electronics

[2009/09/28 13:48:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ricardo\Dados de aplicativos\TuneUp Software

[2009/09/30 19:10:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ricardo\Dados de aplicativos\uTorrent

[2009/09/30 20:00:24 | 00,000,506 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job

[2001/10/28 09:07:04 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini

[2009/09/30 19:37:27 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

[2009/09/30 20:01:02 | 00,000,254 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

 

========== Purity Check ==========

 

 

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 24 bytes -> C:\WINDOWS:8D34975E9892B1DE

@Alternate Data Stream - 208 bytes -> C:\WINDOWS\System32\drivers:GbpKmAp.lst

< End of report >

 

Abraço!

[DigRam 144]

Bom Dia! Villalobos

 

<!> Voçê possui 2 antivírus e deveria,para evitar conflitos,ter apenas 1.

<><><><><><><><><><><>

<@> Abra o OTL.exe --> Clique em --> Sim!

<@> Reinicie o computador!

<><><><><><><><><><><>

<@> Baixe: < ToolBar S&D >

<@> Salve-o no Disco Local-C,em uma pasta própria.

<@> Reinicie o computador,em Modo de Segurança. <-- Importante!

<@> Execute o programa,e à seguir,aperte o "p" --> Enter --> Ok.

<@> Digite o dois! ( 2 ) --> Aperte Enter --> Aguarde!

<@> Terminando,poste o relatório. ( C:\ToolBar SD\TB_1.txt ) <--

<@> Poste,também,HijackThis atualizado.

 

Abraços!

[Villalobos 0]

Boa tarde!

 

DigRam segui seu conselho e desinstalei um dos antivirus, o BitDefender as vezes exibia um mensagem de erro, logo foi ele que decidi desinstalar, acabei ficando só com o AVG.

Passei o OTL e o TB tambem e depois o Hijackthis, segue os relatórios.

 

 

-----------\\ ToolBar S&D 1.2.9 XP/Vista

 

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2

X86-based PC ( Uniprocessor Free : AMD Athlon Processor )

BIOS : Default System BIOS

USER : Ricardo ( Administrator )

BOOT : Fail-safe boot

Antivirus : AVG Anti-Virus Free 8.5 (Activated)

A:\ (USB)

C:\ (Local Disk) - NTFS - Total:74 Go (Free:28 Go)

D:\ (Local Disk) - FAT32 - Total:19 Go (Free:8 Go)

E:\ (CD or DVD)

F:\ (CD or DVD)

 

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )

Option : [2] ( qui 01/10/2009|12:08 )

 

-----------\\ Procura por Arquivos / Ficheiros ...

 

 

-----------\\ Extensions

 

(Ricardo) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user

(Ricardo) - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} => adblockplus

 

 

-----------\\ [..\Internet Explorer\Main]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="about:blank"

"Search Page"="&http://home.microsoft.com/intl/br/access/allinone.asp"

"Url"="http://go.microsoft.com/fwlink/?LinkId=75724"

"Url"="http://go.microsoft.com/fwlink/?LinkId=75723"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"'>http://go.microsoft.com/fwlink/?LinkId=69157"

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"

"Local Page"="C:\\WINDOWS\\system32\\blank.htm"

"Start Page"="http://www.msn.com/"

 

 

--------------------\\ Procurando por outras infecções

 

--------------------\\ Cracks & Keygens ..

 

C:\DOCUME~1\Ricardo\Meus documentos\Downloads\Programs\AutoCAD_2004_Crack.zip

C:\DOCUME~1\Ricardo\Meus documentos\Downloads\Programs\AutoCad 2004\AutoCad 2004 + Crack.nrg

 

 

 

1 - "C:\ToolBar SD\TB_1.txt" - qui 01/10/2009|12:09 - Option : [2]

 

-----------\\ Verificação completa em 12:09:41,84

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:38:41, on 1/10/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\TUProgSt.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABP.EXE

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\McAfee Security Scan\1.0.150\SSScheduler.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O1 - Hosts: ÿþ127.0.0.1 localhost

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: Quicksys Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [EPSON Stylus C87 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABP.EXE /P23 "EPSON Stylus C87 Series" /O5 "LPT1:" /M "Stylus C87"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: McAfee Security Scan.lnk = ?

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx

O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - c:\arquivos de programas\arquivos comuns\softwin\bitdefender scan server\bdss.exe (file missing)

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Arquivos de programas\Arquivos comuns\SureThing Shared\stllssvr.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - c:\arquivos de programas\softwin\bitdefender10\vsserv.exe (file missing)

 

--

End of file - 9089 bytes

 

Abraços!

[DigRam 144]

Boa Tarde! Villalobos

 

<!> Já estamos concluindo o seu caso,aonde acredito,ser o último procedimento.

<><><><><><><><><><>

<@> Abra o HijackThis --> Clique: Do a system scan only

 

O1 - Hosts: ÿþ127.0.0.1 localhost

 

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

 

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

 

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

 

O3 - Toolbar: Quicksys Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

 

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

 

<@> Marque,àcima,estas entradas!

<@> Clique: Fix checked --> Sim!

<><><><><><><><><><>

<@> Baixe: < > ( ...by OldTimer Tools )

<@> Salve-o no desktop e,execute-o aí mesmo!

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

:Processes

explorer.exe

:Services

VSSERV

bdss

:Files

C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

C:\Arquivos de programas\Yahoo!\Companion\Installs

C:\Arquivos de programas\Ask.com

C:\Arquivos de programas\Yahoo!

:Reg

:Commands

[purity]

[emptytemp]

[start explorer]

[Reboot]

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

<@> Copie e cole estas informações,entre os XXXXX...,para o campo ( clipboard ),da ferramenta.

<@> Ps: Área abaixo de "Paste Instructions for Items to be Moved".

<@> Clique em MoveIt.

<@> Na solicitação de reboot,confirme! --> Aguarde!

<@> Terminando,verifique o conteúdo texto da pasta: C:\_OTM\MovedFiles

<@> Copie e poste,seu relatório mais recente: C:\_OTM\MovedFiles\xxxx2009_xxxxxx.log <--

<@> Ps: Como a ferramenta não sobreescreve seus relatórios,devemos observar o que foi gerado logo após sua execução.

<@> Poste,também,HijackThis atualizado.

 

Abraços!

[Villalobos 0]

Boa tarde, DigRam.

 

Fiz os procedimentos, segue o relatório.

 

All processes killed

========== PROCESSES ==========

No active process named explorer.exe was found!

========== SERVICES/DRIVERS ==========

 

Service\Driver VSSERV deleted successfully.

 

Service\Driver bdss deleted successfully.

========== FILES ==========

File/Folder C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll not found.

File/Folder C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll not found.

C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn moved successfully.

C:\Arquivos de programas\Yahoo!\Companion\Installs moved successfully.

C:\Arquivos de programas\Ask.com moved successfully.

C:\Arquivos de programas\Yahoo!\Companion\Data moved successfully.

C:\Arquivos de programas\Yahoo!\Companion moved successfully.

C:\Arquivos de programas\Yahoo!\Common moved successfully.

C:\Arquivos de programas\Yahoo! moved successfully.

========== REGISTRY ==========

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Nadja

File delete failed. C:\Documents and Settings\Nadja\Configurações locais\Temp\Temporary Internet Files\Content.IE5\Z3Z9ARNA\CAC5YZKT.formula1&objectDescription=McLaren%20e%20Ferrari%20sofrem%20com%20%22inferno%20astral%22%20-%20F%C3%B3rmula%201%20-%202009%20-%20Terra&objectType=NOT scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Nadja\Configurações locais\Temp\Temporary Internet Files\Content.IE5\Z3Z9ARNA\pd2eRdNW8PobAPLbw_4iZ4NQAAABUXicdZAxTsNAEEUncZAMCkmgpSAtUrT2rh3HdgUFSCCB0iWdtetdx8b2OrIN5jIcgI

YCIRqK1DTQIbgAJ

6ChYykoKNBIT_9PMV9_4h0OvbwI44TyKrhMRGNRLdYYQOeVwebTFoPu824KAyuy[1].swf scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Nadja\Configurações locais\Temp\Temporary Internet Files\Content.IE5\WJSQF275\ormula1&objectDescription=Depois%20de%20confus%C3%A3o%2C%20Barrichello%20%C3%A9%20confirmado%20em%208%C2%BA%20no%20grid%20-%20F%C3%B3rmula%201%20-%202009%20-%20Terra&objectType=NOT scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Nadja\Configurações locais\Temp\Temporary Internet Files\Content.IE5\U5WLJBAX\CAUNOPU7.formula1&objectDescription=Veja%20o%20grid%20de%20largada%20para%20o%20GP%20da%20Mal%C3%A1sia%20-%20F%C3%B3rmula%201%20-%202009%20-%20Terra&objectType=NOT scheduled to be deleted on reboot.

->Temp folder emptied: 17879714 bytes

->Temporary Internet Files folder emptied: 5752492 bytes

->Java cache emptied: 30725 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

 

User: Ricardo

->Temp folder emptied: 48410011 bytes

->Temporary Internet Files folder emptied: 102327 bytes

->Java cache emptied: 25493434 bytes

->FireFox cache emptied: 51012930 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2114593 bytes

%systemroot%\System32 .tmp files removed: 3690393 bytes

Windows Temp folder emptied: 135679 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 147,49 mb

 

 

OTM by OldTimer - Version 3.0.0.6 log created on 10022009_172228

 

Files moved on Reboot...

File C:\Documents and Settings\Nadja\Configurações locais\Temp\Temporary Internet Files\Content.IE5\Z3Z9ARNA\CAC5YZKT.formula1&objectDescription=McLaren%20e%20Ferrari%20sofrem%20com%20%22inferno%20astral%22%20-%20F%C3%B3rmula%201%20-%202009%20-%20Terra&objectType=NOT not found!

File C:\Documents and Settings\Nadja\Configurações locais\Temp\Temporary Internet Files\Content.IE5\Z3Z9ARNA\pd2eRdNW8PobAPLbw_4iZ4NQAAABUXicdZAxTsNAEEUncZAMCkmgpSAtUrT2rh3HdgUFSCCB0iWdtetdx8b2OrIN5jIcgI

YCIRqK1DTQIbgAJ

6ChYykoKNBIT_9PMV9_4h0OvbwI44TyKrhMRGNRLdYYQOeVwebTFoPu824KAyuy[1].swf not found!

File C:\Documents and Settings\Nadja\Configurações locais\Temp\Temporary Internet Files\Content.IE5\WJSQF275\ormula1&objectDescription=Depois%20de%20confus%C3%A3o%2C%20Barrichello%20%C3%A9%20confirmado%20em%208%C2%BA%20no%20grid%20-%20F%C3%B3rmula%201%20-%202009%20-%20Terra&objectType=NOT not found!

File C:\Documents and Settings\Nadja\Configurações locais\Temp\Temporary Internet Files\Content.IE5\U5WLJBAX\CAUNOPU7.formula1&objectDescription=Veja%20o%20grid%20de%20largada%20para%20o%20GP%20da%20Mal%C3%A1sia%20-%20F%C3%B3rmula%201%20-%202009%20-%20Terra&objectType=NOT not found!

 

Registry entries deleted on Reboot...

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:27:54, on 2/10/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\System32\TUProgSt.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\notepad.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABP.EXE

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\McAfee Security Scan\1.0.150\SSScheduler.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [EPSON Stylus C87 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABP.EXE /P23 "EPSON Stylus C87 Series" /O5 "LPT1:" /M "Stylus C87"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: McAfee Security Scan.lnk = ?

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx

O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Arquivos de programas\Arquivos comuns\SureThing Shared\stllssvr.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

 

--

End of file - 8022 bytes

[DigRam 144]

Boa Noite! Villalobos

 

<@> Abra o HijackThis,e dê Fix nestas entradas:

 

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

 

O4 - Global Startup: McAfee Security Scan.lnk = ?

 

<@> Abra o OTM --> Clique em < > Aguarde! --> Yes.

<><><><><><><><><>

<@> Não havendo problemas,estabeleça um ponto limpo na Restauração do Sistema.

<@> Clique com o direito do mouse,em cima de Meu Computador --> Propriedades --> Restauração do Sistema.

<@> Marque: Desativar Restauração do Sistema --> Aplicar --> Aguarde! --> Ok.

<@> Depois,desmarque novamente! --> Aplicar --> Aguarde! --> Ok.

<@> Para maiores detalhes,leia o Tutorial: < Link >

<><><><><><><><><>

<!> Seu log está limpo!

<!> Tudo Ok?

 

Abraços!

[Villalobos 0]

Boa tarde!

 

DigRam muito obrigado, executei os ultimos passos e as coisas voltaram ao normal aqui!

 

Abraço!

[DigRam 144]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.